Plamedi Trading CC is a Close Corporation duly registered in accordance with the laws of the Republic of South Africa. Plamedi Luxury Stay is the hospitality division of Plamedi Trading CC, providing premium luxury short-stay accommodation across Johannesburg (Gauteng) and Cape Town (Western Cape).

For the purposes of POPIA, Plamedi Trading CC is the Responsible Party — the entity that determines the purpose of, and means for, processing your personal information. Our appointed Information Officer is responsible for ensuring our compliance with POPIA and may be contacted at privacy@plamedistays.com.

This Privacy Policy applies to all personal information processed by Plamedi Luxury Stay in connection with:

• Guests who make enquiries, bookings, or reservations with us — directly or through any Third-Party Platform — and all persons staying at our properties.
• Visitors to our website at www.plamedistays.com and any associated digital platforms, social media channels, or mobile applications operated by us.
• Individuals who contact us via email, telephone, online enquiry forms, WhatsApp, or any other communication channel.
• Subscribers to our newsletters, loyalty programmes, or promotional communications.
• Suppliers, contractors, and service providers engaged by Plamedi Luxury Stay in connection with the operation of our properties.

📋
This Policy should be read in conjunction with our Terms and Conditions of Accommodation (PLS-T&C-2025-V2.0), which are incorporated herein by reference. In the event of any conflict between the two documents regarding the processing of personal information, this Privacy Policy shall prevail.

We only collect personal information that is adequate, relevant, and not excessive in relation to the purposes for which it is collected. The following categories of information may be collected:

🚫
Special Personal Information: We do not intentionally collect special personal information as defined under POPIA — such as information relating to your race, ethnicity, religious beliefs, health or medical history, sexual orientation, or criminal record — except where strictly required by law (e.g. for certain visa or regulatory compliance purposes), in which case your explicit consent will be obtained beforehand.

We collect personal information through a variety of direct and indirect channels:

• Directly from you: When you complete a booking on our website, contact us by telephone, email or WhatsApp, complete an online enquiry or contact form, check in at one of our properties, fill in a guest registration form, participate in a post-stay survey, or subscribe to our newsletter or loyalty programme.
• Through Third-Party Booking Platforms: When you make a booking through a platform such as Airbnb, Booking.com, Expedia, or similar, that platform shares your relevant booking details with us as necessary to process your reservation and accommodate your stay.
• Through payment processors: Our payment gateway providers (PayFast and PayPal) share limited transactional data with us for the purpose of confirming and reconciling payments. Full card details are never transmitted to or stored by Plamedi Luxury Stay.
• Automatically through our website: When you visit our website, certain technical data is collected automatically through cookies, analytics tools, and server logs. Please refer to Section 11 (Cookies & Website Tracking) for further detail.
• Through CCTV systems: Our properties are equipped with closed-circuit television (CCTV) surveillance systems for the safety and security of guests, staff, and property. Signage indicating the presence of CCTV is displayed at all monitored areas.
• From third parties with your consent: Occasionally, information may be received from third parties (such as a corporate booker or travel agent) who make a booking on your behalf. In such cases, the person sharing your information confirms they have your authority to do so.

In accordance with POPIA’s requirement that all processing be conducted on a lawful basis, we process personal information under one or more of the following grounds:

📃

Contractual Necessity

Processing necessary to enter into or perform a contract with you — i.e. processing your booking and managing your stay.

⚖️

Legal Obligation

Processing required to comply with a legal or regulatory obligation, such as identity verification, tax record-keeping, and FICA compliance.

✅

Consent

Where you have freely given specific, informed, and unambiguous consent — such as for direct marketing communications or optional loyalty programme enrolment.

🏢

Legitimate Interest

Processing necessary for our legitimate business interests — such as fraud prevention, security monitoring, improving our services, and internal analytics — where such interests do not override your rights.

🆘

Vital Interests

In rare circumstances, processing necessary to protect life or physical safety — for example, in the event of a medical emergency during a guest’s stay.

📢

Public Interest

Processing required to carry out a public duty or to comply with a directive from a regulatory or law enforcement authority of the Republic of South Africa.

We use the personal information we collect only for the purposes for which it was collected, or for compatible purposes. Specifically, we may use your information to:

• Process and manage bookings: Receive, confirm, amend, and administer your reservation; issue Booking Confirmations, invoices, and receipts; and process payments and refunds.
• Deliver and personalise your stay: Arrange your check-in and check-out, fulfil your pre-stated preferences and special requests, prepare personalised welcome amenities, and ensure all aspects of your stay meet our service standards.
• Communicate with you: Send booking confirmations, pre-arrival information (including check-in instructions, parking details, and local recommendations), in-stay communications, departure information, and post-stay follow-up communications.
• Process payments and manage accounts: Verify and process payment transactions, manage outstanding balances, process refunds, and maintain accurate financial records as required by South African tax and accounting legislation.
• Verify identity and ensure security: Verify guest identities at check-in, operate CCTV and access control systems for the safety of guests and staff, and investigate security incidents or misconduct.
• Comply with legal obligations: Meet our obligations under the Financial Intelligence Centre Act (FICA), South African Revenue Service (SARS) requirements, the Consumer Protection Act, POPIA, and any other applicable legislation or lawful regulatory directive.
• Manage complaints and disputes: Receive, investigate, and respond to guest complaints, service failure reports, refund requests, and any legal claims or disputes arising from a Booking or Stay.
• Improve our services: Analyse booking patterns, stay preferences, guest feedback, and website usage data to improve the quality of our properties, services, and guest experience — on an aggregated and anonymised basis where possible.
• Send marketing communications (with consent): Where you have opted in, send you curated newsletters, special offers, seasonal packages, and updates about Plamedi Luxury Stay properties and experiences. You may withdraw consent at any time (see Section 12).
• Manage our guest relationship: Maintain a guest history profile to enable us to recognise returning guests, recall preferences, and deliver the level of personalised luxury service that defines the Plamedi Luxury Stay experience.

✅
We will not use your personal information for any purpose that is incompatible with the purpose for which it was originally collected, without first obtaining your consent or having a separate lawful basis for doing so.

We do not sell, rent, or trade your personal information to any third party. We may share your personal information only with the following categories of third parties, and only to the extent necessary to fulfil the specified purpose:

Payment

PayFast & PayPal

To process payment transactions securely on our behalf. These providers are PCI DSS-compliant and operate under their own privacy policies.

Booking Platforms

Airbnb / Booking.com / Expedia

Booking details are exchanged as necessary to confirm and manage reservations made through these authorised third-party platforms.

Technology

CMS & Booking Software

WordPress, WooCommerce, and our booking plugin process reservation and payment data solely to operate our website and booking system.

Analytics

Website Analytics Providers

Aggregated, anonymised website usage data may be processed by analytics tools (e.g. Google Analytics) to help us understand and improve our website performance.

Operations

Property Services Providers

Housekeeping, maintenance, concierge, and transport service providers may receive limited information necessary to fulfil services booked by or for you during your Stay.

Communications

Email / SMS Platforms

Our email marketing and transactional communication platforms process your contact details and communication preferences to send booking-related and (where opted-in) marketing communications.

Legal

Legal & Professional Advisors

Attorneys, auditors, and accountants may access relevant data under strict confidentiality obligations where required in connection with legal claims, audits, or regulatory proceedings.

Regulatory

Law Enforcement / Regulatory Bodies

We may disclose information where required to do so by law, court order, or at the lawful request of SAPS, SARS, the Information Regulator, or other competent South African authority.

All third parties with whom personal information is shared are required to handle it in accordance with POPIA and, where applicable, any equivalent international data protection legislation.

Some of our third-party service providers — particularly payment processors (PayPal) and certain technology platforms — may process personal information outside the borders of the Republic of South Africa.

• In accordance with Section 72 of POPIA, Plamedi Luxury Stay will only transfer personal information to a third party in a foreign country if that country provides an adequate level of protection for personal information that is substantially similar to the protections under POPIA, or if the recipient is bound by a binding agreement that upholds substantially similar protections.
• PayPal’s global operations are subject to applicable international data protection frameworks. Guests utilising PayPal as a payment method should review PayPal’s global privacy policy for information on international data transfers.
• Where data is transferred internationally, we take appropriate contractual, technical, and organisational measures to ensure your information remains secure and is processed only for the purposes disclosed in this Policy.

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. The following retention periods apply:

Upon expiry of the applicable retention period, personal information will be securely deleted, anonymised, or destroyed in a manner that prevents reconstruction or recovery. Where a legal hold is in place (e.g. pending litigation), information will be retained until the hold is lifted.

Plamedi Luxury Stay takes the security of your personal information seriously. We have implemented a range of technical, organisational, and physical security measures designed to protect personal information against unauthorised access, disclosure, alteration, loss, or destruction.

• Technical measures: Our website is secured with SSL/TLS encryption. All online payment transactions are processed through PCI DSS-compliant payment gateways. Access to personal data systems is restricted to authorised personnel only, using role-based access controls and strong authentication protocols.
• Organisational measures: Access to personal information is granted on a strict need-to-know basis. All staff with access to personal information receive POPIA awareness training. Confidentiality obligations are included in all employment and supplier contracts.
• Physical measures: Physical documents containing personal information are stored securely and access to property management systems is restricted. CCTV is used at our physical premises for security purposes.
• Data minimisation: We only collect the minimum personal information necessary for the purpose for which it is collected, in line with POPIA’s principle of data minimisation.
• Security breach response: In the event of a data breach that poses a real risk of harm to any data subject, Plamedi Luxury Stay will notify the Information Regulator of South Africa and any affected data subjects as soon as reasonably practicable, in accordance with Section 22 of POPIA.

🔐
While we implement industry-standard security measures, no digital system is entirely immune to risk. We encourage guests to also take steps to protect their own information — such as using strong, unique passwords and not sharing their booking confirmation details with third parties.

Our website (www.plamedistays.com) uses cookies and similar tracking technologies to enhance your browsing experience, operate essential website functionality, and gather analytical insights. A cookie is a small text file placed on your device when you visit a website.

Essential Cookies — Required for core website functionality. Cannot be disabled.
Functional Cookies — Remember your preferences (e.g. language, currency). May be disabled.
Analytics Cookies — Track anonymised usage to improve our website. May be disabled.
Marketing Cookies — Deliver relevant advertising. Require your prior consent.

• Cookie consent: On your first visit to our website, you will be presented with a cookie consent banner allowing you to accept, reject, or manage your cookie preferences (other than strictly essential cookies). Your preferences will be saved for future visits.
• Third-party cookies: Our website may include cookies from third-party services such as Google Analytics, Facebook Pixel, and social media sharing buttons. These third parties may use cookies in accordance with their own privacy policies. We encourage you to review those policies independently.
• Managing cookies: You may manage, disable, or delete cookies at any time through your browser settings. Please note that disabling cookies may affect the functionality of our website and booking system. Instructions for managing cookies in most popular browsers are available at www.aboutcookies.org.

In compliance with Section 69 of POPIA and the CAN-SPAM and PECR principles applied as best practice, Plamedi Luxury Stay only sends direct marketing communications to individuals who have expressly opted in to receive such communications, or where we have an existing guest relationship and you have not opted out.

• What we may send: Curated seasonal offers, exclusive packages, new property announcements, travel inspiration content, and personalised recommendations based on your stay history and preferences — where you have opted in.
• Frequency: We respect your inbox. Marketing communications will be sent no more frequently than twice per month, unless a time-limited offer or emergency communication warrants earlier contact.
• How to opt out: You may withdraw your consent to receive marketing communications at any time by: (a) clicking the “Unsubscribe” link in any marketing email; (b) sending an opt-out request to privacy@plamedistays.com; or (c) contacting our Information Officer. We will action all opt-out requests within 5 business days.
• Transactional communications: Withdrawal of marketing consent does not affect the sending of transactional or service-related communications (such as booking confirmations, pre-arrival information, and payment receipts), which are necessary for the fulfilment of your booking.
• No third-party marketing: We will never share your personal information with third parties for their own direct marketing purposes.

Plamedi Luxury Stay does not knowingly collect personal information directly from children under the age of 18. Our website and direct booking systems are intended for use by adults only.

• Where children are included as guests in a booking made by an adult, their names and ages may be collected for the purpose of managing the booking (e.g. cot arrangement, child-minding services). This information is processed under the authority of the parent or legal guardian who is the Lead Guest.
• We do not collect children’s identity document numbers or any other unnecessary personal information relating to child guests beyond what is strictly required for the provision of our services.
• If you believe we have inadvertently collected personal information from a child without appropriate parental consent, please contact our Information Officer immediately at privacy@plamedistays.com and we will take prompt steps to delete such information.
• CCTV footage captured at our properties may incidentally include images of child guests as part of general premises surveillance. This footage is handled in accordance with the retention and security measures described in Sections 9 and 10 of this Policy.

As a data subject under POPIA, you have the following rights with respect to your personal information held by Plamedi Luxury Stay. We are committed to facilitating the exercise of these rights without undue delay and at no charge, subject to reasonable verification of identity.

Section 23 POPIA

Right of Access

You have the right to request a record of all personal information we hold about you and to be informed of the purposes for which it is being processed.

Section 24 POPIA

Right to Correction

You may request the correction, update, or deletion of inaccurate, irrelevant, out-of-date, incomplete, misleading, or unlawfully obtained personal information.

Section 11 POPIA

Right to Object

You have the right to object to the processing of your personal information on grounds relating to your particular situation, or to processing for direct marketing purposes at any time.

Section 11(3) POPIA

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

Section 11 POPIA

Right to Restriction

You may request that we limit the processing of your personal information in certain circumstances — for example, while a correction request is being assessed.

Section 69 POPIA

Right Against Direct Marketing

You may at any time require us to stop processing your personal information for the purposes of direct marketing. We will comply promptly and without exception.

Section 8 POPIA

Right to Complain

If you are dissatisfied with our response to any privacy concern, you have the right to lodge a complaint with the Information Regulator of South Africa (see Section 15).

Best Practice

Right to Data Portability

Where technically feasible, you may request a copy of personal information you have provided to us in a structured, commonly used, machine-readable format.

📩
How to exercise your rights: Submit a written request to our Information Officer at privacy@plamedistays.com. Please include your full name, contact details, the nature of your request, and a copy of your ID for verification purposes. We will acknowledge your request within 3 business days and respond in full within 30 days, or inform you of any extension required.

We take all privacy concerns seriously. If you believe your personal information has been mishandled, or that we have not honoured your rights under POPIA, we encourage you to first contact our Information Officer directly.

• Step 1 — Internal resolution: Contact our Information Officer at privacy@plamedistays.com with a detailed description of your concern. We will acknowledge your complaint within 3 business days and endeavour to resolve it within 30 days.
• Step 2 — Information Regulator: If you are not satisfied with our response, or if you believe that a serious breach of POPIA has occurred, you have the right to lodge a complaint directly with the Information Regulator of South Africa, the independent regulatory authority responsible for enforcing POPIA.

Plamedi Luxury Stay reserves the right to update, revise, or replace this Privacy Policy at any time in response to changes in applicable law, our business operations, or the nature of personal information we process. The most current version of this Policy will always be available on our website at www.plamedistays.com/privacy-policy, displaying the effective date and version number at the top of the document.

• Where changes are material — meaning they significantly affect how we collect, use, or share your personal information — we will notify active guests and newsletter subscribers by email prior to the changes taking effect, where reasonably practicable to do so.
• Your continued use of our website or services following the publication of any amendment constitutes your acknowledgement of the updated Policy. We encourage you to review this Policy periodically.
• Previous versions of this Policy are available on request from our Information Officer, for reference purposes.

For any question, request, or concern relating to this Privacy Policy, the processing of your personal information, or the exercise of your rights under POPIA, please contact our Information Officer through any of the following channels: