Privacy Policy

Home > Privacy Policy

LEGEND HOSPITALITY GROUP PRIVACY POLICY

Legend Hospitality Group (“LHG”, “we”, “our”, or “us”) is committed to safeguarding the privacy and personal information of our guests and visitors. This policy explains how we collect, use, disclose, process, retain, and protect the personal information of individuals who interact with LHG websites, mobile applications, reservation systems and customer service channels for accommodation, golf, and other activity bookings. LHG complies with the South African Protection of Personal Information Act (“POPIA”), as well as other applicable data‑protection laws including, where relevant, the European Union General Data Protection Regulation (“GDPR”). By using our services, you agree to the practices described in this policy. If you do not agree with this policy, please do not use our services.

 

1. SCOPE AND APPLICATION

This policy applies to personal information collected or processed by LHG and its affiliate companies in connection with:

• Bookings or enquiries for accommodation, golf, spa, dining or other activities offered by LHG properties and third‑party partners;
• Membership in loyalty programmes or subscription to newsletters and promotions;
• Interactions with our customer‑service representatives, call centres, chat, email, or social media channels;
• Visits to our websites, mobile sites or applications;
• Participation in surveys, competitions or promotional events.

This policy does not apply to third‑party websites or services linked from our websites. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third‑party sites you visit.

 

2. DEFINITIONS

• Personal information means information that identifies or can reasonably be associated with a natural person. This may include your name, contact details, identification number, payment information, location data, booking and preference information.
• Processing means any operation or set of operations concerning personal information, including collection, recording, storage, use, disclosure and deletion.
• Special personal information refers to sensitive categories of personal information such as race, religious or philosophical beliefs, political opinions, health or biometric information, or criminal records. LHG does not knowingly collect or process special personal information unless required by law or with your explicit consent.

3. INFORMATION WE COLLECT

We collect personal information from you in several ways:
Information you provide directly: When you:

• Make or modify a booking through our websites, contact centre or travel partners (e.g., names of travellers, contact details, identification numbers, payment information, preferences and special requests);
• Register for an account or loyalty programme;
• Subscribe to newsletters, promotions or competitions;
• Complete surveys, forms or feedback requests;
• Contact us via phone, email, chat or social media.

Information we collect automatically: When you visit our websites or use our mobile applications, we may automatically collect information including:

• IP address, browser type, device type, operating system and settings;
• Usage data such as pages visited, search queries, dates and times of visits, referral URLs;
• Location data (when enabled on your device);
• Cookies, web beacons, log files and similar technologies (see Section 8).

Information from other sources: We may receive personal information from affiliates, travel agents, activity providers, payment processors, identity verification services, marketing partners and publicly available sources to help us maintain accurate records, detect fraud, personalise services, or comply with legal obligations.
We collect only the information necessary for the purposes set out in this policy and will not retain it longer than is necessary.

 

4. HOW WE USE YOUR INFORMATION

We process personal information for the following purposes and rely on the legal bases described below:

To perform a contract with you or take steps at your request prior to entering into a contract. This includes:

• Making, managing and confirming bookings for accommodation, golf and other activities;
• Creating, maintaining and administering your LHG account or loyalty membership;
• Processing payments, refunds and credit‑card authorisation; and
• Providing customer service, responding to enquiries, handling complaints and providing notifications about your bookings.
To comply with legal obligations. We may process personal information to:
• Comply with applicable laws, regulatory requirements, court orders or lawful requests from authorities;
• Maintain records for tax, accounting or other statutory reporting purposes;
• Detect, prevent and respond to fraud, money laundering or other illegal activities.
To pursue our legitimate interests. We process personal information for legitimate business interests, provided that those interests do not override your rights and freedoms. These interests include:
• Administering and improving our websites, mobile applications and services;
• Personalising your experience, including tailoring content, offers and advertising based on your preferences and interactions;
• Conducting analytics, market research and statistical analysis to better understand our guests and improve our services;
• Maintaining the security of our systems and protecting our rights and property;
• Contacting you to request feedback or to participate in research about our services.

With your consent. Where required by law, we will obtain your consent before processing your personal information for certain purposes, such as:

• Sending you marketing communications about products, services or promotions offered by LHG and selected partners;
• Using cookies and similar technologies beyond those necessary to operate our sites (see Section 8);
• Processing special categories of personal information, if any.

You may withdraw your consent at any time by contacting us (see Section 14). Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.

 

5. SHARING OF INFORMATION

We do not sell or lease your personal information. We share personal information only as described below:

• Within LHG and affiliates: Personal information may be shared among entities within the Legend Hospitality Group for the purposes described in this policy, including bookings, loyalty programmes, marketing, analytics and compliance.
• Service providers and business partners: We engage trusted third parties to provide services on our behalf, including hosting providers, payment processors (e.g., PayGate), reservation systems, marketing and analytics providers, customer‑service platforms, security and IT support, and professional advisers. These service providers are contractually required to protect personal information and use it only for the purposes of providing services to us.
• Hotels, activity partners and travel agents: When you book accommodation, activities or packages through LHG, we share necessary booking details with the relevant hotel, golf course, tour operator or travel agent to fulfil your reservation. These partners process your personal information as independent controllers and are responsible for their own privacy practices.
• Legal and regulatory disclosures: We may disclose personal information where required by law or where we believe disclosure is necessary to protect our rights, comply with legal processes, respond to lawful requests from public authorities, or ensure the safety of guests, employees and the public.
• Business transfers: In the event of a merger, acquisition, sale of assets or reorganisation of our business, personal information may be transferred to the acquiring entity subject to the same privacy commitments.
• Consent: We will obtain your consent before sharing your personal information with third parties for purposes not described above.

6. INTERNATIONAL TRANSFERS

LHG is a South African company with operations in multiple countries. Personal information we collect may be stored and processed in South Africa, the United States, the European Union or other countries where we or our service providers maintain facilities. When transferring personal information outside South Africa, we ensure that appropriate safeguards are in place, such as standard contractual clauses or other lawful transfer mechanisms recognised by data‑protection laws. By using our services, you consent to the transfer of your personal information to countries outside your country of residence, which may have different data‑protection laws.

 

7. DATA SUBJECT RIGHTS

Under POPIA and other applicable laws, you may have the following rights regarding your personal information:

• Right of access: You may request information about the personal information we hold about you and obtain a copy of it.
• Right to rectification: You may request the correction of inaccurate or incomplete personal information.
• Right to erasure (right to be forgotten): Under certain circumstances, you may request that we delete your personal information where it is no longer necessary for the purposes for which it was collected.
• Right to object: You may object to the processing of your personal information for direct marketing or on grounds relating to your particular situation.
• Right to restrict processing: You may request that we restrict the processing of your personal information in certain situations, for example if you contest its accuracy or if the processing is unlawful.
• Right to data portability: Subject to applicable law, you may receive your personal information in a structured, commonly used, machine‑readable format and request that we transfer it to another data controller.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
• Right to lodge a complaint: You may lodge a complaint with the Information Regulator (South Africa) or another supervisory authority if you believe that we are processing your personal information in violation of applicable law.

To exercise these rights, please contact us using the details in Section 14. We may need to verify your identity before processing your request. We will respond to valid requests within the timeframes required by law.

 

8. COOKIES AND SIMILAR TECHNOLOGIES

Our websites and mobile applications use cookies and similar technologies to provide and personalise our services, analyse usage, and deliver advertisements. Cookies are small text files placed on your device when you visit our sites. We categorise cookies as follows:

• Strictly necessary cookies: Essential for the operation of our sites and services, such as enabling navigation and secure access to booking functionality. These cookies cannot be disabled.
• Functionality cookies: Remember your preferences (e.g., language, currency, last searches) to enhance your experience. You may choose to disable these cookies via browser settings but some features may not function properly.
• Performance and analytics cookies: Collect information about how you use our websites (e.g., pages visited, bounce rates) to help us improve performance and develop new services. We use third‑party analytics tools such as Google Analytics in accordance with their privacy policies. You can opt out of analytics cookies through our cookie banner or by using the opt‑out tools provided by these analytics providers.
• Advertising cookies: Deliver personalised advertising and measure the effectiveness of advertising campaigns. These cookies may be set by us or our advertising partners. You may manage your advertising preferences via our cookie banner or by visiting the websites of advertising industry bodies.

You can manage cookie preferences through our cookie‑consent tool or your browser settings at any time. Please see our Cookie Notice for more details.

 

9. MARKETING COMMUNICATIONS

We may send you marketing communications regarding our services, promotions, loyalty programmes or partner offers. Marketing messages may be sent via email, SMS, telephone or postal mail. We will do so only:

• With your consent; or
• Where you have made a booking or enquiry with us, and we believe you may be interested in similar services, provided you have not opted out.
You can manage your marketing preferences or opt out of marketing communications by:
• Using the “unsubscribe” or “manage preferences” link in our marketing emails;
• Adjusting preferences in your LHG account;
• Replying “STOP” to SMS marketing messages; or
• Contacting us at the details provided in Section 14.

Please note that even if you opt out of marketing communications, we may still send you service‑related messages (e.g., booking confirmations, invoices, account notifications) as these are necessary to deliver our services.

 

10. DATA SECURITY

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, accidental or unlawful destruction, loss, alteration or disclosure. These measures include:

• Encryption of sensitive data during transmission and at rest;
• Secure hosting environments with access controls and firewalls;
• Role‑based access permissions and staff training on data‑protection and information‑security practices;
• Regular vulnerability assessments and security audits;
• Incident‑response procedures to detect, contain and remediate potential security incidents.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100 % secure. We cannot guarantee absolute security. If we become aware of a personal‑data breach that may adversely affect you, we will inform you and any applicable regulators in accordance with legal requirements.

 

11. DATA RETENTION

We retain personal information only for as long as necessary to achieve the purposes for which it was collected or as required by law. The criteria used to determine retention periods include:

• The duration of our relationship with you (e.g., while you have an account, have an active booking or interact with our loyalty programme);
• Statutory or contractual obligations requiring retention (e.g., tax or accounting laws, health and safety regulations);
• Whether the personal information is needed to resolve disputes, enforce our contracts or protect our legal rights;
• Applicable limitation periods for legal claims.

When personal information is no longer required, we will either delete it, anonymise it or aggregate it so that it can no longer be associated with an identifiable individual. Residual copies may be retained in backup systems for a limited time; however, such copies are inaccessible unless restored for disaster recovery.

 

12. CHILDREN’S PRIVACY

Our services are intended for individuals 18 years of age or older. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a minor without parental consent, we will delete that information as soon as practicable. Parents or guardians who believe that their child has provided us with personal information should contact us to request deletion.

 

13. CHANGES TO THIS POLICY

We may update this policy from time to time to reflect changes in our practices, legal requirements or services. The “Last updated” date at the top of this policy indicates when it was last revised. If we make material changes that affect your rights or how we process personal information, we will provide reasonable advance notice through our websites, email or other communication channels. Continued use of our services after the effective date of an updated policy constitutes acceptance of the revised policy.

 

14. CONTACT US

If you have questions, concerns or requests regarding this policy or our handling of your personal information, please contact our Privacy Office:

Email: reservations@legendlodges.co.za
Telephone: +27 12 443 6700

You may also lodge complaints about our data‑protection practices with the Information Regulator (South Africa) at complaints.IR@justice.gov.za.