Family managed since 2005
Legal

Privacy Policy

Buja Tours is committed to protecting your privacy. This policy explains how we collect, use, store, share and protect your personal information in accordance with the Protection of Personal Information Act (POPIA) and, where applicable, the GDPR.

Effective date: 2 July 2026

1. Introduction

Buja Tours is committed to protecting the privacy and personal information of our clients, business partners, suppliers, website visitors, and all individuals whose personal information we process.

This Privacy Policy explains how Buja Tours collects, uses, stores, shares, and protects your personal information in accordance with the Protection of Personal Information Act, 2013 (Act No. 4 of 2013) (“POPIA”) and, where applicable, the General Data Protection Regulation (GDPR).

By using our website, requesting a quotation, making a booking, or using our services, you acknowledge that you have read and understood this Privacy Policy.

3. Information Officer

The Information Officer is responsible for ensuring compliance with POPIA.

For any privacy-related enquiries or requests regarding your personal information, please contact our Information Officer.

4. Personal Information We Collect

Depending on the services you request, we may collect:

  • Full name
  • Identity or passport number
  • Nationality
  • Date of birth
  • Contact details
  • Postal and physical address
  • Emergency contact information
  • Company information
  • Payment and billing details
  • Travel preferences
  • Accommodation preferences
  • Dietary requirements
  • Accessibility requirements
  • Medical information relevant to travel arrangements
  • Booking history
  • Vehicle registration information (where applicable)
  • Visa information (where required)
  • Website usage information
  • IP address
  • Browser information
  • Cookies and analytics data

We only collect personal information that is necessary to provide our services or comply with legal obligations.

5. How We Collect Personal Information

We collect information directly from you when you:

  • Request a quotation
  • Make a booking
  • Contact us by email or telephone
  • Complete enquiry forms
  • Subscribe to our newsletter
  • Visit our website
  • Participate in promotions or surveys

We may also receive information from:

  • Travel agents
  • Tour operators
  • Corporate travel managers
  • Event organisers
  • Business partners
  • Service providers acting on your behalf

6. Why We Process Your Personal Information

We process personal information to:

  • Prepare quotations
  • Confirm bookings
  • Arrange accommodation
  • Arrange transport
  • Book flights and activities
  • Manage itineraries
  • Process payments
  • Issue invoices and receipts
  • Provide customer support
  • Communicate with you before, during and after your trip
  • Meet legal and regulatory requirements
  • Prevent fraud
  • Improve our services
  • Respond to enquiries
  • Send marketing communications where you have consented or where permitted by law

8. Sharing Your Personal Information

We use service providers and suppliers who we trust to assist us in providing our services to you. They have agreed to keep your information secure and confidential, and to only use it for the purposes for which we have sent it to them.

  • Hotels
  • Lodges
  • Guest Houses
  • Airlines
  • Transport providers
  • Activity operators
  • Tour guides
  • Restaurants
  • Payment service providers
  • Accountants
  • Auditors
  • Legal advisers
  • Insurance providers
  • Government authorities where required by law

Sometimes we will be required by law to share your information. For instance, we may be required to share your information with the South African Fraud Prevention Services. We will not sell your information or share information with third parties for the purposes of direct marketing.

9. International Transfers

As an international Destination Management Company, we may transfer personal information outside South Africa when necessary to arrange travel services. Where personal information is transferred internationally, Buja Tours will take reasonable steps to ensure appropriate safeguards are in place in accordance with POPIA.

10. Cookies and Website Analytics

Our website uses cookies to:

  • improve website functionality;
  • remember user preferences;
  • analyse website traffic;
  • improve user experience;
  • enhance website security.

You may disable cookies through your browser settings, although certain website features may not function correctly.

11. Marketing Communications

We may send newsletters, travel updates and promotional offers where:

  • you have provided consent;
  • you are an existing customer and applicable law permits such communications.

You may unsubscribe from marketing communications at any time by using the unsubscribe link in our emails or by contacting us directly.

12. Retention of Personal Information

We retain personal information only for as long as necessary to:

  • provide our services;
  • comply with legal obligations;
  • meet tax and accounting requirements;
  • resolve disputes;
  • enforce our agreements.

When information is no longer required, it is securely deleted or destroyed.

13. Protection of Personal Information

Buja Tours takes reasonable technical and organisational measures to safeguard personal information, including:

  • secure servers;
  • password-protected systems;
  • restricted staff access;
  • encrypted payment processing where applicable;
  • regular security monitoring;
  • staff confidentiality obligations.

Although every reasonable effort is made to protect your information, no electronic transmission or storage system is completely secure.

14. Children’s Personal Information

We do not knowingly collect or process personal information relating to children without the consent of a parent or legal guardian, except where permitted by law.

15. Your Rights Under POPIA

You have the right to:

  • know what personal information we hold about you;
  • request access to your personal information;
  • request correction of inaccurate information;
  • request deletion of personal information where appropriate;
  • object to certain processing;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with the Information Regulator (South Africa).

You may make such a request from us by contacting privacy@bujatours.com. We may take one month to respond to your request and may charge a fee in some circumstances.

16. Data Breaches

If Buja Tours becomes aware of a security breach involving your personal information that is likely to result in harm, we will notify affected individuals and the Information Regulator where required by POPIA.

17. Third-Party Websites

Our website may contain links to external websites. Buja Tours is not responsible for the privacy practices or content of third-party websites.

We encourage users to review the privacy policies of any external websites they visit.

18. Changes to This Privacy Policy

Buja Tours reserves the right to amend this Privacy Policy from time to time to reflect changes in legislation, business practices or technology.

The latest version will always be available on our website.

20. Complaints

If you believe that Buja Tours has not processed your personal information in accordance with POPIA, you may lodge a complaint with the Information Regulator (South Africa):