This privacy policy forms part of our web usage
terms & condition. If you do not agree with any term of this privacy
policy, you must cease use of TribalTourist’s website immediately. You can also
contact us if you would like further insight into how we collect, use and
secure the data acquired through our websites.
Welcome to TribalTourist’s Privacy Policy
This Privacy Policy (“policy”) sets
out the basis on which TribalTourist collects, uses and shares the data that we
receive from users of our websites and online applications. We take the privacy
of our users seriously, and we recommend that you read this policy carefully.
By using TribalTourist’s website at www.tribaltourist.com, associated websites, landing pages and applications, you agree to
be bound by this policy.
Our travellers are from many different countries
– in recognition of this, we endeavour to process all data in accordance with
principles of internationally accepted best practice, and compliance
regulations. We regularly review our compliance with this policy and whenever
we receive a formal complaint, we will contact the person who made the
complaint to attempt to resolve his or her concerns.
Please note that by using our websites (as a
user browsing the websites), you are consenting to our collection and use of
your information as more fully set out in this policy. If you have any concerns
about the use of your information, or the contents of this policy, please feel
free to contact us.
Notice at Collection
The CCPA requires businesses to give consumers
certain information in a “notice at
collection”, listing the categories of personal information businesses collect
about consumers, and the purposes for which this information is used.
The remainder of this page outlines the types of
information that TribalTourist collects about our website users and clients,
and how this information is used.
Data Collected
We distinguish in this policy between ‘personal data’ (data
that is required to facilitate international travel), and ‘non-personal data’
(data regarding usage of the websites, and de-identified information extracted
from the websites for analysis). We collect both personal and non-personal data
through our websites and through third parties, either automatically, or by
your providing this information to us during enquiring, signing up for our
newsletter, or during the consultation phase to help us improve the information
we will be providing you with.
1. User Notifications:
1.1
Failure to provide requested information may impair our ability to provide
professional advice when curating and sharing
proposed travel itineraries.
1.2
You will need to ensure that your personal information submitted to us is
accurate and up-to-date.
1.3
You are responsible for any third party information obtained, published or
shared through the websites, and you
consent to only use or share this third party data with the third party’s consent.
2. Personal Data:
2.1 We collect and store
the personal information that you may provide to us through our websites
when you enquire with us, update or change your information with us, or make use of our services.
2.2
We also collect and store information in relation to your travel itinerary,
travel preferences and particulars of those
traveling with you, for example through communications, surveys and other
data submitted by you.
2.3
Anyone involved with the processing, transmission, or storage of card data must
comply with the Payment
Card Industry Data Security Standards (PCI DSS). Our chosen payment partner undergoes an annual
SOC II and PCI DSS review to help ensure that they handle customer data securely
and in compliance with all applicable laws, including, but
not limited to, GDPR, PIPEDA, FERPA,
GLBA, and other data protection laws. TribalTourist does not
collect or store any credit card or account details.
3. Non-personal
Data:
3.1
In addition to personal data, we also store non-personal data, which cannot be
used to identify our users.
The kinds of non-personal data that we collect includes de-identified data
about usage of our websites.
3.2
We also make use of cookies or similar tracking tools to identify website users
and remember their preferences, for the
purpose of providing a better user experience and service,
and marketing/advertising our services online.
How We Share Information
We use a number of external parties to
assist us in processing personal data for the above purposes,
and they may hold this personal data on their own servers for these
purposes. We may share the information we obtain with:
•
Service
Providers. In connection with the operation
and provision of our service we engage various third parties to provide
services or handle transactions on our behalf, such as payment card processing,
email distribution, list processing, postal mailing, cloud computing,
analytics, digital content performance measurement, ad serving and managing
sweepstakes, contests, promotions or events. These service providers use the information we
provide to them as necessary or appropriate for the performance of their
services.
•
Advertisers,
Advertising- and Marketing-Related Service Providers and Partners. We may provide your information to advertisers, advertising
agencies, ad networks, ad exchanges, marketing businesses, technology vendors
and other entities that create, deliver and assess advertising or
marketing campaigns, including interest-based ads.
•
Content
Measurement Companies. We and third parties
seek to measure the performance of our content. To achieve this we may include
third-party measurement software in our services to enable market research or
to measure digital and video content consumption.
•
Social Media Platforms. If you interact with social media widgets, share content using
social media share buttons, or access features of the Digital Services that
contain content or features provided by Social Media Platforms, the relevant
Social Media Platforms may collect information. We encourage you to review the
privacy policies of the Social Media Platforms that you engage with as we are
not responsible for their privacy practices.
•
Business
Partners. We may provide your information to
business partners including, without limitation, joint marketing partners and
content sponsors, for various purposes. For example, we may partner with a
third party to offer products or services on a co-branded,
co-sponsored or cross-promotional basis that involves the sharing of
information.
If you would like access to a full list of our
service providers please contact us. We are not responsible for, nor do we endorse the privacy
practices of these external third parties.
Cookies and Similar Technologies
A cookie is a small piece of code that is
installed in your web browser by a website that you visit. They help the
website to remember information about your visit, and assist to make the website,
and advertisements that you encounter while browsing, more relevant to you.
We’ve provided some further detail on cookies below to try and clarify how and
why we use them.
1. Technical cookies and cookies serving
aggregated statistical purposes:
1.1
Activity necessary for the functioning of the service: Our websites use cookies
to save your session and to carry out other activities for the
websites’ operations.
1.2
Activity regarding the savings of preferences, optimisation and statistics: Our
websites use cookies to save browsing preferences and to optimise
your browsing experience.
2. How can I manage the installation of
cookies?
2.1
You can manage preferences for cookies directly from within your own browser
and prevent websites from installing them. Through your
browser preferences, it is also possible to delete cookies installed
in the past. It is important to note that by disabling all cookies,
the functioning of the websites may be compromised. You can find information about
how to manage cookies in your browser using the following links: Mozilla Firefox, Apple Safari, Google Chrome and Microsoft Internet Explorer.
2.2
In the case of third party cookies, you can exercise your right to withdraw
from their tracking activity by utilising the
information provided in that third party’s privacy policy
on their website, by clicking
the opt-out link (if provided) or by contacting that third party.
2.3
If you would like to go deeper into behavioural advertising and cookies, we
find the website at Your Online Choices to
be a helpful information source (particularly for users residing
in the European Union). This service advises you on how to select your tracking
preferences
for most advertising tools.
2.4
Given the relative complexity linked to the identification of technologies
based on cookies and their very close
integration with the operation of the internet, you are encouraged
to contact us should you wish
to receive any further information on the use of cookies
themselves and any possible use of them (for example, by a third party) carried
out through the websites.
Use of Non-Personal Data
We use your non-personal data for purposes like
product improvement, internal reporting, analytics, performing statistical
analyses of collective behaviour of our users, measuring demographics and
interests, and for other legitimate business purposes. We will take all
reasonable steps to properly de-identify all information that is stored and
analysed as non-personal data. This non-personal data may also be shared with
the current and future partners and service providers (since there is no
prejudice to our users from the disclosure of this non-personal information).
Use of Personal Data
Except as set out in this policy or specifically
agreed by you, we won’t disclose your personal data that we receive through the
website. In general we will always aim to de-identify the information that we
store (as non-personal information), but some information will need to still be
attached to your name or email address (as personal information), for reasons
listed below, and with the aim of supporting personalised and customised
experiences and journeys. We work hard to ensure that access to a traveller’s information doesn’t disadvantage or prejudice our travellers.
The ways in which (and the purposes for which)
we use personal data are described in further detail below:
• Verifying identity.
• Contacting you for the
purpose of:
•
marketing,
•
advising you on travel information and options,
•
assisting you to complete your bookings and reservations with us,
with the aim of keeping travellers
informed and providing on-the-go support and information.
•
other legitimate business purposes, and all communications with
you for these purposes will be kept on record.
• For analytics purposes (and
product improvement more generally), including:
•
analysing client characteristics, demographics, activities and
behaviours on our websites and applications allowing us to continually improve
the design of our website and relevant applications for the benefit of you and
other travellers,
•
providing analytical information to all relevant personnel who are
involved in assisting and supporting travellers, to enable them to optimise the
traveller’s experience, or
•
other legitimate business purposes.
•
reporting internally on traveller choices and related matters.
•
for behavioural marketing and remarketing to website users and
travellers, and marketing to potential travellers with similar interests.
•
recording, tracking and analysing activities on the website.
•
researching, developing and improving, as well as training.
• For disclosure:
•
to personnel within TribalTouristand our third party contractors
for business purposes, including but not limited to internally used software
and systems providers, and courier companies for shipping of documentation and
gifts;
•
to government authorities in response to court orders,
subpoena/summons or other legal processes, to establish or exercise a legal
right, defend a claim, or as otherwise required by law;
•
to investigate, prevent or take action in relation to any
suspected illegal activities, or to protect our own rights and the rights of
our service providers;
•
to acquirers, assignees or other successor entities in connection
with a sale, merger or reorganisation of all or substantially all of our
equity, business or assets.
• For any other purpose:
•
for which we receive your
consent,
•
that is in the public interest,
or
•
within the bounds of the laws
of the South Africa
You agree that we may also share any of your
personal data with the service provider that you and TribalTourist choose to
use, and these service providers may use your personal data in accordance with
their own privacy policies.
We may also disclose all your personal data
between our associated TribalTourist companies, who shall have all the same
rights as us in relation to such personal data, and shall comply with this
policy in the processing of such information.
Rights afforded you in the Privacy
legislation
We respect and will honour these rights:
• Subject to certain exceptions (see ‘Exceptions’ below) we always have to obtain your Information from you
personally
• We are not allowed to process your Information unless we have
your ‘informed, specific and voluntary consent’
• We are obliged to advise you of the purpose for which we will be
processing and Third Parties with whom we will be sharing your Information.
• You can call upon us at any time to do one or more of the following
regarding your Information: amend; update; delete. We are obliged in the case
of the latter to provide you with proof that we have done so.
• Direct marketing (See below): we are obliged to obtain your consent
and to advise you each time of your right to ‘opt
out’/’unsubscribe’
• You are entitled to enquire at any time about the steps we’ve taken
to ensure that our safeguards pertaining to the protection of your Information
meet the requirements of the Privacy Legislation.
• You may require of us to restrict the processing of your Information
• You can lodge complaints: (1) via the relevant section of our
website; (2) with our Information Officer (see our website) and/or (3) with the
POPIA Information Regulator
• You are entitled and we are obliged to inform you when our security
has been breached (POPIA: ‘as soon as reasonably
possible’ and GDPR: within 72 hours)
You have a right to know what personal data is
being stored, and processed, as well as the categories of recipients with whom
it may be shared. You may contact us to learn about the contents and origin of
this personal data, to verify its accuracy or to ask for this data to be
supplemented, cancelled, updated or corrected, or for their transformation into
an anonymous format or to block any data held in violation of the law, as well
as to oppose their treatment for any and all legitimate reasons. To make a request
please contact us.
Our websites do not currently support “Do Not Track” (“DNT”) requests.
DNT is a feature offered by some browsers which, when enabled, sends a signal
to websites to request that your browsing is not tracked, such as by third
party ad networks, social networks and analytic companies. To determine whether
any of the third party services linked on our Website honour DNT requests,
please read their privacy policies.
Exceptions
When we do not require your consent for ‘processing’:
• You (the ‘data subject’) have
made your Information public;
• Your Information is a matter of public record, i.e.
it is ‘in the public domain and under the
control of a public body;’
• We are complying with an obligation imposed by law;
• It involves compliance with court proceedings
• It involves national security
• It is being used for historic, statistical or research purposes
provided it is in the public interest or obtaining your consent is difficult
• It is for use in any form of journalism, provided such activity is
governed by a code of conduct that has adequate safeguards – a balance must be
struck between your right to privacy and the freedom of expression
• You Information has been ‘de-identified’e.
so that the identities of the parties cannot be determined (also sometimes
referred to as ‘pseudonynimisation’)
• We are doing so in pursuit of a legitimate interest of ours or the
Third Party to whom it is being disclosed
Information Security
• We have carried out a data protection impact assessment which
entailed a ‘systematic and extensive evaluation of our
processes and current safeguards’. This assessment addressed
amongst others how and when we process your Information and when such
processing may present (internal and external) security risks including the
origin, nature, likelihood (foreseeability) and severity (extent) of such risk.
• Based on the report by the experts who carried out this assessment,
we have implemented ‘appropriate, reasonable and
organizational measures‘ to (1) ‘ensure the
integrity and confidentiality’ of the
Information; (2) ‘prevent the
loss of, damage to or unauthorized destruction or access to or processing’ of your Information; (3) anticipate and identify the aforesaid risks; (4) maintain, monitor and
update these safeguards on an ongoing basis
• These measures :
•
Will meet the
most stringent of ‘generally accepted
information security practices’ and/or ‘specific industry or
professional rules and regulations’
•
Include amongst others
encryption; controlling privileges of users; destroying your Information when
no longer required; regular audits; back-ups; emergency incident strategies.
Methods of processing
We undertake to process your personal data in a
reasonable manner and take appropriate, reasonable security measures to prevent
unauthorised access, disclosure, modification, or unauthorised destruction of
your personal data. All data processing shall be carried out by employees,
consultants or third party service providers using computers and/or IT enabled
tools, following standard organizational procedures and modes.
In some cases, personal and non-personal data
may be accessible to certain types of persons involved with the operation of
the websites (administration, sales, marketing, finance, legal, system
administration) or external parties (such as third party technical service
providers, mail carriers, hosting providers, IT companies, communications
agencies to name a few) appointed, if necessary, by us as data processors.
Place
All data collected through our websites is
managed and processed primarily at our various operating offices, and in any
other place where the parties involved with the processing are located. For
further information on our servers and places where we process data,
please contact us.
Due to the fact that we have travellers from all
over the world, and hosting services have become more ‘cloud-based’ and
international in recent years, we may send and store your personal data outside
of the country in which you reside, and there will therefore be some
cross-border transfer of this personal data. We are nevertheless committed to
protecting the privacy and confidentiality of personal information when it is
transferred, in accordance with this Policy and the data privacy requirements
in the EU.
Storage
Your Information will not be stored longer than
is reasonably required for us to complete the purposes for which is being
processed. However we may retain your Information for longer periods if
required for e.g. taxation purposes or if you have requested us to do and have
provided us with the requisite consent. The latter may be the case when you are
a repeat customer and retaining some of your personal preferences such as
twin/double bed and meal preferences will assist us in providing you with a
more efficient service for future bookings.
To learn more, please contact
us
Records
If you would like to inspect and review your
records, you may submit a request through our contact
page. Requests for access will receive a
response within 45 days, although certain records may be excluded from records
made available for inspection (within the bounds of the law and our
confidentiality undertakings with third parties). You may also request
amendment of records that you believe are inaccurate, misleading or in
violation of your rights.
Legal action
Your personal data may be used for legal
purposes as reasonably determined by us, in court or in the stages leading to
possible legal action. You also acknowledge that we may be required to reveal
your personal data upon request of public authorities.
Additional information about Personal Data
In addition to the information contained in this
policy, we may provide you with additional and contextual information
concerning particular services or the collection and processing of personal
data on request.
System Logs and Maintenance
For operation and maintenance purposes, our
websites and any third party services may collect files that record interaction
with the websites (System Logs) or use for this purpose other personal data
(such as IP Address).
Changes to this Policy
We review our privacy practices from time to
time, and carry out regular data protection impact assessments on an ongoing
basis. We reserve the right to make changes to this policy at any time by
giving notice through a website feature or by emailing you. We recommend that
you check the contents of the policy whenever you have any new questions about
privacy and our use of data, referring to the date of the last modification
listed at the bottom of the policy.
If you object to any changes to the policy, you
must cease using the websites and can request that we delete your personal
data. Unless stated otherwise, the then-current policy applies to all data that
we maintain.
Contacting us about this Policy
If you have any questions or comments about this
policy, please use the contact us feature on our website, or email us
at reach@tribaltourist.com.
The data controller for the purpose of this
Policy is TribalTourist (Pty) Ltd (incorporated in South Africa) with
registered address at TribalTourist 11 Tapsell Street, Sandbaai, Hermanus, Cape Town 7200.
The relevant data controller will be charged
with making decisions regarding the purposes and methods of processing of data
in terms of this Policy.
Legal information
Notice to European Users: this privacy statement
has been prepared in fulfillment of the obligations under the European general
data protection Regulation 2016/679 (“GDPR”), on the subject of cookies.
Date of last amendment: 01 March 2024