+27 (0) 72 961 1236

Cookie Policy

This privacy policy forms part of our web usage terms & condition. If you do not agree with any term of this privacy policy, you must cease use of TribalTourist’s website immediately. You can also contact us if you would like further insight into how we collect, use and secure the data acquired through our websites.


Welcome to TribalTourist’s Privacy Policy

This Privacy Policy (“policy”) sets out the basis on which TribalTourist collects, uses and shares the data that we receive from users of our websites and online applications. We take the privacy of our users seriously, and we recommend that you read this policy carefully. By using TribalTourist’s website at www.tribaltourist.com, associated websites, landing pages and applications, you agree to be bound by this policy.


Our travellers are from many different countries – in recognition of this, we endeavour to process all data in accordance with principles of internationally accepted best practice, and compliance regulations. We regularly review our compliance with this policy and whenever we receive a formal complaint, we will contact the person who made the complaint to attempt to resolve his or her concerns.


Please note that by using our websites (as a user browsing the websites), you are consenting to our collection and use of your information as more fully set out in this policy. If you have any concerns about the use of your information, or the contents of this policy, please feel free to contact us.


Notice at Collection

The CCPA requires businesses to give consumers certain information in a notice at collection”, listing the categories of personal information businesses collect about consumers, and the purposes for which this information is used. 


The remainder of this page outlines the types of information that TribalTourist collects about our website users and clients, and how this information is used.  


Data Collected

We distinguish in this policy between personal data(data that is required to facilitate international travel), and ‘non-personal data’ (data regarding usage of the websites, and de-identified information extracted from the websites for analysis). We collect both personal and non-personal data through our websites and through third parties, either automatically, or by your providing this information to us during enquiring, signing up for our newsletter, or during the consultation phase to help us improve the information we will be providing you with.


1. User Notifications:

            1.1 Failure to provide requested information may impair our ability to provide professional                        advice when curating and sharing proposed travel itineraries.

            1.2 You will need to ensure that your personal information submitted to us is accurate and                       up-to-date.

            1.3 You are responsible for any third party information obtained, published or shared                                through the websites, and you consent to only use or share this third party data with the               third party’s consent.


2. Personal Data:

            2.1 We collect and store the personal information that you may provide to us through our                         websites when you enquire with us, update or change your information with us, or make              use of our services.

            2.2 We also collect and store information in relation to your travel itinerary, travel                                      preferences and particulars of those traveling with you, for example through                                              communications, surveys and other data submitted by you.

            2.3 Anyone involved with the processing, transmission, or storage of card data must                                comply with the Payment Card Industry Data Security Standards (PCI DSS). Our chosen                         payment partner undergoes an annual SOC II and PCI DSS review to help ensure that                            they handle customer data securely and in compliance with all applicable laws, including,                        but not  limited to, GDPR, PIPEDA, FERPA, GLBA, and other data protection                                           laws. TribalTourist does not collect or store any credit card or account details.


3. Non-personal Data:

            3.1 In addition to personal data, we also store non-personal data, which cannot be used to             identify our users. The kinds of non-personal data that we collect includes de-identified                            data about usage of our websites.

            3.2 We also make use of cookies or similar tracking tools to identify website users and                             remember their preferences, for the purpose of providing a better user experience and                             service, and marketing/advertising our services online.


How We Share Information

We use a number of external parties to assist us in processing personal data for the above purposes, and they may hold this personal data on their own servers for these purposes. We may share the information we obtain with:


      Service Providers. In connection with the operation and provision of our service we engage various third parties to provide services or handle transactions on our behalf, such as payment card processing, email distribution, list processing, postal mailing, cloud computing, analytics, digital content performance measurement, ad serving and managing sweepstakes, contests, promotions or events. These service providers use the information we provide to them as necessary or appropriate for the performance of their services.


      Advertisers, Advertising- and Marketing-Related Service Providers and Partners. We may provide your information to advertisers, advertising agencies, ad networks, ad exchanges, marketing businesses, technology vendors and other entities that create, deliver and assess advertising or marketing campaigns, including interest-based ads.


      Content Measurement Companies. We and third parties seek to measure the performance of our content. To achieve this we may include third-party measurement software in our services to enable market research or to measure digital and video content consumption.


      Social Media Platforms. If you interact with social media widgets, share content using social media share buttons, or access features of the Digital Services that contain content or features provided by Social Media Platforms, the relevant Social Media Platforms may collect information. We encourage you to review the privacy policies of the Social Media Platforms that you engage with as we are not responsible for their privacy practices.


      Business Partners. We may provide your information to business partners including, without limitation, joint marketing partners and content sponsors, for various purposes. For example, we may partner with a third party to offer products or services on a co-branded, co-sponsored or cross-promotional basis that involves the sharing of information.


If you would like access to a full list of our service providers please contact us. We are not responsible for, nor do we endorse the privacy practices of these external third parties.


Cookies and Similar Technologies

A cookie is a small piece of code that is installed in your web browser by a website that you visit. They help the website to remember information about your visit, and assist to make the website, and advertisements that you encounter while browsing, more relevant to you. We’ve provided some further detail on cookies below to try and clarify how and why we use them.


1. Technical cookies and cookies serving aggregated statistical purposes:

            1.1 Activity necessary for the functioning of the service: Our websites use cookies to save                       your session and to carry out other activities for the websites’ operations.

            1.2 Activity regarding the savings of preferences, optimisation and statistics: Our websites                       use cookies to save browsing preferences and to optimise your browsing experience.



2.  How can I manage the installation of cookies?

            2.1 You can manage preferences for cookies directly from within your own browser and                           prevent websites from installing them. Through your browser preferences, it is also                                  possible to delete cookies installed in the past. It is important to note that by disabling all             cookies, the functioning of the websites may be compromised. You can find information               about how to manage cookies in your browser using the following links: Mozilla FirefoxApple SafariGoogle Chrome and Microsoft Internet Explorer.

            2.2 In the case of third party cookies, you can exercise your right to withdraw from their                            tracking activity by utilising the information provided in that third partys privacy policy on              their website, by clicking the opt-out link (if provided) or by contacting that third party.

            2.3 If you would like to go deeper into behavioural advertising and cookies, we find the                             website at Your Online Choices to be a helpful information source (particularly for users                           residing in the European Union). This service advises you on how to select your tracking             preferences for most advertising tools.

            2.4 Given the relative complexity linked to the identification of technologies based on                               cookies and their very close integration with the operation of the internet, you are                         encouraged to contact us should you wish to receive any further information on the use of                       cookies themselves and any possible use of them (for example, by a third party) carried                           out through the websites.


Use of Non-Personal Data

We use your non-personal data for purposes like product improvement, internal reporting, analytics, performing statistical analyses of collective behaviour of our users, measuring demographics and interests, and for other legitimate business purposes. We will take all reasonable steps to properly de-identify all information that is stored and analysed as non-personal data. This non-personal data may also be shared with the current and future partners and service providers (since there is no prejudice to our users from the disclosure of this non-personal information).


Use of Personal Data

Except as set out in this policy or specifically agreed by you, we won’t disclose your personal data that we receive through the website. In general we will always aim to de-identify the information that we store (as non-personal information), but some information will need to still be attached to your name or email address (as personal information), for reasons listed below, and with the aim of supporting personalised and customised experiences and journeys. We work hard to ensure that access to a travellers information doesn’t disadvantage or prejudice our travellers.

The ways in which (and the purposes for which) we use personal data are described in further detail below:


         Verifying identity.

         Contacting you for the purpose of:


         advising you on travel information and options,

         assisting you to complete your bookings and reservations with us, with the aim of     keeping travellers informed and providing on-the-go support and information.

         other legitimate business purposes, and all communications with you for these purposes will be kept on record.

         For analytics purposes (and product improvement more generally), including:

         analysing client characteristics, demographics, activities and behaviours on our websites and applications allowing us to continually improve the design of our website and relevant applications for the benefit of you and other travellers,

         providing analytical information to all relevant personnel who are involved in assisting and supporting travellers, to enable them to optimise the travellers experience, or

         other legitimate business purposes.

         reporting internally on traveller choices and related matters.

         for behavioural marketing and remarketing to website users and travellers, and marketing to potential travellers with similar interests.

         recording, tracking and analysing activities on the website.

         researching, developing and improving, as well as training.

         For disclosure:

         to personnel within TribalTouristand our third party contractors for business purposes, including but not limited to internally used software and systems providers, and courier companies for shipping of documentation and gifts;

         to government authorities in response to court orders, subpoena/summons or other legal processes, to establish or exercise a legal right, defend a claim, or as otherwise required by law;

         to investigate, prevent or take action in relation to any suspected illegal activities, or to protect our own rights and the rights of our service providers;

         to acquirers, assignees or other successor entities in connection with a sale, merger or reorganisation of all or substantially all of our equity, business or assets.


         For any other purpose:

      for which we receive your consent,

      that is in the public interest, or

      within the bounds of the laws of the South Africa


You agree that we may also share any of your personal data with the service provider that you and TribalTourist choose to use, and these service providers may use your personal data in accordance with their own privacy policies.


We may also disclose all your personal data between our associated TribalTourist companies, who shall have all the same rights as us in relation to such personal data, and shall comply with this policy in the processing of such information.


Rights afforded you in the Privacy legislation

We respect and will honour these rights:

      Subject to certain exceptions (see ‘Exceptions’ below) we always have to obtain your Information from you personally

      We are not allowed to process your Information unless we have your ‘informed, specific and voluntary consent’

      We are obliged to advise you of the purpose for which we will be processing and Third Parties with whom we will be sharing your Information.

      You can call upon us at any time to do one or more of the following regarding your Information: amend; update; delete. We are obliged in the case of the latter to provide you with proof that we have done so.

      Direct marketing (See below): we are obliged to obtain your consent and to advise you each time of your right to ‘opt out’/’unsubscribe’

      You are entitled to enquire at any time about the steps we’ve taken to ensure that our safeguards pertaining to the protection of your Information meet the requirements of the Privacy Legislation.

      You may require of us to restrict the processing of your Information

      You can lodge complaints: (1) via the relevant section of our website; (2) with our Information Officer (see our website) and/or (3) with the POPIA Information Regulator

      You are entitled and we are obliged to inform you when our security has been breached (POPIA: ‘as soon as reasonably possible’ and GDPR: within 72 hours)


You have a right to know what personal data is being stored, and processed, as well as the categories of recipients with whom it may be shared. You may contact us to learn about the contents and origin of this personal data, to verify its accuracy or to ask for this data to be supplemented, cancelled, updated or corrected, or for their transformation into an anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. To make a request please contact us.


Our websites do not currently support Do Not Track” (DNT”) requests. DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. To determine whether any of the third party services linked on our Website honour DNT requests, please read their privacy policies.



When we do not require your consent for processing:

      You (the ‘data subject’) have made your Information public;

      Your Information is a matter of public record, i.e. it is ‘in the public domain and under the control of a public body;’

      We are complying with an obligation imposed by law;

      It involves compliance with court proceedings

      It involves national security

      It is being used for historic, statistical or research purposes provided it is in the public interest or obtaining your consent is difficult

      It is for use in any form of journalism, provided such activity is governed by a code of conduct that has adequate safeguards – a balance must be struck between your right to privacy and the freedom of expression

      You Information has been ‘de-identified’e. so that the identities of the parties cannot be determined (also sometimes referred to as ‘pseudonynimisation’)

      We are doing so in pursuit of a legitimate interest of ours or the Third Party to whom it is being disclosed


Information Security

      We have carried out a data protection impact assessment which entailed a ‘systematic and extensive evaluation of our processes and current safeguards’. This assessment addressed amongst others how and when we process your Information and when such processing may present (internal and external) security risks including the origin, nature, likelihood (foreseeability) and severity (extent) of such risk.

      Based on the report by the experts who carried out this assessment, we have implemented ‘appropriate, reasonable and organizational measures to (1) ensure the integrity and confidentiality’ of the Information; (2) prevent the loss of, damage to or unauthorized destruction or access to or processing’ of your Information; (3) anticipate and identify the aforesaid risks; (4) maintain, monitor and update these safeguards on an ongoing basis

         These measures :

      Will meet the most stringent of ‘generally accepted information security practices’ and/or ‘specific industry or professional rules and regulations’

      Include amongst others encryption; controlling privileges of users; destroying your Information when no longer required; regular audits; back-ups; emergency incident strategies.


Methods of processing

We undertake to process your personal data in a reasonable manner and take appropriate, reasonable security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of your personal data. All data processing shall be carried out by employees, consultants or third party service providers using computers and/or IT enabled tools, following standard organizational procedures and modes.


In some cases, personal and non-personal data may be accessible to certain types of persons involved with the operation of the websites (administration, sales, marketing, finance, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies to name a few) appointed, if necessary, by us as data processors.



All data collected through our websites is managed and processed primarily at our various operating offices, and in any other place where the parties involved with the processing are located. For further information on our servers and places where we process data, please contact us.


Due to the fact that we have travellers from all over the world, and hosting services have become more ‘cloud-based’ and international in recent years, we may send and store your personal data outside of the country in which you reside, and there will therefore be some cross-border transfer of this personal data. We are nevertheless committed to protecting the privacy and confidentiality of personal information when it is transferred, in accordance with this Policy and the data privacy requirements in the EU.



Your Information will not be stored longer than is reasonably required for us to complete the purposes for which is being processed. However we may retain your Information for longer periods if required for e.g. taxation purposes or if you have requested us to do and have provided us with the requisite consent. The latter may be the case when you are a repeat customer and retaining some of your personal preferences such as twin/double bed and meal preferences will assist us in providing you with a more efficient service for future bookings.

To learn more, please contact us



If you would like to inspect and review your records, you may submit a request through our contact page. Requests for access will receive a response within 45 days, although certain records may be excluded from records made available for inspection (within the bounds of the law and our confidentiality undertakings with third parties). You may also request amendment of records that you believe are inaccurate, misleading or in violation of your rights.


Legal action

Your personal data may be used for legal purposes as reasonably determined by us, in court or in the stages leading to possible legal action. You also acknowledge that we may be required to reveal your personal data upon request of public authorities.

Additional information about Personal Data

In addition to the information contained in this policy, we may provide you with additional and contextual information concerning particular services or the collection and processing of personal data on request.


System Logs and Maintenance

For operation and maintenance purposes, our websites and any third party services may collect files that record interaction with the websites (System Logs) or use for this purpose other personal data (such as IP Address).


Changes to this Policy

We review our privacy practices from time to time, and carry out regular data protection impact assessments on an ongoing basis. We reserve the right to make changes to this policy at any time by giving notice through a website feature or by emailing you. We recommend that you check the contents of the policy whenever you have any new questions about privacy and our use of data, referring to the date of the last modification listed at the bottom of the policy.


If you object to any changes to the policy, you must cease using the websites and can request that we delete your personal data. Unless stated otherwise, the then-current policy applies to all data that we maintain.


Contacting us about this Policy

If you have any questions or comments about this policy, please use the contact us feature on our website, or email us at reach@tribaltourist.com.


The data controller for the purpose of this Policy is TribalTourist (Pty) Ltd (incorporated in South Africa) with registered address at TribalTourist 11 Tapsell Street, Sandbaai, Hermanus, Cape Town 7200.


The relevant data controller will be charged with making decisions regarding the purposes and methods of processing of data in terms of this Policy.





Legal information

Notice to European Users: this privacy statement has been prepared in fulfillment of the obligations under the European general data protection Regulation 2016/679 (GDPR”), on the subject of cookies.


Date of last amendment: 01 March 2024