Privacy Policy

Data Controller: Emalu Destinations Tours and Travel Ltd
Jurisdiction: Republic of Kenya

1. Introduction

Welcome to Emalu Destinations Tours and Travel Ltd ("we," "us," or "our"). We are committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, process, and safeguard your data when you visit our website, book a safari, or use our travel services.

This policy complies with the Data Protection Act, 2019 of Kenya and the Data Protection (General) Regulations, 2021. By engaging with our services, you consent to the data practices described herein.

2. Information We Collect

We collect information you provide directly and information collected automatically.

A. Information You Provide

When you request a quote, book a tour, or subscribe to our newsletter, we may collect:

  • Identity Data: First name, last name, username, date of birth.

  • Contact Data: Billing address, delivery address, email address, telephone numbers.

  • Travel Documentation: Passport details (number, issue/expiry date, place of issue), National ID numbers, visa details required for flights and hotel check-ins.

  • Financial Data: Payment card details (processed via secure third-party gateways), bank account details for refunds, transaction history.

  • Sensitive Personal Data: Health information (e.g., allergies, dietary requirements, mobility limitations) and religious requirements relevant to meal planning.

  • Emergency Contact: Name and phone number of next of kin.

B. Information Collected Automatically (Log Data)

When you visit our website, we may automatically collect:

  • IP address.

  • Browser type and version.

  • Pages visited on our website.

  • Date, time, and duration of visits.

  • Device information (mobile or desktop).

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Performance of a Contract: To fulfill travel bookings and services.

  • Legal Obligation: To comply with tax, immigration, and tourism regulations.

  • Consent: To send marketing communications where you have opted in.

  • Vital Interests: To protect life in emergency situations during travel.

4. How We Use Your Information

We use your information for:

  • Service Delivery: Managing bookings, issuing tickets, and coordinating itineraries.

  • Communication: Sending confirmations, invoices, travel documents, and updates.

  • Payments: Processing transactions and preventing fraud.

  • Legal Compliance: Submitting passenger details to KWS, Immigration, and other authorities as required.

  • Marketing: Sending newsletters and promotions only where consent has been given. You may opt out at any time.

5. Disclosure to Third Parties

We do not sell personal data. We may share data with:

  • Service Providers: Hotels, lodges, camps, airlines, and ground transport providers.

  • Payment Processors: Secure payment gateways such as DPO, PesaPal, and Direct Pay Online.

  • Government Authorities: Kenya Wildlife Service (KWS), Tourism Regulatory Authority, and Immigration Department.

  • Cross-Border Partners: Trusted operators in Tanzania, Uganda, or Rwanda where required for your itinerary, subject to adequate data protection safeguards.

6. Data Retention Policy

We retain personal data as follows:

  • Financial Records: Seven (7) years to comply with Kenya Revenue Authority requirements.

  • Booking Data: For the duration of the trip and a reasonable post-trip period.

  • Marketing Data: Until consent is withdrawn.

7. Data Security

We apply appropriate technical and organizational measures, including:

  • Encryption: SSL encryption for data transmission.

  • Access Control: Restricted access to authorized staff only.

  • Breach Notification: Any data breach will be reported to the Office of the Data Protection Commissioner (ODPC) within 72 hours, as required by law.

8. Your Rights as a Data Subject

You have the right to:

  • Access: Request a copy of your personal data (response within 7 days).

  • Rectification: Request correction of inaccurate data (within 14 days).

  • Erasure: Request deletion of data where no legal obligation to retain exists.

  • Withdraw Consent: Opt out of marketing communications at any time.

9. Cookie Policy

Our website uses cookies for functionality and performance:

  • Essential Cookies: Required for core website functions.

  • Analytical Cookies: Used to analyze site usage (e.g., analytics tools).

  • Functionality Cookies: Enhance user experience and personalization.

You may disable cookies through your browser settings.

10. Children’s Privacy

Our services are not directed to persons under 18 without parental or guardian consent. Children’s data is processed only for travel arrangements and with explicit consent from a parent or guardian.

11. Contact and Complaints

For questions or to exercise your data protection rights, contact us directly.

If you believe your rights have been violated, you may lodge a complaint with:

Office of the Data Protection Commissioner (ODPC)
Physical Address: Britam Towers, 12th Floor, Hospital Road, Upper Hill, Nairobi
Email: info@odpc.go.ke
Website: www.odpc.go.ke

Last Updated: December 16, 2025