1. INTRODUCTION
At 3 Keys, your privacy isn’t just a requirement - it’s a part of our dedication to transparency, security, and utmost respect for all our guests and partners. Our vigilance towards safeguarding your personal data reflects our commitment to offering you an unreservedly secure and private experience. We have adopted this Privacy Policy to let you know how, why, and when we use your Personal Information. We also want to comply with the Protection of Personal Information Act 4 of 2013 (“the POPI Act”).
Reading this Privacy Policy will help you make informed decisions about sharing your Personal Information with us.
Keep in mind that “Personal Information” has the meaning ascribed to it in the POPI Act, which refers to information relating to an identifiable, living, natural person, and in certain instances, an identifiable, existing juristic person (like a company), for example information relating to gender, date of birth, physical address, telephone number, financial information, and history etc.
Understanding Data Protection and the POPI Act:
Data protection laws, are structured to bolster the safety nets around the personal data of individuals and entities within South Africa. We are rigorously compliant with the POPI Act, safeguarding your personal information meticulously and ensuring its secure processing.
Importance of Data Protection to us:
We prioritize compliance with data protection laws to shield our guests and partners from potential threats and harms, including:
- Monetary losses from phishing and other cyber-attacks.
- Identity theft.
- Privacy violations.
- Any resultant damages or prejudices.
Journey Towards Ensured Compliance:
Achieving substantial compliance with data protection laws is a meticulous process and at 3 Keys, we’ve channelized ample time and resources to:
- Engage with seasoned data protection experts.
- Analyze the impact and risks of data protection laws on our operations.
- Forge a coherent compliance strategy, incorporating the fundamental principles of data protection.
- Educate our staff and contractors through comprehensive training.
- Identify and implement pivotal actions towards compliance.
Ongoing Compliance Actions:
To uphold our commitment towards staunch data protection, we have:
- Reviewed and revamped our privacy policy.
- Established data processing agreements with our patrons and vendors.
- Strengthened the data security across our digital platforms and infrastructures.
In our quest to adhere to and exceed data protection standards, we've enlisted the expertise of specialized IT and data protection legal teams. Their proficiency guides our strategic and pragmatic approach to ensuring the practical and effective protection of the personal data we process.
Note: For safeguarding our security measures, specific actions undertaken will remain confidential to prevent potential exploitation by malicious entities.
2. WHY DO WE COLLECT AND PROCESS YOUR PERSONAL INFORMATION?
We use the Personal Information we collect for a variety of legitimate business purposes. When you contact us, we collect the information you share to be able to respond to you, to understand your requirements, and to make our services and products available to you accordingly. To do so, we need to identify you, be able to contact you and enter into a contract with you.
We do our best to collect and process Personal Information in a manner that is reasonable, relevant, non-excessive and purpose-specific.
3. WHEN DO WE SHARE YOUR PERSONAL INFORMATION?
We will only share information with your consent, to comply with laws, to provide the services to you, to protect your rights, or to fulfil business obligations.
We may have to share your personal information with some of our trusted service providers and suppliers.
We use these service providers and suppliers to:
- Assist us with our communication with you;
- Make it easier for you to make bookings and payments with us;
- Ensure that we provide the best possible experience for you;
- Provide our IT infrastructure;
- Store our data and information;
- Maintain our website; and
- Help us manage our business.
We use Semper, an hotel management system, to manage our reservations, check-ins, and finances. When you make a booking, your personal information may be processed through Semper’s servers. We believe that they provide an adequate level of protection for the personal information we store with them. You can read their privacy policy here (https://www.semperpms.com/privacy-statement-za/).
We also use Profitroom, a booking platform, to market our accommodation and make it easier for guests to make bookings at our establishments. When you make a booking, your personal information may be processed through Profitroom’s servers. We believe that they provide an adequate level of protection for the personal information we store with them. You can read their privacy policy here (https://strapi.profitroom.com/uploads/Profitroom_com_Privacy_Policy_ENG_02_01_2022_1_0cf5f29562.pdf).
We use Microsoft Office 365’s cloud service to store our information, including our customers’ information. Microsoft stores all our content in its servers. We believe that they provide an adequate level of protection for the personal information we store with them. You can read their privacy policy here (https://privacy.microsoft.com/en-gb/privacystatement).
Other information we collect:
Like many businesses, we also collect information through cookies and similar technologies. Our website automatically collects and processes some of your information when you access and use it.
This information does not reveal your identity (like your name or contact information) but may include device and usage information, like your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our site and other technical information.
This information is primarily needed to maintain the security and operation of the site, and for our internal analytics and reporting purposes. When you visit the site, we will request your consent to collect this information in our cookie notice.
4. DO WE COLLECT INFORMATION OF MINORS?
We do not knowingly collect data from or market our services to minors. You might however provide us with the information of a minor when making a reservation.
If we learn that the Personal Information of a minor has been collected, we will take reasonable measures to promptly delete all related Personal Information data from our records. If you become aware of any data we have collected from a minor, please contact us immediately.
5. HOW LONG DO WE KEEP YOUR INFORMATION?
We will keep your Personal Information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements). When we do not have a purpose for which we need to process or retain your Personal Information, we will either delete or anonymize it as soon as possible.
Your access to and use of the site and our services mean that you consent to us retaining records of your Personal Information for no longer than may be necessary to achieve the original purpose for which the information was collected or processed.
6. WHAT DO WE DO TO KEEP YOUR INFORMATION SAFE?
We have implemented reasonable and appropriate technical and organizational security measures designed to protect the security and integrity of any Personal Information we process. This is to prevent loss of, damage to, or unauthorized destruction of Personal Information and unlawful access to, and processing of, Personal Information.
7. WHAT ARE YOUR RIGHTS IN TERMS OF POPIA?
If you can prove that Personal Information belongs to you by proving your identity, you have the right to:
1. Ask what personal information we have about you;
2. Ask what personal information was sent to our suppliers, service providers, or any third party;
3. Ask us to update, correct, or delete any out-of-date or incorrect personal information we have about you;
4. Unsubscribe from any direct marketing communications we may send you,
5. Object to the processing of your personal information; and
6. submit a complaint to the Information Regulator (the contact details of the Information Regulator are available at: https://justice.gov.za/inforeg).
We must comply with your requests within 21 days unless we have a credible reason for being unable to. If we cannot agree whether to correct or delete your Personal Information as requested we will indicate that a correction or deletion was requested but was not made.
8. DATA BREACH?
We have implemented reasonable security measures based on the sensitivity of the information we hold. These measures are in place to protect the information from being disclosed without authorisation, from loss, misuse and unauthorised access, and from being altered or destroyed. If you suspect that we (or you) may have had a security breach, please notify us immediately by sending an email to it@soulprivatecollection.com. Please include as much information about the suspected breach as possible.
9. DO WE MAKE UPDATES TO THIS POLICY?
We will update this Privacy Policy every now and then. The updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we will notify you either by posting a notice of such changes or by directly sending you a notification.
10. HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this policy, you may contact us at the details below.
Business name: 3 Keys (Pty) Ltd, a private company with limited liability registered in South Africa with registration number 2024/223317/07
Physical address: 2 Gordon Street, Gardens, Cape Town, Western Cape, South Africa, 8001
We also choose this address for the service of legal documents.
Information Officer: Gaspard Bossut
Phone number: +27 78 499 8280
Website: www.3keys.co.za
Email address: gaspard@3keys.co.za