Privacy Policy

Your personal information is safe with us

We are serious about privacy, transparency and trust and assure you that your information is safe with us. We take care of your personal subscriber information – we will not sell or distribute it, and will only ever use this data to send you our company updates, and if you have given consent, occasional newsletters and product promotions.

Privacy Policy

This is the Privacy Policy of Ker & Downey Africa Pty Ltd. of 7 Bree Street, 6th Floor, Touchstone House, Cape Town, South Africa, referred to herein as the “Company”.

The Company respects your privacy and is committed to protecting any personal information that you share with us.

Below is our privacy policy that applies to any website operated by the Company (referred to in this Privacy Statement as the “Website”) owned, operated, licensed or controlled by the Company. By using the Website or communicating via telephone or otherwise with the Company, you are accepting the practices described in this Privacy Policy.

If you do not agree with the Company’s Privacy Policy, please do not use the Website. When using the Website, you will be doing so entirely at your own risks and the Company will not be liable for any direct, indirect, special, punitive, exemplary or consequential losses or damages of whatsoever kind arising out of access to, or the use of the Website or any information contained in it, including loss of profit, whether based on breach of contract, tort (including negligence), product liability or otherwise.


Welcome to Ker & Downey Africa’s Privacy Policy

This Privacy Policy (“policy”) sets out the basis on which Ker & Downey Africa collects, uses and shares the data that we receive from users of our websites and online applications. We take the privacy of our users seriously, and we recommend that you read this policy carefully. By using Ker & Downey Africa’s website at associated websites, landing pages and applications, you agree to be bound by this policy.

Our travellers are from many different countries – in recognition of this, we endeavour to process all data in accordance with principles of internationally accepted best practice, and compliance regulations. We regularly review our compliance with this policy and whenever we receive a formal complaint, we will contact the person who made the complaint to attempt to resolve his or her concerns.

Please note that by using our websites (as a user browsing the websites), you are consenting to our collection and use of your information as more fully set out in this policy. If you have any concerns about the use of your information, or the contents of this policy, please feel free to contact us

Data collected

We distinguish in this policy between ‘personal data’ (data that is required to facilitate international travel), and ‘non-personal data’ (data regarding usage of the websites, and de-identified information extracted from the websites for analysis). We collect both personal and non-personal data through our websites and through third parties, either automatically, or by you providing this information to us during enquiring, signing up for our newsletter, or during the consultation phase to help us improve the info we will be providing you with.

  1. User Notifications:
    1. Failure to provide requested information may impair our ability to provide professional advice when curating and sharing proposed travel itineraries.
    2. You will need to ensure that your personal information submitted to us is accurate and up-to-date.
    3. You are responsible for any third party information obtained, published or shared through the websites, and you consent to only use or share this third party data with the third party’s consent.
  2. Personal Data:
    1. We collect and store the personal information that you may provide to us through our websites when you enquire with us, update or change your information with us, or make use of our services.
    2. We also collect and store information in relation to your travel itinerary, travel preferences and particulars of those traveling with you, for example through communications, surveys and other data submitted by you.
    3. Anyone involved with the processing, transmission, or storage of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Paypal has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry. Ker & Downey Africa does not collect or store any credit card or account details. View Paypal’s privacy policy here
  3. Non-personal Data:
    1. In addition to personal data, we also store non-personal data, which cannot be used to identify our users. The kinds of non-personal data that we collect includes de-identified data about usage of our websites.
    2. We also make use of cookies or similar tracking tools to identify website users and remember their preferences, for the purpose of providing a better user experience and service, and marketing/advertising our services online.

Cookies and similar technologies

A cookie is a small piece of code that is installed in your web browser by a website that you visit. They help the website to remember information about your visit, and assist to make the website, and advertisements that you encounter while browsing, more relevant to you. We’ve provided some further detail on cookies below to try and clarify how and why we use them.

  1. Technical cookies and cookies serving aggregated statistical purposes:
  1. Activity necessary for the functioning of the service: Our websites use cookies to save your session and to carry out other activities for the websites’ operations.
  2. Activity regarding the savings of preferences, optimization and statistics: Our websites use cookies to save browsing preferences and to optimise your browsing experience.
  1. How can I manage the installation of cookies?
    1. You can manage preferences for cookies directly from within your own browser and prevent websites from installing them. Through your browser preferences, it is also possible to delete cookies installed in the past. It is important to note that by disabling all cookies, the functioning of the websites may be compromised. You can find information about how to manage cookies in your browser using the following links: Mozilla Firefox, Apple Safari, Google Chrome and Microsoft Internet Explorer.
    2. In the case of third party cookies, you can exercise your right to withdraw from their tracking activity by utilising the information provided in that third party’s privacy policy on their website, by clicking the opt-out link (if provided) or by contacting that third party.
    3. Given the relative complexity linked to the identification of technologies based on cookies and their very close integration with the operation of the internet, you are encouraged to contact us should you wish to receive any further information on the use of cookies themselves and any possible use of them (for example, by a third party) carried out through the websites.

Use of Non-Personal Data

We use your non-personal data for purposes like product improvement, internal reporting, analytics, performing statistical analyses of collective behaviour of our users, measuring demographics and interests, and for other legitimate business purposes. We will take all reasonable steps to properly de-identify all information that is stored and analysed as non-personal data. This non-personal data may also be shared with the current and future partners and service providers (since there is no prejudice to our users from the disclosure of this non-personal information).

Use of Personal Data

Except as set out in this policy or specifically agreed by you, we won’t disclose your personal data that we receive through the websites. In general we will always aim to de-identify the information that we store (as non-personal information), but some information will need to still be attached to your name or email address (as personal information), for reasons listed below, and with the aim of supporting personalised and customised experiences and journeys. We work hard to ensure that access to a traveller’s information doesn’t disadvantage or prejudice our travellers.

The ways in which (and the purposes for which) we use personal data are described in further detail below:

  • Verifying identity.
  • Contacting you for the purpose of:
    • marketing,
    • advising you on travel information and options,
    • assisting you to complete your bookings and reservations with us, with the aim of keeping travellers informed and providing on-the-go support and information.
    • other legitimate business purposes, and all communications with you for these purposes will be kept on record.
  • For analytics purposes (and product improvement more generally), including:
    • analysing client characteristics, demographics, activities and behaviours on our websites and applications allowing us to continually improve the design of our website and relevant applications for the benefit of you and other travellers,
    • providing analytical information to all relevant personnel who are involved in assisting and supporting travellers, to enable them to optimise the traveller’s experience, or
    • other legitimate business purposes.
    • reporting internally on traveller choices and related matters.
    • for behavioural marketing and remarketing to website users and travellers, and marketing to potential travellers with similar interests.
    • recording, tracking and analysing activities on the websites.
    • researching, developing and improving, as well as training.
  • For disclosure:
    • to personnel within Ker & Downey Africa and our third party contractors for business purposes, including but not limited to internally used software and systems providers, and courier companies for shipping of documentation and gifts;
    • to government authorities in response to court orders, subpoena/summons or other legal processes, to establish or exercise a legal right, defend a claim, or as otherwise required by law;
    • to investigate, prevent or take action in relation to any suspected illegal activities, or to protect our own rights and the rights of our service providers;
    • to acquirers, assignees or other successor entities in connection with a sale, merger or reorganisation of all or substantially all of our equity, business or assets.
  • For any other purpose:
    • for which we receive your consent,
    • that is in the public interest, or
    • within the bounds of the laws of the South Africa

You agree that we may also share any of your personal data with the service provider that you and Ker & Downey Africa Pty Ltd choose to use, and these service providers may use your personal data in accordance with their own privacy policies.

We may also disclose all your personal data between our associated Ker & Downey Africa Pty Ltd companies, who shall have all the same rights as us in relation to such personal data, and shall comply with this policy in the processing of such information.

External Parties

We use several external service providers to assist us to process personal data for the above purposes, and they may hold this personal data on their own servers for these purposes. We have provided some further information on some of these external parties below, but we may use other service providers as well – if you would like access to a full list of our service providers please contact us. We are not responsible for, nor do we endorse the privacy practices of these external third parties.


The following service providers enable us to monitor and analyse web traffic and can be used to keep track of user behaviour:

Google Analytics (Google Inc.)

Like most websites, we use Google Analytics. Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the data collected to track and examine the use of our Websites, to prepare reports on activities and share them with other Google services. Google may use the personal data collected to contextualize and personalize the ads of its own advertising network.

  • Personal data collected: Cookie and Usage data.
  • Place of processing: USA – Privacy PolicyOpt Out

Facebook Ads conversion tracking (Facebook, Inc.)

Facebook Ads conversion tracking is an analytics service provided by Facebook, Inc. that connects data from the Facebook advertising network with actions performed on our Websites.

  • Personal Data collected: Cookie and Usage data.
  • Place of processing: USA – Privacy PolicyOpt Out

Google AdWords conversion tracking (Google Inc.)

Google AdWords conversion tracking is an analytics service provided by Google Inc. that connects data from the Google AdWords advertising network with actions performed on our Websites.

Google Tag Manager (Google Inc.)

Google Tag Manager is an analytics service provided by Google Inc.

  • Personal Data collected: Cookie and Usage data.
  • Place of processing: USA – Privacy Policy


Hotjar is an website usage tracking service provided by Hotjar Ltd. Hotjar collects usage data and combines that data to deliver usage reports for us to analyse to help improve our website performance and make it easier to use.

  • Personal Data collected: Cookie and Usage data.
  • Place of processing: Malta – Privacy PolicyOpt Out

The following service providers allow us to inform, optimise and serve advertising based on past use of the websites. This activity is performed by tracking usage data and by using cookies. The information will be shared with data processors that manage the remarketing and behavioural targeting activity:

Facebook Remarketing (Facebook, Inc.)

Facebook Remarketing is a Remarketing and Behavioural Targeting service provided by Facebook, Inc. that connects the activity of our websites with the Facebook advertising network.

  • Personal Data collected: Cookie and Usage data.
  • Place of processing: USA – Privacy PolicyOpt Out

AdWords Remarketing (Google Inc.)

AdWords Remarketing is a Remarketing and Behavioural Targeting service provided by Google Inc. that connects the activity of our Websites with the Adwords advertising network and the Doubleclick Cookie.

  • Personal Data collected: Cookie and Usage data.
  • Place of processing: USA – Privacy PolicyOpt Out

Twitter Remarketing (Twitter, Inc.)

Twitter Remarketing is a Remarketing and Behavioural Targeting service provided by Twitter, Inc. that connects the activity of our Websites with the Twitter advertising network.

  • Personal data collected: Cookie and Usage data.
  • Place of processing: USA – Privacy PolicyOpt Out

LinkedIn Remarketing (LinkedIn Corporation)

  • Personal data collected: Cookie and Usage data.
  • Place of processing: USA – Privacy PolicyOpt Out


Sharpspring is a marketing and CRM automation tool that is used to process all enquiries received via our website and third party sites such as We do not process any information captured into Sharpspring unless for the intended purpose. All newsletter subscribers are managed from within Sharpspring and can unsubscribe at any time. 

  • Personal data collected: Through enquiry submission & newsletter signup 
  • Place of Processing: USA – Privacy Policy 

Information Security

Methods of processing

We undertake to process your personal data in a reasonable manner and take appropriate, reasonable security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of your personal data. All data processing shall be carried out by employees, consultants or third party service providers using computers and/or IT enabled tools, following standard organizational procedures and modes.

In some cases, personal and non-personal data may be accessible to certain types of persons involved with the operation of the websites (administration, sales, marketing, finance, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies to name a few) appointed, if necessary, by us as data processors.


All data collected through our websites is managed and processed primarily at our various operating offices, and in any other place where the parties involved with the processing are located. For further information on our servers and places where we process data, please contact us.

Due to the fact that we have travellers from all over the world, and hosting services have become more ‘cloud-based’ and international in recent years, we may send and store your personal data outside of the country in which you reside, and there will therefore be some cross-border transfer of this personal data. We are nevertheless committed to protecting the privacy and confidentiality of personal information when it is transferred, in accordance with this Policy and the data privacy requirements in the EU and SA.

Retention time

To learn more, please contact us

Additional Information


If you would like to inspect and review your records, you may submit a request through our contact page. Requests for access will receive a response within 45 days, although certain records may be excluded from records made available for inspection (within the bounds of the law and our confidentiality undertakings with third parties). You may also request amendment of records that you believe are inaccurate, misleading or in violation of your rights.

Legal action

Your personal data may be used for legal purposes as reasonably determined by us, in court or in the stages leading to possible legal action. You also acknowledge that we may be required to reveal your personal data upon request of public authorities.

Additional information about Personal Data

In addition to the information contained in this policy, we may provide you with additional and contextual information concerning particular services or the collection and processing of personal data on request.

System Logs and Maintenance

For operation and maintenance purposes, our websites and any third party services may collect files that record interaction with the websites (System Logs) or use for this purpose other personal data (such as IP Address).

The rights of Users

You have a right to know what personal data is being stored, and processed, as well as the categories of recipients with whom it may be shared. You may contact us to learn about the contents and origin of this personal data, to verify its accuracy or to ask for this data to be supplemented, cancelled, updated or corrected, or for their transformation into an anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to us at [email protected] or on our contact page.

Our websites do not currently support “Do Not Track” (“DNT”) requests. DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. To determine whether any of the third party services linked on our Website honour DNT requests, please read their privacy policies.

Changes to this Policy

We review our privacy practices from time to time, and reserve the right to make changes to this policy at any time by giving notice through a website feature or by emailing you. We recommend that you check the contents of the policy whenever you have any new questions about privacy and our use of data, referring to the date of the last modification listed at the bottom of the policy.

If you object to any changes to the policy, you must cease using the websites and can request that we delete your personal data. Unless stated otherwise, the then-current policy applies to all data that we maintain.

Contacting us about this Policy

If you have any questions or comments about this policy, please use the contact us feature on our website, or email us at [email protected].

The data controller for the purpose of this Policy is Ker & Downey Africa (Pty) Ltd (incorporated in South Africa) with registered address at 7 Bree Street, 6th Floor, Touchstone House, Cape Town, South Africa 8001. 

The relevant data controller will be charged with making decisions regarding the purposes and methods of processing of data in terms of this Policy.

Updated: 13 July 2022