LEGAL & PRIVACY
Copyright
All intellectual property on this website, including content, literary and artistic works, design elements, computer programs, domain names, patents, trademarks, logos, images, pictures, downloads, source code, metatags, text, graphics, artworks, icons and hyperlinks are the property of, or licensed to, Perfect Hideaways and are protected from infringement by international and domestic legislation including but not limited to copyright, trademark and/or patent law.
All rights to intellectual property on Perfect Hideaways’ websites are expressly reserved. No person may reproduce or use such intellectual property in any manner whatsoever without the prior written consent of Perfect Hideaways.
General
The information contained in this website is for general information purposes only. The information is provided by Perfect Hideaways and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the use of this website or the data contained herein.
Through this website you are able to link to other websites which are not under the control of Perfect Hideaways. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, Perfect Hideaways takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.
Website privacy statement
Thank you for visiting this website. The privacy of our visitors is of utmost importance to Perfect Hideaways. Our firm policy is that we do not give your personal details to any other company and we will use the information gathered about you from your visit and provided by you only to assist us in providing you with a better service and for updating you on our services and products from time to time according to your preferences.
External links statement
On this site, Perfect Hideaways may provide links to web pages that are not part of the Perfect Hideaways website.
These sites are managed by organisations, companies or individuals not under our control, and Perfect Hideaways is not responsible for the information or links you may find there. Perfect Hideaways provides these links merely as a convenience and the presence of these links is not a Perfect Hideaways endorsement of those sites.
When a user has clicked on a link to another site, they leave the Perfect Hideaways site and are no longer protected by the Perfect Hideaways Privacy conditions.
Website use statement
We may collect and store information for statistical purposes. For example, we may count the number of visitors to the different sections of our site to help us make them more useful to visitors. Our server logs record such things as the user’s IP address, the date and time of the visit to the site, the pages accessed and documents downloaded, the previous site visited and the type of browser used.
By sending us an electronic mail message or by submitting your information to us in one of our online forms, you will be sending us personal information (eg name, address, email address). We may store this information provided by you in order to respond to the request or to otherwise resolve the subject matter of your enquiry or query. The email address and the contents of your email are stored in a secure area within our system and will not be used for any other purpose nor disclosed without your consent.
We will always protect all such information in a way consistent with all applicable law and with our privacy policy.
POPIA
The South African Protection of Personal Information Act (POPI Act) is designed to protect how your data is used, stored, and processed. By signing these Terms & Conditions I hereby acknowledge that our/my personal and in certain instance my special personal information are required by Perfect Hideaways in order for my booking/enquiry to be facilitated and I/we agree to provide such information requested from Perfect Hideaways, on the express understanding that:
- This constitutes my/our consent, as required under Section 11(1)(a) of the Protection of Personal Information Act 4 of 2013 (“POPIA”).
- The Perfect Hideaways support services staff and the finance department of Perfect Hideaways will access my/our information which has been furnished to them for the purposes of the transaction in which I am/we are involved and matters ancillary thereto.
- Perfect Hideaways are authorised to release my/our personal information to the hosts of the short or long term accommodation, tour operators and other third parties in respect of which my booking or enquiry relates.
- Perfect Hideaways do not intend to share my/our personal information for financial gain.
- I/we acknowledge that our/my contact details are automatically added to the Perfect Hideaways database and that Perfect Hideaways send out bulk emails to its database from time to time containing property news, listings and other service offerings from Perfect Hideaways and similar content. We/I are aware that I am/we are entitled to OPT OUT/UNSUBSCRIBE from these bulk emails by exercising the OPT OUT/UNSUBSCRIBE options available on the email or by contacting the Information Officer of Perfect Hideaways with a request to remove my/our details from the emailer list.
- In the event that our/my booking or enquiry involves a child or children, I/we acknowledge that I am/we are the competent adult/s responsible for such child or children and willingly supply their personal information in order to include them/him/her in the booking or enquiry through Perfect Hideaways.
- Perfect Hideaways have implemented proper Data Privacy rules in respect of their management of client information as well as proper Internet Usage Rules and Cyber security principles in order to minimise the risk of my/our information being exposed to Cyber risks and I/we have had an opportunity to read through such Policies and understand that it is my/our own duty to protect our own internet and email connections against interceptions and viruses.
- By signing the Booking Form you acknowledge your agreement with and acceptance of these terms and conditions.
Protection of personal information
Definitions
“biometrics”: means a technique of personal identification that is based on physical, physiological or behavioural characterisation including blood typing, fingerprinting, DNA analysis, retinal scanning and voice recognition;
“child”: means a natural person under the age of 18 years who is not legally competent, without the assistance of a competent person, to take any action or decision in respect of any matter concerning him- or herself;
“competent person”: means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a child;
“data subject”: means the person to whom personal information relates and for the purposes of
Perfect Hideaways, this will include but not be limited to customers who book short and long term accommodation via Perfect Hideaways’ platforms, property owners who list their properties via Perfect Hideaways for purposes of offering short or long term guest accommodation and scenic tour operators who advertise their tour offerings via Perfect Hideaways;
“direct marketing”: means to approach a data subject, either in person or by mail or electronic communication, for the direct or indirect purpose of: a) Promoting or offering to supply, in the ordinary course of business of Perfect Hideaways, legal services to the data subject; or b) Requesting the data subject to make a donation of any kind for any reason.
“electronic communication”: means any text, voice, sound or image message sent over an electronic communications network which is stored in the network or in the recipient’s terminal equipment until it is collected by the recipient;
“filing system”: means any structured set of personal information which in the case of Perfect Hideaways consist of physical files kept in the offices of Perfect Hideaways together with the data filed on the various software systems used by Perfect Hideaways;
“Information officer”: of Perfect Hideaways will mean Amanda Perkins;
“operator”: for purposes of this Policy means a person who processes personal information for a responsible party in terms of a contract or mandate, without coming under the direct authority of that party;
“person”: means a natural person or a juristic person;
“Personal information”: means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to: Information relating to the education or the medical, financial, criminal or employment history of the person; Any identifying number, symbol, e-mail address, telephone number, location information, online identifier or other particular assignment to the person; The biometric information of the person; The personal opinions, views or preferences of the person;
Correspondence sent by the person that would reveal the contents of the original correspondence if the message is of a personal or confidential nature; The views or opinions of another individual about the person; and The name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
“Perfect Hideaways”: for purposes of this Policy and other POPIA operational documentation/clauses will mean Perfect Hideaways short term accommodation rentals registered as Perfect Hideaways (PTY) LTD, Registration Number 2012/216187/07
‘‘private body’’ means—
(a) a natural person who carries or has carried on any trade, business or profession, but only in such capacity;
(b) a partnership which carries or has carried on any trade, business or profession; or
(c) any former or existing juristic person, but excludes a public body
a) The collection, receipt, recording, organisation, collation, storage, 3 updating or modification, retrieval, alteration, consultation or use; b) Dissemination by means of transmission, distribution or making available in any other form; or c) Merging, linking, as well as restriction, degradation, erasure or destruction of information;
“Promotion of Access to Information Act”: means the Promotion of Access to Information Act (PAIA), 2000 (Act No. 2 of 2000);
“public record”: means a record that is accessible in the public domain and which is in the possession of or under the control of a public body, whether or not it was created by that public body.
“record”: means any recorded information –
- a) Regardless of form or medium, including any of the following:
- Writing on any material;
- Information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
- Label, marking or other writing that identifies or describes anything of which it forms part, or to which it is attached by any means; IV. Book, map, plan, graph, or drawing;
- Photograph, film, negative, tape or other device in which one or more visuals images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
- b) In the possession or under the control of a responsible party; and c) Regardless of when it came into existence;
“Regulator”: – means the Information Regulator established in terms of Section 39 of the POPIA;
“responsible party”: means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information;
“restriction”: means to withhold from circulation, use or publication any personal information that forms part of a filing system, but not to delete or destroy such information;
“special personal information”: means personal information as referred to in Section 26 of the POPIA which includes Information relating to the race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture,language and birth of the person;
“this Act”: means the Protection of Personal Information Act, No. 4 of 2013.
“unique identifier”: means any identifier that is assigned to a data subject and is used by a responsible party for the purposes of the operations of that responsible party and that uniquely identifies that data subject in relation to that responsible party.
Introduction
Perfect Hideaways facilitate long and short term leisure accommodation bookings, tours and other holiday and tourist services.
In fulfilling its services in terms of leisure accommodation bookings, Perfect Hideaways essentially market as agent, on their different platforms, these offerings of third party operators and property owners and act as intermediary and agent in the marketing and booking space of such offerings.
In order for Perfect Hideaways to deliver its agency services, they deal with many role players in the various fields of guest accommodation, tours and general events and collect personal and special personal information of both their operators and owners but also the guests and customers and in respect of the sale of properties, with role players involved in the property transfer (which may include but not be limited to the deeds office, council, managing agents, conveyancing attorneys, bond originators, banks and other property practitioners).
Perfect Hideaways use both manual and digitised systems, both for the letting business and the sales business and acknowledge that most of its communications are done electronically via the internet, per email and other electronic methods.
In recognizing the international risk of data breaches linked to the collection, processing and sharing of personal information though the internet and also to ensure that lawful conditions exist surrounding its data subject’s information in terms of both the South African POPIA provisions as well as international Data Privacy rules applicable to international data subjects, Perfect Hideaways fully commit to compliance and awareness in respect of its data subjects’ information privacy.
Objective
Although is not possible to ensure 100% mitigation against data breaches, the objective of this Policy is to ensure adherence of both the rental and sales businesses conducted by the Perfect Hideaways entities described within the definitions hereto, to the provisions within POPIA together with its Regulations aimed at protecting all Perfect Hideaways’ data subjects from harm, to ensure that data subjects’ Consent is obtained as provided for in POPIA,
to ensure that data subjects’ information is not unlawfully shared with third parties unless. Consent for such sharing is obtained, to stop identity fraud and generally to protect privacy. PERFECT HIDEAWAYS take its responsibilities in terms of POPIA seriously and intends to continue developing its internal and external processes.
This Policy constitutes the EXTERNAL SET OF PRIVACY RULES applicable to the information collected and processed by Perfect Hideaways and sets out the standard for suitable protection of personal information as required by POPIA. A variety of operational documents and changes to online terms have been implemented in support of the terms contained within this Policy.
Popia core principles
4.1. To continue developing and maintaining reasonable protective measures against the possibility of risks such as loss, unauthorised access, destruction, use, alteration or revelation of personal information.
4.2. To regulate the manner in which personal information may be processed, by establishing conditions, in harmony with international standards, that prescribe the minimum threshold requirements for the lawful processing of personal information;
4.3. To ensure that the requirements of the POPIA legislation are upheld within Perfect Hideaways. In terms of sections 8, 17 and 18 of POPIA, Perfect Hideaways confirm that it adheres to an approach of transparency of operational procedures that controls collection and processing of personal information and subscribes to a process of accountability and openness throughout its operations.
4.4. In terms of the requirements set out within sections 9, 10, 11, 12, 13 14 and 15 of POPIA, Perfect Hideaways undertake to collect personal information in a legal and reasonable way, for a specific reason and only if it is necessary for its operations and to process the personal information obtained from clients, employees, visitors and services suppliers only for the purpose for which it was obtained in the first place.
4.5. Processing of personal information obtained from owners, occupiers, visitors and service suppliers will not be undertaken in an insensitive, derogative discriminatory or wrongful way that can intrude on the privacy of the particular data subject.
4.6. In terms of the provisions contained within sections 23 to 25 of POPIA, all data subjects of Perfect Hideaways will be allowed to request access to certain personal information and may also request correction or deletion of personal information within the specifications of the POPIA. Data subjects should refer to FORMS 1 & 2 attached hereto for these purposes.
4.7. To not request or process information related to race, religion, medical situation, political preference, trade union membership, sexual certitude or criminal record unless this is lawfully required and unless the data subject has expressly consented. Perfect Hideaways will also not process information of children unless the specific consent provisions contained within POPIA have been complied with.
4.8. In terms of the provisions contained within section 16 of POPIA, Perfect Hideaways confirm its commitment that data subjects’ information is recorded and retained accurately.
4.9. To not provide any documentation to a third party or service provider without the express consent of the data subject except where it is necessary for the proper execution of the service as expected by the data subject.
4.10. To keep an effective record of personal information and undertakes not to retain information for a period longer than required.
4.11. In terms of sections 19 to 22 of POPIA, Perfect Hideaways undertake to secure the integrity and confidentiality of personal information in its possession. Perfect Hideaways undertake further to provide the necessary security of data and keep it in accordance with prescribed legislation.
Consent
When data subjects’ information is collected, processed or shared by Perfect Hideaways during the process of Perfect Hideaways delivering its intermediary agency booking and marketing services and in delivering the services related to the marketing and sales of properties, Perfect Hideaways recognize its obligations to explain the reasons for the collection of information from the particular data subject/s and obtain the required Consents
to process and where required the sharing of the information pursuant to such explanation.
Perfect Hideaways further acknowledge the importance of obtaining its data subjects’ Consent, especially for the purposes of sharing their information and possibly using the information for limited marketing purposes. If personal information is used for any other reason than the original reason of it being collected, the specific Consent for such purpose must be obtained from the data subject. If SPECIAL PERSONAL INFORMATION is collected, processed and stored for any reason from any of Perfect Hideaways’ data subjects, a specific Consent for such collection must first be obtained unless:
5.1. Processing is carried out with a prior consent of the data subject;
5.2. Processing is necessary for the establishment, exercise or defence of a right or obligation in law;
5.3. Processing is for historical, statistical or research purposes.
Collection, processing and sharing of information
Perfect Hideaways collect and process personal information from its data subjects for a variety of reasons and in a variety of ways.
Owners of venues, guest accommodation properties, tours operators and booking guests are all required to complete varying degrees of information on the Perfect Hideaways physical or digitised forms and depending on the purposes for the information being collected, a great deal of information supplied is shared with third parties and role players within the booking cycle.
Data subjects who subscribe to the various rental and sales services of Perfect Hideaways and who complete personal information are guided by Perfect Hideaways through the provisions of POPIA, why information is required, how the information will be processed and with whom the information will be shared. Sharing of information supplied is an essential part of the booking agency services of rental accommodation as well as the marketing and sale of properties facilitated by Perfect Hideaways and by submitting such information, all data subjects acknowledge the following:
6.1.1. The information is contained or derived from a public record or has deliberately been made public by the data subject;
6.1.2. Collection of the information from another source would not prejudice a legitimate interest of the data subject;
6.1.3. Collection of the information from another source is necessary;
6.1.3.1. To avoid prejudice to the maintenance of the law by any public body, including the prevention, detection, investigation, prosecution and punishment of offences;
6.1.3.2. To comply with an obligation imposed by law or to enforce legislation concerning the collection of revenue;
6.1.3.3. For the conduct of proceedings in any court or tribunal that have commenced or are reasonably contemplated;
6.1.3.4. In the interest of national security;
6.1.3.5. To maintain the legitimate interests of Perfect Hideaways or of a third party to whom the information is supplied;
6.1.3.6. Compliance would prejudice a lawful purpose of the collection;
6.1.3.7. Compliance is not reasonably practicable in the circumstances of the particular case.
6.1.4. Personal information is collected for a specific, explicitly defined and lawful purpose related to a function or activity of Perfect Hideaways;
6.2. Steps will be taken to ensure that the data subject is aware of the purpose of the collection of the information.
6.3. Perfect Hideaways will take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary, having regard to the purpose for which the personal information is collected and further processed.
6.4. Where personal information is collected from a data subject directly, Perfect Hideaways will take reasonably practicable steps to ensure that the data subject is aware of:
6.4.1. The nature of the information being collected and where the information is not collected from the data subject, the source from which it is collected;
6.4.2. The name and address of Perfect Hideaways;
6.4.3. The purpose for which the information is being collected;
6.4.4. Whether or not the supply of the information by the data subject is voluntary or mandatory;
6.4.5. The consequences of failure to provide the information;
6.4.6. Any particular law authorising or requiring the collection of the information.
Perfect Hideaways collect only the essential information from its data subjects as is required for the purposes of facilitating a booking of rental accommodation or the sale of a property and at all times, Perfect Hideaways collect and share information lawfully required for these purposes.
In the event that a rental booking, marketing and sale of a property or other service provided by Perfect Hideaways involve a child or children, Perfect Hideaways undertake to engage with the adult/s competent to act on the child/children’s behalf in obtaining the express Consent of that adult when processing and sharing the child/children’s personal information
Storage of information
Perfect Hideaways stores all data subjects’ information on its electronic database in addition to the physical files and forms which it keeps at its offices.
Perfect Hideaways acknowledge the risks facing data subjects with such storage of personal and special personal information on the Perfect Hideaways’ software systems as well as the risks associated with the physical files. To ensure that its best attempts are made to minimise data subjects from suffering loss of personal information, misuse or unauthorised alteration of information, unauthorised access or disclosure of personal information generally,
Perfect Hideaways will:
7.1. Store personal information in databases that have built-in safeguards and firewalls to ensure the privacy and confidentiality of your information.
7.2. Constantly monitor the latest internet developments to ensure that the systems evolve as required. Perfect Hideaways tests its systems regularly to ensure that our security mechanisms are up to date.
7.3. Ensure that safeguards exist with regards to physical files.
7.4. Continue to review its internal policies and third party agreements where necessary to ensure that these are also complying with the POPIA and Regulations in line with Perfect Hideaways’ Policy rules.
Disposal of data subjects' information
Perfect Hideaways undertake to ensure that records no longer needed or of no value to Perfect Hideaways are disposed of at the proper time. These rules apply to all documents which are collected, processed or stored by Perfect Hideaways and include but are not limited to documents in paper and electronic format, for example, email, web and text files, PDF documents etc.
Perfect Hideaways do not discard or dispose of the telephone numbers, email addresses of or electronic communications with data subjects with whom it has previously dealt in terms of a rental or a property sale but will do so on request by the data subject. Perfect Hideaways recognize that most of the information which it collects, processes and shares with other role players in the transaction is personal of nature and will dispose of information securely when no longer required or when being requested by the data subject.
Secure disposal maintains data security and supports compliance with this Policy. Perfect Hideaways acknowledge that electronic devices, on which contact names, number and communication are stored can hold vast amounts of information, some of which can linger indefinitely.
When physical files are designated for disposal, Perfect Hideaways will ensure that:
8.1. Under no circumstances will paper documents or removable media (CD’s, DVD’s, discs, etc.) containing personal or confidential information be simply binned or deposited in refuse tips.
8.2. All electrical waste, electronic equipment and data on disk drives be physically removed and destroyed in such a way that the data will by no means be able to be virtually retrievable.
8.3. All paper documents that should be disposed of, be shredded locally and then be recycled.
8.4. In the event that a third party is used for data destruction purposes, the Information Officer will ensure that such third party will also comply with this policy and any other applicable legislation.
8.5. Perfect Hideaways may suspend the destruction of any record or document due to pending or reasonably foreseeable litigation, audits, government investigations or similar proceedings. Perfect Hideaways undertakes to notify employees of applicable documents where the destruction has been suspended to which they have access to.
8.6. In the event that a document and/or information is no longer required to be stored in accordance with this policy and relevant legislation, it should be deleted and destroyed.
8.7. The Information Officer should be consulted where there is uncertainty regarding the retention and destruction of a document and/or information.
DATA SUBJECTS ARE REFERRED TO THE ANNEXED FORMS 1 AND 2 with regards to requests to amend and delete personal information from Perfect Hideaways electronic database.
Internet and cyber technology
The repercussions of misuse of Perfect Hideaways systems can be severe. Potential damage includes, but is not limited to, malware infection (e.g. computer viruses), legal and financial penalties for data leakage and lost productivity resulting from network downtime.
In order to ensure that Perfect Hideaways’ IT systems are not misused, everyone who uses or has access to Perfect Hideaways’ systems have received training and internal guidelines in order to meet the following five high-level IT Security requirements:
9.1.1. Information will be protected against any unauthorised access as far as possible;
9.1.2. Confidentiality of information will be assured as far as possible;
9.1.3. Integrity of information will be preserved as far as possible;
9.1.4. Availability of information for business processes will be maintained;
9.1.5. Compliance with applicable laws and regulations to which Perfect Hideaways is subject will be ensured by the Information Officer as far as possible.
9.2. IT Access Control
Perfect Hideaways undertake to ensure that logging into the IT system and software packages is password controlled and shall exercise all caution in allowing unauthorised access to the password. It further undertakes that the password/s shall be reviewable from time to time but in particular where GOOGLE based products are used and linked (such as Facebook, Whatsapp and GMAIL based domains).
Perfect Hideaways acknowledge that most of its communications are conducted via email and instant messaging (IM). Given that email and IM may contain extremely sensitive and confidential FIRM information, the information involved must be appropriately protected. In addition, email and IM are potentially sources of spam, social engineering attacks and malware, so Perfect Hideaways must be protected as completely as possible from these threats. The misuse of email and IM can post many legal, privacy and security risks, so it is important for users to be aware of the appropriate use of electronic communications.
It is of use to note that all users of Perfect Hideaways’ email system are prohibited from using email to:
9.3.1. Send, receive, solicit, print, copy, or reply to text, images, or jokes that disparage others based on their race, religion, colour, gender, sex, sexual orientation, national origin, veteran status, disability, ancestry, or age.
9.3.2. Send, receive, solicit, print, copy, or reply to messages that are disparaging or defamatory.
9.3.3. Spread gossip, rumours, or innuendos about employees, clients, suppliers, or other outside parties.
9.3.4. Send, receive, solicit, print, copy, or reply to sexually oriented messages or images.
9.3.5. Send, receive, solicit, print, copy, or reply to messages or images that contain foul, obscene, disrespectful, or adult-oriented language.
9.3.6. Send, receive, solicit, print, copy, or reply to messages or images that are intended to alarm others, embarrass Perfect Hideaways negatively impact productivity, or harm morale.
9.4.1. Perfect Hideaways’ users of handheld devices are expected to diligently protect their devices from loss and disclosure of private information belonging to or maintained by Perfect Hideaways.
9.4.2. In the event of a security incident or if suspicion exists that the security of Perfect Hideaways’ systems has been breached, Perfect Hideaways shall be obliged to notify the IT support immediately together with the Information Officer or Deputy Information Officer should the Information Officer not be available especially when a mobile device may have been lost or stolen.
9 9.5. Anti-virus rules
9.5.1. Management of Perfect Hideaways are responsible for creating procedures that ensure anti-virus software is run at regular intervals, and computers are verified as virus-free. Any activities with the intention to create and/or distribute malicious programs into Perfect Hideaways’ programs (eg viruses, worms, Trojan horses, e-mail bombs, etc) are prohibited.
9.5.2. Users are discouraged from attempting to remove viruses themselves. If a virus infection is detected, users are expected to disconnect from Perfect Hideaways’ networks, stop using the infected computer immediately and notify the IT support.
9.5.3. It is further worth noting that Perfect Hideaways’ users are encouraged to be cautious of e-mail attachments from an unknown source as viruses are often hidden in attachments and Perfect Hideaways confirm that all employees have received and will continue to receive internal training in respect of such virus and how to identify them If a virus is suspected, the attachment must not be opened or forwarded and must be deleted immediately.
9.6.1. All of Perfect Hideaways’ premises that include computers and other types of information technology resources will be safeguarded against unlawful and unauthorised physical intrusion, as well as fire, flood and other physical threats. This includes but is not limited to; security doors, key entry areas, external doors that are locked from closing until opening of the building, locked and/or barred windows, security cameras, registration of visitors at entrances, security guards, and fire protection.
Data is collected automatically when using the internet services of Perfect Hideaways. Usage Data may include information such as data subjects’ device’s internet protocol address (e.g. IP address), browser type, browser version, details of the pages of Perfect Hideaways’ website that are visited by data subjects, the time and date of the website visit, the time spent on those pages, unique device identifiers and other diagnostic data. When data subjects access the website services of Perfect Hideaways by or through a mobile device, Perfect Hideaways may collect certain information automatically, including, but not limited to, the type of mobile device used by the data subject, unique ID, the IP address of the mobile device, the mobile operating system, the type of mobile Internet browser used, unique device identifiers and other diagnostic data. Perfect Hideaways may also collect information that the user’s browser sends whenever Perfect Hideaways’ website is visited.
Cookies and similar tracking technologies are used to track the activity on Perfect Hideaways’ website and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyse the efficiency of the website. The technologies which may be used to track may include:
9.8.1. Cookies or Browser Cookies. A cookie is a small file which may be placed on a data subject’s device. Data subjects can instruct their browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if this function of Perfect Hideaways’ website is not accepted, data subjects may not be able to use some parts of the website. Unless the browser settings have been adjusted Perfect Hideaways’ website may use Cookies.
9.8.2. Flash Cookies. Certain features of the website may use local stored objects (or Flash Cookies) to collect and store information about data subjects’ preferences or activity on the website. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how Flash Cookies can be deleted the following process can be followed: “Where can I change the settings for disabling, or deleting local shared objects?” available at https://helpx.adobe.com/flashplayer/kb/disablelocal-shared-objects; 10
9.8.3. Web Beacons. Certain sections of the website and emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit Perfect Hideaways for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
9.8.4. Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on data subjects’ personal computer or mobile device even when offline, while Session Cookies are deleted as soon as data subjects’ web browsers are closed.
Third party operations
Perfect Hideaways recognize that, in fulfilling its service offering to its rental clients and clients involved in a the marketing and sale of a property and in order to operate efficiently, it is necessary at times to share data subjects’ personal and special personal information with third parties for specific reasons related to Perfect Hideaways’ service delivery, whether it be the efficient rental booking and management or the efficient marketing and facilitation of a property sale. As referenced in clauses 5 and 6 above, in fulfilling its services, Perfect Hideaways will obtain the necessary Consent where required from the particular data subject.
Perfect Hideaways shall moreover and where possible enter into an OPERATORS’ AGREEMENT with the relevant third party with which Perfect Hideaways shares data subjects’ information in order to ensure that the third party operator treats the personal information of Perfect Hideaways’ data subjects responsibly and in accordance with the provisions contained in the Act and Regulations thereto. Perfect Hideaways shall, where possible request copies of the third party operators’ POPIA Policy, rules, internet rules and details of the third party’s Information Officer.
Banking details
It is a known fact that electronic transmission of banking details poses a particular cyber risk threat which Perfect Hideaways recognize. Businesses who share banking details electronically are particular targets for email interceptions and in particular the interception of banking details for purposes of payment in respect of the transaction. Perfect Hideaways’ data subjects are open to large amounts of damages and losses if emails are intercepted and banking details are fraudulently amended without the data subject’s knowledge.
Both the sales and the rental departments of Perfect Hideaways have implemented clear warnings within all its correspondences (emails and physical letters) warning data subjects of the risks of email hacking and interceptions. In the event that banking details are physically sent to data subjects or received from data subjects by email or instant messaging platforms for purposes of payment, the banking details will be confirmed with a telephone call and a follow up whatsapp. It is recorded that, in certain instances, data subjects’ bank details are to be shared with relevant third parties but in such an event, all care shall be taken to ensure encryption of emails.
In some instances, data subjects who utilise the intermediary services offered by Perfect Hideaways for booking short and long term rental accommodation are required to complete their banking details electronically on the variety of booking payment systems used in the process of making a booking and in turn, Perfect Hideaways may be required to share such banking details with guests or customers. In such an event, Perfect Hideaways take all precautions to avoid the interception of these banking details and will attempt a follow up telephone call in those instances to personally confirm payment receipt.
Direct marketing
Perfect Hideaways understand its obligations to its data subjects in relation to its direct marketing communications. Perfect Hideaways send out weekly newsletters to its data subjects with a clear OPTING OUT/UNSUBSCRIBE option available on the face of these emails. Records are kept when a data subject has requested to be unsubscribed and all efforts are made to remove such data subject’s details from the mailing list.
Perfect Hideaways also offer a SUBSCRIBE option on its website and references to POPIA have been inserted on the digital subscribing form.
Perfect Hideaways are furthermore committed to not share data subjects’ information with third parties for the sole purpose of such third party marketing to such data subjects. In the event that any associated third party using the data subjects’ information shared by Perfect Hideaways with such third party in the fulfilment of its legal services, Perfect Hideaways takes no responsibility for any consequences suffered by the data subject which may have been caused by the third party’s actions.
Data classification
13.1. Managers of Perfect Hideaways are responsible for assigning classifications to information assets according to the standard information classification system presented below.
13.2. Where practicable, the information category shall be embedded in the information itself.
13.3. All employees of Perfect Hideaways shall be guided by the information category in their security-related handling of Perfect Hideaways’ information. All information of Perfect Hideaways and all information entrusted to Perfect Hideaways from third-parties fall into one of three classifications in the table below, presented in order of increasing sensitivity.
| Information Description | Examples | Category |
| Unclassified Public | Information is not confidential and can be made public without any implications for Perfect Hideaways. | Product brochures widely distributed Information widely available in the public domain, including publicly available website areas of Perfect Hideaways. Sample downloads of Perfect Hideaways’ software that is for sale. Financial reports required by regulatory authorities. Newsletters for external transmission. |
| Proprietary | Information is restricted to management-approved internal access and protected from external access. Unauthorised access could influence Perfect Hideaways’ operational effectiveness, cause an important financial loss, provide a significant gain to a competitor, or cause a major drop in customer confidence. Information integrity is vital. | Passwords and information on corporate security procedures. Know-how used to process client information Standard Operating Procedures used in all parts of Perfect Hideaways’ activities. All software codes developed by Perfect Hideaways, whether used internally or sold to clients. |
| Client Confidential Data | Information collected and used by Perfect Hideaways in the conduct of its business to employ people, to log and fulfil client mandates, and to manage all aspects of corporate finance. Access to this information is very restricted within Perfect Hideaways. The highest possible levels of integrity, confidentiality, and restricted availability are vital. Children’s personal and special personal information. | Salaries and other personnel data. Accounting data and internal financial reports. Confidential customer business data and confidential contracts. Non-disclosure agreements with clients\vendors Company business plans. |
| Information Description | Examples | Category |
| Unclassified Public | Information is not confidential and can be made public without any implications for Perfect Hideaways. | Product brochures widely distributed Information widely available in the public domain, including publicly available website areas of Perfect Hideaways. Sample downloads of Perfect Hideaways’ software that is for sale. Financial reports required by regulatory authorities. Newsletters for external transmission. |
| Proprietary | Information is restricted to management-approved internal access and protected from external access. Unauthorised access could influence Perfect Hideaways’ operational effectiveness, cause an important financial loss, provide a significant gain to a competitor, or cause a major drop in customer confidence. Information integrity is vital. | Passwords and information on corporate security procedures. Know-how used to process client information Standard Operating Procedures used in all parts of Perfect Hideaways’ activities. All software codes developed by Perfect Hideaways, whether used internally or sold to clients. |
| Client Confidential Data | Information collected and used by Perfect Hideaways in the conduct of its business to employ people, to log and fulfil client mandates, and to manage all aspects of corporate finance. Access to this information is very restricted within Perfect Hideaways. The highest possible levels of integrity, confidentiality, and restricted availability are vital. Children’s personal and special personal information. | Salaries and other personnel data. Accounting data and internal financial reports. Confidential customer business data and confidential contracts. Non-disclosure agreements with clients\vendors Company business plans. |
Rights of data subject
a) In writing, on reasonable grounds relating to his, her or its particular situation, unless legislation provides for such processing; or
b) For purposes of direct marketing other than direct marketing by means of unsolicited electronic communications.
a) Request Perfect Hideaways to confirm, free of charge, whether or not Perfect Hideaways hold personal information about the data subject; and
b) Request from Perfect Hideaways a record or a description of the personal information about the data subject held by Perfect Hideaways, including information about the identity of all third parties, or categories of third parties, who have, or have had, access to the information – within a reasonable time; at a prescribed fee as determined by the Information Officer; in a reasonable manner and format; and in a form that is generally understandable.
a) correct the information;
b) destroy or delete the information;
c) provide the data subject, to his, her or its satisfaction, with credible evidence in support of the information; or
d) where an agreement cannot be reached between Perfect Hideaways and the data subject, and if the data subject so requests, take such steps as are reasonable in the circumstances, to attach to the information in such a manner that it will always be read with the information, an indication that a correction of the information has been requested but has not been made.
Information officer
16.1. Appointed Information Officer:
INFORMATION OFFICER:
Amanda Perkins
Contact details _________________________________________
Email _________________________________________________
Postal Address: PO Box ___________________________________
Street Address: 34 Whittlers Way, Hout Bay, 7806
16.2. The general responsibilities of Perfect Hideaways’ Information Officer include the following:
16.2.1. The encouragement of compliance, by Perfect Hideaways, with the conditions for the lawful processing of personal information;
16.2.2. Managing requests made to Perfect Hideaways pursuant to POPIA;
16.2.3. Working with the Regulator in relation to investigations conducted pursuant to prior authorisation required to process certain information of POPIA in relation to the business.
16.2.4. Continuously perform data backups, store at least weekly backup offsite, and test those backups regularly for data integrity and reliability.
16.2.5. Review policy rules regularly, document the results, and update the policy as needed.
16.2.6. Continuously update information security policies and network diagrams.
16.2.7. Secure critical applications and data by patching known vulnerabilities with the latest fixes or software updates.
16.2.8. Perform continuous computer vulnerability assessments and audits
16.3.1. Ascertain whether personal data was breached;
16.3.2. Assess the scope and impact by referring to the following:
16.3.2.1. Estimated number of data subjects whose personal data was possibly breached
16.3.2.2. Determine the possible types of personal data that were breached
16.3.2.3. List security measures that were already in place to prevent the breach from happening.
16.3.3.2. Communication should include the following: • Contact details of Information Officer • Details of the breach, • Likely impact, • Actions already in place, and those being initiated to minimise the impact of the data breach. • Any further impact is being investigated (if required), and necessary actions to mitigate the impact are being taken.
16.3.4.1. Once the personal data breach has been contained, Perfect Hideaways will conduct a review of existing measures in place, and explore the possible ways in which these measures can be strengthened to prevent a similar breach from reoccurring.
16.3.4.2. All such identified measures should be monitored to ensure that the measures are satisfactorily implemented.
GDPR
Perfect Hideaways fully support and complies with the 6 (Six) protection principles of the GDPR related to data subjects of Perfect Hideaways who fall within the EU and which are summarised below:
17.1. Lawfulness, fairness and transparency: The personal information of the European citizens will be processed lawfully, fairly and in a transparent manner in relation to the data subject.
17.2. Purpose limitation: The personal information of the European citizens will be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for achieving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purpose.
17.3. Data Minimisation: The personal information of the European citizens will be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
17.4. Accuracy: The personal information of the European citizens will be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purpose for which it is processed, is erased or rectified without delay.
17.5. Storage Limitation: The personal information of the European citizens will be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject.
17.6. Integrity and Confidentiality: The personal information of the European citizens will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Availability and revision
A copy of this Policy will be placed on the websites: www.perfecthideaways.co.za and www.perfecthideawaysforsale.co.za and a physical copy kept at the registered offices: 34 Whittlers Way, Hout Bay, 7806.
This policy will continually be updated to comply with legislation, thereby ensuring that personal information will be secure.
