Home / Privacy Policy

Privacy Policy

Last updated: 18 April 2026

1. Introduction

StartLine (Pty) Ltd (“we”, “us”, “our”, or the “Company”) is committed to protecting the privacy and personal information of all users of our booking website and related services (the “Platform”). This Privacy Policy explains how we collect, use, share, and protect your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (“POPIA”) and all applicable South African law.

By using our Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your personal information as described herein. If you do not agree with the terms of this Policy, please discontinue use of the Platform.

2. Responsible Party and Information Officer

For the purposes of POPIA, the Responsible Party is:

Company Name: StartLine (Pty) Ltd

Email Address: hello@startline.co.za

Website: startlinesa.co.za

3. Personal Information We Collect

We collect the following categories of personal information from you when you use our Platform:

3.1 Identity and Contact Information

  • Full name and surname
  • Email address
  • Mobile and telephone numbers
  • Physical and postal address
  • Identity number or passport number (where required for bookings)

3.2 Booking and Transaction Information

  • Booking details, dates, preferences, and special requests
  • Payment information (credit/debit card details processed via secure third-party gateways)
  • Transaction history and booking confirmations
  • Communication records relating to your bookings

3.3 Technical and Usage Information

  • IP address and device identifiers
  • Browser type and operating system
  • Pages visited, time spent on the Platform, and click-stream data
  • Cookie data and tracking information

3.4 Optional Information

  • Profile photo or avatar (if provided)
  • Reviews and ratings submitted by you
  • Marketing preferences and subscription information

We only collect personal information that is adequate, relevant, and not excessive for the purposes described in this Policy.

4. Purposes for Which We Process Your Personal Information

We process your personal information for the following specific, explicit, and lawful purposes:

  • To create and manage your user account on the Platform
  • To process, confirm, and manage your bookings and reservations
  • To facilitate payment processing and issue invoices or receipts
  • To communicate with you regarding your bookings, queries, and complaints
  • To send you booking confirmations, reminders, and service updates
  • To send you marketing communications, offers, and newsletters (subject to your consent and opt-out rights)
  • To improve and personalise your experience on our Platform
  • To detect, prevent, and investigate fraud, abuse, or other unlawful activity
  • To comply with our legal and regulatory obligations under applicable South African law
  • To enforce our Terms and Conditions and other agreements
  • To conduct customer satisfaction surveys and analytics

5. Lawful Grounds for Processing

Under POPIA, we rely on the following lawful grounds to process your personal information:

  • Consent: Where you have given us explicit consent, for example, to receive marketing emails.
  • Contractual necessity: Where processing is necessary to perform a contract with you (e.g., processing your booking).
  • Legal obligation: Where we are required by law to process your information (e.g., for tax or financial record-keeping).
  • Legitimate interests: Where we have a legitimate business interest that is not overridden by your rights and interests (e.g., fraud prevention, platform security).

Where we rely on consent, you have the right to withdraw your consent at any time by contacting our Information Officer or using the opt-out mechanisms provided.

6. Sharing Your Personal Information with Third Parties

We may share your personal information with the following categories of third parties, strictly for the purposes described in this Policy:

6.1 Service Providers and Operators

  • Payment gateway providers
  • Email and SMS communication service providers
  • Cloud hosting and data storage providers
  • Website analytics providers
  • Customer support software providers

6.2 Booking Partners

  • Accommodation providers, tour operators, or other service providers listed on our Platform, to the extent necessary to fulfil your booking

6.3 Legal and Regulatory Authorities

  • Law enforcement, regulatory bodies, or courts where required or permitted by law
  • The Information Regulator of South Africa

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. All third parties with whom we share data are required to maintain adequate data protection standards consistent with POPIA.

7. Cross-Border Transfers of Personal Information

Some of our service providers may be located outside of South Africa. Where we transfer your personal information to a third party in a foreign country, we will ensure that:

  • The receiving country has data protection laws that provide an adequate level of protection substantially similar to POPIA; or
  • The recipient is bound by a binding agreement that upholds principles of data protection substantially similar to POPIA; or
  • You have consented to the transfer.

We will take all reasonably practicable steps to ensure that your personal information remains secure during any cross-border transfer.

8. Retention of Personal Information

We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law, whichever is longer. Our general retention guidelines are:

  • Account information: Retained for the duration of your account and for 5 years thereafter, or as required by applicable law.
  • Booking and transaction records: Retained for a minimum of 5 years to comply with financial and tax legislation.
  • Marketing records: Retained until you withdraw your consent or opt out.
  • Technical log data: Retained for up to 12 months unless required longer for security investigations.

When personal information is no longer required, we will securely destroy, delete, or de-identify it in accordance with our records management procedures.

9. Your Rights as a Data Subject

Under POPIA, you have the following rights regarding your personal information:

  • Right of access: You may request confirmation of whether we hold personal information about you and obtain a copy of that information.
  • Right to correction: You may request that we correct or update any inaccurate or incomplete personal information we hold about you.
  • Right to deletion: You may request the deletion or destruction of your personal information where it is no longer necessary for the purpose for which it was collected.
  • Right to object: You may object to the processing of your personal information on reasonable grounds.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time.
  • Right to lodge a complaint: You have the right to submit a complaint to the Information Regulator of South Africa.

To exercise any of these rights, please submit a written request to our Information Officer at hello@startline.co.za. We will respond within a reasonable time and no later than required by applicable law.

10. Cookies and Tracking Technologies

Our Platform uses cookies and similar technologies to enhance your browsing experience, analyse usage patterns, and deliver personalised content. The types of cookies we use include:

  • Strictly necessary cookies: Required for the Platform to function properly (e.g., session management, security).
  • Performance cookies: Collect anonymous data about how users interact with the Platform to help us improve functionality.
  • Functionality cookies: Remember your preferences and settings to personalise your experience.
  • Marketing cookies: Used to track your online activity and deliver relevant advertisements.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of the Platform.

11. Security of Your Personal Information

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, loss, or destruction. Our security measures include:

  • Encryption of data in transit using SSL/TLS technology
  • Secure access controls and authentication mechanisms
  • Regular security assessments and vulnerability testing
  • Staff training on data protection and privacy obligations
  • Restricted access to personal information on a need-to-know basis
  • PCI-DSS compliant payment processing (via third-party gateways)

In the event of a security breach that poses a risk to your personal information, we will notify you and the Information Regulator as required by POPIA, without unreasonable delay.

12. Complaints to the Information Regulator

If you are unsatisfied with how we have handled your personal information or your rights under POPIA, you have the right to lodge a complaint with the Information Regulator of South Africa:

Name: Information Regulator (South Africa)

Website: www.inforegulator.org.za

Email: inforeg@justice.gov.za

Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

We encourage you to contact us first to resolve any concerns before escalating to the Information Regulator.

13. PAIA Manual

In terms of the Promotion of Access to Information Act 2 of 2000 (“PAIA”), we have compiled a PAIA Manual which sets out how to request access to records held by us. A copy of our PAIA Manual is available on request from our Information Officer and on our website.

14. Direct Marketing

We will only send you direct marketing communications (including email newsletters, SMS promotions, and notifications) if you have consented to receive such communications or where permitted by applicable law.

You may opt out of receiving marketing communications at any time. Opting out of marketing communications will not affect your receipt of transactional communications related to your bookings.

15. Children and Minors

Our Platform is not intended for use by persons under the age of 18 years without the consent of a parent or legal guardian. We do not knowingly collect personal information from minors without parental consent. If you believe that a minor has submitted personal information to us without appropriate consent, please contact our Information Officer immediately so that we can take appropriate action.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by:

  • Posting the updated Policy on our Platform with a revised “Last Updated” date
  • Sending an email notification to the address registered to your account

Your continued use of the Platform following notification of changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us:

Email: hello@startline.co.za

Website: startlinesa.co.za

We are committed to resolving any privacy concerns promptly and in a manner consistent with POPIA and applicable law.

© 2026 StartLine (Pty) Ltd. All rights reserved. This document is governed by the laws of the Republic of South Africa.