Privacy Policy

Last updated: 29 April 2026

MaTakaTaka Tours & Safaris (“MaTakaTaka”, “we”, “us”, or “our”) is committed to protecting your privacy and ensuring that your personal information is processed lawfully, fairly, and transparently.

This Privacy Policy explains how we collect, use, disclose, store, and safeguard personal information when you:

Visit our website
Submit enquiries or booking forms
Participate in our safari or travel services
Communicate with us
Receive marketing communications

1. Who We Are

MaTakaTaka Tours & Safaris is a travel company registered in South Africa, owned and managed by Daniela Mates, operating safari and travel experiences in Southern Africa and other destinations. For the purposes of data protection law, MaTakaTaka acts as a Data Controller (or Responsible Party under POPIA) in respect of personal data collected through our website and operational systems. For privacy-related queries, you may contact us at: info@matakataka.com

EU Representative (Article 27 GDPR)
Franziska Mates
Uhlandstr. 8
89195 Staig
Germany
Email: info@matakataka.com

2. Personal Data We Collect

We may collect and process personal data including, but not limited to, the following categories:

2.1 Contact & Enquiry Information

First names, last name, and nickname
Email address
Telephone number
Referral information
Enquiry notes
Marketing consent preferences

2.2 Safari Planning & Traveller Information

Names and nicknames
Email addresses (including group representative or proxy email addresses)
Dates of birth
Gender (where voluntarily provided)
Country of residence and nationality
Languages spoken
Preferred room types and sharing arrangements
Budget and preferred currency
Intended travel dates and destinations
Activity and accommodation preferences
Billing details (including billing address, VAT number where applicable, and payment card/financial transaction information processed via secure third-party gateways)

2.3 Identity & Travel Information

Passport numbers and issuing country
Travel insurance information
Emergency contact details

2.4 Medical & Special Category Information

Where strictly necessary to ensure traveller safety, deliver services, or comply with legal requirements, and only with your explicit consent, we may collect:

Medical aid provider and membership details
Doctor name and contact details
Allergies
Existing medical conditions
Medication information
Dietary requirements
Other health-related notes

This constitutes special category personal data under GDPR and sensitive personal information under POPIA.

2.5 Indemnity & Consent Information

Signed indemnity forms
Parent or legal guardian consent (for minors)
Consent for photography and media usage
Signatures

2.6 Supplier Information

Supplier business name
Contact person
Contact details
Payment terms

2.7 Website & Usage Data

When you visit our website, we may automatically collect:

IP address
Browser type and version
Device information (including mobile device type and unique identifiers)
Pages visited, time spent, and traffic sources
Interaction and diagnostic data

This is collected via cookies, web beacons, pixel tags, scripts, and similar tracking technologies. Web beacons (also referred to as clear gifs or pixel tags) may be embedded in certain pages or emails to count visits and measure email open rates. See our Cookie Policy for full details.

3. How We Collect Information

We collect personal data:

Directly from you via online forms
Through embedded third-party form platforms
Via email and messaging communications
Through itinerary-building platforms used to deliver travel services
Automatically through cookies, web beacons, and website analytics tools
From travel companions or legal guardians where applicable

Online form submissions may be processed through secure third-party platforms, with responses temporarily handled via workflow automation before secure storage.

4. Purpose of Processing

We process personal data to:

Respond to enquiries
Prepare customised safari quotations
Arrange and manage travel bookings
Communicate travel details
Share necessary information with accommodation providers, transport operators, guides, and other travel partners
Process payments
Maintain accounting and financial records
Ensure traveller safety
Manage indemnity and legal documentation
Communicate passport and identification details to service providers as required to fulfil bookings
Monitor and analyse website usage to improve our website and services (including via Google Analytics)
Deliver targeted advertising and measure campaign effectiveness (including via Google Ads and social media platforms)
Send marketing communications (only where you have opted in; you may opt out anytime via unsubscribe links or by contacting us)
Prevent fraud and ensure website security (including via reCAPTCHA)

5. Lawful Bases for Processing

5.1 EU & UK Residents (GDPR / UK GDPR)

Where GDPR or UK GDPR applies, we rely on:

Performance of a Contract: to arrange and deliver travel services, including communicating passport details to service providers as required for check-in and identification
Explicit Consent: for special category data (medical information, health-related dietary requirements), marketing communications, media usage, and analytics/advertising cookies
Legitimate Interests: for operational management, service improvement, fraud prevention, website security, record-keeping, and the defence of potential legal claims
Legal Obligation: to comply with tax, accounting, and regulatory requirements

You may withdraw consent at any time where processing is based on consent.

5.2 South African Residents (POPIA)

Where POPIA applies, we process personal information on the following grounds (Section 11 of POPIA):

Contractual necessity: to arrange and deliver travel and safari services, including communicating passport details to service providers as required for check-in and identification
Consent: for special/sensitive personal information (medical data), marketing communications, and photography or media usage
Legitimate interests of MaTakaTaka: for operational management, fraud prevention, service improvement, internal record-keeping, and the defence of potential legal claims
Legal obligation: to comply with applicable tax, accounting, and regulatory requirements

5.3 Automated Decision-Making

We do not make decisions about you solely by automated means that produce legal or similarly significant effects. All booking decisions and service assessments involve human review.

6. Analytics

We use Google Analytics, a web analytics service provided by Google LLC, to monitor and analyse use of our website. Google Analytics collects usage information including IP address, browser type, pages visited, and time spent on pages, as well as referring traffic sources. We use this data to improve our website and services. This data may be shared with other Google services.

You can opt out of having your activity made available to Google Analytics by installing the Google Analytics opt-out browser add-on:

https://tools.google.com/dlpage/gaoptout

For more information on the privacy practices of Google, please visit:

https://policies.google.com/privacy

7. Advertising & Remarketing

We may use remarketing and advertising services to deliver relevant content and advertisements, including on third-party websites, to users who have previously visited our website. We and our advertising partners use cookies and similar technologies to recognise your device and understand how you use our services, in order to show you more relevant advertising.

7.1 Google Ads

We use Google Ads for display advertising and remarketing. You can manage or opt out of Google’s interest-based advertising at:

https://www.google.com/settings/ads

7.2 Facebook / Meta

We use Facebook’s remarketing service (provided by Meta Platforms, Inc.) to deliver relevant advertisements. You can manage your ad preferences at:

https://www.facebook.com/help/568137493302217

7.3 General Opt-Out

You may also opt out of interest-based advertising through the following industry platforms:

NAI opt-out platform: http://www.networkadvertising.org/choices/
EDAA opt-out platform: http://www.youronlinechoices.com/
DAA opt-out platform: http://optout.aboutads.info/

On mobile devices, you may opt out by enabling “Limit Ad Tracking” (iOS) or “Opt Out of Ads Personalisation” (Android) in your device settings.

8. Website Security

We use Google reCAPTCHA to protect our website against spam and abuse. reCAPTCHA may collect information from you and your device for security purposes, processed in accordance with Google’s Privacy Policy:

https://policies.google.com/privacy

9. Email Marketing

We may use your contact details to send newsletters, promotional materials, or other information that may be of interest to you, but only where you have opted in to receive such communications. You may opt out at any time by following the unsubscribe link in any email we send, or by contacting us directly.

We use a third-party email marketing platform to manage and send these communications. That provider processes data under contractual safeguards and a data protection agreement with us.

10. Sharing of Personal Data

10.1 Travel & Operational Partners

We share relevant guest information only as necessary with:

Lodges and accommodation providers
Transport operators
Guides and tour operators
Activity providers
Itinerary-building platforms

These recipients are bound by confidentiality obligations or act as processors under data protection agreements where applicable.

10.2 Service Providers & Operational Systems

We use trusted third-party service providers, including:

Online form and data collection platforms
Cloud-based database systems (including those hosted in the United States)
Workflow automation tools
Cloud-based productivity and email services (including email, calendar, and document storage)
Accounting and financial management software
Online payment processors
Email marketing platforms
Instant messaging platforms used for client communication
Website analytics providers (including Google Analytics)
Advertising and remarketing platforms (including Google Ads and Meta/Facebook)
Website security services (including Google reCAPTCHA)

These providers process data under contractual safeguards and data protection agreements.

10.3 Business Transfers

If MaTakaTaka is involved in a merger, acquisition, or asset sale, your personal data may be transferred as part of that transaction. We will provide notice before your personal data becomes subject to a different privacy policy.

10.4 Legal Requirements

We may disclose personal data where required by law, or in the good-faith belief that such action is necessary to: comply with a legal obligation; protect and defend our rights or property; prevent or investigate possible wrongdoing; protect the personal safety of users or the public; or protect against legal liability.

11. International Data Transfers

Personal data may be transferred to and processed in countries outside your country of residence, including South Africa, EU member states, the United Kingdom, and the United States (e.g., certain cloud providers and analytics/advertising platforms host or process data in the US).

Some destinations may not offer an equivalent level of data protection. Where required (particularly under GDPR/UK GDPR), transfers are safeguarded by appropriate mechanisms, including EU/UK-approved Standard Contractual Clauses (2021 modular version) or other recognised transfer tools. Where we rely on such mechanisms, copies are available upon request by contacting us.

12. Data Retention

We retain personal data only as long as necessary to:

Provide travel services
Comply with legal and accounting obligations
Resolve disputes
Enforce agreements

Travel and financial records are retained for up to seven (7) years where required by law. Enquiry data without a completed booking is typically retained for 12–24 months unless deletion is requested.

Medical and special category information is retained for the duration of the relevant tour and for a period of three (3) years thereafter, to enable MaTakaTaka to defend potential legal claims arising from the tour.

Website usage and analytics data (including Google Analytics data) is generally retained for a shorter period unless required for security or legal purposes.

13. Data Security

We implement appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration, or destruction. These measures include role-based access controls limiting data access to authorised personnel only and regular review of our security practices in line with industry standards. No electronic transmission or storage method is completely secure, and we cannot guarantee absolute security.

14. Your Rights

Depending on your jurisdiction, you may have the right to:

Access your personal data
Request correction of inaccurate information
Request deletion
Restrict processing
Object to processing
Request data portability
Withdraw consent
Lodge a complaint with a supervisory authority (South Africa: Information Regulator; UK: ICO; EU: local authority)

To exercise rights, contact us at info@matakataka.com. We may verify your identity before processing your request and will respond within statutory timeframes (generally one month under GDPR/POPIA, extendable where permitted).

Note: the right to erasure does not apply where data is retained for the establishment, exercise, or defence of legal claims (GDPR Article 17(3)(e)).

15. Children’s Privacy

We may process data of minors for travel arrangements only with verifiable consent from a parent or legal guardian. We do not knowingly collect personal information from children without such consent. The applicable age threshold for digital consent may vary by jurisdiction (e.g., 13–16 years depending on the EU member state or other applicable law); we apply the higher standard of 18 years as our default where local law permits a lower threshold.

16. Cookies

We use cookies and similar tracking technologies on our website, including for analytics, advertising, and security purposes. Please see our Cookie Policy for full details, including the specific cookies we use, their retention periods, and how to manage your preferences. Cookie consent is managed via a consent management platform on our website.

17. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.

18. Changes to This Privacy Policy

We may update this Policy from time to time. Changes will be posted on this page with an updated date. Where required, we will notify you of material changes by email or via a prominent notice on our website prior to the change taking effect.

19. Contact Information

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

By visiting: https://matakataka.com/contact-us/
By email: info@matakataka.com

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.