Effective Date: 01 July 2023 · Last Updated: April 2026

1. Who We Are

Southern Cross Experiences is a specialist safari operator and Destination Management Company (DMC) based in Pretoria, South Africa, offering luxury safari experiences across East and Southern Africa since 2000.

2. What Personal Data We Collect and Why

We collect personal data to provide our safari and travel services, respond to your enquiries, and improve your experience on our website. Below is a summary of the data we collect, how we collect it, and why.

Contact Forms

When you submit an enquiry through our Contact & Enquiry page, we collect your name, email address, phone number, travel preferences, and any additional information you provide. We use this data solely to respond to your enquiry and, if you proceed, to plan your safari. We retain contact form submissions for 24 months for customer service purposes. We do not use this information for marketing unless you explicitly opt in.

Cookies

Our website uses the following types of cookies:

• Essential Cookies: Required for the website to function properly (e.g., session cookies, security cookies). These cannot be disabled.
• Analytics Cookies: We use Google Analytics 4 (GA4) to understand how visitors interact with our website. These cookies collect anonymised data such as pages visited, time on site, and referral source. You can opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.
• WordPress Cookies: WordPress sets a small number of cookies for logged-in users and commenters. These are essential for site functionality.

You can manage your cookie preferences at any time through your browser settings or the cookie consent banner on our website.

Analytics

We use Google Analytics 4 (Property ID: G-R1Z3MVGR2L) via the Site Kit by Google plugin to collect anonymous usage data. This helps us understand which pages are most popular, how visitors navigate our site, and where we can improve. Google Analytics does not collect personally identifiable information. For more information, see Google's Privacy Policy.

Media

If you submit images to us (e.g., as part of a safari enquiry or feedback), please be aware that these files may contain embedded location data (EXIF GPS). We do not extract or use this data, but recommend removing it before sending if privacy is a concern.

Embedded Content

Some pages on our website include embedded content from third-party services such as Google Maps, Vimeo, and social media platforms. Embedded content from other websites behaves in the same way as if the visitor had visited those websites directly. These services may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content.

3. Who We Share Your Data With

We may share your personal data with the following trusted third parties, solely for the purposes of delivering our services:

• Accommodation & Activity Partners: Lodge names, guest names, dietary requirements, and travel dates are shared with our accommodation and activity partners to fulfil your booking.
• Google (Analytics & Search Console): Anonymous website usage data is processed by Google. No personally identifiable information is shared.
• xneelo (Web Hosting): Our website is hosted by xneelo in South Africa. Server logs may contain IP addresses and access timestamps.
• Cloudflare (CDN & Security): Cloudflare provides content delivery and security services. They may process IP addresses and request data to protect against threats.
• WPForms (Contact Forms): Form submissions are processed through the WPForms Lite plugin and stored in our WordPress database. Data is not shared externally by WPForms.

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

4. How Long We Retain Your Data

• Contact form submissions: Retained for 24 months, then securely deleted.
• Booking and client records: Retained for 7 years in compliance with South African tax and business regulations.
• Analytics data: Google Analytics data is retained for 14 months (GA4 default), then automatically deleted.
• Server logs: Retained by our hosting provider (xneelo) for up to 12 months.

5. What Rights You Have Over Your Data

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten").
• Right to Restriction: Request that we limit how we process your data.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at reservations@southern-cross.africa. We will respond to your request within 30 days.

6. Where Your Data Is Sent

Our website is hosted in South Africa by xneelo. However, some data may be transferred outside South Africa and the European Union through the following services:

• Google Analytics & Google Search Console: Data is processed by Google LLC in the United States. Google participates in and complies with the EU-US Data Privacy Framework.
• Cloudflare: Data may be processed in global data centres. Cloudflare complies with GDPR through Standard Contractual Clauses.
• Vimeo (embedded video): Video content is hosted by Vimeo, Inc. in the United States.

All international data transfers are safeguarded through Standard Contractual Clauses, adequacy decisions, or other GDPR-compliant mechanisms.

7. How We Protect Your Data

We implement appropriate technical and organisational measures to protect your personal data, including:

• SSL/TLS encryption on all pages of our website
• Cloudflare security and DDoS protection
• Regular WordPress and plugin security updates
• Strong password policies and limited admin access
• Email obfuscation to prevent spam harvesting

No data transmission over the internet can be guaranteed as 100% secure. We take every reasonable precaution to protect your information, but cannot guarantee absolute security.

8. Data Breach Procedures

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk to you personally, we will also notify you directly by email without undue delay.

9. Third-Party Data

We do not receive personal data about you from third parties, advertisers, or data brokers. All personal data we hold is provided directly by you through our website, email, phone, or WhatsApp communication.

10. Automated Decision Making

We do not use any automated decision-making or profiling processes with your personal data. All travel recommendations and itinerary planning are carried out personally by our team.

11. Children's Privacy

Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will promptly delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We encourage you to review this page periodically. The updated policy will be effective as of the date noted at the top of this page.

13. Contact & Complaints

If you have any questions, concerns, or complaints regarding this Privacy Policy or how we handle your personal data, please contact us:

If you are not satisfied with our response, EU residents have the right to lodge a complaint with their local Data Protection Authority. South African residents may contact the Information Regulator at inforegulator.org.za.

References

• European Commission: Data Protection
• South Africa: Information Regulator (POPIA)
• Google Privacy Policy

We are happy to answer any questions about how we handle your personal data.

Contact Us