Privacy Policy

1. Who We Are

African Trails Expeditions is a boutique luxury safari operator headquartered in Kiambu, Kenya. We are the data controller responsible for any personal information you share with us through our website, enquiry forms, email correspondence, WhatsApp, or our B2B Agent Portal.

2. What Personal Data We Collect

2.1 Data you provide directly

When you contact us through our website, chat widget, WhatsApp, or email, we may collect:

• Your name
• Email address
• Phone number (if provided)
• The content of your message or enquiry, including travel dates, party size, destination preferences, and any other details you share
• Company name and professional role (for travel agent and B2B partners)

2.2 Data collected automatically

When you visit our website, our hosting infrastructure and analytics tools may automatically collect:

• IP address and approximate geographic location (country or city level)
• Browser type and version
• Device type and operating system
• Pages visited, time on site, and referral source
• Cookie identifiers (see Section 7 below)

2.3 Data from third parties

If you reach us via a travel agent or referral partner, they may share your contact details and trip requirements with us in order to prepare a proposal on your behalf. We handle that data in accordance with this policy.

3. How We Use Your Personal Data

We use the personal data we collect only for legitimate, clearly defined purposes:

• To respond to your safari enquiry and prepare a personalised itinerary proposal
• To communicate with you throughout the planning, booking, and post-trip process
• To process reservations and manage bookings on your behalf
• To send you relevant travel updates, safety information, or itinerary changes
• To improve our website and understand how visitors engage with our content
• To comply with legal obligations, including financial record-keeping
• For travel agents and B2B partners: to manage your portal access, commissions, and shared bookings

4. Our Legal Basis for Processing (GDPR and UK GDPR)

For visitors and enquirers from the United Kingdom and European Economic Area, we process your personal data under the following legal bases:

• Contractual necessity: processing your enquiry and managing a booking
• Legitimate interests: improving our services, preventing fraud, and maintaining website security, where these do not override your rights
• Consent: sending marketing or newsletter communications, and placing non-essential cookies
• Legal obligation: retaining financial and transactional records as required by applicable law

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. How Long We Retain Your Data

We retain personal data only for as long as necessary for the purpose for which it was collected:

• Enquiry data (no booking made): up to 24 months from the date of first contact
• Booking and guest records: 7 years from the date of travel, to meet financial and legal obligations
• B2B agent portal records: for the duration of the active relationship, plus 3 years thereafter
• Website analytics data: in aggregate, anonymised form, with no retention limit

When data is no longer required, it is securely deleted or permanently anonymised.

6. Who We Share Your Data With

We share personal data only with parties who need it to help us deliver our services, and only under appropriate data protection agreements.

6.1 Service providers (data processors)

• SendGrid (Twilio): our email delivery provider, used to reliably send enquiry confirmations and trip communications. Data is processed in accordance with their Data Processing Agreement.
• WordPress hosting provider: our website and enquiry data are hosted on a managed server within our infrastructure.
• Google Analytics: we may use Google Analytics to understand website traffic patterns. This tool collects anonymised, aggregated data. You can opt out via browser settings or Google’s opt-out tool.

6.2 Operational partners

• Lodges, camps, and properties: your name and relevant trip details are shared only with accommodation partners directly involved in your booking.
• Ground handlers and local operators: limited contact details shared only as required to coordinate logistics for your trip.

6.3 Legal and regulatory disclosure

We may disclose your data if required to do so by law, court order, or regulatory authority in any jurisdiction where we operate.

7. Cookies

Our website uses cookies — small text files placed on your device — to make the site function correctly and to help us understand how visitors navigate it.

Essential cookies

Required for the website to function. These cannot be disabled without breaking core site features, including the enquiry form and agent portal login.

Analytics cookies

Help us understand traffic patterns, popular pages, and visitor geography. We use this information to improve our content and services. These cookies are only placed with your consent.

Preference cookies

Remember choices you make to improve your experience on return visits.

You can manage or disable cookies at any time through your browser settings. Disabling analytics cookies does not affect your ability to use the site or submit an enquiry.

8. International Data Transfers

African Trails Expeditions is based in Kenya. If you are contacting us from the United Kingdom, European Union, Australia, or the United States, your personal data will be transferred to and processed in Kenya.

Where required by applicable law, we ensure appropriate safeguards are in place for international transfers. For UK and EU residents, these include reliance on adequacy decisions or standard contractual clauses where applicable.

9. Your Rights

Depending on where you are located, you may have the following rights over your personal data.

9.1 Rights under UK GDPR and EU GDPR

• Right of access: request a copy of the personal data we hold about you
• Right to rectification: ask us to correct inaccurate or incomplete data
• Right to erasure: request deletion of your data, subject to legal retention obligations
• Right to restrict processing: ask us to pause processing of your data in certain circumstances
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: withdraw consent at any time where processing is consent-based

9.2 Rights under the Australian Privacy Act 1988

• Access: request access to personal information we hold about you
• Correction: ask us to correct personal information that is inaccurate, out of date, incomplete, or misleading
• Complaint: lodge a complaint with us, and if unresolved, with the Office of the Australian Information Commissioner (OAIC)

9.3 Rights under US State Laws (including California CCPA/CPRA)

If you are a California resident or resident of another US state with applicable privacy legislation, you may have additional rights, including:

• The right to know what categories of personal information are collected and for what purpose
• The right to delete personal information, subject to exceptions
• The right to opt out of the sale or sharing of personal information (we do not sell data)
• The right to non-discrimination for exercising your privacy rights

To exercise any of your rights, please contact us at info@africantrailsexpeditions.com. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

10. How We Protect Your Data

We take reasonable and appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:

• SSL/HTTPS encryption across our website and enquiry infrastructure
• Access controls: personal data in our systems is accessible only to authorised staff with a legitimate need
• Email delivery via SendGrid with domain authentication (SPF, DKIM, DMARC) to prevent spoofing
• Regular software updates and security patching on our hosting environment

No method of electronic transmission or storage is completely secure. While we work hard to protect your information, we cannot guarantee absolute security and encourage you to contact us through official channels only.

11. Children’s Privacy

Our website and services are intended for adults. We do not knowingly collect personal data from children under the age of 16. If you believe we have inadvertently collected information from a minor, please contact us immediately at info@africantrailsexpeditions.com and we will delete it promptly.

12. Third-Party Links

Our website may contain links to third-party websites, including lodge and camp partners, TripAdvisor, and other travel resources. Once you leave our site, this Privacy Policy no longer applies. We encourage you to review the privacy policies of any external sites you visit.

13. Changes to This Privacy Policy

We review this policy periodically and may update it to reflect changes in our practices, legal requirements, or the services we offer. The updated policy will be posted on this page with a revised effective date.

For material changes, we will notify active correspondents by email where we hold a valid address.

14. Contact Us and How to Raise a Concern

If you have any questions about this policy, wish to exercise your rights, or want to raise a concern about how we handle your data, please contact us:

We take all privacy concerns seriously and will respond within 30 days.

If you are not satisfied with our response, you may escalate to the relevant authority for your region: