Become a Member
Member Directory

Privacy Policy

Cape Town Tourism Privacy Policy 

Last Updated: 31 March 2025 

1. Introduction  

Cape Town Tourism (“CTT”, “we”, “our” or “us”) is committed to protecting your personal information in accordance with the Protection of Personal Information Act (POPIA). This Privacy Policy explains how we collect, use, share, and protect your personal information when you interact with us through our services, platforms, and communications. 

2. What Personal Information We Collect  

We may collect the following types of personal information: 

  • Full name and contact details (email, phone number, address) 
  • Identity or passport numbers 
  • Employment and membership details 
  • Website usage data (cookies, analytics) 
  • Communications and interactions with us  

3. How We Collect Personal Information

We collect personal information: 

  • Directly from you when you provide it (e.g. website forms, membership applications, event registrations) 
  • Automatically through your use of our website or communication platforms 
  • From third-party service providers contracted by us (e.g. marketing tools, email platforms)

4. Purpose of Processing Personal Information  

We process your personal information for the following purposes: 

  • To manage memberships, services, and benefits 
  • To communicate with you regarding tourism-related information 
  • To respond to enquiries, requests, or complaints 
  • To comply with legal obligations 
  • For research, statistical, and marketing purposes 

5. Legal Grounds for Processing  

Processing of personal information is done lawfully based on: 

  • Your consent 
  • The necessity to conclude or perform a contract 
  • Compliance with legal obligations 
  • Legitimate interests pursued by CTT 

6. Sharing of Personal Information  

We may share your personal information with: 

  • Our service providers and partners who assist in service delivery 
  • Government or regulatory authorities as required by law 
  • Third-party platforms (e.g. email marketing) under strict contractual terms 

7. Cross-Border Transfers  

Where necessary, we may transfer your information across South African borders in line with POPIA requirements and only with adequate protection. 

8. Security of Information  

We use appropriate, reasonable technical and organisational safeguards to protect personal information from loss, misuse, unauthorised access, or disclosure. 

9. Your Rights  

You have the right to: 

  • Access and request correction or deletion of your personal information 
  • Object to processing or withdraw consent 
  • Lodge a complaint with the Information Regulator 

10. Contacting the Information Officer  

Information Officer: Nzima Soci 

Email: nzima@capetown.travel 

Phone: +27214876875 

11. Updates to This Policy  

This policy may be reviewed periodically. The latest version will be available on our website. 

12. Access to Information and PAIA Manual 

In accordance with the Promotion of Access to Information Act (PAIA) and the Protection of Personal Information Act (POPIA), Cape Town Tourism is committed to transparency and to enabling you to access records or personal information held by us. Our PAIA Manual outlines the procedure for submitting access requests, the types of records available, applicable fees, and contact details for our Information Officer. 
 
You can request access to records or your personal information in terms of the PAIA Manual. The PAIA Manual is available on our website or can be requested directly from our Information Officer at nzima@capetown.travel. 

 

POPIA Policy

Last Updated: 31 March 2025

1.     Policy Declaration

This policy sets out the requirements for protecting personal information within Cape Town Tourism (CTT) in compliance with the Protection of Personal Information Act (POPIA).

2.    Purpose

The purpose of this policy is to ensure that personal information is processed in a lawful, fair, and transparent manner, protecting the privacy of individuals and ensuring compliance with POPIA.

3.    Scope

This policy applies to all employees, contractors, consultants, temporaries, and other workers at CTT who handle personal information.

4.    Principles

  • Lawfulness, Fairness, and Transparency: Process personal information lawfully, fairly, and transparently.
  • Purpose Limitation: Collect personal information for specified, explicit, and legitimate purposes.
  • Data Minimisation: Ensure that personal information collected is adequate, relevant, and limited to what is necessary.
  • Accuracy: Ensure that personal information is accurate and kept up to date.
  • Storage Limitation: Retain personal information only for as long as necessary.
  • Integrity and Confidentiality: Protect personal information against unauthorized access, loss, destruction, or damage.

5.    Objectives and Compliance

  • Ensure that personal information is processed in compliance with POPIA.
  • Maintain accurate records of personal information processing activities.
  • Coordinate with relevant teams to ensure compliance with POPIA guidelines.

6.    Management Commitment

CTT management is committed to aligning personal information processing with the organization's business objectives and ensuring the security and integrity of personal information.

7.    Policy Rules

7.1.Collection of Personal Information

  1. Lawful Basis: Collect personal information only on a lawful basis, such as consent, contract, legal obligation, vital interests, public task, or legitimate interests.
  2. Purpose Specification: Clearly specify the purpose for which personal information is collected and ensure that it is used only for that purpose.
  • Data Minimisation: Collect only the personal information that is necessary for the specified purpose.

7.2.           Processing of Personal Information

  1. Lawful Processing: Process personal information in a manner that is lawful, fair, and transparent.
  2. Data Accuracy: Ensure that personal information is accurate and kept up to date. Take reasonable steps to rectify or delete inaccurate information.
  • Data Security: Implement appropriate technical and organizational measures to protect personal information against unauthorized access, loss, destruction, or damage.

7.3.           Retention and Disposal of Personal Information:

  1. Retention Period: Retain personal information only for as long as necessary to fulfill the specified purpose or as required by law.
  2. Secure Disposal: Dispose of personal information in a secure manner to prevent unauthorized access.

7.4.           Access to Personal Information:

  1. Access Control: Implement access control measures to ensure that only authorized individuals have access to personal information.
  2. Data Subject Rights: Respect the rights of data subjects, including the right to access, rectify, delete, and restrict the processing of their personal information.

7.5.          Data Breach Management:

  1. Incident Response: Implement procedures for detecting, reporting, and responding to data breaches.
  2. Notification: Notify the relevant authorities and affected data subjects in the event of a data breach, as required by law.

7.6.          Training and Awareness:

  1. Employee Training: Provide training to employees on their responsibilities regarding the protection of personal information and compliance with POPIA.
  2. Awareness Initiatives: Implement ongoing awareness initiatives to reinforce the importance of protecting personal information.

7.7.           Compliance and Monitoring:

  1. Compliance Monitoring: Monitor compliance with this policy and relevant legal and regulatory requirements.
  2. Audit and Review: Conduct regular audits and reviews of personal information processing activities to ensure compliance with this policy and POPIA.

8.    Non-compliance

Violations of this policy may result in disciplinary actions, including termination of employment or contract.

9.    Review and Revision

This policy will be reviewed annually and revised as necessary to ensure its effectiveness and alignment with CTT's business objectives.

10. Information Officer and Deputy Information Officer

10.1.         Designation and Accountability

Cape Town Tourism (CTT) designates an Information Officer (IO) in accordance with Section 55 of the Protection of Personal Information Act (POPIA), supported by one or more Deputy Information Officers (DIOs) as required. The IO is accountable for ensuring compliance with POPIA and reports to the CEO.

10.2.       Responsibilities of the Information Officer

  1. Oversee the implementation and enforcement of this policy and associated procedures.
  2. Ensure personal information is processed lawfully and transparently across all departments.
  • Maintain the organization’s records of personal information processing activities.
  1. Serve as the point of contact with the Information Regulator and respond to data subject complaints.
  2. Approve internal training, awareness, and breach response procedures.
  3. Lead compliance reviews and submit internal reports to the POPIA Compliance Forum and EXCO.

10.3.       Responsibilities of the Deputy Information Officer(s)

  1. Support the Information Officer in executing compliance responsibilities.
  2. Act as liaison with specific departments (e.g., HR, IT, Marketing) for operational POPIA implementation.
  • Monitor completion of awareness training and assist with DSAR coordination.
  1. Escalate privacy incidents or non-compliance issues for IO review.

11.   Document Version Control

Version Date Editor Comments
1.0 2025-03-31 Sulaiman Fredericks Final version for review and sign-off
 

Sign in

Sign in

Send Message

My favorites

Connect & Grow with Cape Town Tourism!

Join Cape Town Tourism as a member and give your travel, tourism, or accommodation business the exposure it deserves. Sign up now!

Join Now!