Lilliput House
Website: www.lilliputhouse.co.za
Effective Date: 2 March 2026
1. Introduction
Lilliput House (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal information in accordance with:
- The Protection of Personal Information Act 4 of 2013 (POPIA)
- The EU General Data Protection Regulation (GDPR) where applicable
POPIA regulates how South African organisations collect and process personal information to protect individuals’ privacy rights. (CookieYes)
Both POPIA and GDPR require businesses to process personal data lawfully, transparently, and only for a specific purpose. (epiuselabs.com)
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or book accommodation with us.
2. Responsible Party (Data Controller)
Business Name: Lilliput House
Physical Address: 261 Church St, Clarens, 9707, South Africa
Email: stay@lillyputhouse.co.za
Website: www.lilliputhouse.co.za
For purposes of POPIA, Lilliput House is the Responsible Party and the Data Controller under GDPR.
3. Information We Collect
We may collect the following categories of personal information:
3.1 Information you provide directly
- Full name
- Email address
- Phone number
- Billing and payment details
- Identity/passport details (where legally required)
- Special requests relating to your stay
- Booking details
3.2 Information collected automatically
When you visit our website, we may collect:
- IP address
- Browser type and version
- Device information
- Pages visited
- Date and time of visit
- Cookies and tracking data
3.3 Information from third parties
We may receive information from:
- Online travel agencies (e.g., Booking platforms)
- Payment processors
- Marketing or analytics providers
4. How We Use Your Information
We process personal information only where we have a lawful basis under POPIA and GDPR.
We use your information to:
- Process and manage accommodation bookings
- Communicate with you about your stay
- Process payments and refunds
- Provide customer support
- Comply with legal and regulatory obligations
- Improve our website and services
- Send marketing communications (only with consent where required)
- Prevent fraud and enhance security
We will not use your information for unrelated purposes without your consent.
5. Legal Bases for Processing (GDPR)
Where GDPR applies, we rely on one or more of the following:
- Performance of a contract (booking your stay)
- Legal obligation (e.g., record-keeping laws)
- Legitimate interests (running and improving our business)
- Consent (e.g., marketing cookies or newsletters)
Under POPIA, processing must be lawful, reasonable, and transparent. (https://secureprivacy.ai/)
6. Cookies and Tracking Technologies
Our website uses cookies and similar technologies.
Cookies help us:
- Ensure the website functions properly
- Analyse website traffic
- Remember your preferences
- Improve user experience
South African law generally requires websites using cookies to provide notice and obtain consent where personal information is involved. (Michalsons)
Your cookie choices
You can:
- Accept or reject non-essential cookies
- Change your browser settings
- Delete cookies at any time
7. Sharing of Personal Information
We may share your information with:
- Payment processors
- Booking platform partners
- IT and website service providers
- Professional advisers (legal/accounting)
- Authorities where required by law
We do not sell your personal information.
All operators processing data on our behalf are required to maintain confidentiality and security.
8. International Data Transfers
Because we may use global service providers, your information may be transferred outside South Africa.
Where this occurs, we ensure:
- Adequate data protection safeguards
- Standard contractual clauses (where required)
- Compliance with POPIA cross-border rules
South African businesses serving EU customers may need to comply with GDPR in addition to POPIA. (OAK Law)
9. Data Retention
We retain personal information only as long as necessary for:
- Booking and service delivery
- Legal and tax obligations
- Dispute resolution
- Legitimate business purposes
After this period, information is securely deleted or anonymised.
Both POPIA and GDPR require data not be kept longer than necessary. (epiuselabs.com)
10. Your Privacy Rights
Under POPIA
You have the right to:
- Be notified that your data is being collected
- Access your personal information
- Request correction or deletion
- Object to processing
- Withdraw consent
- Lodge a complaint with the Information Regulator
Under GDPR (where applicable)
You may also have:
- Right to data portability
- Right to restriction of processing
- Right to erasure (“right to be forgotten”)
To exercise any rights, email: stay@lillyputhouse.co.za
We will respond within a reasonable time.
11. Direct Marketing
We will only send marketing communications if:
- You have given consent; or
- We are legally permitted to do so
You may unsubscribe at any time by:
- Clicking the unsubscribe link; or
- Emailing us at stay@lillyputhouse.co.za
12. Information Security
We implement appropriate technical and organisational measures to protect personal information against:
- Loss
- Unauthorised access
- Misuse
- Alteration
- Disclosure
However, no internet transmission is completely secure.
13. Data Breach Notification
If a data breach occurs that poses a risk to your rights, we will:
- Notify affected individuals
- Notify the Information Regulator where required
This is required under POPIA.
14. Children’s Privacy
Our services are not directed at children under 18.
We do not knowingly collect personal information from children without parental consent.
15. Third-Party Links
Our website may contain links to third-party websites.
We are not responsible for their privacy practices. Please review their policies separately.
16. Information Officer (POPIA)
In terms of POPIA, Lilliput House has appointed an Information Officer.
Contact: stay@lillyputhouse.co.za
17. Complaints
If you believe we have not handled your information properly, please contact us first.
You may also lodge a complaint with:
Information Regulator (South Africa)
Website: https://inforegulator.org.za
18. Changes to This Policy
We may update this Privacy Policy from time to time.
The latest version will always appear on:
19. Contact Us
Lilliput House
261 Church St
Clarens, 9707
South Africa