Effective date: 24 October 2025

Name: Haus am Strand 

Address: 83 Sands Road, Wilderness, 6560, South Africa

Email: info@hausamstrand.com

Telephone: +27 82298 4613

1) What this policy covers

This website provides information and images of our apartments and a “Contact Us” form. Online bookings are processed through the NightsBridge booking engine, which has its own privacy terms. When you follow our “Book Now” link or embedded widget, NightsBridge (and/or its payment providers) may be an independent controller of your booking information. Please review their Privacy Policy before booking.

2) The personal information we collect

•Contact form: name, email address, phone (optional), and message.

•Server logs & security: IP address, device/browser data, timestamps.

•Bookings: handled by NightsBridge (and its payment processors). We do not receive full card details via our website. See NightsBridge’s policy.  

3) Why we process your information (legal bases)

•To answer enquiries and provide customer service (legitimate interests / contract steps).

•To manage bookings and your stay (contract; performed mainly via NightsBridge).

•To secure our website and prevent abuse (legitimate interests).

Where EU/UK law applies, we rely on the lawful bases in GDPR Article 6 (e.g., contract, legitimate interests, consent where required).  

4) Cookies & similar technologies

We use essential cookies for basic site operation and security. If we use any non-essential cookies (e.g., analytics or marketing), we will ask for consent for visitors from the EEA/UK and provide a way to change your preferences. Non-essential cookies generally require opt-in consent in the EU/UK (under ePrivacy + GDPR/UK GDPR).  

Your choices:

•Use our cookie banner (if shown) to accept, reject, or customise non-essential cookies.

•You can also clear cookies in your browser settings.

(If you use only strictly necessary cookies, the banner can be limited to a short notice. Some EU authorities allow narrowly-scoped analytics without consent under strict conditions; if you enable such tools, configure them accordingly.)  

5) Who we share information with

•Booking platform: NightsBridge (and its payment providers). See their privacy policy.  

•Technical providers: web hosting, email, security, and maintenance vendors acting under contract as “operators/processors” (POPIA/GDPR).

We do not sell your personal data.

6) International transfers

Our service providers may be located outside South Africa and/or outside the EEA/UK. When EU/UK data is transferred internationally, we use safeguards recognised by EU/UK law (e.g., Standard Contractual Clauses, adequacy decisions) where required.  

7) Retention

•Enquiry emails/forms: typically kept for 24 months after last contact (or longer if needed to manage a booking, resolve disputes, or comply with law).

•Server logs/security records: typically 30–90 days unless needed longer for security/legal reasons.

•Booking records: retained in line with hospitality, financial and tax requirements (often held in NightsBridge and our accounting systems).

8) Your rights

Under POPIA (South Africa): you may request access, correction, deletion, objection to certain processing, and to lodge a complaint with the Information Regulator (South Africa).  

Information Regulator (South Africa) – contact: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg, 2191; enquiries@inforegulator.org.za; Tel: 010 023 5200.  

Under GDPR/UK GDPR (for EEA/UK visitors): rights include information, access, rectification, erasure, restriction, portability, objection, and not to be subject to decisions based solely on automated processing, plus the right to withdraw consent where processing is based on consent.  

To exercise your rights, contact us at info@hausamstrand.com. We may ask for proof of identity.

9) EU/UK representative (if required)

If we offer services to people in the EEA/UK on more than an occasional basis or we monitor their behaviour, we may be required to appoint an EU (and/or UK) representative under GDPR Article 27. If appointed, the representative’s contact details will be published here.  

10) Security

We use reasonable technical and organisational measures to protect personal information (HTTPS, access controls, least-privilege, routine updates). No method is 100% secure.

11) Changes

We may update this Policy from time to time. Material changes will be highlighted on this page and dated above.

Last updated: 24 October 2025.