Coffeebeans Experiences

Friday May 15, 2026
Contact
Contact
Agent Login
Log out

POPI Policy

Protection of Personal Information Policy

POPIA Compliance — Act No. 4 of 2013

Version 2.0 | Effective May 2026

1. Introduction

Coffeebeans Experiences is a specialist African travel company operating across the continent. In the course of designing and delivering bespoke travel experiences, we collect and process personal information belonging to our clients, employees, suppliers, and other stakeholders. We are committed to handling that information responsibly, transparently, and in full compliance with the Protection of Personal Information Act, No. 4 of 2013 (POPIA).

This policy applies to all personal information processed by Coffeebeans Experiences, whether collected digitally, in writing, or verbally, and regardless of whether the data subject is based in South Africa or elsewhere.

2. Who We Are

Coffeebeans Experiences is a trading name of African Creative Investments (Pty) Ltd, a company registered in South Africa. African Creative Investments (Pty) Ltd acts as the Responsible Party under POPIA. Enquiries, access requests, and complaints relating to personal information may be directed to our designated Information Officer:

Information Officer: Iain Harris
Email: info@coffeebeansroutes.com
Postal address: 394 De Velde Lifestyle Estate, 2 De Beers Avenue, Firgrove Rural, 7110, Cape Town

We have registered our Information Officer with the Information Regulator of South Africa, as required by POPIA.

3. What Personal Information We Collect

As a travel operator, we collect a range of personal information depending on your relationship with us. This includes:

3.1 Clients and Travellers

  • – Full name, nationality, and date of birth
  • – Passport number, expiry date, and country of issue — required for visa applications, flight bookings, and border crossings
  • – Contact details: email address, phone number, and physical address
  • – Dietary requirements, medical conditions, mobility needs, and other accessibility information — collected only where relevant to the delivery of your itinerary and shared only with the service providers who need it
  • – Travel insurance details
  • – Payment information (processed via secure third-party payment gateways; we do not store card details)
  • – Emergency contact details
  • – Preferences and feedback provided before, during, or after travel

3.2 Employees and Contractors

  • – Identity documents and employment records
  • – Banking details for payroll purposes
  • – Tax and statutory compliance information

3.3 Suppliers and Service Partners

  • – Business contact details and banking information
  • – Relevant licences, certifications, or compliance records

4. Why We Collect It

We collect personal information for specific, legitimate purposes. We do not collect more than is necessary for those purposes. Our primary reasons for collection are:

  • – To design, book, and deliver travel itineraries — including accommodation, transport, guiding services, permits, and visa applications
  • – To communicate with you about your booking, travel updates, or any changes to your itinerary
  • – To process payments and maintain accurate financial records
  • – To comply with legal and regulatory obligations under South African law and, where applicable, the laws of the countries in which we operate
  • – To manage our employment and contractor relationships
  • – To improve our services based on client feedback and travel preferences

Where we wish to send you marketing communications about new itineraries, destinations, or promotions, we will do so only with your explicit consent. You may withdraw this consent at any time by contacting us at the address above or by using the unsubscribe mechanism in our communications.

5. Cross-Border Transfer of Personal Information

Coffeebeans Experiences operates across multiple African countries. Delivering your itinerary requires us to share relevant personal information — such as passport details, dietary requirements, or medical information — with service providers in those countries. This constitutes a cross-border transfer of personal information under POPIA Section 72.

We take the following steps to ensure your information remains protected when transferred across borders:

  • – We share only the minimum information necessary for a service provider to fulfil their role in your itinerary
  • – We require all third-party service providers to maintain confidentiality and to handle personal information responsibly
  • – Where possible, we work with established partners whose data protection practices we have assessed
  • – By providing us with your personal information and confirming a booking, you consent to these cross-border transfers as necessary for the delivery of your travel arrangements

6. How We Share Personal Information

We do not sell, rent, or trade personal information. We share it only in the following circumstances:

  • – With accommodation providers, airlines, ground operators, guides, and other travel service partners — strictly to the extent necessary to deliver your itinerary
  • – With visa agencies or government authorities in connection with visa or permit applications
  • – With our payment processing partners, who handle transactions under their own PCI-DSS compliant security standards
  • – With regulatory bodies or law enforcement where we are legally required to do so
  • – With professional advisors (legal, financial, or insurance) under confidentiality obligations

All third parties with whom we share personal information are required to maintain confidentiality and may not use that information for any purpose beyond the specific service they are providing.

7. Special Categories of Personal Information

Certain categories of personal information require additional care under POPIA. In the travel context, this includes health information (such as medical conditions, dietary restrictions, or physical accessibility needs) and biometric data (such as passport photographs processed for visa applications).

We collect this information only where it is necessary to deliver your itinerary safely and effectively, and only with your explicit consent. We do not use it for any other purpose and share it only with the service providers who require it.

8. How We Protect Your Information

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, alteration, or disclosure. These include:

  • – Secure, password-protected digital systems with access restricted to authorised staff
  • – Encrypted transmission of sensitive data
  • – Secure storage and disposal of physical records
  • – Internal protocols limiting access to personal information on a need-to-know basis
  • – Regular review of our security practices

No system is entirely without risk. In the event of a data breach that poses a risk to your rights, we will notify the Information Regulator and affected individuals as required by POPIA Section 22.

9. How Long We Keep Your Information

We retain personal information only for as long as is necessary to fulfil the purpose for which it was collected, or as required by law. In practice, this means:

  • – Client booking and travel records are retained for a minimum of five years for financial and regulatory compliance purposes
  • – Marketing consent records are retained for the duration of the consent and for a reasonable period thereafter for compliance purposes
  • – Employee and contractor records are retained in accordance with applicable labour and tax legislation

Once the applicable retention period expires, personal information is securely deleted or anonymised.

10. Your Rights

Under POPIA, you have the right to:

  • – Be informed about what personal information we hold about you and how it is used
  • – Request access to your personal information — we will respond within 30 days
  • – Request correction of inaccurate, incomplete, or outdated information
  • – Request deletion or destruction of your personal information where there is no longer a lawful basis for us to retain it
  • – Object to the processing of your personal information in certain circumstances
  • – Withdraw consent to marketing communications at any time

To exercise any of these rights, please contact our Information Officer at info@coffeebeansroutes.com. We will acknowledge your request promptly and respond within the timeframes set out in POPIA.

11. Complaints

If you believe we have handled your personal information in a manner that does not comply with POPIA, please contact our Information Officer in the first instance. We will investigate and respond within a reasonable timeframe.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator of South Africa:

The Information Regulator (South Africa)
Website: www.inforegulator.org.za
Email: inforeg@justice.gov.za
Complaints email: PAIAComplaints@inforegulator.org.za / POPIAComplaints@inforegulator.org.za

12. Website and Digital Communications

Our website may use cookies to improve functionality and user experience. Where cookies involve the collection of personal information, we will notify you and seek your consent in accordance with applicable law. Our website's cookie policy is available on our website.

Where we communicate with you by email, we may use standard email tracking to determine whether our communications have been opened, to help us improve the relevance of our correspondence. You may opt out of this at any time.

13. Policy Review

This policy is reviewed annually, or earlier if there are material changes to POPIA, our business operations, or the nature of the personal information we process. The current version and effective date appear on the cover of this document.

Questions about this policy or our data protection practices should be directed to info@coffeebeansroutes.com.