+254 753 797 488 info@ttkenya.co.ke

What are you looking for?

Popular Searches

Maasai Mara Diani Beach Nairobi National Park Mombasa Old Town Lake Nakuru Fort Jesus

Privacy Policy

How we collect, use, store, and protect your personal data in compliance with Kenya Data Protection Act, 2019. Your privacy is our priority.

Last Updated: 4/27/2026
Print Policy

Policy Navigation

1. Introduction

This Privacy Policy explains how Trails & Tales Kenya ("we", "our", "us") collects, uses, stores, and protects your personal information when you use our travel booking services, including bus and shuttle bookings, accommodations, tours, and account services.

Legal Compliance

We operate in full compliance with the Kenya Data Protection Act, 2019 and other relevant data protection laws. Our practices are designed to protect your privacy while providing you with excellent service.

Our Commitment

We are committed to protecting your personal data and being transparent about how we collect and use it. This policy applies to all services offered through our website, mobile applications, and offline channels.

2. Data We Collect

We collect different types of data depending on how you interact with our platform:

2.1 Personal Identification Information

  • Name: Full name as per official documents
  • Email Address: For communication and account management
  • Phone Number: For SMS notifications and support
  • Government IDs: Only when required for specific travel services or verification
  • Date of Birth: For age verification where necessary

2.2 Booking & Travel Information

  • Travel Dates and Routes: Complete travel itinerary details
  • Passenger Details: Information for all passengers in a booking
  • Payment and Transaction Data: Payment method, transaction IDs, amounts
  • Accommodation Preferences: Hotel preferences and special requests
  • Emergency Contact Information: Provided for safety purposes

2.3 Device & Usage Data

  • IP Address: For security and location-based services
  • Browser Type and Version: For compatibility optimization
  • Device Information: Device type, operating system, unique identifiers
  • App or Site Usage Analytics: How you interact with our platform
  • Cookies and Tracking Data: For functionality and analytics
  • Location Data: When enabled for location-based services

3. How We Use Your Data

Your data is used to provide and improve our services. We process your information based on legitimate business interests, contractual necessity, and legal obligations.

Purpose Data Used Legal Basis
Booking Processing Personal details, travel info, payment data Contractual Necessity
Service Communication Email, phone number, booking details Legitimate Interest
Customer Support All relevant booking and personal data Legitimate Interest
Service Improvement Usage analytics, feedback, device info Legitimate Interest
Marketing Communications Email, preferences, usage patterns Consent (opt-in)
Legal Compliance Required identification and transaction data Legal Obligation

Marketing Communications

We may send promotional messages about special offers, new services, or travel tips. You can opt-out of marketing communications at any time by clicking "unsubscribe" in our emails or adjusting your account preferences.

4. Data Sharing

We Do Not Sell Your Data

We do not sell, rent, or trade your personal data to third parties for marketing purposes. Your privacy is protected.

We may share your data only with the following entities, strictly on a need-to-know basis:

Travel Partners

Bus companies, shuttle operators, hotels, and tour companies require your information to provide the booked services. They are contractually obligated to protect your data and use it only for service delivery.

Payment Providers

Secure payment processors such as M-Pesa, bank gateways, or card processors require transaction data to process payments. We use PCI-compliant payment gateways.

Regulatory Bodies

When legally required, we may share data with government authorities, law enforcement, or regulatory agencies in accordance with Kenyan law.

Service Providers

Trusted third-party providers for analytics, SMS delivery, email notifications, customer support, and system maintenance. All providers sign strict data protection agreements.

International Transfers

In rare cases where service providers are located outside Kenya, we ensure they provide adequate data protection measures equivalent to Kenyan data protection standards.

5. Your Data Rights

Under the Kenya Data Protection Act, 2019, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you, including how we use it.

Right to Correction

Request correction of inaccurate or incomplete personal information.

Right to Deletion

Request deletion of your personal data when it's no longer necessary or if you withdraw consent.

Right to Object

Object to certain types of processing, including direct marketing.

Right to Restrict

Request restriction of processing while accuracy or lawful basis is verified.

Right to Portability

Receive your data in a structured, commonly used format for transfer to another service.

How to Exercise Your Rights

To make a request regarding any of these rights, contact our Data Protection Officer using the contact information below. We will respond within 30 days and may request verification of your identity for security purposes.

6. Data Security

We implement comprehensive technical and organizational security measures to protect your data from unauthorized access, alteration, disclosure, or destruction.

Our Security Measures

  • Encryption: Sensitive data is encrypted both in transit (SSL/TLS) and at rest.
  • Secure Payment Gateways: We use PCI-DSS compliant payment processors.
  • Access Controls: Strict role-based access controls and authentication protocols.
  • Regular Security Audits: Periodic vulnerability assessments and penetration testing.
  • Data Minimization: We collect only the data necessary for service provision.
  • Employee Training: Regular data protection training for all staff.
  • Incident Response Plan: Established procedures for data breach response.

Important Disclaimer

While we implement industry-standard security measures, no system is 100% secure. Users should exercise caution when sharing sensitive information online and use strong, unique passwords for their accounts.

7. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and personalize content.

Types of Cookies We Use

  • Essential Cookies: Required for core functionality (login, booking, payment).
  • Analytics Cookies: Help us understand how users interact with our platform.
  • Preference Cookies: Remember your language, currency, and other settings.
  • Marketing Cookies: Used for personalized advertising (only with consent).
  • Security Cookies: Support authentication and fraud prevention.

Cookie Management

You can modify cookie settings through your browser at any time. Most browsers allow you to:

  • View what cookies are stored
  • Delete specific or all cookies
  • Block cookies from specific sites
  • Block all cookies

Note that disabling essential cookies may affect the functionality of our platform.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Retention Periods

  • Active Accounts: Data retained while your account is active and for 3 years after last activity.
  • Booking Records: Retained for 7 years for financial and tax compliance.
  • Customer Support: Support tickets retained for 3 years after resolution.
  • Marketing Data: Retained until consent is withdrawn or 3 years after last interaction.
  • Legal Requirements: Some data may be retained longer for legal or regulatory reasons.

Data Deletion

When data is no longer needed, we securely delete or anonymize it. Anonymized data may be retained indefinitely for statistical purposes.

9. Children's Data

Age Restriction

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children without verifiable parental or guardian consent.

If you believe that we have collected personal data from a child without appropriate consent, please contact us immediately. We will promptly investigate and, if confirmed, delete such information from our records.

Family Bookings

When adults make bookings for children (such as family travel), they are responsible for providing accurate information and ensuring compliance with this policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements.

Notification of Changes

  • Updated versions will be posted on this page with the revised "Last Updated" date.
  • Significant changes will be communicated via email or prominent website notices.
  • We encourage you to review this policy periodically to stay informed.

Previous Versions

Previous versions of this Privacy Policy are archived and available upon request. Contact us if you need access to a previous version.

Frequently Asked Questions

How can I access the data you have about me?

You can request access to your personal data by contacting our Data Protection Officer. We'll provide a copy of your data within 30 days. You can also view much of your data through your account dashboard.

Can I delete my account and all my data?

Yes, you have the right to request deletion of your account and personal data. Contact our support team to initiate this process. Note that we may retain some data for legal or legitimate business purposes as permitted by law.

Do you share my data with third parties for marketing?

No, we do not sell or share your personal data with third parties for their marketing purposes. We only share data with service providers necessary for delivering our services, and they are contractually prohibited from using your data for marketing.

How do you protect my payment information?

We use PCI-DSS compliant payment processors and never store full credit card details on our servers. All payment transactions are encrypted using SSL/TLS technology, and we implement additional security measures like tokenization for added protection.

What should I do if I suspect a data breach?

If you suspect unauthorized access to your account or believe your data may have been compromised, contact us immediately at security@ttkenya.co.ke. We have incident response procedures and will investigate promptly, taking appropriate action if needed.

11. Contact Information

For questions, requests, or complaints about your privacy:

Company Information

Trails & Tales Kenya
Data Protection Officer
Kisumu, Kenya

Phone Support

+254 753 797 488
Available Monday to Friday, 8:00 AM - 6:00 PM EAT

Email Contacts

General Inquiries: info@ttkenya.co.ke
Data Protection: dpo@ttkenya.co.ke
Security Concerns: security@ttkenya.co.ke

Website

ttkenya.co.ke
Visit our website for more information about our services

Complaints

If you're not satisfied with how we handle your privacy concerns, you have the right to lodge a complaint with the Office of the Data Protection Commissioner in Kenya.

Download Privacy Policy

Save a copy for your records

Download PDF Version View Terms & Conditions