PROTECTION OF PERSONAL INFORMATION ACT
CUSTOMER PRIVACY NOTICE
This Notice explains how we obtain, use and disclose your personal information, in accordance with the requirements of the Protection of Personal Information Act (“POPIA”).
At Sheldon’s Walking Tours (and including this website, POPIAct-Compliance) we are committed to protecting your privacy and to ensure that your personal information is collected and used properly, lawfully and transparently.
About the Company
Sheldon’s Walking Tours
The information we collect
We collect and process your personal information mainly to contact you for the purposes of understanding your requirements, and delivering services accordingly. For this purpose we will collect contact details including your name and organisation.
We collect information directly from you where you provide us with your personal details. Where possible, we will inform you what information you are required to provide to us and what information is optional.
Website usage information may be collected using “cookies” which allows us to collect standard internet visitor usage information.
How we use your information
We will use your personal information only for the purposes for which it was collected and agreed with you. In addition, where necessary your information may be retained for legal or research purposes.
For example:
To gather contact information;
To confirm and verify your identity or to verify that you are an authorised user for security purposes;
For the detection and prevention of fraud, crime, money laundering or other malpractice;
To conduct market or customer satisfaction research or for statistical analysis;
For audit and record keeping purposes;
In connection with legal proceedings.
Disclosure of information
We may disclose your personal information to our service providers who are involved in the delivery of products or services to you. We have agreements in place to ensure that they comply with the privacy requirements as required by the Protection of Personal Information Act.
We may also disclose your information:
Where we have a duty or a right to disclose in terms of law or industry codes;
Where we believe it is necessary to protect our rights.
Information Security
We are legally obliged to provide adequate protection for the personal information we hold and to stop unauthorized access and use of personal information. We will, on an on-going basis, continue to review our security controls and related processes to ensure that your personal information remains secure.
Our security policies and procedures cover:
Physical security;
Computer and network security;
Access to personal information;
Secure communications;
Security in contracting out activities or functions;
Retention and disposal of information;
Acceptable usage of personal information;
Governance and regulatory issues;
Monitoring access and usage of private information;
Investigating and reacting to security incidents.
When we contract with third parties, we impose appropriate security, privacy and confidentiality obligations on them to ensure that personal information that we remain responsible for, is kept secure.
We will ensure that anyone to whom we pass your personal information agrees to treat your information with the same level of protection as we are obliged to.
Your Rights: Access to information
You have the right to request a copy of the personal information we hold about you. To do this, simply contact us at the numbers/addresses as provided on our website and specify what information you require. We will need a copy of your ID document to confirm your identity before providing details of your personal information.
Please note that any such access request may be subject to a payment of a legally allowable fee.
Correction of your information
You have the right to ask us to update, correct or delete your personal information. We will require a copy of your ID document to confirm your identity before making changes to personal information we may hold about you. We would appreciate it if you would keep your personal information accurate.
Definition of personal information
According to the Act ‘‘personal information’’ means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. Further to the POPI Act, COR Concepts also includes the following items as personal information:
All addresses including residential, postal and email addresses.
Change of name – for which we require copies of the marriage certificate or official change of name document issued by the state department.
How to contact us
If you have any queries about this notice; you need further information about our privacy practices; wish to withdraw consent; exercise preferences or access or correct your personal information, please contact us at the numbers/addresses listed on our website.
This privacy notice forms part of your agreement with Activitar.
During our interactions, you share personal information with Tornado Tour Systems (Pty) Ltd, trading as Activitar, registration number 2004/000954/07.
This notice tells you what to expect when we collect information from you and how we use it.
It is part of our agreement with you, and we may need to update it occasionally. When we do, we will inform you. You should read this notice along with our terms and conditions that apply to the products and services you use.
If you have any questions about this policy, please contact us by email at privacy@activitar.com or by phone on +2787 250 0276
We collect your information in the circumstances outlined below. Sometimes we are required by law to collect your information, for instance, if tax legislation forces us to collect personal information.
We need some general information before we can enter into an agreement and you can begin to use our reservation system and online distribution service.
We collect your:
company name
contact details
VAT number
banking details
details related to your operating processes and offerings
details contained in your company registration documents
identity documents of your mandated officials
proof of address of your mandated officials
proof of banking details
We use this information to:
load you on our services and configure the system
set up and process payments via the payment gateway
communicate with you
provide training
process orders
provide your offerings to clients via activitar.com
provide support
send you statements, receipts, invoices or any other legal documents that relate to your transaction
fulfill our legal obligation to use or disclose your information
Legal basis for processing: Data protection legislation allows us to process personal information when it is necessary for the performance of a contract with you. In other instances, we are required by law to collect your information, for instance tax legislation forces us to collect personal information. |
In order for our service to function properly, ‘customer data’ is generated and collected. This includes your, and your clients’ personal information. We collect your clients’ names, contact details, and details about their bookings.
We use customer data to process bookings and reservations on our reservation system and distribution service, to analyse and improve our services and to identify and solve problems where they may appear.
Legal basis for processing: Data protection legislation allows us to process personal information when it is necessary for the performance of a contract with you. |
When you contact us by social media, email, our support service or telephone with a query, complaint, or request, we collect the information contained in your message. We use the information we collect to reply to, investigate, and resolve your query, complaint, or request.
Legal basis for processing: Data protection legislation allows us to process personal information when it is in our interest and we have chosen the least invasive way to process the information. It is in both our interest to reply to, investigate, and resolve your queries, complaints, and requests. |
We have a monthly newsletter that is delivered by email.
We’ll ask you whether you want to receive the newsletter, if you agree it is important that you know you can unsubscribe at any time by following the unsubscribe link at the bottom of the email or by contacting us.
Legal basis for processing: Data protection legislation allows us to process personal information when you have given us your express consent. |
We do not knowingly collect the personal information of children without the consent of a parent or guardian.
We use service providers and suppliers who we trust to assist us in providing our services to you. They have agreed to keep your information secure and confidential, and to only use it for the purposes for which we have sent it to them.
We share your information with service providers when they help us to:
store information
process payments
ensure you have access to the services you paid for
deliver our newsletter
help monitor the effectiveness of our promotions and advertising
help us manage our business, for instance accountants and professional advisors.
maintain our website
find and fix errors and performance issues on our website
Sometimes we will be required by law to share your information. For instance, we may be required to share your information with the South African Fraud Prevention Services. We will not sell your information or share information with third parties for the purposes of direct marketing (we don’t like spam either).
Some of the service providers that we use may be located in other countries; for instance, our cloud storage service. These countries may not have the same levels of protection of personal information as South Africa. If this is the case, we require that they undertake to protect the personal information of our customers to the same level that we do.
We will not retain your information for longer than we need to, unless we are legally required to do so. Most of your personal information will be retained for 5 years from the date of your last transaction with us. However, we may keep your contact details for longer for marketing and mailer purposes.
We have implemented reasonable security measures based on the sensitivity of the information we hold. These measures are in place to protect the information from being disclosed, from loss, misuse, and unauthorised access, and from being altered or destroyed.
We regularly monitor our systems for possible vulnerabilities and attacks, but no system is perfect and we cannot guarantee that we will never experience breach of any of our physical, technical, or managerial safeguards. If something should happen, we have taken steps to minimise the threat to your privacy. We will let you know of any breaches that affect your personal information and inform you how you can help minimise the impact.
You also have a role to play in keeping your information secure. For example, you should never share personal information with us in an email, because while our servers are protected, it is still possible that email can be intercepted. Instead, contact the Activitar support team at +2787 250 0276, which will connect you to Chris Coetzee, our information officer.
You have the right to know what kind of personal information we have about you, to correct it, and to opt out of marketing.
You have the right to
ask us what we know about you;
ask what information was sent to our suppliers, service providers, or any other third party;
ask us to update, correct, or delete any out-of-date or incorrect personal information we have about you;
unsubscribe from any direct marketing communications we may send you; and
object to the processing of your personal information.
You can request access to the information we have about you, or correct your personal information by contacting our deputy information officer at privacy@activitar.com. It can take us up to 21 days to respond to your request because there are procedures that we need to follow. In certain cases, we may require proof of your identity, and sometimes changes to your information may be subject to additional requirements such as valid proof of residence.
If you are in the European Union, you have these rights in terms of the GDPR:
The right to be informed about the collection and use of your personal information.
The right to access your personal information. You may make such a request from us by contacting privacy@activitar.com. We may take one month to respond to your request and may charge a fee in some circumstances. We will let you know if this is the case.
You have a right to have inaccurate personal information corrected or completed if it is incomplete. You may make such a request from us by contacting privacy@activitar.com. We may take one month to respond to your request and may refuse in certain circumstances.
You have the right to have your personal information erased, also known as the ‘right to be forgotten’. You may make such a request from us by contacting privacy@activitar.com. We may take one month to respond to your request and may refuse in certain circumstances.
You have the right to request that we restrict or suppress your personal information. You may make such a request from us by contacting privacy@activitar.com. We may take one month to respond to your request and may refuse in certain circumstances.
You have the right to reuse your personal information for your own purposes across different services, also known as the right to data portability.
You have the right to object to us processing your personal information in certain circumstances. You may make your objection by contacting privacy@activitar.com. We may take one month to respond to your request. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
You have the right to complain to a supervisory authority in the Member State where you live or work, or where the infringement took place.
You have the right to object to automated decision-making and profiling.
You may ask that a human review any automated decisions that we make about you, express your point of view about it, and obtain an explanation of the decision. You may challenge any automated decision made about you by contacting privacy@activitar.com. We may take one month to respond to your request.
© 2025 Tornado Tour Systems (Pty) Ltd ta Activitar.