Privacy Policy

Effective date: 25/11/2025

1. Who we are

DAISA (Database for the Accommodation Industry in South Africa) is a database platform that allows accommodation providers to record and consult guest behaviour records. At present DAISA is operated as a sole proprietorship by Daniel Jacobus Terblanche (the “Responsible Party” / “we” / “us”). Our website is https://daisa.co.za
Information Officer / Responsible person: Daniel Terblanche — email: admin@daisa.co.za — Location: Worcester, Western Cape, South Africa.

2. Purpose of this policy

This policy explains how we collect, use, store, share and protect personal information and explains your rights under the Protection of Personal Information Act (POPIA) and related law. It also explains how to contact us or the Information Regulator if you have concerns.

3. Personal information we collect

We collect only the personal information necessary to deliver the DAISA service. Examples include:

  • Identity and verification: Full name and surname, ID number or passport number, date of birth (where provided by members).

  • Contact details: Email address, telephone number, postal address (when supplied).

  • Transaction and usage data: Records of searches, uploads, submissions, entries made by member businesses, IP address and device/technical data for security and logs.

  • Behaviour records: Guest conduct entries, submitted by registered member accommodation providers (these are the core content of the database).

  • Scam reports and whistleblower information: When users submit scam reports, we collect reporter details (name, email, phone number), IP address, browser information, and all details about the alleged scam (establishment names, contact details, banking information). This information is collected for fraud prevention purposes and may be published in our public scam alert database.

We only collect personal information that is necessary for the stated purposes.

3.1 Behavioural Information from Accommodation Providers

Member accommodation providers may submit guest behaviour information to DAISA, which may include both positive and negative conduct during a guest’s stay. This information is collected for purposes including industry risk assessment, service improvement, fraud prevention, accountability, and protection of accommodation providers. Behaviour information may include factual descriptions of incidents, compliance with rules, acts of courtesy, responsible conduct, non-payment, damage, or other relevant behaviour affecting the safety, operations, or well-being of the establishment or other guests.
All behavioural submissions are processed strictly in accordance with the Protection of Personal Information Act (POPIA). Only verified DAISA member establishments have access to this information, and it is not shared with the general public. Guests may contact DAISA to request access to, correction of, or deletion of their personal information where permitted under POPIA, subject to any legal or operational requirements.

3.2 Scam Alert Reports and Public Database

DAISA operates a public scam alert database to protect consumers and accommodation providers from fraudulent activities. When users submit reports of suspected scams:

  • Reporter information (name, email, phone number) is collected for verification purposes and is not published publicly
  • IP addresses and browser information are automatically captured to prevent abuse of the reporting system
  • Details about alleged scams (establishment names, contact details, banking information) may be published in our searchable public database
  • For security reasons, only the last 5 digits of any bank account numbers are displayed in public search results and email notifications
  • Full banking details are stored securely in our database and are not publicly accessible

This processing is based on our legitimate interest in preventing fraud and protecting consumers, which is a recognised lawful basis under POPIA. Users searching the database can verify if a reported account number matches a payment request by comparing the last 5 digits shown.

All users submitting reports must agree to our declaration confirming that the information provided is true and correct. False or malicious reports may result in legal action.

4. Why we collect it and lawful basis

We process personal information for the following lawful purposes:

  • To operate and maintain the DAISA database service (providing search, add, edit and admin functionality).

  • To verify identities and prevent fraud or misuse of the platform.

  • To respond to enquiries or legal requests.

  • To comply with legal obligations (for example responding to a PAIA request).

Under POPIA, we are a “Responsible Party” and will process personal information lawfully, for a specific purpose, and only to the extent necessary. Where required by law or contract, or where you have given consent, we rely on the appropriate lawful basis under POPI Act.

5. How we collect information

  • Directly from you or your organisation when you register, create or update records, or contact us.

  • From member accommodation providers who submit guest behaviour records to the database.

  • Automatically through the website (cookies and technical logs).

  • From third-party services you permit us to use for authentication or payment (if applicable).

6. Use and disclosure of personal information

We will not sell personal information. We may disclose personal information:

  • To other DAISA members only as required by the platform’s functionality (search results, record viewing) and consistent with the purpose for which the record was submitted.

  • To service providers who process information on our behalf (hosting, backups, analytics). These providers are bound by confidentiality and security obligations.

  • If required by law, court order, or to comply with PAIA or other lawful request.
    We take steps to limit access and to ensure disclosures are proportionate and lawful.

  • To the public through our scam alert database: Limited information about reported scams (excluding reporter personal information) is published publicly to warn potential victims. Bank account numbers are masked to show only the last 5 digits.

7. Retention and deletion

We retain personal information only for as long as necessary to fulfil the purpose it was collected for, to meet legal obligations, or as permitted by you. Where there is no longer a lawful reason to retain the data, we will securely delete or anonymise it. If you request removal of your personal information, we will assess the request against legal and operational requirements (e.g., if your record is subject to an active complaint or legal hold).

8. Security

We have implemented reasonable technical and organisational measures to protect personal information against loss, unauthorised access, disclosure, alteration or destruction. Measures include access controls, secure hosting and regular backups. However, no internet transmission or storage system is 100% secure; we will notify affected data subjects and the Information Regulator where required by law in the event of a data breach.

As an additional security measure, bank account numbers in our scam alert database and email notifications are masked to show only the last 5 digits.

9. Cookies and tracking

We use cookies and similar technologies to operate the website, manage sessions, and collect analytics about site usage. You may control cookies through your browser settings. (If you implement third-party cookies or analytics, update this section to name those providers.)

10. Your rights under POPIA

Under POPIA you have the right to:

  • Be informed that we hold your personal information.

  • Request access to the personal information we hold about you.

  • Request correction or deletion of your personal information, if appropriate.

  • Lodge a complaint with the Information Regulator if you believe your rights under POPIA have been breached.
    To exercise a right, contact our Information Officer using the details above. We will respond within the timeframes POPIA requires and will inform you of any fee or form requirements for requests (for PAIA-type requests, see the PAIA Manual).

11. PAIA and access to information

DAISA is a private body for the purposes of PAIA. We publish a PAIA Manual that explains how to request records, the relevant forms, applicable fees and who to contact. PAIA requests must be made in the prescribed form and directed to our Information Officer (contact details above). For guidance on how PAIA requests work, see the PAIA Manual and the Information Regulator’s guidance (we will publish our PAIA Manual on the website).

12. Transfers outside South Africa

If we transfer personal information to a third party or service provider outside South Africa, we will ensure an adequate level of protection consistent with POPIA (for example by contractual safeguards). If you are concerned about cross-border transfers, contact the Information Officer.

13. Minors

We do not knowingly collect personal information from children without appropriate consent. If you believe a minor’s personal information has been submitted to DAISA without parental/guardian consent, please contact us at admin@daisa.co.za and we will investigate and take appropriate action.

14. Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the “Effective date” at the top and where appropriate notify users by email or site notice.

Current version updated 18 March 2026 to include provisions for our public scam alert database feature.

15. How to contact us and how to complain

For privacy, PAIA requests or to exercise your POPIA rights, contact:

Information Officer / Responsible person: Daniel Terblanche
Email: admin@daisa.co.za
Website: https://daisa.co.za
Location: Worcester, Western Cape, South Africa

If you remain unhappy after contacting us, you have the right to lodge a complaint with the Information Regulator:
Information Regulator (South Africa) — see the Information Regulator’s website for contact details and complaint procedures.

Scroll to Top