Privacy Policy
Effective Date: 26 September 2025
Last Updated: 26 September 2025
1. Introduction
Club Corporate Travel (Pty) Ltd T/A Destini ("we," "us," "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other relevant South African laws.
This policy applies to all personal information we process in the course of providing our corporate travel management services, including information collected through our website, www.destini.travel, our client portal (NexCT), and other communication channels.
By engaging with our services or providing your personal information to us, you acknowledge that you have read and understood this Privacy Policy. If you are providing information on behalf of other individuals (e.g., fellow travellers), you are responsible for ensuring they are aware of the contents of this policy.
2. Definitions
- "Data Subject" means the person to whom personal information relates. In the context of our business, this is typically the corporate traveller.
- "Personal Information" means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person. This includes, but is not limited to, the information listed in section 3 below.
- "Processing" means any operation or activity concerning personal information, including its collection, receipt, recording, organization, storage, updating, use, dissemination, or destruction.
- "Responsible Party" means the public or private body which, alone or in conjunction with others, determines the purpose of and means for processing personal information. For the purposes of this policy, Club Travel Corporate (Pty) Ltd T/A Destini is the Responsible Party.
- "Special Personal Information" includes information concerning religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric information, or the criminal behaviour of a data subject.
3. Personal Information We Collect
We collect and process personal information that is necessary to provide our corporate travel management services. Failure to provide certain information may limit our ability to provide you with our services. The types of personal information we collect include:
- Information Provided by Your Employer (Our Client):
Full name, employee number, job title, and work contact details (email address, phone number).
- Information You Provide Directly to Us:
Identity and Travel Documentation: Passport number, expiry date, country of issue; national identity number; visa details; and driver's license information.
Contact Information: Personal email address, mobile phone number, and emergency contact details.
Travel Preferences and Loyalty Programs: Seating preferences, meal preferences, frequent flyer numbers, and hotel/car rental loyalty program details.
Demographic Information: Date of birth, gender, and nationality.
Financial Information: Corporate or personal credit card details for payment of travel services.
- Special Personal Information:
We only process Special Personal Information with your explicit consent or where it is necessary for the establishment, exercise, or defense of a right in law. This may include:
Health Information: Such as dietary requirements that may imply a health condition, requests for mobility assistance, or other health-related information necessary to ensure your safety and comfort during travel.
Biometric Information: In limited cases where required by a third-party supplier (e.g., for identity verification).
Race or Ethnic Origin: As may be required for visa applications or by immigration authorities.
- Information Collected Automatically:
When you visit our website, we may collect technical information such as your IP address, browser type, and device information. This is primarily done through the use of cookies. Please see our Cookie Policy for more details.
4. How and Why We Use Your Personal Information and Our Lawful Basis
We process your personal information only for specific, explicitly defined, and lawful purposes related to our business functions. Each processing activity is justified by a lawful basis under POPIA.
Purpose of Processing |
Lawful Basis for Processing |
To Provide Travel Management Services: To make and manage travel bookings, including flights, accommodation, car rentals, and other travel-related services. |
Performance of a Contract: Processing is necessary to fulfil our contractual obligations to you or your employer. |
Communication: To send you travel itineraries, booking confirmations, travel alerts, and other essential service-related communications. |
Performance of a Contract and our Legitimate Interest in providing effective customer service and ensuring your safety. |
Payment Processing: To process payments for travel services and to manage billing and invoicing with our corporate clients. |
Performance of a Contract. |
Customer Support: To respond to your inquiries, provide support during your travels, and manage any disruptions or emergencies. |
Performance of a Contract and our Legitimate Interest in maintaining high service standards. |
Compliance with Legal Obligations: To comply with legal and regulatory requirements, such as immigration laws, aviation security regulations, and financial record-keeping obligations. |
Compliance with a Legal Obligation. |
Direct Marketing: To send you information about our products, services, and special offers. |
Your explicit, opt-in Consent. You have the right to opt-out of direct marketing at any time. |
5. Disclosure of Information to Third Parties
To facilitate your travel arrangements, we need to share your personal information with various third-party service providers ("Operators"). We only share the information necessary for them to provide their services, and we have agreements in place to ensure they protect your information in line with POPIA.
Categories of third parties with whom we may share your information include:
- Airlines, hotels, car rental companies, and other accommodation and transport providers.
- Global Distribution Systems (GDS) used to book and manage travel.
- Visa and passport processing services.
- Third-party technology partners, such as the providers of our NexCT client portal.
- In-country travel partners and tour operators.
- Government and regulatory bodies, such as customs and immigration authorities, where required by law.
6. International Transfer of Personal Information
Corporate travel is inherently global, and as such, your personal information may be transferred to, and stored in, countries outside of the Republic of South Africa. These transfers are necessary to fulfil your travel bookings.
When we transfer your information internationally, we will ensure that the recipient country has adequate data protection laws that are substantially similar to POPIA, or that we have a binding agreement in place with the recipient that provides an adequate level of protection for your personal information, as required by Chapter 9 of POPIA.
7. Data Security and Breach Notification
We are legally obliged to secure the integrity and confidentiality of your personal information. We have implemented and maintain appropriate, reasonable technical and organizational security measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
In the unlikely event of a security compromise where your personal information has been accessed or acquired by an unauthorized party, we will notify the Information Regulator and you as soon as reasonably possible. This notification is detailed further in Section 12.
8. Data Retention
We will not retain your personal information for longer than is necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law or you have consented to us retaining the information for a longer period.
Our data retention periods are determined by our internal Data Retention Schedule, which considers legal, regulatory, and operational requirements. For example:
- Transactional Data (e.g., invoices, payment records): Retained for a minimum of 5 years as required by the Companies Act and tax legislation.
- Traveller Profile Data (e.g., passport copies, preferences): Retained for the duration of our service agreement with your employer and for a defined period thereafter to facilitate future bookings, unless you request earlier deletion.
For specific retention periods, please refer to our PAIA Manual or contact our Information Officer. Once information is no longer needed, it will be securely de-identified or destroyed.
9. Your Rights as a Data Subject
Under POPIA, you have the following rights in relation to your personal information:
- Right to be Notified: To be notified that your personal information is being collected.
- Right of Access: To request a copy of the personal information we hold about you.
- Right to Correction: To request the correction of any inaccurate, irrelevant, excessive, outdated, incomplete, or misleading information.
- Right to Deletion: To request the destruction or deletion of your personal information where we are no longer authorized to retain it.
- Right to Object: To object, on reasonable grounds, to the processing of your personal information.
- Right to Object to Direct Marketing: To object to the processing of your personal information for the purpose of direct marketing.
- Right to Complain: To lodge a complaint with the Information Regulator if you believe we are not processing your information in compliance with POPIA.
How to Exercise Your Rights
To exercise any of these rights, please submit a formal request in writing to our Information Officer using the contact details in Section 10. To protect your information, we will require you to provide adequate proof of your identity before we can process your request.
We will respond to your request within a reasonable time. Please note that for complex access requests, a fee may be payable in accordance with the fee schedule outlined in our PAIA Manual.
10. Contact Information
Our Information Officer:
Information Officer: Wayne Kruger
Email: wayne@nexct.co
Telephone: 011 268 4411The Information Regulator (South Africa):If you are not satisfied with our response to your query or complaint, you have the right to contact the Information Regulator.
Website: https://inforegulator.org.za/
Email: complaints.IR@justice.gov.za
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
11. Protection of Children's Personal Information
Our services are not directed at children, and we do not knowingly collect personal information from children (natural persons under the age of 18) without the prior, verifiable consent of a "competent person" (i.e., a parent or legal guardian).
The processing of a child's personal information is generally prohibited under POPIA. Where travel services are required for a minor as part of a corporate booking made by their parent or guardian's employer, we will only process the necessary information on the lawful basis of having obtained explicit consent from the parent or guardian, facilitated through our corporate client. If we become aware that we have collected personal information from a child without such consent, we will take steps to delete that information.
12. Expanded Breach Response
Should a data breach occur that is likely to result in a risk to your rights and freedoms, we are committed to notifying you and the Information Regulator without undue delay. The notification provided to you will be in clear and plain language and will include:
- A description of the nature of the security compromise.
- The likely consequences of the breach for you.
- A description of the measures we have taken or propose to take to address the breach and mitigate its possible adverse effects.
- A recommendation on the steps you can take to protect yourself.
- The identity of the unauthorized person who may have accessed or acquired the information, if this is known to us.
We will communicate this information via email or, if necessary, through a prominent notice on our website.
