1. Who we are
NAC Travel International (Pty) Ltd is a South African travel, tourism, visa assistance, study abroad, holiday package and business support company.
NAC Travel International (Pty) Ltd
2017/330295/07
https://www.nac-travel.org/
info@nac-travel.org
In this Privacy Policy, “NAC Travel”, “we”, “us” and “our” refer to NAC Travel International (Pty) Ltd. “You” or “your” refers to clients, website visitors, students, travellers, applicants, agents, educators, partners, suppliers, staff, contractors and other people who interact with us.
2. Scope of this policy
This policy applies to personal information processed through, or in connection with:
- our main website, subdomains, online forms, client portals, admin portals and mobile/internal command systems;
- visa assistance, travel packages, flight/hotel support, travel insurance, study abroad and related services;
- consultations, invoices, bookings, enquiries, applications, document reviews and customer support;
- marketing communications, newsletters, social media posts, LinkedIn Company Page activity and campaign follow-up;
- agent, educator, partner, supplier, school, university and institutional relationship management;
- internal operational tools, including NAC Director Command, content governance, approval queues, audit logs and automation oversight.
3. Laws and principles we follow
We aim to process personal information lawfully, fairly, transparently and securely. Our privacy practices are designed with reference to South Africa’s Protection of Personal Information Act (POPIA), and, where applicable, other privacy requirements such as the EU/UK GDPR for people located in those regions.
- Accountability: we take responsibility for how we use personal information.
- Purpose limitation: we collect information for defined service, legal, safety, operational or communication purposes.
- Data minimisation: we aim to collect only what is reasonably needed.
- Quality: we try to keep information accurate and up to date.
- Openness: we explain how information is used.
- Security safeguards: we apply reasonable technical and organisational security measures.
- Participation: we respect rights to access, correction, deletion, objection and withdrawal of consent where applicable.
4. Personal information we may collect
| Category | Examples |
|---|---|
| Identity and contact details | Name, surname, email address, phone number, country, city, address, ID/passport information where required for a service. |
| Travel and visa information | Travel dates, destinations, visa type, invitation details, accommodation, flight, insurance, travel history, immigration history and family details where relevant. |
| Study and education information | School records, grades, qualifications, programme interests, admissions documents, language tests, sponsor information and student application details. |
| Financial and transaction information | Invoices, payment references, package selections, proof of payment, payment status, billing details and refund-related records. We do not store full card numbers unless clearly handled by a compliant payment provider workflow. |
| Documents uploaded or supplied | Passports, permits, letters, bank statements, employment letters, school records, invitation letters, business records and other case-specific documents. |
| Technical data | IP address, browser/device information, cookies, logs, page visits, portal actions, authentication and security logs. |
| Marketing and communication data | Preferences, subscriptions, unsubscribe status, bounce/suppression status, campaign interactions, social media engagement and communication history. |
| Agent, educator and partner data | Profile details, organisation name, referral details, commission-related records, relationship notes, onboarding records and contact logs. |
5. Special or sensitive personal information
Some services may require sensitive information, including passport data, immigration history, family details, financial records, health/travel insurance information, minor/student information, criminal/background declarations where required by an authority, or other special categories of data.
We only request sensitive information when it is reasonably necessary for the service, required by law or requested by an authorised government, education, travel, visa, insurance or supplier process. Where consent is required, we will seek it directly or through the relevant service workflow.
6. How we collect information
- directly from you through forms, emails, WhatsApp, consultations, document uploads, calls or portal activity;
- from authorised representatives, sponsors, parents/guardians, agents, educators or partners;
- from third-party service providers involved in travel, visa, study, insurance, payments, accommodation or related services;
- from public or official sources where lawful and relevant to the service;
- from website analytics, logs, cookies, security systems and internal operational records.
7. Why we use personal information
- to respond to enquiries and provide consultations;
- to prepare, manage and support visa, travel, holiday, study, insurance and related services;
- to create and manage user, client, agent, educator, school, partner and supplier records;
- to issue invoices, receipts, quotes and payment reminders;
- to manage appointments, bookings, accommodation, flights and service fulfilment;
- to communicate updates, checklists, document requests, service changes and reminders;
- to run marketing, newsletters, social media campaigns and manual/approved LinkedIn Company Page content;
- to manage content approval, fact-checking, governance, audit logs, safety controls and operational oversight;
- to prevent fraud, misuse, unauthorised access, spam, bounced emails and security incidents;
- to comply with legal, tax, accounting, regulatory, immigration, contractual and dispute-resolution obligations;
- to improve our websites, services, portals, training, reporting and customer experience.
8. Legal bases for processing
- Consent: for specific communications, document handling, sensitive processing, subscriptions or optional services.
- Contract or steps before contract: to provide requested services, quotes, consultations, packages and application support.
- Legal obligation: for accounting, tax, regulatory, immigration, consumer protection and compliance requirements.
- Legitimate business interests: for service improvement, security, fraud prevention, audit logs, business reporting and responsible marketing to existing contacts where lawful.
- Vital or public-interest reasons: only where strictly applicable, such as emergency travel or safety matters.
9. LinkedIn, social media and publishing controls
NAC Travel may use LinkedIn, Facebook, Instagram, X and other social platforms for business updates, travel information, visa and study education, holiday promotions, partner announcements and approved marketing content.
Where we use a LinkedIn developer application or the LinkedIn Community Management API, we use it only for authorised business purposes connected to the NAC Travel LinkedIn Company Page and related approved workflows. We do not use LinkedIn API access to scrape LinkedIn, harvest member data, sell LinkedIn data, send unauthorised private messages, post to personal profiles without authorisation, or bypass LinkedIn’s platform rules.
NAC Director Command and related systems may prepare captions, article links, images and manual post packs. LinkedIn content is subject to review and approval workflows. Where API access is not approved, LinkedIn posts remain held/manual and must be posted by an authorised human administrator.
10. Artificial intelligence, automation and human review
We may use internal automation and AI-assisted tools to support drafting, classification, content governance, routing, reporting, checklist generation, risk flags, document organisation, customer service and business intelligence. These tools support human decision-making and operational efficiency.
We do not use AI or automation to make final visa, immigration, admission, refund, payment, legal, medical, employment or government decisions. Such outcomes depend on the relevant authorities, institutions, suppliers, contractual terms and human review.
We maintain controls so that sensitive external actions such as sending emails, publishing posts, changing payment records, submitting applications or communicating with clients are subject to appropriate approval gates where required.
11. Marketing, newsletters and email suppression
We may send service updates, educational content, offers, newsletters, event notices, partner updates and related business communications where permitted by law or where you have subscribed or engaged with us.
- You can opt out of marketing communications at any time using the unsubscribe method provided or by contacting us.
- We may keep a suppression record so we do not continue sending to unsubscribed, suppressed or hard-bounced addresses.
- Service-critical communications, invoices, legal notices and case-related communications may still be sent where necessary.
12. Cookies and analytics
Our websites may use cookies, logs and similar technologies to keep services secure, remember preferences, measure performance, support forms, detect misuse and understand website activity. You can control cookies through your browser settings. Blocking some cookies may affect forms, logins, security features or portal functionality.
13. Sharing of personal information
Where necessary and lawful, we may share information with:
- visa centres, embassies, consulates, immigration authorities or appointment providers;
- universities, colleges, schools, education partners, student platforms and admissions providers;
- airlines, hotels, accommodation providers, insurers, tour operators and travel suppliers;
- payment providers, banks, accountants, auditors, debt/collection support and financial administrators;
- IT, hosting, email, CRM, cloud, security, backup, analytics and communications service providers;
- agents, educators, partners or authorised representatives involved in your service;
- legal, regulatory, law enforcement or dispute-resolution bodies where required or permitted by law.
We require service providers and operators to handle personal information securely and only for authorised purposes.
14. International transfers
Because travel, visas, immigration, study abroad, hospitality, cloud hosting and online platforms are international by nature, personal information may be processed or accessed outside South Africa. We take reasonable steps to ensure that cross-border transfers are lawful and protected through contractual, operational or legal safeguards appropriate to the service.
15. Security
We use reasonable technical and organisational safeguards to protect personal information against loss, misuse, unauthorised access, alteration, disclosure or destruction. Measures may include access controls, passwords, secure hosting, role-based permissions, backups, audit logs, encrypted connections, internal approval controls and staff/contractor confidentiality obligations.
No website, email system, mobile device or internet transmission is completely secure. You should use strong passwords, avoid sending unnecessary sensitive documents, keep devices secure and notify us quickly if you suspect unauthorised access.
16. Retention
We keep personal information only for as long as reasonably necessary for the purpose collected, active services, legal obligations, accounting and tax records, dispute handling, audit logs, fraud prevention, suppression records, legitimate business records and service continuity. When information is no longer needed, we will delete, archive, de-identify or securely restrict it where reasonably practicable and lawful.
17. Your rights
Depending on the law that applies and the type of information, you may have rights to:
- ask whether we hold your personal information;
- request access to your personal information;
- ask us to correct or update inaccurate information;
- ask us to delete information where we no longer have a lawful reason to keep it;
- object to certain processing, including direct marketing;
- withdraw consent where processing is based on consent;
- request restriction or portability where applicable;
- lodge a complaint with the relevant data protection authority.
To exercise rights, email info@nac-travel.org. We may need to verify your identity before responding, especially for access, correction or deletion requests.
18. Children, students and minors
Some study, travel or family visa services may involve minors. We process minor/student information only where necessary for the requested service, with the involvement or consent of a parent, guardian, sponsor, school or authorised representative where required.
19. Third-party websites and services
Our websites, emails and social posts may link to third-party websites such as airlines, hotels, insurance providers, payment gateways, visa centres, government websites, universities, LinkedIn, Facebook, Instagram, WhatsApp and other platforms. Those third parties have their own privacy policies, terms and security practices. We are not responsible for how third-party websites process information after you leave our services.
20. Complaints
If you are concerned about how we process personal information, please contact us first so we can investigate and respond.
Privacy contact: info@nac-travel.org
If you are in South Africa, you may also contact the Information Regulator (South Africa) through its official channels. If you are in another jurisdiction, you may have the right to contact your local data protection authority.
21. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in law, services, websites, technology, LinkedIn/API access, internal systems, suppliers or business operations. The latest version will be published on this page with the updated date.
22. Contact us
NAC Travel International (Pty) Ltd
Email: info@nac-travel.org
Website: https://www.nac-travel.org/
Contact page: https://nac-travel.org/contact.php
Terms of Service: https://nac-travel.org/terms-of-service/