Privacy Policy

🏢1. Who We Are

Our website address is: https://www.armanitoursandtravel.com

Armani Tours and Travel is a licensed tour operator registered and headquartered in Nairobi, Kenya. We specialise in tailor-made safari and travel experiences across East Africa, the Middle East, and Europe. Our registered office is located at:

• Company name: Armani Tours and Travel
• Physical address: Windsor House, Mundi Mbingu Street, Nairobi, Kenya
• Email: info@armanitoursandtravel.com
• Phone / WhatsApp: +254 722 534 853
• Regulatory authority: Kenya Tourism Regulatory Authority (TRA)

We are the data controller responsible for personal data collected through our website, booking systems, and direct communications. We take this responsibility seriously and are committed to processing your personal data lawfully, transparently, and securely in accordance with the Kenya Data Protection Act 2019 and applicable international data protection standards.

📋2. What Personal Data We Collect

Armani Tours and Travel collects personal data through several channels — directly from you when you make an enquiry or booking, automatically through website technology, and occasionally from third-party sources where relevant to your travel arrangements.

2.1 Personal Data You Provide Directly

• 👤 Identity data — full name, date of birth, nationality, passport number and expiry date
• 📧 Contact data — email address, phone number, postal address
• 💳 Payment data — billing address, payment method details (we do not store full card numbers)
• 🏥 Health & dietary data — dietary requirements, medical conditions relevant to travel, mobility needs
• ✈️ Travel preferences — accommodation preferences, activity interests, special occasion details
• 📝 Booking correspondence — emails, WhatsApp messages, and enquiry form submissions

2.2 Data Collected Automatically

When you visit our website, we automatically collect certain technical data including:

• IP address and approximate geographic location
• Browser type and version, operating system, and device type
• Pages visited, time spent on each page, and navigation path through the site
• Referring website — the site or search engine that directed you to us
• Cookie data — as described in Section 7 of this Policy

2.3 Sensitive Personal Data

We may collect sensitive personal data — specifically health and dietary information — where this is necessary to deliver your travel services safely. For example, medical conditions relevant to gorilla trekking fitness requirements, or dietary restrictions to communicate to lodges on your behalf. We collect this data only with your explicit consent and process it solely for the purpose of ensuring your safety and comfort during travel.

🎯3. Why We Collect Personal Data

Armani Tours and Travel collects and processes personal data on the following legal bases:

Where we rely on your consent to process personal data — particularly for marketing communications — you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

💬4. Comments

When visitors leave comments on our website — for example on blog posts or destination guides — we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to assist with spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to check if you are using it. The Gravatar service Privacy Policy is available at https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

🖼️5. Media Uploads

Armani Tours and Travel may allow authorised contributors to upload images and media to our website. If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to our website can download and extract any location data from images published on the site.

Images uploaded to our website by guests — for example, guest photography shared with our social media or blog team with explicit permission — are credited to the photographer and used only for the purposes agreed at the time of submission. See Section 11 of our Terms and Conditions for full details on photography and media rights.

📩6. Contact Forms

Our website includes enquiry and contact forms powered by our booking management system. When you submit a contact form, the following data is collected and processed by Armani Tours and Travel:

• Full name and email address
• Phone number (optional but recommended for WhatsApp follow-up)
• Destination interest and approximate travel dates
• Message content — your enquiry, questions, or specific requirements
• Submission timestamp and IP address (for spam prevention)

Contact form submissions are retained by Armani Tours and Travel for a minimum of 36 months for customer service purposes and to maintain a record of client communications. We do not use contact form data for marketing purposes unless you subsequently opt in to our mailing list or make a confirmed booking.

Enquiries that do not result in a confirmed booking are retained for 12 months, after which personal data from unconverted enquiries is securely deleted unless legal retention requirements apply.

🍪7. Cookies

Our website uses cookies — small text files stored on your device — to improve your browsing experience, remember your preferences, and help us understand how our site is used. Below is a summary of the cookies our website uses.

7.1 WordPress Core Cookies

• If you leave a comment on our site, you may opt in to saving your name, email address, and website in cookies for your convenience. These cookies last for one year.
• If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
• When you log in, several cookies save your login information and screen display choices. Login cookies last for two days; screen options cookies last for one year. If you select “Remember Me,” your login will persist for two weeks. Logging out removes login cookies.
• If you edit or publish an article, an additional cookie is saved in your browser indicating the post ID of the article you edited. It expires after 1 day.

7.2 Cookie Types in Use

7.3 Embedded Content from Other Websites

Articles on this site may include embedded content (such as videos, maps, images, and social media posts). Embedded content from other websites behaves in exactly the same way as if the visitor had visited the other website directly. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content — including tracking your interaction if you have an account and are logged in to that website.

You can manage or disable cookies through your browser settings at any time. Note that disabling certain cookies may affect the functionality of our website. For comprehensive information on managing cookies, visit www.allaboutcookies.org.

📊8. Analytics

Armani Tours and Travel uses Google Analytics to understand how visitors interact with our website. Google Analytics collects anonymised data including page visits, session duration, traffic sources, and device types. This data helps us improve our website content, usability, and user experience.

• Provider: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
• Privacy Policy: https://policies.google.com/privacy
• Opt-out: You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on available at tools.google.com/dlpage/gaoptout
• IP anonymisation: We have enabled IP anonymisation in our Google Analytics configuration, meaning your full IP address is never stored by Google Analytics

We may also use Rank Math SEO analytics tools to monitor our website’s search performance. These tools collect anonymised aggregate data only and do not process personal data in a way that identifies individual visitors.

🤝9. Who We Share Your Data With

Armani Tours and Travel will never sell your personal data. We share personal data only where it is necessary to deliver your booked travel services, comply with legal obligations, or operate our website securely.

9.1 Travel Service Providers

To deliver your itinerary, we share the minimum necessary personal data with the following categories of third-party providers:

• Safari lodges and tented camps — name, arrival/departure dates, dietary requirements, special requests
• Domestic and bush airlines — name, nationality, passport details as required for flight manifests
• National park authorities — name and passport details for permit applications (e.g. gorilla trekking permits, KCAA permits)
• Ground handling partners — name and contact details for airport transfers and local coordination
• Destination guides — name and any disclosed medical or mobility information relevant to activity safety

9.2 Technology and Platform Providers

• WordPress.com / Automattic — our website platform; privacy policy at automattic.com/privacy
• Google LLC — analytics and Google Workspace email services
• Payment processors — Visa, Mastercard, and PayPal process payments under their own PCI-DSS compliant security standards
• WhatsApp (Meta) — client communications via WhatsApp are subject to Meta’s privacy policy

9.3 Legal Disclosures

If you request a password reset on our website, your IP address will be included in the reset email. We may also disclose personal data where required by Kenyan law, court order, or regulatory authority — for example, for tax compliance or anti-money laundering verification. We will notify you of any such disclosure where legally permitted to do so.

🗂️10. How Long We Retain Your Data

Armani Tours and Travel retains personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by Kenyan law and financial regulations. The following retention schedule applies:

For users who register on our website (if any), we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. When a registered user account is deleted, associated personal data is removed within 30 days.

⚖️11. Your Rights Over Your Data

As a data subject, you have significant rights over the personal data we hold about you. Armani Tours and Travel is committed to respecting and facilitating these rights promptly and transparently.

To exercise any of these rights, contact our Data Protection Officer at info@armanitoursandtravel.com or via WhatsApp at +254 722 534 853. We will acknowledge your request within 48 hours and respond fully within 30 days. There is no charge for exercising your rights, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

🌍12. Where Your Data Is Sent

Armani Tours and Travel is headquartered in Kenya and processes most client data within Kenya. However, the international nature of our travel services means that personal data is transferred outside Kenya in certain circumstances.

12.1 International Transfers

• Visitor comments may be checked through Automattic’s automated spam detection service, processed on servers in the United States
• Email communications via Google Workspace may be processed on Google servers in multiple jurisdictions including the United States and European Union
• Payment processing via Visa, Mastercard, and PayPal involves data transfer to servers operated by these global financial institutions under PCI-DSS compliance standards
• Analytics data is processed by Google Analytics on servers in the United States under Google’s standard contractual clauses
• Travel service bookings may require transfer of passport and identity data to lodges, airlines, and park authorities in Tanzania, Rwanda, UAE, Saudi Arabia, and European countries

12.2 Safeguards for International Transfers

Where personal data is transferred outside Kenya, Armani Tours and Travel ensures appropriate safeguards are in place including:

• Standard contractual clauses with technology providers including Google LLC and Automattic
• PCI-DSS compliance for all payment processor data transfers
• Confidentiality agreements with all safari lodges, airlines, and destination partners who receive client data
• Minimum necessary data principle — we share only the data each provider needs to deliver their specific service

🛡️13. How We Protect Your Data

Armani Tours and Travel implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure.

13.1 Technical Measures

• SSL/TLS encryption: Our website operates exclusively over HTTPS with SSL encryption, protecting all data transmitted between your browser and our site
• Encrypted storage: Client booking data is stored on encrypted servers with restricted access controls
• Secure payment processing: We do not store credit or debit card details on our systems — all payments are processed through PCI-DSS compliant payment gateways
• Regular security updates: Our website platform (WordPress) and all plugins are kept updated with the latest security patches
• Access controls: Personal data is accessible only to Armani Tours and Travel staff members who require it to deliver your services, on a need-to-know basis

13.2 Organisational Measures

• Staff training: All Armani Tours and Travel staff with access to personal data receive data protection training covering their obligations and our procedures
• Confidentiality agreements: All staff and contractors are bound by confidentiality obligations covering client personal data
• Data minimisation: We collect and retain only the minimum personal data necessary for each purpose
• Third-party vetting: We assess the data protection practices of all third-party providers before sharing client data with them

🚨14. Data Breach Procedures

Armani Tours and Travel maintains documented procedures for identifying, managing, and reporting personal data breaches in accordance with the Kenya Data Protection Act 2019.

1. Detection and internal reporting: Any staff member who identifies or suspects a data breach must report it immediately to our Data Protection Officer (DPO) via our internal incident reporting system. No matter how small or uncertain, potential breaches are treated with urgency.
2. Assessment and containment: Upon receiving a breach report, our DPO assesses the nature, scope, and likely impact of the breach within 24 hours and takes immediate steps to contain it — including revoking access credentials, isolating affected systems, or notifying third-party providers as appropriate.
3. Regulatory notification: Where a data breach is likely to result in a risk to the rights and freedoms of affected individuals, Armani Tours and Travel will notify the Office of the Data Protection Commissioner of Kenya within 72 hours of becoming aware of the breach, as required by law.
4. Notification to affected individuals: Where a breach is likely to result in a high risk to the rights of affected data subjects, we will notify those individuals directly and promptly — clearly describing the nature of the breach, the data involved, the likely consequences, and the steps we have taken or are taking to address it.
5. Post-incident review: Following every significant breach, Armani Tours and Travel conducts a thorough post-incident review to identify root causes and implement measures to prevent recurrence.

🔗15. What Third-Party Data We Receive

In addition to data collected directly from you, Armani Tours and Travel may receive personal data about you from third-party sources in limited circumstances:

• Travel agents and referral partners: Where a booking is made on your behalf by a travel agent, we receive your personal data from that agent. In such cases, the agent acts as the data controller for their own client relationship; Armani Tours and Travel processes data received from agents solely to deliver the booked services.
• Social media platforms: If you contact us via social media (Facebook, Instagram, TikTok), the platform may provide us with your public profile information and message content. Our use of this data is limited to responding to your enquiry.
• Google and search engines: Through our analytics tools, we receive aggregated, anonymised demographic and interest data from Google about our website visitors. This data does not identify individuals.
• Payment processors: Payment processors confirm transaction completion and may share billing address details for fraud prevention purposes. We do not receive full card details from payment processors.

Armani Tours and Travel does not receive personal data from advertisers. We do not participate in data brokerage, audience targeting programmes, or behavioural advertising networks.

🤖16. Automated Decision Making and Profiling

Armani Tours and Travel does not engage in automated decision making that produces legal or similarly significant effects for individuals. We do not use algorithms to automatically approve or decline bookings, determine pricing for individual clients, assess creditworthiness, or make any other consequential decisions about individuals based solely on automated processing.

Our website analytics tools produce aggregated, anonymised reports about website traffic patterns and user behaviour. These reports inform our website improvements and marketing content decisions in general terms — they do not create individual profiles and are not used to make decisions about individual visitors.

Where we use any form of personalisation or recommendation on our website — such as suggested destination content — this is based on general editorial curation and does not involve automated profiling of individual user data.

📞17. Contact Information and Data Protection Officer

For all privacy-related enquiries, data subject rights requests, or concerns about how Armani Tours and Travel handles your personal data, please contact our designated Data Protection Officer:

• 📧 Email: info@armanitoursandtravel.com
  Mark your email subject line: PRIVACY REQUEST — we will acknowledge within 48 hours
• 📱 WhatsApp: +254 722 534 853
  Available 24 hours a day, 7 days a week — response within 2 hours guaranteed
• 📍 Postal address: Armani Tours and Travel, Windsor House, Mundi Mbingu Street, Nairobi, Kenya
  For formal legal correspondence only — please use email or WhatsApp for faster response
• 🌐 Contact form: www.armanitoursandtravel.com/contact-us/

Regulatory Authority

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya:

• Website: www.odpc.go.ke
• Email: info@odpc.go.ke
• Address: P.O. Box 41079 – 00100, Nairobi, Kenya

This Privacy Policy was last reviewed and updated in January 2025. We will post any future updates on this page with a revised “last updated” date. We encourage you to review this Policy periodically. Your continued use of our website and services following any update constitutes your acknowledgement of the revised Policy.