Gala-Gala Eco Resort

Ponta do Ouro

Privacy Policy

Version: 1.0
Last updated: 02/09/2025

1) Who we are

Website: https://gala-gala.co.za/
Operator / Legal entity: Gala-Gala Eco Resort
Registered address: Rue Principal Da Ponta Ponta do Ouro, 1100, Mozambique

We operate Gala‑Gala Eco Resort in/near Ponta do Ouro and provide accommodation and related services. This Privacy Policy explains how we process personal information when you visit our website, make an enquiry or booking, or interact with us.

2) What data we collect

We collect and process the following categories of personal information when necessary for our services:

  • Identification & contact data: name, email address, phone number, country, booking reference, passport/ID details where required by law or for check‑in.
  • Booking & stay data: dates, number of guests, preferences (e.g., room type, activities), special requests, payment confirmations (we do not store full card numbers if paid via a secure gateway).
  • Communications: messages via contact forms, email, WhatsApp, or social media.
  • Technical data (website): IP address, device & browser info, pages viewed, referring URLs, and cookie identifiers (see Cookie Policy below).
  • Marketing preferences: newsletter sign‑ups and consent choices.

If you share details about other guests, please ensure you have their permission.

3) How we collect data

  • Directly from you: enquiries, bookings, email/phone/WhatsApp, in‑person check‑in.
  • Automatically: via cookies and similar technologies when you use our website.
  • From partners (where applicable): booking platforms or payment providers you choose (e.g., Booking.com, card gateways). Each partner has its own privacy terms.

4) Why we process your data (POPIA conditions)

We process personal information only when permitted by law, including:

  • To provide services / perform a contract: manage enquiries and bookings; arrange your stay; take payment; customer support.
  • With your consent: (e.g., optional marketing, analytics cookies). You may withdraw consent at any time—see §12.
  • To comply with legal obligations: record‑keeping, tax and border/guest registers where applicable.
  • Legitimate interests: improve our services and website, prevent fraud and abuse, protect our rights and property. We balance these interests against your rights.

5) How we share information

We share data only with trusted recipients as needed:

  • Hosting & IT providers: keep the site running and secure.
  • Email & comms tools: to send confirmations and respond to enquiries.
  • Booking & payment processors (if used): to take and confirm reservations and payments.
  • Analytics & maps (optional): e.g., Google Analytics or Google Maps. See Cookie Policy for controls.
  • Professional advisers & authorities: when required by law or to protect our rights.

We require processors to safeguard your data and only process it for our instructions.

6) International transfers

Our service providers may be located outside South Africa. When we transfer personal information internationally, we use appropriate safeguards (e.g., contractual clauses and security measures). Some providers (e.g., Google) may process data in multiple regions—see their privacy terms. You can opt out of non‑essential analytics.

7) Data retention

We keep personal information only as long as necessary for the purposes above and to meet legal/financial/accounting obligations, then delete or de‑identify it. Typical retention:

  • Booking and invoice records: up to 7 years (legal requirements).
  • Enquiry emails: up to 24 months.
  • Analytics data: per your cookie consent and tool settings.
    Retention periods may vary by law and system backups.

8) Security

We use reasonable technical and organizational measures to protect information (secure hosting, access controls, TLS/HTTPS, least‑privilege access, updates, and staff awareness). No method is 100% secure; please contact us if you suspect unauthorized access.

9) Your rights (POPIA)

Subject to limits in law, you may:

  • Access the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion or object to processing where applicable.
  • Withdraw consent for optional processing (e.g., marketing or analytics) at any time.
  • Complain to the Information Regulator.


Information Regulator (South Africa): complaints.IR@inforegulator.org.za | +27 (0)10 023 5200 | JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001.

10) Marketing

We send marketing communications only with your consent or where otherwise permitted. You can unsubscribe at any time via the link in the message or by contacting us.

11) Children

Our services are for general audiences. We do not knowingly collect personal information from children without appropriate consent where required by law.

12) Managing your choices

You can manage non‑essential cookies and change your consent at any time via the Manage Cookies link in our footer or Cookie Banner (see Cookie Policy below). You can also adjust browser settings to block cookies.

13) Changes to this policy

We may update this policy from time to time. Material changes will be highlighted on this page and/or via the banner. The latest version date appears at the top.