eMkhosini Royal Sun Resort (“the Resort”, “we”, “us”, or “our”) is committed to protecting the privacy and personal information of our guests, visitors, partners, and employees in accordance with the Protection of Personal Information Act (POPIA) of South Africa.

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information when you interact with our facilities, website, booking systems, or services.

This policy applies to:

• All guests and visitors of eMkhosini Royal Sun Resort
• Users of our website, online booking systems, or digital platforms
• Suppliers, contractors, and employees who provide services to or on behalf of the resort

• Processing accommodation and event bookings
• Managing check-in, check-out, and payments
• Providing personalized guest services and experiences
• Communicating reservation confirmation and updates
• Sending promotional offers, newsletters, or event invitations (with your consent)
• Ensuring guest safety, security, and access control
• Complying with legal, tax, and record-keeping requirements
• Managing staff and contractor relationships

• Your consent (explicitly given through forms or online bookings)
• Performance of a contract (to deliver your booking or event service)
• Legal obligations (for record-keeping, tax, or security compliance)
• Legitimate interests (to improve guest experience and security)

We may share your personal information only when necessary, and with:

• Service providers (e.g., payment processors, booking platforms, IT support) under strict confidentiality agreements
• Government or law enforcement authorities when legally required
• Event organizers and partners (e.g., SATMA Festival management, with consent)
• Auditors, legal advisors, and insurers
• Affiliated partners for joint promotions or loyalty programs (with your consent)

We do not sell or rent your personal data to third parties. Any third-party service providers are contractually obligated to protect your data and use it only for the purposes specified.

We implement appropriate technical and organizational measures to secure personal data against unauthorized access, loss, misuse, or alteration, including:

• SSL encryption on our website and booking portals
• Password-protected and encrypted systems
• Controlled staff access to guest information
• CCTV monitoring for premises safety
• Regular system backups and security reviews

All staff handling personal information are trained in POPIA compliance and confidentiality. While we strive to protect your data, no system is 100% secure. We encourage users to take precautions when sharing sensitive information online.

We retain personal information only for as long as necessary to fulfill the purposes it was collected for, or as required by South African law. Once no longer needed, data is securely deleted or anonymized.

Retention periods may vary depending on the type of data and applicable legal or operational requirements.

Our website uses cookies and analytics tools to improve functionality, personalize content, and analyze traffic. These may include:

• Session cookies for login and navigation
• Analytics cookies (e.g., Google Analytics) to understand user behavior
• Marketing cookies for personalized offers (with consent)

You can manage cookie preferences via your browser settings. Continued use of our website implies consent to our cookie practices.

If your personal data is transferred outside South Africa (e.g., to cloud hosting or booking platforms), we ensure that appropriate safeguards are in place to protect your information in line with POPIA requirements.

This includes contractual clauses, encryption, and data minimization practices to ensure your data remains secure and compliant.

Our website and social media platforms may contain links to external websites, including tourism partners, event organizers, and booking affiliates. Examples include:

• SATMA Awards
• South African Tourism
• Booking.com

We are not responsible for the privacy practices, content, or security of these third-party websites. We encourage users to review their privacy policies before submitting personal information.

We do not knowingly collect personal information from minors under the age of 18 without parental or guardian consent. If you believe a child has provided us with personal data, please contact us to request its removal.

Parents or guardians may request access, correction, or deletion of their child’s data by contacting our Privacy Officer.

This Privacy Policy may be updated periodically to reflect changes in legislation, technology, or resort operations. All updates will be posted on our website and available at the front office reception.

We encourage users to review this policy regularly to stay informed about how we protect your information.

As a data subject under POPIA, you have the right to:

• Request access to your personal information
• Request correction or deletion of inaccurate or outdated data
• Withdraw consent to processing at any time
• Object to direct marketing communications
• Lodge a complaint with the Information Regulator of South Africa

To exercise these rights, please contact us at:

Email: privacy@emkhosinisun.co.za
Tel: 087 059 4510

Information Regulator Contact:
Website: justice.gov.za/inforeg
Email: inforeg@justice.gov.za

For privacy-related queries, corrections, or complaints, please contact:

Privacy Officer
Royal eMkhosini Sun Resort
Underberg, KwaZulu-Natal, South Africa

Email: privacy@emkhosiniroyalsun.com
Tel: +27 087 059 4510

Additional Contacts:
Tel: 087 059 4510
WhatsApp: 082 770 2122
Email: bookings@emkhosiniroyalsun.com
Address: Coleford Road, Underberg, KZN, 3537

By engaging with eMkhosini Royal Sun Resort, using our facilities, or booking our services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

This policy is binding upon all users, guests, and service providers interacting with our platforms or premises.

Prepared by:
Lefentse Chapman – Hospitality & Tourism Development Consultant
October 2025