img

App Privacy Policy

ELEPHANT POINT PRIVATE RESERVE APP PRIVACY POLICY

Last Updated: 23 June 2026

1. Introduction

This Privacy Policy explains how the Elephant Point Private Reserve mobile application ("App") collects, uses, stores, shares, and protects personal information.

The App is operated by Elephant Point Hotel Owners Association NPC ("Elephant Point", "we", "our", or "us"), which is the responsible party for purposes of the Protection of Personal Information Act, 2013 ("POPIA"), unless this Privacy Policy states otherwise.

This Privacy Policy applies to all users of the Elephant Point Private Reserve App available through Google Play, Apple App Store, and other authorized distribution channels.

By using the App, you acknowledge that your personal information will be processed in accordance with this Privacy Policy and applicable data protection laws, including the POPIA. Where required by applicable law, we will obtain your consent before processing your personal information. In other cases, we will process personal information where the processing is necessary to be provided to the App and related services, comply with legal obligations, protect legitimate interests, or for another lawful basis recognized under POPIA.

2. Contact Information

If you have questions regarding this Privacy Policy or wish to exercise your privacy rights, please contact:

Elephant Point Hotel and Suites Proprietary Limited

  • Email: hello@elephantpoint.co.za
  • Telephone: +27 13 880 0170
  • Address: R536, Skukuza, 1350, Kruger National Park, South Africa
  • Information Officer: Darren Bezuidenhout
  • Information Officer email: dbezuidenhout@legacyhotels.co.za

3. Information We Collect

Depending on the services you use, we may collect the following categories of information.

3.1 Information You Provide

  • Name and surname
  • Email address
  • Mobile telephone number
  • Reservation or booking information
  • Feedback, reviews, and support requests

3.2 Information Collected Automatically

When you use the App, we may automatically collect:

  • Device type and operating system
  • Device identifiers
  • Application version
  • Usage and interaction information
  • App performance and diagnostic information

3.3 Digital Services Information

Where digital services or mobile key functionality is enabled at a property, the App may process information required to authenticate and authorize access to accommodations or facilities, including access credential status, lock or access event logs, and related technical data necessary to operate and secure those services.

3.4 Device Permissions

The App may request access to certain device features where required for functionality, including:

  • Camera (for QR code scanning or guest services where applicable)
  • Internet and Network Access (to communicate with our systems and service providers)
  • Push notifications (for operational messages, booking-related alerts, digital key notices, and service communications, where enabled on your device)

You can manage many device permissions through your device settings. If you disable certain permissions, some App features may not function properly.

3.5 Special Personal Information

We do not intentionally collect special personal information as defined under POPIA unless it is strictly necessary, legally permitted, and subject to appropriate safeguards. If special personal information is processed in a limited case, we will do so only in accordance with applicable law.

3.6 Information Collected from Third Parties

We may receive personal information from third parties such as booking agents, property management systems, hospitality service providers, identity or access management providers, and our service providers where necessary to provide the App, verify reservations, enable digital services, or maintain security.

4. How We Use Your Information

We use personal information for the following purposes:

  • Creating and managing user accounts
  • Authenticating users
  • Providing guest services
  • Facilitating guest communications
  • Processing service requests
  • Providing digital service features where available
  • Sending operational notifications
  • Delivering customer support
  • Detecting and preventing fraud, misuse, or unauthorized access
  • Complying with legal and regulatory obligations
  • Maintaining, troubleshooting, securing, and improving the App and related systems
  • Generating aggregated or de-identified analytics, reports, and service insights that do not identify you personally

We will process personal information only for specific, explicitly defined, and lawful purposes related to our functions and activities. If we need to use personal information for a purpose that is materially different from the purpose for which it was originally collected, we will notify you and, where required, obtain additional consent.

5. Sharing of Personal Information

We do not sell personal information and do not disclose personal information to third parties for advertising, marketing, resale, profiling, or unrelated commercial purposes. We make use of some third-party providers for processing data to operate the App. This processing is entirely under our instruction and control, and providers are contractually bound by the terms outlined in this Privacy Policy and by appropriate confidentiality, security, and data processing obligations.

We make use of the following categories of service providers where necessary to process data:

5.1 Technology and Hosting Providers

  • Cloud hosting providers
  • Infrastructure and security providers
  • Application monitoring providers

5.2 Analytics Providers

We may use third-party analytics providers to understand App usage and improve performance. These providers may collect device, usage, and technical information on our behalf, subject to contractual restrictions and applicable law.

5.3 Property Management and Hospitality Systems

Where required to provide guest services, information may be exchanged with:

  • Property management systems
  • Digital access and lock management systems

5.4 Service Providers

Third parties assisting with:

  • Customer support
  • Communications
  • System maintenance
  • Security operations

5.5 Legal and Regulatory Authorities

We may disclose information where required by:

  • Applicable law
  • Court order
  • Government request
  • Regulatory obligation
  • Law enforcement investigation

5.6 Operators and Intra-Group Disclosures

We may share personal information with operators processing information on our behalf and, where applicable, with affiliated entities involved in operating the App, managing reservations, guest services, security, or support, in each case only to the extent necessary for lawful purposes consistent with this Privacy Policy.

5.7 Cross-Border Transfers

Your personal information may be stored or processed in countries outside South Africa where our service providers, systems, or hosting infrastructure are located. Where we transfer personal information across borders, we will do so in accordance with POPIA, including by ensuring that the recipient is subject to laws, binding corporate rules, or contractual terms that provide an adequate level of protection, or that another lawful transfer mechanism applies.

6. Data Security

We implement technical and organizational measures designed to protect personal information from unauthorized access, disclosure, alteration, or destruction.

These measures include:

  • Encryption of data in transit
  • Secure cloud infrastructure
  • Access controls and authentication mechanisms
  • Role-based permissions
  • Monitoring and logging
  • Security testing and vulnerability management

Although we take reasonable technical and organizational measures to secure personal information, no method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

If we become aware of a security compromise affecting personal information, we will take steps required by applicable law, which may include investigating the incident, mitigating its effects, and notifying affected persons and the Information Regulator where required.

7. Data Retention

We retain personal information only for as long as necessary to:

  • Provide services through the App
  • Maintain guest records
  • Comply with legal obligations
  • Enforce agreements
  • Maintain security and audit records

Retention periods may vary depending on the nature of the information and applicable legal requirements.

When personal information is no longer required, it will be securely deleted, anonymized, or destroyed in accordance with our retention procedures and applicable law.

Where we are required or permitted by law to retain information for longer periods, including for tax, accounting, dispute resolution, fraud prevention, or evidentiary purposes, we may do so for those periods.

8. Account Deletion and Data Deletion Requests

You may request:

  • Access to your personal information
  • Correction of inaccurate information
  • Deletion of personal information
  • Restriction of processing where legally permitted

Deletion requests may be submitted to:

Email: dbezuidenhout@legacyhotels.co.za

We will review and respond to requests within a reasonable period and in accordance with applicable law.

Certain information may be retained where required by law, contractual obligations, fraud prevention requirements, or legitimate business purposes.

Where applicable, we may need to verify your identity before acting on a request. If we are unable to comply with a request, we will explain the basis on which the request is refused or limited, subject to applicable law.

9. Your Rights Under POPIA

Subject to applicable law, you may have the right to:

  • Know what personal information we hold
  • Request access to your information
  • Request correction of inaccurate information
  • Object to certain processing activities
  • Request deletion of information where legally permitted
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with the Information Regulator

Information Regulator (South Africa): https://www.justice.gov.za/inforeg

10. Children's Privacy

The App is not directed to children under the age of 18 without the involvement of a parent, guardian, or responsible adult.

We do not knowingly collect personal information from children in violation of applicable laws. If we become aware that we have collected personal information from a child unlawfully or without the required competence, consent, or authorization, we will take appropriate steps to delete or de-identify that information, unless we are legally required to retain it.

11. Third-Party Services and Links

The App may contain links to third-party services, websites, attractions, booking providers, or hospitality partners. We are not responsible for the privacy practices of third-party services and encourage users to review their privacy policies separately.

Third-party platforms such as the Apple App Store and Google Play may also process personal information in connection with downloads, updates, payments, analytics, or device-level services, subject to their own privacy terms.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. Changes will become effective when the revised version is published. Where required by law, we will notify users of material changes through the App or other appropriate communication channels.

13. Consent

By downloading, accessing, or using the Elephant Point Private Reserve App, you acknowledge that you have read and understood this Privacy Policy and understand how your personal information will be processed as described in this Privacy Policy. Where consent is required by applicable law, your use of relevant functionality or your express agreement will constitute that consent. Where consent is not the legal basis for processing, we will rely on another lawful basis permitted under POPIA.

14. Responsible Party and Operator Roles

In some cases, Elephant Point may act as the responsible party determining the purpose and means of processing personal information. In other cases, certain service providers may act as operators processing personal information on our behalf. We require operators to process personal information only on our instructions, keep it confidential, and implement appropriate security measures.

Data Quality and Accuracy

We take reasonably practicable steps to ensure that personal information is complete, accurate, not misleading, and updated where necessary, having regard to the purpose for which it is processed. You should notify us if your personal information changes or if you believe any information we hold about you is inaccurate.