Southern Sun Privacy Policy

Your Privacy Is Important to Us

Updated: 25 April 2023

Introduction

Southern Sun Limited (including its subsidiaries) is committed to protecting your privacy. 

Southern Sun is the leading hospitality company in southern Africa. The group proudly encompasses over 100 hotels across all sectors of the market in South Africa, Africa, the Seychelles and the Middle East, an extensive selection of restaurants and bars and a diverse collection of conference and banqueting facilities. Refer here for information on our brands and hotels that are included in this Privacy Policy.  

We respect your privacy and take the protection of personal information very seriously. The purpose of this policy is to describe the way that we collect, store, use, and protect information that can be associated with you or another specific natural or juristic person and can be used to identify you or that person.

Audience

This policy applies to you if you are:

  • a visitor to our website; or
  • a client (natural or juristic entity) that enquires about or makes use of our products and services.  A client would include but are not limited to guests, travel agents, corporates, event organizers etc.   

Personal information

Personal information includes

  • information that we collect automatically when you visit our website namely southernsun.com;
  • information we collect when you make use of the products and services as offered on our website;
  • information that we collect through various other means as covered later on in this policy; and
  • optional information that you provide to us voluntarily;

but excludes

  • information that has been made anonymous so that it does not identify a specific person;
  • permanently de-identified information that does not relate or cannot be traced back to you specifically;
  • non-personal statistical information collected and compiled by us; and
  • information that you have provided voluntarily in an open, public environment or forum including any blog, chat room, community, classifieds, or discussion board (because the information has been disclosed in a public forum, it is no longer confidential and does not constitute personal information subject to protection under this policy).

Examples

Common examples of the types of personal information which we may collect and process include your

  • identifying information – such as your title, name and surname, and identification number of any kind;
  • contact information – such as your phone number and email address;
  • address information – such as your residential address, postal address, business address, nationality and resident status;
  • reservation information – arrival date, departure date, hotel name, Travel Agent information, Company information (e.g. Company Name, Address, VAT number), accompanying guest (can include details of children e.g. name and surname and age);
  • history and future reservation information – record of previous stays including the revenue spend as well as future reservation details;
  • other information - personal preferences and special requests; restaurant dockets and other charges, call details from guest’s room, vehicle registration number and surveillance for security purposes in public areas;
  • Rewards programme information – membership number, tier, status points and SunRands earned, redeemed and available balance; 
  • technical and location information – information that is generated as a result of for example using the Southern Sun website.

We may also collect sensitive personal information including your

  • financial information – such as your credit card and / or bank account details (including proof of payments); and
  • medical and health information – such as information about your physical health, including wheelchair accessibility requests, dietary requirements, allergy information, information shared prior to SPA treatments. 

Acceptance

Acceptance required

  • You must accept all the terms of this policy when wanting to make use of our products and services. 

Legal capacity

  • You may not access our website or enquire or use our products and services if
    • you are younger than 18 years old and do not have the necessary consent or
    • where you do not have legal capacity to conclude legally binding contracts.

Deemed acceptance

  • By accepting this policy, you are deemed to have read, understood, accepted, and agreed to be bound by all of its terms.

Your obligations

  • You may only send us your own personal information or the information of another data subject where you have their permission to do so.

Changes

We may change the terms of this policy at any time by updating this web page. If you continue to use the website or our products and services following a change to the terms, the changed terms will apply to you and you will be deemed to have accepted those updated terms.

Collection

From browsers

We automatically receive and record Internet usage information on our server logs from your browser, such as your Internet Protocol address (IP address), browsing habits, click patterns, version of software installed, system type, screen resolutions, colour capabilities, plug-ins, language settings, cookie preferences, search engine keywords, JavaScript enablement, the content and pages that you access on the website, and the dates and times that you visit the website, paths taken, and time spent on sites and pages within the website (usage information). Please note that other websites visited before entering our website might place personal information within your URL during a visit to it, and we have no control over such websites. Accordingly, a subsequent website that collects URL information may log some personal information.

Cookies           

For information on how we deal with Cookies, please refer to our Cookie Policy.

Web beacons

Our website may contain electronic image requests (called a single-pixel gif or web beacon request) that allow us to count page views and to access cookies. Any electronic image viewed as part of a web page (including an ad banner) can act as a web beacon. Our web beacons do not collect, gather, monitor or share any of your personal information. We merely use them to compile anonymous information about our website.

When accessing and making use of our website products and service offerings as well as at various other times

The other times as referred to here includes but are not limited to when making a reservation, pre-arrival, arrival, stay, departure, settlement and after stay reporting and reviews; signing up for our frequentGuest rewards programme etc.

As there are various options available for making a reservation (e.g. telephone / e-mail, / walk-in / Southern Sun website, Travel Agents, Online Travel Agent “OTA”, Global Distribution system “GDS” / Shareblock Owner etc. we may also be receiving your information from Third Parties.

You are not required to provide any personal information to us, unless and until you choose to make a reservation; purchase our products and services; join ourRewards programme or sign up for one of our email newsletters, which can be unsubscribed to at any time. 

Once you register on our website, you will no longer be anonymous to us.

We will use the personal information to fulfil your account, provide additional services and information to you as we reasonably think appropriate, and for any other purposes set out in this policy.

Optional details

You may also provide additional information to us on a voluntary basis (optional information), when you enter competitions, take advantage of promotions, subscribed to our newsletters, respond to surveys, completing online forms etc. 

Purpose for collection

We may use or process personal information, or optional information that you provide to us for the purposes intended when the information was provided to us.  Processing includes gathering your personal information, disclosing it, and combining it with other personal information. We generally collect and process your personal information for various purposes, including:

  • to provide you use of our products and services – such as fulfilling the contract; managing our relationship with clients, before, during and after the stay or when making use of our products and services; managing the Rewards programme, enhanced user experience, client surveys etc.
  • legitimate purposes – such as wanting to protect our legitimate interest or that of yours
  • marketing purposes – such as pursuing lawful related marketing activities for our legitimate interest;
  • business purposes – such as internal audit, accounting, statistical, business planning, and joint ventures, disposals of business, or other proposed and actual transactions; and
  • legal purposes – such as where necessary in the performance of a contract; handling claims, complying with regulations, or pursuing good governance.

We may use your usage information for the purposes described above and to

  • remember your information so that you will not have to re-enter it during your visit or the next time you access the website;
  • monitor website usage metrics such as total number of visitors and pages accessed; and
  • track your entries, submissions, and status in any promotions or other activities in connection with your usage of the website.

Consent to collection

We will obtain your consent (where required) to collect personal information in accordance with applicable law.

Use

Our obligations

We may use your personal information to fulfil our obligations to you.

Messages and updates

We may send administrative messages and email updates to you about the website, our products and services that you have requested or received. We may wish to provide you with information about new features, products and services which we think you may be interested in. This means that in some cases, we may also send you primarily promotional messages. We will not send you promotional messages unless you have chosen to opt-into them (effective 1 July ’21) and we may send you one message asking you to opt-into promotional messages without you having opted-into promotional messages.   We also allow you to opt-out from marketing related communication. 

Targeted content

While you are logged into the website, we may display targeted adverts and other relevant information based on your personal information. In a completely automated process, computers process the personal information and match it to adverts or related information. We never share personal information with any advertiser, unless you specifically provide us with your consent to do so. Advertisers receive a record of the total number of impressions and clicks for each advert. They do not receive any personal information. If you click on an advert, we may send a referring URL to the advertiser’s website identifying that a customer is visiting from the website. We do not send personal information to advertisers with the referring URL. Once you are on the advertiser’s website however, the advertiser may be able to collect your personal information.

Disclosure

Sharing

We may share your personal information with

  • Anyone making a successful application for access in terms of PAIA;
  • Employees, that require the personal information to do their jobs and rendering our products and services to you. These include our responsible hotel staff, management, sales and marketing, accounting, audit, compliance, information technology, or other personnel.
  • Other hotels or divisions within the Group to which we belong so as to provide joint content and services like registration, for transactions and customer support; Rewards programme; to help detect and prevent potentially illegal acts and violations of our policies, and to guide decisions about our products, services, and communications;
  • Travel Agents and Corporates where for example stays are to be billed back for payment by these parties;
  • Our service providers under contract who help provide certain goods or services or help with parts of our business operations, including Audit (Internal and External), IT sub-contractors, fraud prevention, invoicing portal, marketing, technology services, offsite contracted document storage facilities.  Our contracts dictate that these goods or services providers only use your information in connection with the goods or services they supply or services they perform for us and not for their own benefit;
  • Credit bureaus to report account information, as permitted by law;
  • Banking partners as required by credit card association rules; and
  • Regulators, as required by law or governmental audit.
  • Law enforcement if required:
    • by a subpoena or court order;
    • to comply with any law;
    • to protect the safety of any individual or the general public; and
    • to prevent violation of our customer relationship terms.
  • Marketing purposes to for example disclose aggregate statistics (information about the customer population in general terms) about the personal information to advertisers or business partners to provide services (e.g. maintenance, analysis, audit and marketing). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.

Online WebChat

We may make use of a live online chat facility that will be available on select pages of southernsun.com and the hotel booking engine. This chat is permission based and is initiated by visitors to the website. All chats are monitored for quality assurance purposes.

Change of ownership

If we undergo a change in ownership, or a merger with, acquisition by, or sale of assets to, another entity, we may assign our rights to the personal information we process to a successor, purchaser, or separate entity. We will disclose the transfer on the website. If you are concerned about your personal information migrating to a new owner, you may request us to delete your personal information.

Security

We take the security of personal information very seriously and always do our best to comply with applicable data protection laws. We take practical and reasonable steps to secure your personal information from unauthorised access, use or disclosure.  When personal information (such as a credit card number) is transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol. 

Our hosting companies and service providers will host our website and other systems in a secure server environment that uses a firewall and other advanced security measures to prevent interference or access from outside intruders. We have organizational measures such as access controls e.g. user IDs and passwords for accessing systems and we authorise access to personal information only for those employees who require it to fulfil their job responsibilities.  We implement disaster recovery procedures where appropriate.    

Accurate and up to date

We will endeavour to keep the personal information we collect as accurate, complete and up to date as is necessary for the purposes defined in this policy. You are able to review or update personal information that we hold on you through the following means:

  • Accessing your account online (frequentGuest rewards programme members only),
  • Upon check-in and throughout the duration of your stay at any of our hotels
  • Contacting our Customer Contact Centre:  +27 11 461 9744 or 0861 44 77 44
  • PAIA manual

Please note that in order to better protect you and safeguard your personal information, we take steps to verify your identity before granting you access to your account or making any corrections to your personal information.

Objection or deleting your information

You may want to object to the processing of your data or request for the personal information you have submitted to us to be deleted, by referring to our PAIA  manual. The necessary form can be completed either online or by downloading, completing and returning it back to us as explained in the PAIA manual. 

Retention

We will only retain your personal information for as long as it is necessary to fulfil the purposes explicitly set out in this policy, unless

  • Retention of the record is required or authorised by law; or
  • You have consented to the retention of the record.

During the period of retention, we will continue to abide by our non-disclosure obligations and will not share or sell your personal information.

We may retain your personal information in physical or electronic records at our discretion.

Transborder flow

We manage central booking engines for our hotels, in order to collect the information pertaining to your reservation and then distribute this to the hotel booked.  We also manage a global database of clients staying in our various Hotels as well as managing the Rewards programme.  Since we operate in multiple countries, we may transmit or transfer personal information outside of the country in which it was collected to a foreign country and process it in that country.  Personal information may be stored on servers located outside the country in which it was collected in a foreign country whose laws protecting personal information may not be as stringent as the laws in the country in which it was collected. We endeavor to protect your personal information during these transfers through the security measures we and our service providers have in place.  You consent to us processing your personal information in a foreign country whose laws regarding processing of personal information may be less stringent.

Limitation

We are not responsible for, give no warranties, nor make any representations in respect of the privacy policies or practices of linked or any third party websites from southernsun.com.  We encourage you to review the privacy statement of websites you choose to link to from Southern Sun so that you can understand how those websites collect, use and share information.  We are not responsible for privacy statements or other content on websites outside of Southern Sun and the Southern Sun ecosystem of websites.

Enquiries

If you have any questions or concerns arising from this privacy policy or the way in which we handle personal information, please notify us accordingly.  We will use all commercially reasonable efforts to promptly deal with any questions and / concerns that you might have

Information Officer: Rosa van Onselen
Street Address: Nelson Mandela Square South Tower, Maude Street, Sundown, Sandton, 2196
Postal Address: Private Bag X200, Bryanston 2146
Telephone: +27 11 461 9777
E-mail: privacy@southernsun.com
Website: www.southernsun.com