Ready to book your stay at The Marly? Book directly with us for the best rates.
In compliance with the Protection of Personal Information Act 4 of 2013 (“POPI”)
30 June 2021
DIVINE INSPIRATION TRADING 205 (PTY) LTD T/A THE ALPHEN & THE MARLY
Alphen Drive, Constantia, 7806, Cape Town South Africa
Compliance with POPI is required as of 30 June 2021 and our team is committed to complying with its provisions in fulfilment of our clients’ instructions. We acknowledge our clients’ right to protection against the unlawful collection, retention, dissemination and use of personal information, subject to justifiable limitations that are aimed at protecting other rights and important interests.
The following definitions contained in section 1 of POPI are of importance:
‘data subject’ means the person to whom personal information relates;
‘information officer’ means the person(s) as identified in this Policy;
‘personal information’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including, but not limited to–
(a) information relating to the race, gender, sex, pregnancy, marital status, national, ethnic, or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth of the person;
(b) information relating to the education or the medical, financial, criminal or employment history of the person;
(c) any identifying number, symbol, e-mail address, physical address, telephone number, location information, online identifier, or other assignment to the person;
(d) the biometric information of the person;
(e) the personal opinions, views, or preferences of the person;
(f) correspondence sent by the person that is implicitly or explicitly of a private or confidential nature or further correspondence that would reveal the contents of the original correspondence;
(g) the views or opinions of another individual about the person; and
(h) the name of the person if it appears with other personal information relating to the person or if the disclosure of the name itself would reveal information about the person;
‘processing’ means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including-
(a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use;
(b) dissemination by means of transmission, distribution or making available in any other form; or
(c) merging, linking, as well as restriction, degradation, erasure or destruction of information;
‘record’ means any recorded information-
(a) regardless of form or medium, including any of the following:
(i) Writing on any material;
(ii) information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored;
(iii) label, marking or other writing that identifies or describes any thing of which it forms part, or to which it is attached by any means;
(iv) book, map, plan, graph or drawing;
(v) photograph, film, negative, tape or other device in which one or more visual images are embodied so as to be capable, with or without the aid of some other equipment, of being reproduced;
(b) in the possession or under the control of a responsible party;
(c) whether or not it was created by a responsible party; and
(d) regardless of when it came into existence;
‘responsible party’ means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing personal information;
‘special personal information’ means information relating to the religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life or biometric information or the criminal behaviour of a data subject.
Should you have any questions/complaints/suggestions regarding the processing of personal information, we encourage you to contact our firm’s Information Officer(s):
Contact Number: +27 21 795 6300
email: [email protected]
You are further invited to contact our Information Officer(s) regarding issues specifically pertaining to-
Our Information Officer is responsible for encouraging and ensuring compliance with POPI, and will deal with requests relating thereto and work closely with the Information Regulator whenever necessary.
In addition thereto, our Information Officer will ensure that-
Our Information Officer and Deputy Information Officers have been duly appointed by resolution and have been registered accordingly with the Information Regulator.
Should you prefer not to contact our offices directly regarding any personal information related issues, you may forward your complaint/request directly to the Information Regulator at:
We worked closely with our legal representatives to ensure compliance with POPI and the lawful and secure processing of your personal information. This process involved the following steps:
With the assistance of our legal representatives, we have developed and implemented the following policies regulating the processing of personal information in our business-
The company operates luxury 5-star hotels, and their associated restaurants, spas, and function services, in Cape Town.
Section 18 of POPI requires from us to ensure you are aware of the following:
By engaging our services, you therefore consent to us processing your personal information in line with the purpose for which it was provided to us.
You are further advised that your records will be retained by us for a period 5 (five) years from the date of last entry on your file, as required by South African Revenue Service guidelines, after which it will be destroyed and/or deleted and/or destructed and/or de-identified in a manner that prevents its reconstruction in an intelligible form. We will proceed to destroy and/or delete and/or destruct the hard copy records by shredding them.
In conducting our Business Activities as described above, we will generally rely on the following grounds as listed in section 11 of POPI to process your personal information:
POPI contains a general prohibition on the processing of special personal information, unless one of the exclusions in POPI apply. The categories of special personal information we may process include-
We are authorised to process the above information based on the following grounds listed in POPI:
We do not process any special personal information in the ordinary course of business.
The processing of the above information involves greater risk, and as such we will take special care to protect this information in the unlikely event that you require us to process such. Our security measures implemented are discussed under “SECURITY SAFEGUARDS” below. We have worked closely alongside our legal representatives and IT service providers to identify any risks associated herewith and have implemented the below measures to combat these risks.
Kindly be advised that, as a data subject, you have the right to-
In order for us to properly execute our mandate and provide the best assistance possible, we kindly request that you provide us with your accurate and complete personal information required by us to fulfil our mandate. Lastly, we kindly request that you update us of any changes to your personal information for us to endorse same in our records.
Kindly contact our Information Officer to inquire on the following forms:
Once received, you are encouraged to complete these forms and present them to our Information Officer, alternatively the Information regulator, whichever may be applicable.
Our team is committed to the fulfilment of the following condition imposed by POPI:
Our approach in fulfilment of each of the above is discussed below.
We are committed to ensuring that your personal information will only be processed in accordance with the provisions of POPI and in line with the purpose for which it was supplied to us.
Personal information will only be-
As mentioned above, personal information will only be processed by us on one of the following grounds listed in POPI:
Data subjects will always be made aware of the purpose for which their personal information is being processed.
As mentioned above, section 18 of POPI requires from us to ensure you are aware that your personal information may be processed by us in execution of our services to you and will be used solely for this purpose. By engaging our services, you therefore consent to us processing your personal information in line with the purpose for which it was provided to us.
Personal information will always be collected directly from the data subject, unless-
Data subjects will be notified by us once their personal information is collected, unless-
The information will not be used in a form in which the data subject may be identified, or unless the information is merely for historical, statistical or research purposes.
In line with the previous paragraph (‘PURPOSE SPECIFICATION’), any further/subsequent processing of your personal information will still be done in accordance with original purpose and only when processing thereof is necessary in the circumstances described above.
Upon collecting your personal information, our staff will take all steps necessary to ensure the correctness of your personal information. All of your personal information is stored securely for if and when we require same to be processed (refer to “Security Safeguards” below).
In order for us to properly assist our clients, we kindly request that you provide us with your accurate and complete personal information required by us to fulfil our services. Lastly, we kindly request that you update us of any changes to your personal information for us to endorse same in our records.
In order to protect our clients’ personal information, our team will-
Kindly refer to ‘STEPS IN EVENT OF A COMPROMISE’ in paragraph 10 below.
We have implemented the following physical and software/electronic safeguards-
We work closely alongside our IT service providers to ensure that our safeguarding mechanisms are frequently updated and reviewed.
Furthermore, all our agreements with third party operators have been reviewed and/or Operator Undertakings have been provided to ensure compliance by third parties with POPI.
Data subjects can request confirmation from us on whether we hold personal information and/or the correct personal information. Data subjects can further request for such information to be deleted or destroyed.
Our team will not process special personal information unless expressly provided for in POPI and unless specifically necessary for the purpose for which it was provided to us for.
The following steps will be taken by us in the unlikely event of a data breach/information compromise:
In conducting our business activities, we may transmit personal information to other countries. We do not transfer special personal information to foreign countries. The processing of the above information involves greater risk, and as such we take special care to protect this information. Our security measures implemented are discussed under “SECURITY SAFEGUARDS” below. We have worked closely alongside our legal representatives and IT service providers to identify any risks associated herewith and have implemented applicable measures to combat these risks.
We will ensure that the cross-border transmission of your information complies with the standards set out in POPI, alternatively a higher standard as required in the destination countries (for example, the General Data Protection Regulation applicable in the European Union)
We will not send your personal information abroad unless-
We will only process personal information of children where consent has been provided by a competent person (parent or guardian) or where otherwise authorised by POPI. We acknowledge that the processing of the above information involves great risk, and as such we take special care to protect this information.
We will never sell, obtain or disclose your account number (whether this relates to any sort of bank account details, credit card numbers or credit application numbers) to any person without your consent.
As a client of ours, we would like to send you correspondence related to our products and/or services that we provided to you. We will only correspond with you if you are an existing or prospective customer, or if you provided consent. Communications will only be sent if we obtained your contact details in the context of the sale of our products or services and for the purpose of marketing our own similar products or services. Communications received from us will always clearly identify us as the sender and provide you with a reasonable opportunity to unsubscribe at any time.
Our Team is committed to complying with POPI and we acknowledge our clients’ right to protection against the unlawful collection, retention, dissemination and use of personal information, subject to justifiable limitations that are aimed at protecting other rights and important interests.
Kindly contact our Information Officer for any queries relating to the processing of personal information.