Effective Date: March 2025 Notice Owner: Data Protection Officer Company: Travelport Southern Africa (Pty) Ltd Address: Unit 91, Studio Office Park, 5 Concourse Crescent, Lone Hill, Johannesburg, 2062 Telephone: 011 259 4908 Email: bryan.rufener@travelportsa.com

 

1. Introduction and Who We Are

Travelport Southern Africa (Pty) Ltd (“Travelport SA”, “we”, “us”, or “our”) is a subsidiary of the Travelport group of companies, operating a worldwide travel retail platform that connects buyers and sellers of travel through a single marketplace. We partner with travel agencies, travel providers (such as airlines, car rental companies, hotels), universities, colleges, and other organisations in Southern Africa.

We recognise the importance of protecting the privacy and personal information of every individual with whom we interact. This Privacy Policy explains how we collect, use, store, disclose, and protect your Personal Information in accordance with South African law, and specifically the Protection of Personal Information Act, 2013 (“POPIA”), as well as applicable global data protection standards.

This Policy applies to all individuals whose Personal Information we process, including travelers, travel agents, website users, business partners, suppliers, and Travel School students based in or interacting with our South African operations.

 

2. Legal Framework and Compliance

Our processing of your Personal Information is governed by the following applicable legislation and frameworks:

• Protection of Personal Information Act 4 of 2013 (POPIA) – the primary South African data protection legislation, administered by the Information Regulator.
• Electronic Communications and Transactions Act 25 of 2002 (ECTA) – governing electronic communications.
• EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) – Travelport LP complies with these frameworks as set forth by the U.S. Department of Commerce.
• Travelport Global Privacy Policies – our practices are aligned with and supplement the Travelport Group’s global privacy notices available at www.travelport.com/privacy.

 

Our Information Officer, as required under POPIA, is responsible for ensuring compliance with this Policy and can be contacted as set out in Section 14 below.

 

3. Key Definitions

For the purposes of this Policy, the following definitions apply:

 

Term	Definition
Personal Information	Any information that identifies or could identify a natural person, as defined under POPIA.
Processing	Any operation performed on Personal Information, including collection, receipt, recording, storage, updating, dissemination, or destruction.
Data Subject	The natural person to whom Personal Information relates.
Responsible Party	Travelport Southern Africa (Pty) Ltd, the entity that determines the purpose and means of processing Personal Information.
Operator	Any person who processes Personal Information on behalf of Travelport SA under a contract or mandate.
Information Officer	The person responsible for ensuring POPIA compliance at Travelport SA, registered with the Information Regulator.
GDS	Global Distribution System – the Travelport+ Apollo, Galileo, and Worldspan platforms used to distribute travel services.
Travel Provider	Airlines, car rental companies, hotels, cruise and tour operators, and other entities offering travel services.
Subscriber	Travel agencies and other companies that subscribe to a Travelport GDS.
Special Personal Information	Personal Information concerning a person’s religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health or sex life, biometric information, or criminal behaviour, as defined under POPIA.

 

4. Scope of this Policy

This Privacy Policy applies to all Personal Information processed by Travelport Southern Africa (Pty) Ltd in the course of its business activities. It applies to:

• Individual travelers whose booking information is processed through the Travelport GDS;
• Travel agents, travel agencies, and their employees (Subscribers) who access and use Travelport GDS products and services;
• Travel Providers (airlines, hotels, car rental companies, etc.) and their representatives;
• Users of our websites and digital products;
• Business partners, vendors, and suppliers;
• Students at Travel Schools that partner with Travelport SA.

 

This Policy does not apply to job applicants or employees of Travelport SA, who are covered under separate privacy notices. It also does not cover how Travel Providers or Subscribers handle Personal Information independently of the Travelport GDS.

 

5. Personal Information We Collect

5.1 GDS Personal Information (Traveler Data)

When travel bookings are processed through our GDS, we collect information submitted by Travel Providers or Subscribers on behalf of travelers. This typically includes:

• Full name and title
• Date of birth
• Gender
• Postal and physical address
• Email address
• Telephone number(s)
• Credit card and payment information
• Travel and accommodation details (flights, hotels, car hire, etc.)
• Passport and travel document information
• Special service requests (e.g., wheelchair assistance, dietary requirements, medical needs)

 

We do not actively collect Special Personal Information. To the extent that Special Personal Information (such as health or religious data) is processed in connection with a special service request, such information will be processed only with the appropriate consent of the traveler, obtained through the Subscriber or Travel Provider.

5.2 Business Partner and Website User Data

For our Subscribers, Travel Providers, vendors, and website users, we may collect:

• Identity and Contact Data: name, date of birth, address, gender, employer name, job title, email address, telephone number, passport or driving licence information where required for background checks;
• Customer Ordering and Support Data: details of enquiries, call recordings of helpdesk interactions and associated metrics, transaction details;
• Marketing and Communications Data: marketing preferences, survey responses, and product feedback;
• Financial Data: credit/debit card information, billing address;
• Technical Data: username and login details, IP address, browser type, device information, operating system and location data;
• Usage Data: information about how you interact with our websites, applications, and services.

5.3 Travel School Student Data

For students at partner Travel Schools, we collect:

• Name and surname
• Student email address
• Student number as allocated by the Travel School
• Travel School name
• E-learning progress data, including assessment and quiz scores
• Log data from accessing our applications and websites

 

We do not knowingly collect Personal Information from students under the age of 16. If applicable data protection laws require parental or guardian consent, the Travel School is responsible for obtaining this.

5.4 Sources of Personal Information

We may collect your Personal Information from the following sources:

• Directly from you – when you register for a product, make enquiries, or provide information through our websites or applications;
• Indirectly from you – through automatic data collection such as usage analytics when you interact with our products and websites;
• From business partners – for example, when a travel agency submits your information into our GDS to process a booking;
• From service providers – such as payment processors, analytics providers, credit reference agencies, and sanction-checking tools.

 

6. Purpose for Processing and Lawful Basis

Under POPIA, we may only process Personal Information if we have a lawful basis to do so. We rely on the following lawful grounds:

 

Lawful Basis	Examples
Contract	Processing travel bookings; providing access to GDS products; billing and invoicing.
Consent	Processing Special Personal Information such as health-related service requests; sending marketing communications.
Legitimate Interest	Fraud prevention and loss prevention; IT security; statistical analysis of travel trends; improving our products and services.
Legal Obligation	Responding to lawful requests from law enforcement or regulatory authorities; anti-money laundering compliance; sanctions screening.

 

6.1 Specific Purposes

We collect and use Personal Information for the following specific purposes:

• Travel Booking Management: Processing bookings; enabling agencies to make and change reservations; providing access to travel information; issuing tickets and travel documents; performing billing and accounting.
• Communication and Customer Support: Communicating with you to fulfil contractual obligations; providing product updates, patches, and fixes; sending notices about changes to terms and policies; providing helpdesk and customer support services including call monitoring and recording for quality, training, and audit purposes.
• Marketing: Communicating about new products, services, events, and promotional materials (with your consent where required); administering surveys, questionnaires, competitions, and sales promotions.
• Internal Business Processes: Billing and accounting; quality assurance; testing; analytics and statistical analysis; product development and enhancement.
• Website and Product Operations: Operating, managing, and improving our websites and digital products; providing content; communicating and interacting with users.
• IT Security: Managing systems and login records; conducting IT security audits; detecting and managing vulnerabilities and security incidents.
• Risk Management and Fraud Prevention: Audit and compliance; vendor management; loss prevention and anti-fraud activities.
• Legal Compliance and Investigations: Detecting, investigating, and preventing breaches of internal policies or illegal activity; ensuring compliance with legal and regulatory obligations; establishing, exercising, and defending legal rights.
• Corporate Transactions: Reorganisations, mergers, joint ventures, acquisitions, and similar business operations.
• Travel School E-learning: Enabling students to access virtual training programmes; tracking e-learning progress; preparing reports for Travel Schools.

 

7. Disclosure of Personal Information

We may disclose your Personal Information to the following categories of third parties, only to the extent necessary and in accordance with this Policy:

• Travelport Group Companies: Other entities within the Travelport group for business administration purposes;
• Travel Providers: Airlines, hotels, car rental companies, rail and cruise operators, and other travel service providers, for the purposes of fulfilling your travel arrangements;
• Subscribers: Travel agencies and other organisations that book travel on your behalf;
• Service Providers (Operators): Suppliers of software development services, business processing service providers, contact centre service providers, training providers, marketing and branding agencies, market research companies, computer maintenance providers, credit reference agencies, and sanction-checking tools. These parties are contractually required to maintain appropriate protections and to process Personal Information only on our instructions;
• Law Enforcement and Regulatory Authorities: Where required by law, regulation, subpoena, or lawful request from public authorities, including national security or law enforcement requirements;
• Successors in Business: In the event of a sale, merger, joint venture, acquisition, or other business transaction.

 

We do not sell Personal Information for the purpose of allowing third parties to conduct direct marketing for their own products or services.

 

8. Cross-Border Transfers of Personal Information

The Travelport GDS and related applications are hosted and operated in multiple countries, including the United States. Accordingly, your Personal Information may be transferred to, and stored or processed in, a destination outside of South Africa, including countries outside the European Economic Area (EEA).

Under POPIA Section 72, we may transfer Personal Information across South African borders only if the recipient country offers an adequate level of protection substantially similar to POPIA, or if we have put in place appropriate contractual and technical safeguards. The safeguards we implement include:

• Standard contractual clauses that require recipients to process Personal Information with protections equivalent to those required under POPIA;
• Compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, as applicable;
• Contractual obligations binding on all third-party Operators and Subscribers.

 

Travelport LP has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to personal information received from the EU, UK (and Gibraltar), and Switzerland. For more information, visit

https://www.dataprivacyframework.gov/.

 

9. Retention of Personal Information

We retain Personal Information only for as long as is necessary to fulfil the purposes for which it was collected, to comply with legal obligations, and to fulfil legitimate business and compliance purposes. Our specific retention periods include:

• GDS Personal Information (traveler booking data): Destroyed no more than 36 months after the completion of the last travel transaction in the reservation;
• Travel School student learning records: Deleted 3 years after the date of the student’s last interaction with our products;
• Other Personal Information: Retained in accordance with applicable legal requirements and our data retention schedule, considering factors such as statutes of limitation, pending litigation, regulatory investigations, and ongoing contractual relationships.

 

After the relevant retention period, Personal Information is securely destroyed or anonymised. Once anonymised, data is no longer Personal Information and may be used for statistical and research purposes without further notice to you.

 

10. Security of Personal Information

Travelport SA implements appropriate technical and organisational measures to safeguard your Personal Information against loss, unauthorised access, destruction, use, modification, or disclosure. These measures include:

• Restricted access controls – only authorised personnel who need access to Personal Information in the performance of their duties are granted access;
• Encryption and secure transmission of data;
• Regular IT security audits and vulnerability assessments;
• Contractual requirements imposed on all Operators and third-party service providers to maintain equivalent security standards.

 

Despite our best efforts, no method of electronic storage or transmission is completely secure. In the event of a Personal Information breach that is likely to affect your rights and interests, we will notify the Information Regulator and, where required, affected data subjects in accordance with POPIA.

 

11. Data Quality and Accuracy

Travelport SA takes reasonable steps to ensure that the Personal Information we hold about you is accurate, complete, and up to date, having regard to the purposes for which it is used. Given our role as an intermediary between Travel Providers and Subscribers, travelers may first wish to contact their Travel Provider or Subscriber as the most efficient means of correcting or updating their information.

 

12. Your Rights as a Data Subject

Under POPIA and other applicable data protection laws, you have the following rights in relation to your Personal Information:

 

Right	Description
Right to Access	You may request access to the Personal Information we hold about you and to receive a copy of that information.
Right to Rectification	You may request that we correct incomplete or inaccurate Personal Information we hold about you.
Right to Erasure (Deletion)	In certain circumstances, you may request that we delete your Personal Information where there is no longer a valid ground for processing it.
Right to Object	You may object to the processing of your Personal Information, including for purposes of direct marketing or where we are relying on a legitimate interest.
Right to Restrict Processing	In certain circumstances, you may request that we suspend or restrict the processing of your Personal Information.
Right to Portability	You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format where technically feasible.
Right to Withdraw Consent	Where we are relying on your consent to process your Personal Information, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Right to Lodge a Complaint	You have the right to lodge a complaint with the Information Regulator of South Africa if you believe your rights under POPIA have been infringed (see Section 13 below).

 

To exercise any of these rights, please contact our Information Officer using the details in Section 14. We will respond to your request within 30 days (or such extended period as permitted under POPIA). We may ask you to provide proof of identity before processing your request.

 

13. The Information Regulator (South Africa)

If you are unsatisfied with our response to any privacy-related concern, or if you believe we have processed your Personal Information in contravention of POPIA, you have the right to lodge a complaint with the Information Regulator of South Africa:

 

Information Regulator (South Africa) Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017 Complaints Email: complaints.IR@inforegulator.org.za General Enquiries Email: inforeg@inforegulator.org.za Website: www.inforegulator.org.za

 

We would, however, appreciate the opportunity to address your concerns before you approach the Information Regulator. Please contact us in the first instance using the details in Section 14.

 

14. Contact Details – Travelport Southern Africa

For all privacy-related enquiries, requests to exercise your rights, or complaints, please contact our Information Officer:

 

Travelport Southern Africa (Pty) Ltd Information Officer / Data Protection Officer Address: Unit 91, Studio Office Park, 5 Concourse Crescent, Lone Hill, Johannesburg, 2062 Telephone: 011 259 4908 Email: bryan.rufener@travelportsa.com

 

Additionally, privacy-related communications may be directed to the Travelport Group Data Protection Officer:

 

Travelport (UK) One Axis Park, 10 Hurricane Way Langley, Berkshire SL3 8AG United Kingdom Attention: Data Protection Officer / Legal Dept. T: +44 (0) 1753 288000 F: +44 (0) 1753 288001 privacy@travelport.com

Travelport (USA) 300 Galleria Parkway, Suite 1400 Atlanta, Georgia 30339 United States of America Attention: Data Protection Officer / Legal Dept. T: +1 770 563 7400 privacy@travelport.com

 

We will acknowledge your enquiry and endeavour to respond within 30 days of receipt. If additional time is required, we will notify you of a revised timeframe.

 

15. Cookies and Online Tracking

Travelport SA uses cookies and similar technologies on its websites and digital products to carry out user analytics, improve user experience, record user sessions for troubleshooting purposes, and improve customer experience. We may collect the following information automatically when you visit our websites:

• IP address, browser type and version, operating system, and the referring site;
• Pages visited, time spent on pages, and other usage statistics;
• Device and location data.

 

This information is used for statistical and product improvement purposes. For more information about the cookies we use, please refer to the Travelport Cookie Policy available at www.travelport.com/privacy.

 

16. Marketing Communications and Opt-Out

Where we send you marketing communications, we do so on the basis of your consent or our legitimate interest where permitted by law. You may opt out of receiving marketing communications at any time by:

• Following the unsubscribe link included in any marketing email we send you; or
• Contacting us directly at bryan.rufener@travelportsa.com.

 

If you opt out of marketing communications, this does not affect our ability to send you service-related communications, product updates, or notices required under our contractual or legal obligations.

 

17. Minors

Our GDS services and business products are not directed at or intended for use by persons under the age of 18. We do not knowingly collect Personal Information from minors. In respect of Travel School students, we do not knowingly collect Personal Information from students under 16 years of age without the appropriate parental or guardian consent as required by applicable law, which is the responsibility of the relevant Travel School to obtain.

 

18. Dispute Resolution

If you have a complaint or concern regarding the processing of your Personal Information that you cannot resolve directly with us, you may lodge a complaint with the Information Regulator of South Africa (see Section 13). We would, however, appreciate the chance to address your concerns before you approach the Information Regulator.

For matters relating to the Travelport Group’s compliance with the EU-U.S. Data Privacy Framework, unresolved complaints may also be referred to JAMS, an alternative dispute resolution provider based in the United States, at no cost to you. Further information is available at

https://www.jamsadr.com/DPF-Dispute-Resolution.

 

19. Changes to this Privacy Policy

We may update and amend this Privacy Policy from time to time to reflect changes in our business practices, applicable law, or regulatory requirements. When we make material changes to this Policy, we will post a prominent notice on our website and update the effective date below. Your continued use of our products and services following the posting of changes constitutes your acceptance of the updated Policy.

We encourage you to review this Policy periodically to stay informed about how we protect your Personal Information.

 

Effective Date: March 2025 Notice Owner: Information Officer | Travelport Southern Africa (Pty) Ltd This policy is published by Travelport Southern Africa (Pty) Ltd on behalf of its operations in Southern Africa.