Privacy Policy

Last updated: 1 March 2026

1. Information we collect

  • Identity & contact: name, email, phone, and country of residence — collected via the Plan My Trip wizard, package enquiries, and the Contact form.
  • Trip preferences: travel dates, group size, budget tier, trip style — used to prepare your quote.
  • Technical data: IP address, browser, device, referring URL, and pages visited — used for analytics and fraud prevention.
  • Display preferences: selected currency and wishlist — stored in your browser's local storage and never transmitted to us.

2. How we use your information

We use your information to respond to enquiries, prepare and deliver travel itineraries, process bookings with suppliers, comply with legal obligations, prevent fraud, and improve the Site. We do not sell your personal information.

3. Lawful basis

We process personal data on the lawful bases of consent (when you submit a form), contract (to deliver booked travel services), and legitimate interest (analytics, security).

4. Sharing with third parties

We share information only with:

  • Suppliers we book on your behalf (airlines, hotels, tour operators, insurers) — limited to what they need to deliver your booking.
  • Service providers we rely on to run the business: Sanity (lead storage), Vercel (hosting), Resend or similar (transactional email), payment processors.
  • Authorities where required by law.

5. International transfers

Suppliers and infrastructure may be located outside South Africa. Where personal data is transferred internationally, we rely on contractual and operator-level safeguards consistent with POPIA section 72 and the GDPR Article 46 Standard Contractual Clauses where applicable.

6. Cookies & local storage

We use a minimal set of cookies and browser local storage to remember your selected display currency, wishlist, and to measure aggregate Site traffic. You can clear or block these at any time via your browser settings; doing so may degrade some site features.

7. Retention

Lead and booking records are retained for the duration of our client relationship plus 5 years (to meet financial and consumer protection record-keeping obligations), then deleted or anonymised.

8. Your rights

You have the right to access, correct, or delete the personal data we hold about you, to object to processing, to data portability, and to withdraw consent at any time. To exercise any of these rights, email bookings@blackbaskettravel.com.

9. Security

We use industry-standard transport encryption (TLS), least- privilege access for our team, and audited third-party processors. No system is perfectly secure; please use a strong, unique password if you ever create an account with us.

10. Updates

We may update this policy from time to time. Material changes will be posted on this page with an updated revision date.