David Saint Privacy Policy

Document Version: 1.0

Effective Date: 1 February 2026

Next Review Date: February 2027

1. INTRODUCTION

David Saint is committed to protecting your privacy and ensuring the security of your personal information. This policy describes how David Saint ("we", "us", or "our") collects, uses, stores, shares, and protects your personal information when you visit our website, register as a Travel Companion, purchase Travel Bucks™, or book our luxury holiday and lifestyle packages in the Travel Bag. We adhere strictly to the principles of the Protection of Personal Information Act, 2013 (POPIA) in South Africa and other applicable data protection laws.

2. DEFINITIONS

2.1 "Personal Information" means information relating to the identifiable, existing juristic person, including but not limited to, contact details, payment information, and online identifiers.

2.2 "Processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including its collection, receipt, recording, organisation, collation, storage, updating, or modification, retrieval, alteration, consultation, use, dissemination by means of transmission, distribution or making available in any other form, merging, linking, as well as blocking degradation, erasure or destruction of information.

2.3 "Data Subject" means the person to whom personal information relates.

2.4 "Information Officer" means the person designated by David Saint responsible for overseeing compliance with POPIA.

2.5 "Regulator" means the Information Regulator established in terms of POPIA.

2.6 "PPOPIA" means the Protection of Personal information Act, 2013 (Act No. 4 of 2013).

3. WHAT TYPE OF INFORMATION DO WE COLLECT?

3.1 We receive, collect and store information you provide to us directly through our website, via email, telephone, booking forms, registration forms, or any other format that facilitates our business interactions with you.

3.2 We also collect personally identifiable information which may include your name, identity number, email address, passwords, communications, payment details (such as credit card information, bank account details), comments, feedback, product reviews, recommendations, and personal profile. We do not collect any special personal information (such as health or biometric data) unless it is explicitly required for your travel arrangements (e.g. specific medical conditions for accessibility during travel) and with your explicit consent.

3.3 We also collect the Internet Protocol (IP) address used to connect your computer to the Internet; login details; e-mail address; passwords; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.

4. HOW DO WE COLLECT INFORMATION?

4.1 When you conduct a transaction on our website, as part of our business process, we collect personal information you give us such as your name, identity number, residential address, email address, and bank information.

4.2 Your personal information is collected directly from you, or in some instances from third-party service providers (e.g. payment processors, analytics providers), and will be used solely for the specific purposes outlined in this Policy and in the normal course of business operations, as consented to by you or as permitted by law.

5. WHY DO WE COLLECT SUCH INFORMATION?

We collect such non-personal and personal information for the following purposes:

5.1 To provide and operate the services related to the purchase of Travel Bucks™, registering as a Travel Companion, and booking the packages in the Travel Bag.

5.2 To provide our users with ongoing customer assistance and technical support.

5.3 To be able to contact you with essential service-related notices ( such as Travel Bucks™ Wallet Statement, booking confirmations, or security alerts). We may also send you promotional messages or newsletters about our products and services, but only if you have provided your express consent to receive such communications, or where otherwise permitted by law. You will also have the option to opt-out of marketing communications.

5.4 To create aggregated statistical data and other aggregated and/or inferred non-personal Information, which we or our business partners may use to provide and improve our respective service compliance.

5.5 To comply with any applicable laws and regulations.

6. HOW DO WE STORE, USE, AND SHARE YOUR PERSONAL INFORMATION?

6.1 Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.

6.2 We also store your personal information on our computer systems to allow us to give you ongoing customer experience related to your association with David Saint as a Travel Companion, purchase of Travel Bucks™, and all related services as a travel company.

6.3 All direct payment gateways offered by Wix.com or other suppliers and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

6.4. We also share your personal information with local and international travel Suppliers in order to facilitate your bookings and provide the luxury holiday and lifestyle packages you select from the Travel Bag. These local and international Suppliers include hotels, tour operators, airlines and other Suppliers that manage or provide components of your booked travel arrangements. In this case the following applies:

The personal information shared will be limited to what is strictly necessary to confirm and provide the requested services, including but not limited to your name, contact details, passport or VISA information, booking preferences, and any specific requirements you have disclosed.
This sharing is essential for the performance of the contract between you and David Saint (as per POPIA Section 72(1)(c)). By proceeding with a booking, you acknowledge and agree that such sharing is necessary to deliver the services you have requested.
David Saint undertakes to select Suppliers with utmost care and will strive to ensure that these Suppliers are also committed to protecting your personal information in accordance with applicable data protection laws, such POPIA and the EU's General Data Protection Regulations (GDPR), and their own privacy policies.

6.5 David Saint is committed to protecting your personal information and implements reasonable technical and organisational security safeguards

to prevent loss, damage, unauthorised

destruction, an unlawful access to or processing of your personal information. These safeguards include, but are not limited to firewalls, data encryption, and access controls.

6.6 As David Saint operates globally and uses robust international cloud services, your personal information may be transferred to, and stored on, servers located outside the Republic of South Africa. This is primarily due to our use of Wix.com as our primary website hosting and e-commerce platform. Wix.com is a global company that may store and process data on servers located in various countries, including but no limited to the United States, Europe, and Israel.

6.7 David Saint understands its obligations under Section 72 of POPIA regarding the transfer of personal information outside South Africa. We ensure that any such transfer complies with these requirements, primarily on the following grounds:

We rely on Wix.com's robust data protection policies, security measures, and compliance with internationally recognized data protection laws, such as the EU's General Data Protection Regulations (GDPR), which are deemed to provide an adequate level of protection similar to or exceeding POPIA. Wix.com provides various data processing agreements and privacy commitments to ensure data security and compliance.
The transfer is necessary for the performance of our contractual obligations to you, the Data Subject. Our ability to provide website functionality, process transactions, host your account, and deliver our services fundamentally relies on the global infrastructure provided by Wix.com and similar Suppliers.
By using our website and services, you implicitly consent to the transfer of your personal information to Wix.com's global servers as necessary for the provision of the services. Where explicit consent is required, it will be obtained.
David Saint diligently assesses its service providers. We rely on Wix.com publicly stated commitments to data privacy and security, which include:

i) Operating a secure, global infrastructure.

ii) Implementing industry-standards security measures (including encryption, firewalls, and access controls.

iii) Adherence to data processing agreements that uphold privacy principles.

David Saint remains responsible for ensuring that your personal information, even when transferred outside of South Africa, continues to be in accordance with this Privacy Policy and POPIA. We undertake to use all reasonable efforts to ensure that all third-parties, including Wix.com, process your personal information in a manner that is consistent with the principles of data protection as enshrined in POPIA.

6.8 In the unlikely event of data breach, David Saint undertakes to notify you and the Information Regulator of South Africa as required by POPIA, should there be reasonable grounds to believe that your personal information has been accessed or acquired by an unauthorised person.

6.9 David Saint will retain your personalinformation only for as long as it is necessary to fulfill the purpose for which it was collected, or as required by law. Once the purpose is complete or legal retention periods expire, your personal information will be securely deleted.

7. HOW DO WE COMMUNICATE WITH YOU?

7.1 We may contact you to notify you regarding your account in respect of Travel Bucks™ subscription, and your association with David Saint as a Travel Companion, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys, or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you.

7.2 For these purposes we may contact you via email, telephone, text messages, and/or postal mail.

8. HOW DO WE USE COOKIES AND OTHER TRACKING TOOLS?

8.1 Cookies are small text files placed on your device (computer, tablet, mobile phone) when you visit a website. They are widely used to make websites work more efficiently, improve user experience, and provide information to website owners. Our website uses various types of cookies, including necessary cookies, analytical cookies (e.g. Google Analytics), and marketing cookies.

8.2 We use cookies and other tracking technologies (such as web beacons and Flash cookies) to understand how you interact with our website, remember your preferences, provide you with personalized content, and for analytical purposes to improve our services. By continuing to use our website, you consent to use cookies as described in this policy.

8.3 Please note that third-party services, such as Google Analytics and other applications offered through the Wix App Market that are integrated into our services, may also place cookies or utilize other tracking technologies. These external services have their own privacy policies, which are not covered by David Saint’s Privacy Policy. We encourage you to review their policies.

8.4 You can manage or disable cookies through your browser settings. However, disabling certain cookies may affect the functionality of our website.

9. YOUR RIGHTS AS A DATA SUBJECT

9.1 As a data subject, you have specific rights concerning your personal information under POPIA. These rights include:

The right to access your personal information: You may request access to the personal information David Saint has about you.
The right to correct or amend your personal information: You may request that inaccurate, incomplete, or outdated personal information be corrected or updated.
The right to object to the processing of your personal information: You have the right to object, on reasonable grounds relating to your particular situation, to the processing of your personal information.
The right to request deletion or destruction: You have a right to request the deletion or destruction of your personal information where David Saint is no longer authorized to retain it.
The right to withdraw consent: Where David Saint processes your personal information based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
The right to lodge a complaint: You have the right to lodge a complaint with the Information Regulator of South Africa if you believe that your rights under POPIA have been infringed.

9.2 To exercise any of these rights, or if you have any questions regarding your personal information, please contact or Information Officer.

10. PRIVACY POLICY UPDATES

10.1 We reserve the right to modify this Privacy Policy at any time, so please review it frequently.

10.2 Changes and clarifications will take effect immediately upon their posting on the website.

10.3 If we make material changes to this Policy, we will notify you that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

11. HOW TO CONTACT US?

Should you have any queries or concerns regarding this Privacy Policy, the processing of your personal information, or wish to exercise your rights, please contact us at privacy@davidsaint.africa.