Last updated: 10 June 2025

Essence of Kenya (“we,” “us,” or “our”) herein referred to as Essence of Kenya respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your personal information in accordance with the General Data Protection Regulation (GDPR), the UK GDPR, and the Kenya Data Protection Act (2019) where applicable.

 

1. Who We Are

Essence of Kenya is a luxury travel company based in Kenya and operating globally. For the purposes of applicable data protection laws, including the GDPR and the UK

GDPR, Essence of Kenya is the data controller for the personal data of individuals located in the EU, UK, and other jurisdictions. If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Essence of Kenya

Email: info@essenceofkenya.com

Phone: +254 707 442 692

 

2. What Personal Data We Collect

We may collect, use, store, and transfer the following categories of personal data:

a. Identity Data

Full name

Date of birth

Passport or ID number

Nationality

b. Contact Data

Email address

Phone number

Billing and postal address

Emergency contact details

c. Travel Data

Travel preferences and interests

Dietary or accessibility requirements

 

Itinerary details

Visa and insurance information

d. Financial Data

Payment card details (processed securely via third-party providers)

Billing and transaction records

e. Technical Data

IP address

Browser type and version

Device identifiers

Cookies and website analytics

f. Marketing and Communication Data

Preferences for receiving marketing communications

Responses to surveys, offers, and interactions with content

We do not intentionally collect special category data (e.g., health, religion, ethnicity) unless provided voluntarily and explicitly for service-related purposes (such as dietary restrictions or medical needs).

 

3. How We Collect Your Data

We collect your personal data through:

Direct interactions: You provide data when you fill out forms, correspond with us, make enquiries, or book a journey.

Automated technologies: Data may be collected automatically as you use our website via cookies, server logs, and similar technologies (this information

does not reveal your identity).

Third parties: Including payment processors, travel partners, and analytics providers.

 

4. Legal Bases for Processing

We only process your personal data when legally permitted. The lawful bases under the GDPR and Kenya’s Data Protection Act include:

Contractual necessity: to process bookings and deliver our services.

Consent: where you have explicitly agreed (e.g. marketing).

 

Legitimate interests: to operate and improve our business, provided this does not override your rights.

Legal obligation: to comply with relevant laws and regulations.

 

5. How We Use Your Data

We use your data to:

Plan, manage, and deliver your bespoke travel experience

Communicate with you before, during, and after your trip

Process payments and issue invoices

Send important service updates or documentation

Provide marketing communications (only with your consent)

Improve our services, content, and user experience

We do not sell or rent your personal data to any third parties.

 

6. Sharing Your Data

We may share your data with trusted partners and third parties who help us deliver our services, such as:

Hotels, lodges, and safari operators

Transport and tour providers

Payment processors

Professional advisers (legal, accounting)

Regulators and law enforcement, if legally required

All third-party service providers are required to respect your personal data and

process it in accordance with our instructions and applicable law.

 

7. International Data Transfers

As a Kenyan-based business with international clients and service partners, your data may be transferred outside of your home jurisdiction, including to countries that do not offer the same level of protection as the UK or EU. When transferring personal data internationally, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs)

 

Data protection agreements with suppliers

Transfers to countries with adequate protection status

 

8. Cookies and Analytics

Our website uses cookies to enhance your browsing experience, personalise content, and analyse traffic. You can manage your cookie preferences via your browser settings. We may also use third-party analytics tools (e.g. Google Analytics) to collect anonymised data about how visitors use our website. This data does not identify individuals.

 

9. Data Retention

We retain personal data only as long as necessary to:

Deliver services and manage your account

Comply with legal, tax, and accounting obligations

Resolve disputes and enforce contracts

Generally, we retain personal data for up to 7 years from the date of your last interaction with us, unless a longer period is required by law.

 

10. Your Data Protection Rights

Depending on your jurisdiction, you may have the right to:

Access: Receive a copy of the personal data we hold about you

Rectification: Correct inaccurate or incomplete data

Erasure: Request deletion of your data (“right to be forgotten”)

Restriction: Limit how your data is processed

Portability: Receive your data in a machine-readable format

Object: Object to certain types of processing, such as direct marketing

Withdraw consent: Where processing is based on your consent

To exercise any of your rights, please contact us using the details in Section 1. We aim to respond to all requests within one month.

 

11. Data Security

We implement robust technical and organisational security measures to protect your data, including:

Secure servers and hosting environments

Access controls and password protection

Staff training and confidentiality agreements

Despite our efforts, no system is 100% secure. We cannot guarantee the security of

your data during transmission over the internet.

 

12. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect data from children without verified parental consent. If you believe we have inadvertently collected such data, please contact us so we can delete it.

 

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements or our practices. The most current version will always be available on our website, with the effective date noted at the top. We encourage you to review it periodically.

 

14. Contacting Supervisory Authorities

If you have concerns about how we process your personal data, you have the right to lodge a complaint with your local data protection authority.

For clients in the UK:

Information Commissioner’s Office (ICO)

Website: www.ico.org.uk

Phone: +44 303 123 1113

For clients in the EU:

Refer to the supervisory authority in your country of residence.

Essence of Kenya is committed to treating your data with the utmost respect and care, and to ensuring that your privacy is protected at every step of your journey with us.