top of page

Privacy Policy

Wine Not Relax (Pty) Ltd ("Wine Not Relax", "we", "our", "us"), registration number 2025/334421/07, operates premium short‑term accommodation in Yzerfontein, Western Cape, South Africa. We respect your privacy and process personal information lawfully, reasonably, and transparently in line with the Protection of Personal Information Act 4 of 2013 ("POPIA"), the Promotion of Access to Information Act 2 of 2000 ("PAIA"), and – where applicable – foreign legislation such as the EU General Data Protection Regulation (GDPR).

1  Who is responsible for your data

Responsible Party: Wine Not Relax (Pty) Ltd

Information Officer: Church Street, Randburg 2188, South Africa, info@winenotrelax.com

Information Regulator: JD House, 27 Stiemens St, Braamfontein 2001 Contact: inforeg@justice.gov.za · +27 (0)10 023 5207

2  POPIA Section 18 Notification

Required information:

Our statement -

(a) Categories of data subjects & personal information -

Guests' names, ID/passport number, e‑mail, phone, physical address, booking details; Payment data (tokenised card details via PayFast)

Website users: device & usage data, IP address, cookies.

Property owners/partners: contact & bank details.

(b) Source Directly from you, from travel platforms (Airbnb, Booking.com), or automatically via our website/app cookies & analytics

(c) Purpose of processing

Process and manage accommodation bookings and payments

Provide customer service

Market our accommodation (opt‑in)

Secure and maintain our website and property

Meet legal & SARS record‑keeping duties

(d) Whether supply is voluntary or mandatory & consequences

Most fields are voluntary.

Mandatory fields are flagged in booking forms.

If you do not provide mandatory information, we cannot confirm your booking or comply with law (FICA, SARS, etc).

(e) Lawful basis / justification

Contract (Condition 4(1)(b)) for bookings & payments; Consent for marketing & non‑essential cookies.

Legal obligation (Condition 4(1)(c)) for tax & accounting.

Legitimate interests (Condition 5(1)(a)) for security & fraud prevention.

(f) Recipients / categories of recipients

Payment processors (PayFast/Stripe), channel managers, cloud hosts (AWS EU‑Ireland), analytics providers (Google Analytics 4), cleaning & key‑handling contractors, SARS, SAPS or courts when lawfully required.

(g) Cross‑border flow

Some recipients are based in EU/EEA/USA. We rely on POPIA s 72 (1)(a); adequate data‑protection laws; or POPIA s72 (1)(d); binding data‑processing contracts to protect your information.

(h) Your Rights

Access, correction, objection, deletion/destruction, restriction, data portability (GDPR territories), lodge complaint with Regulator.

Procedures in section 7 below.

3  What we collect & how

  1. Direct information: details you type into booking or enquiry forms, send by e‑mail/phone, or hand over at check‑in.

  2. Payment information: handled by PayFast/Stripe on our behalf; we only receive a tokenised reference & last 4 digits.

  3. Device & usage data: IP address, browser type, referring page, session timestamps, collected via cookies, Google Analytics 4, and server logs.

  4. Camera recording / smart‑lock logs: for property security (recordings kept 30 days unless an incident occurs).

  5. Optional marketing preferences: your consent to receive specials or newsletters.

4  Cookies & similar tech

We use essential cookies (site security, language, session) and non‑essential cookies (analytics, remarketing). On first visit we display a banner asking you to opt in to non‑essential cookies. You can adjust settings any time or delete cookies in your browser. See www.aboutcookies.org for guidance.

5  How we share & transfer data

We never sell personal information. We share it only with vetted third parties listed in Section 2(f) under written contracts that:

  • limit use to our documented instructions.

  • impose POPIA‑equivalent safeguards; and

  • require notification of any unauthorised access.

When partners are outside South Africa, transfers occur only where POPIA s conditions are met (adequacy decisions, standard contractual clauses, or data‑subject consent).

6  Security safeguards & breach notification

  • TLS‑encrypted website & admin portal

  • ISO 27001‑certified cloud hosting (AWS eu‑west‑1)

  • Role‑based staff access & MFA

  • Encrypted, off‑site backups

  • Physical security (Cameras, alarms, armed response) at the property

If we reasonably believe personal information has been accessed or acquired by an unauthorised person, we will notify you and the Information Regulator as soon as reasonably possible in line with POPIA s22.

7  Your rights & how to exercise them
8  Direct marketing (section 69 ECTA & POPIA)

We send marketing messages only:

  • with your opt‑in consent, or

  • if you are an existing guest and we offer similar products, giving you an easy opt‑out at every contact.

9  Retention periods
10  Changes to this notice

We may update this notice from time to time. We will post the revised version and effective date on our website and, where material, notify registered users by e‑mail. Continued use after the effective date constitutes acceptance of the changes.

11  Contact Us

Information Officer – Wine Not Relax (Pty) Ltd
Church Street, Olivedale, Johannesburg North, 2188, South Africa
✉info@winenotrelax.com

If you believe we have not handled your request satisfactorily, you may complain to the Information Regulator (see Section 1).

bottom of page