POPIA Compliance & Privacy Notice

Protection of Personal Information Act (POPIA) Compliance Statement

1. Introduction

Zomerlust, operated by ION Paarl (Pty) Ltd (“Zomerlust”, “we”, “our”, or “us”), is committed to protecting the privacy and personal information of our guests, restaurant patrons, website visitors, suppliers, and business partners in accordance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”) of South Africa.

This POPIA Compliance Notice explains how we collect, process, store, use, and protect personal information when guests interact with:

• our website;

• accommodation booking services;

• restaurant reservations;

• third-party booking platforms;

• outsourced marketing and website providers;

• and other hospitality-related services.

2. Responsible Party

The responsible party for purposes of POPIA is:

ION Paarl (Pty) Ltd t/a Zomerlust
Paarl, Western Cape, South Africa
Email: reservations@zomerlust.co.za
Telephone: +27 21 872 2117

3. Information We Collect

We may collect and process personal information, including:

• full names;

• email addresses;

• telephone numbers;

• billing and payment information;

• reservation and guest stay information;

• restaurant reservation details;

• dietary preferences or allergy information voluntarily disclosed to us;

• identification or passport information where legally required;

• vehicle registration details;

• communication records;

• website usage data;

• marketing interaction data;

• CCTV footage where applicable for safety and security purposes.

4. How Information Is Collected

We may collect personal information:

• directly from guests and customers;

• through our website;

• via email, telephone, or online enquiry forms;

• through accommodation booking engines;

• through third-party booking platforms;

• through restaurant reservation systems;

• through outsourced website and marketing service providers;

• during in-person interactions at the property or restaurant.

Third-party providers may independently collect and process personal information in accordance with their own privacy policies and terms.

5. Purpose of Processing Personal Information

We process personal information for purposes including:

• managing accommodation reservations and guest stays;

• managing restaurant reservations and dining experiences;

• processing payments and deposits;

• communicating with guests and customers;

• maintaining security and safety;

• complying with legal and regulatory obligations;

• providing hospitality services and guest support;

• improving our services and website functionality;

• managing marketing campaigns and guest communications;

• analysing website traffic and user engagement;

• sending promotional communications where consent has been provided or where otherwise permitted by law.

6. Lawful Basis for Processing

Personal information is processed where:

• Consent has been obtained.

• Processing is necessary to fulfil a booking or reservation.

• processing is required by law;

• processing protects a legitimate interest of the guest or Zomerlust;

• or processing is necessary for legitimate business operations.

7. Third-Party Booking & Reservation Platforms

Zomerlust may make use of third-party service providers and booking platforms for:

• accommodation reservations;

• restaurant reservations;

• payment processing;

• customer communications;

• and hospitality management services.

These platforms may include online travel agencies, restaurant reservation systems, payment gateways, channel managers, or cloud-based hospitality software providers.

When you make a booking or reservation through a third-party platform:

• Your information may be collected directly by that provider.

• The provider may share relevant booking information with Zomerlust.

• and your information may be processed in accordance with both our policies and the provider’s own privacy policies and terms.

We encourage users to review the privacy policies of any third-party services they use.

8. Outsourced Website, Marketing & Technology Services

Zomerlust may engage external service providers, agencies, consultants, and technology partners to assist with:

• website hosting and maintenance;

• digital marketing;

• analytics and advertising;

• email marketing and newsletters;

• customer relationship management;

• social media management;

• booking integrations;

• and technical support services.

These service providers may have limited access to personal information strictly for purposes necessary to perform services on our behalf.

We take reasonable steps to ensure that outsourced providers:

• process personal information securely;

• maintain confidentiality;

• comply with applicable data protection laws;

• and only process information in accordance with our instructions and legitimate business purposes.

9. Sharing of Personal Information

We may share personal information with trusted third parties, including:

• accommodation booking platforms;

• restaurant reservation systems;

• payment processors;

• website hosting providers;

• marketing agencies and communication platforms;

• analytics providers;

• IT and software service providers;

• hospitality management systems;

• accountants, auditors, and professional advisers;

• legal or regulatory authorities, where required by law.

We do not sell personal information to third parties.

All service providers are expected to process personal information securely and in accordance with applicable privacy laws.

10. International Data Transfers

Where international guests interact with our services, personal information may be transferred to or processed in countries outside South Africa through:

• international booking platforms;

• restaurant reservation systems;

• cloud-based hospitality software;

• payment gateways;

• website hosting providers;

• analytics and advertising services;

• email marketing platforms;

• or other outsourced technology providers.

We take reasonable steps to ensure that appropriate safeguards are implemented for such transfers where required.

11. Data Security

Zomerlust takes reasonable technical and organisational measures to safeguard personal information against:

• unauthorized access;

• accidental loss;

• misuse;

• disclosure;

• destruction;

• or alteration.

Security measures may include:

• password-protected systems;

• secure payment processing;

• limited staff access;

• secure storage practices;

• reputable third-party service providers;

• confidentiality obligations;

• and secure hospitality management systems.

12. Retention of Personal Information

Personal information is retained only for as long as reasonably necessary to:

• fulfil operational purposes;

• manage bookings and reservations;

• provide hospitality services;

• comply with legal, tax, and accounting obligations;

• resolve disputes;

• and enforce agreements.

When information is no longer required, it will be securely deleted or destroyed where reasonably practicable.

13. Data Subject Rights

In terms of POPIA, you may have the right to:

• Request access to your personal information;

• request correction or deletion of information;

• object to processing;

• withdraw consent where processing is based on consent;

• Request information regarding third parties who have had access to your information;

• Lodge a complaint with the Information Regulator.

Requests may be submitted using the contact details below.

14. Direct Marketing

Zomerlust may send marketing or promotional communications relating to:

• accommodation offers;

• dining experiences;

• events;

• hospitality updates;

• and special promotions,

where:

• consent has been provided; or

• We are otherwise permitted to do so under applicable law.

Marketing communications may be managed through outsourced marketing or email service providers acting on behalf of Zomerlust.

You may opt out of marketing communications at any time by:

• clicking the unsubscribe link in communications; or

• contacting us directly at reservations@zomerlust.co.za.

15. Cookies & Website Tracking

Our website may use cookies and similar technologies to:

• improve website functionality;

• remember user preferences;

• analyse website traffic;

• support online booking functionality;

• measure marketing performance;

• and improve advertising relevance.

Cookies may also be placed by:

• booking engines;

• restaurant reservation systems;

• analytics providers;

• advertising platforms;

• social media integrations;

• and outsourced website or marketing providers.

Users may disable cookies in their browser settings, though this may affect website functionality.

16. Information Officer

In accordance with POPIA, Zomerlust has designated an Information Officer to ensure compliance with applicable privacy legislation.

For privacy-related requests or concerns, please contact:

Information Officer
ION Paarl (Pty) Ltd t/a Zomerlust
Email: reservations@zomerlust.co.za
Telephone: +27 21 872 2117

17. Complaints

If you believe your personal information has been processed unlawfully, you may lodge a complaint with:

The Information Regulator (South Africa)
Website: https://www.justice.gov.za/inforeg/
Email: enquiries@inforegulator.org.za

18. Updates to This Policy

Zomerlust reserves the right to amend this POPIA Compliance Notice from time to time.

The latest version will always be available on our website.