IMPORTANT: Please read these terms before confirming a booking. They contain cancellation charges, guest obligations, rules about damage and exceptional cleaning, and provisions that limit liability or require a guest to accept certain risks. Nothing in these terms excludes rights or remedies that cannot lawfully be excluded.
| Item | Details |
| Responsible party | INNOV8 SPACES PTY LTD trading as Innov8 Spaces |
| Registration number | K2021589130 |
| Address | 7 Middle Road, Morningside, Sandton, South Africa |
| Privacy email | info@innov8spaces.co.za |
| Telephone | 010 595 5700 (telephone) / 073 864 2027 (WhatsApp) |
| Website | https://www.innov8spaces.co.za |
| Effective date / version | 15 July 2026 Version 1.0 |
2.1 This notice applies when Innov8 acts as the responsible party for personal information relating to prospective and current guests, visitors, corporate booking contacts, property owners and landlords, suppliers, contractors, job applicants, website users, Wi-Fi users and people captured by security systems.
2.2 A corporate client or booking platform may also be a responsible party for information it collects and shares. Its own privacy notice will apply to its processing. Where Innov8 acts only as an operator on another party's documented instructions, the responsible party remains primarily responsible for notifying the data subject.
Identity and profile information
name, title, date of birth where needed, nationality, identity or passport details, signature, guest preferences and loyalty or corporate identifiers.
Contact information
telephone number, email address, residential or business address, emergency contact and communication preferences.
Booking and stay information
arrival and departure dates, accommodation selection, occupants, visitors, special requests, housekeeping and maintenance interactions, access records, complaints, incidents and lost property.
Payment and financial information
billing address, payment status, transaction references, company purchase-order details, refund and account records, and limited payment information received from payment providers. Full card details may be collected directly by a payment provider.
Corporate and owner information
employer or company, role, account details, contracts, invoices, property information and authorised contacts.
Technical and online information
IP address, device and browser information, cookie identifiers, Website activity, form submissions, email interaction information and security logs.
Wi-Fi information
device identifiers, IP and MAC address where available, connection dates and times, data volumes and network diagnostic or security logs. Innov8 does not routinely inspect communication content.
Security information
CCTV images, building and apartment access logs, vehicle registration details, incident reports and information necessary to investigate suspected misconduct or fraud.
Special or sensitive information
health, disability, dietary or accessibility information only where relevant to a request, safety, emergency or legal obligation. Criminal-behaviour information may be processed where reasonably necessary for security or legal claims.
Communications
emails, telephone notes, WhatsApp and other correspondence, customer-support interactions, survey responses and marketing consent or objection records.
4.1 We collect information directly from you and from a person booking for you, your employer or corporate travel arranger, an authorised booking platform or travel agent, a property owner or building manager, payment and fraud-prevention providers, public records, security services, referees or recruitment providers, and our own systems and interactions.
4.2 A person who provides another individual's information must be authorised to do so and should ensure that the individual is made aware of this notice where reasonably practicable.
| Purpose | Justification under POPIA |
| Enquiries, quotations and bookings | To take steps at your request, conclude and perform a contract, and pursue legitimate operational interests. |
| Payment, refunds and debt collection | Contract performance, legitimate interests, fraud prevention and legal obligations. |
| Check-in, access, housekeeping, maintenance and guest support | Contract performance, legitimate interests, safety and protection of rights. |
| Security, CCTV, incident investigation and building compliance | Legitimate interests in protecting people, property and legal rights; legal obligations where applicable. |
| Accounting, tax, audit, insurance and legal claims | Legal obligations and legitimate interests in governance and the establishment, exercise or defence of rights. |
| Service improvement, reporting and analytics | Legitimate interests, using aggregated or de-identified information where reasonably possible; consent where required for non-essential tracking. |
| Transactional communications | Contract performance and legitimate interests in administering the booking and stay. |
| Direct marketing | Consent or the limited existing-customer basis permitted by POPIA, with a free right to object. |
| Recruitment and supplier management | Steps toward a contract, contract performance, legal obligations and legitimate interests. |
5.1 Where we rely on consent, you may withdraw it. Withdrawal does not affect processing already lawfully undertaken and may not apply where another lawful justification permits or requires processing.
6.1 Information identified as mandatory is generally needed to confirm identity, conclude or perform a booking, take payment, provide access, maintain safety or comply with law. If it is not provided, Innov8 may be unable to quote, confirm or perform the requested service.
6.2 Optional information helps Innov8 tailor the service. Declining optional information will not prevent a booking unless it is reasonably necessary for the requested service or safety.
7.1 Innov8 may share relevant information, subject to confidentiality, security and purpose limitations, with:
7.2 Innov8 does not sell personal information. Innov8 will not share contact details for unrelated third-party marketing without an appropriate lawful basis.
8.1 Where a provider processes personal information for Innov8, Innov8 will require appropriate confidentiality and security obligations in a written arrangement where required by POPIA.
8.2 Providers may process information only for authorised purposes, subject to their own independent legal duties where applicable.
9.1 Some cloud, booking, payment, communications or support providers may process information outside South Africa. Innov8 will make a cross-border transfer only where permitted by POPIA, including where the recipient is subject to adequate protection, an appropriate binding agreement, consent, contractual necessity or another lawful ground.
9.2 Locations and provider arrangements may change. Information about material current providers or transfer safeguards may be requested from info@innov8spaces.co.za, subject to security and confidentiality considerations.
10.1 Booking confirmations, access instructions, payment notices, safety information and service messages are necessary transactional communications and are not direct marketing.
10.2 Innov8 will send promotional electronic communications only where permitted by section 69 of POPIA, including where you have consented or, for an existing customer, where the legal conditions for marketing Innov8's own similar services are met.
10.3 You may object or opt out free of charge when details are collected and in each marketing communication. An opt-out applies to marketing and does not prevent necessary service messages relating to an active booking or legal obligation.
11.1 The Website uses cookies and similar technologies for operation, security, preferences, analytics and, where enabled, marketing. The Cookie Policy and consent tool provide further information and choices.
12.1 CCTV may operate in entrances, reception, parking areas and other common or security-sensitive areas. Cameras are not intended for private accommodation interiors. Signs will identify monitored areas where appropriate.
12.2 Images and access records are used for safety, security, incident investigation and the protection of legal rights. Access is restricted and records are retained only as reasonably necessary, unless preserved for an incident, claim or legal requirement.
13.1 Innov8 may process limited information about children where provided by a parent, guardian, competent person, authorised booker or where otherwise permitted by law and necessary for the stay, safety or legal compliance.
13.2 Special personal information will be processed only where a lawful authorisation applies and with additional care appropriate to its sensitivity.
14.1 Innov8 retains personal information only for as long as reasonably necessary for the purpose, a contract, accounting or tax requirements, legal claims, security, fraud prevention, regulatory obligations or another lawful business need.
| Category | General retention approach |
| Booking, guest and communication records | For the relationship and a reasonable period afterwards to address queries, claims, repeat service and legal requirements. |
| Financial and tax records | For the period required by applicable tax, accounting and company laws. |
| Damage, exceptional cleaning and refund records | Until resolved and thereafter for the applicable claim or record-retention period. |
| CCTV and access logs | A limited operational period unless required for an incident, investigation or legal claim. |
| Marketing records | Until opt-out or when no longer necessary, while retaining a minimal suppression record to respect the objection. |
| Job applications | For the recruitment process and a reasonable period thereafter, or longer with consent / another lawful basis. |
14.2 At the end of the applicable period, information will be deleted, destroyed or de-identified in a manner that prevents reconstruction, subject to backup cycles and legal holds.
15.1 Innov8 uses appropriate and reasonable technical and organisational measures having regard to foreseeable risks, the nature of the information and generally accepted practices. Measures may include role-based access, authentication, confidentiality obligations, endpoint protection, backups, secure disposal, incident procedures and contractual controls over operators.
15.2 No system is completely secure. Please protect your devices and credentials and notify info@innov8spaces.co.za promptly if you suspect unauthorised access, fraud or a privacy incident.
16.1 Subject to POPIA and PAIA, you may:
16.2 A request must be sent to info@innov8spaces.co.za. Innov8 may require reasonable proof of identity, apply the prescribed PAIA process or fee where applicable, and refuse or limit a request only on lawful grounds.
17.1 Where there are reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, Innov8 will investigate, contain the incident and notify the Information Regulator and affected data subjects as soon as reasonably possible where required by POPIA, subject to any lawful direction delaying notification.
18.1 Please first contact Innov8's privacy contact at info@innov8spaces.co.za so that Innov8 can investigate and respond.
18.2 You may also contact the Information Regulator (South Africa): enquiries@inforegulator.org.za; telephone 010 023 5200; toll-free 0800 017 160; website www.inforegulator.org.za. Verify current details on the Regulator's website before submitting a complaint.
19.1 Innov8 may update this notice to reflect legal, operational or technology changes. The current version and effective date will be published on the Website. Material changes will be communicated where reasonably required.