Privacy Policy

PanDaan (Pty) Ltd, trading as GroupBook (“we”, “us”, “our”), is committed to protecting the privacy and personal information of all individuals who interact with our platform. This Privacy Policy explains how we collect, use, store, share, and safeguard personal information in compliance with the Protection of Personal Information Act 4 of 2013 (POPIA).

This policy applies to registered users of the GroupBook platform (travel agents, travel management companies and their staff), end-clients whose information is entered into the platform by registered users, hotel contacts in our database, and visitors to our websites.

2.1 Account & User Information

• Full name and email address
• Organisation name and contact details
• Job title and role within the organisation
• Login credentials (passwords are hashed — never stored in plain text)

2.2 Client Information (entered by users)

Registered users may enter information about their own clients, including delegate names, email addresses, mobile numbers, dietary requirements, and travel preferences. GroupBook acts as an Operator with respect to this data. The registered user remains the Responsible Party for their clients' personal information.

2.3 Hotel Database Information

Our hotel database contains professional contact information sourced from official hotel websites, fact sheets, and direct communication with hotels. This relates to juristic persons and professional contact roles.

2.4 Technical & Usage Data

• IP address and browser type
• Pages visited and features used
• Session timestamps and error logs

• To provide and operate the GroupBook platform
• To authenticate users and maintain account security
• To enable users to create and send hotel RFPs on behalf of their clients
• To send transactional emails (RFP notifications, system alerts)
• To respond to support requests
• To comply with legal and regulatory obligations
• To improve platform performance using anonymised analytics

We do not process personal information for direct marketing purposes without explicit consent.

• Contractual necessity — to fulfil our agreement with registered users
• Legitimate interest — maintaining the hotel database and platform functionality
• Legal obligation — retaining records as required by South African law
• Consent — where required, such as for marketing communications

We do not sell personal information. We share data only with the following trusted service providers who process data on our behalf:

By using the platform you consent to cross-border transfers as necessary for service delivery.

• Access — request a copy of your personal information
• Correction — request correction of inaccurate data
• Deletion — request deletion, subject to legal retention obligations
• Object — object to processing in certain circumstances
• Portability — request your data in a structured format
• Complain — lodge a complaint with the Information Regulator

To exercise these rights, contact us at pandaanportfolio@gmail.com. We will respond within 30 days.

• Encryption of data in transit (TLS/HTTPS) and at rest
• Row-Level Security ensuring strict organisational data isolation
• Multi-factor authentication for administrative access
• Regular automated database backups
• Audit logging of key platform actions

We will notify affected data subjects and the Information Regulator of any security breach as required by POPIA.

The GroupBook platform uses session cookies for authentication only. We do not use third-party advertising cookies or tracking pixels.

If you believe your rights under POPIA have been violated, you may contact the Information Regulator of South Africa:

We may update this policy from time to time. The current version will always be available at app.groupbook.co.za/privacy. Registered users will be notified of material changes via email.