Privacy Policy

SmartTrip Africa (Pty) Ltd (“STA”/”we”/”us”) is committed to protecting your privacy. We will only use the information that we collect about you lawfully in accordance with South African Data Protection Legislation, specifically Section 18 of the POPI Act. 

1. General Privacy Policy

1.1  Information collected

We collect the information you choose to supply to us through enquiry forms purchasing our products and any time you e-mail us. This includes the collection of contact details such as your name, address, telephone number and email address, engagement details including your purchase history and attraction visit history,  device data including IP addresses and details about your browsing history, browser type, and session frequency and cookies - please see our separate cookie policy. 

1.2       We also collect information automatically about your visit to our web site.

The information obtained in this way, which includes demographic data and browsing patterns, is only used in aggregate form, and as such, cannot be used to identify you.

1.3       This aggregate information is used to:

  • build up marketing profiles
  • aid strategic development
  • audit usage of the site

1.4       Use of personal information

Our legal bases for collecting and using your information is as follows:

  • Contract – we need your information to enter into and perform our contract with you
  • Consent – some information is processed because you have given your consent.
  • Legitimate interest – some information we collect is used for legitimate business interest such as :
    • Providing updates on attractions and or services
    • Obtaining customer feedback to improve the quality of our service
    • Running competitions
  • Compliance with legal and regulatory obligations

When purchasing a SmartPASS Cape Town, customers from EU countries will be given the choice to opt-in to receive marketing communication by checking a box. These communications include but are not limited to emails, SMS and push notifications, giving information, tips and promotions on upgrades and third party offers relevant to a customer’s trip, and promotions on other city passes. Non-EU customers will have the option to uncheck a box to opt out from receiving these communications. All recipients can unsubscribe from marketing communication at any time, by clicking on the unsubscribe process included in every message. 

1.5      Your personal rights and how to contact us

You have certain rights under existing data protection legislation including the right to request a copy of the personal information we hold about you, if may you request it from us verbally or in writing.

You will have the following rights:

  1. Right to access: the right to request copies of your personal information from us;
  2. Right to correct: the right to have your personal information rectified if it is inaccurate or incomplete;
  3. Right to erase: the right to request that we delete or remove your personal information from our systems;
  4. Right to restrict our use of your information: the right to ‘block’ us from using your personal information or limit the way in which we can use it;
  5. Right to data portability: the right to request that we move, copy or transfer your personal information; 
  6. Right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or where we use your personal information to carry out profiling to inform our market research and customer demographics  (see section 5 above).

To make enquiries, exercise any of your rights set out in this Privacy Policy and / or make a complaint please contact our Customer Services Team at info@smartpasscapetown.com

This Privacy Policy shall be governed and construed in all respects in accordance with the laws of South Africa.

How long do we keep your personal information?

We will hold your personal information on our systems for as long as necessary depending on the purpose to which it was provided or until you request it is deleted. Even if we delete your personal information it may persist on backup or archival media for legal, tax or regulatory purposes.

When determining the relevant retention periods, we will take into account factors including: 

  • our contractual and business relationships with you;
  • legal obligations under applicable law to retain data for a certain period of time;
  • statute of limitations under applicable law(s);
  • (potential) disputes; and
  • guidelines issued by relevant supervisory authorities 

2. Who do we SHARE your personal data with?

We share the data with third parties, to help manage our business and deliver services, in which case we will require those parties to keep that information confidential and secure and to use it solely for the purpose of providing the specified services.

These third parties may from time to time need to have access to your personal data, and include:

  • service providers, who help manage our IT and back office systems, and assist with our Customer Relationship Management activities
  • our regulators, which include the ICO, as well as other regulators and law enforcement agencies in the E.U. and around the world,
  • solicitors and other professional services firms (including our auditors).

We do not sell any personal data to third parties.

 3. International Transfer Of Data

We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests, in particular we will either:

  • only transfer your personal data to countries which are recognised as providing an adequate level of legal protection in accordance with Article 45 of the GDPR; or
  • ensure that transfers outside the European Union are subject to appropriate legal safeguards.

 4. Security

We acknowledge that the information you provide may be confidential and will maintain the confidentiality of and protect your information in accordance with our normal procedures and all applicable laws. We employ appropriate technical and organisational security measures to help protect your personal data against loss and to guard against access by unauthorised persons. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

In addition, those employees, agents, contractors and other third parties who process your personal data will only do so on our instructions and they will be subject to a duty of confidentiality.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. Any transmission is at your own risk. Once we have received your information, we will use procedures and security features to try to prevent unauthorised access.

 5. Cookies

We use cookies on our website and in relation to the App.  For details of our cookie policy please refer to our Cookie Policy