We believe transparency is the foundation of trust. This policy explains exactly what data we collect, why we collect it, and how it is protected.
The data controller responsible for your information
WildSafari Ltd. ("WildSafari", "we", "our", or "us") is a wildlife conservation park and safari experience company registered in Nairobi, Kenya. We operate the website wildsafari.com and provide on-site safari tours, animal encounters, and conservation education services.
As the data controller, WildSafari is responsible for deciding how and why your personal data is processed. For all privacy matters, our dedicated Data Protection Officer (DPO) can be reached at:
What personal information we gather and how
We collect personal data through three channels: information you provide directly, information collected automatically when you use our website, and information received from third-party partners.
| Category | Examples | Source |
|---|---|---|
| Identity Data | Full name, date of birth, nationality | Provided by you |
| Contact Data | Email address, phone number, postal address | Provided by you |
| Booking Data | Tour selection, date, guest count, special requests | Provided by you |
| Payment Data | Card type, last 4 digits, billing address (full card numbers are never stored) | Payment processor |
| Health Data | Accessibility needs, dietary requirements, medical conditions disclosed for safety | Provided by you (optional) |
| Technical Data | IP address, browser type, device type, operating system, pages visited | Collected automatically |
| Usage Data | Clicks, time on page, search queries, referral source | Collected automatically |
| Marketing Data | Newsletter preferences, communication opt-ins, survey responses | Provided by you |
| Photography Data | Photographs or videos taken during your visit (only where you have not opted out) | Captured on-site |
The purposes for which your information is processed
We use your personal data only for clearly defined, legitimate purposes. We never use data in ways that are incompatible with the reason it was originally collected.
Why we are legally permitted to process your data
Under the Kenya Data Protection Act (2019) and applicable international data protection laws, we rely on the following legal bases:
| Legal Basis | When We Use It |
|---|---|
| Contractual necessity | Processing your booking, managing your visit, and handling payments |
| Legal obligation | Compliance with tax, consumer protection, and safety regulations |
| Legitimate interests | Website analytics, fraud prevention, and service improvement (where not overridden by your rights) |
| Consent | Marketing emails, newsletter subscriptions, non-essential cookies, and on-site photography use |
| Vital interests | Emergency medical situations during your visit where immediate sharing with medical services is necessary |
Who we share your information with and why
We do not sell, rent, or trade your personal data to any third party for commercial purposes β ever. We may share your data only in the following limited, controlled circumstances:
How our website uses cookies and similar technologies
Cookies are small text files placed on your device when you visit our website. We use cookies to make the site function properly, remember your preferences, and understand how visitors use our content.
| Cookie Type | Purpose | Duration | Type |
|---|---|---|---|
| Session cookies | Keep you logged in and remember your booking progress during a single visit | Session only | |
| Preference cookies | Remember your language, currency, and accessibility settings | 12 months | |
| Analytics cookies | Collect anonymised data on page visits, clicks, and traffic sources to improve the website | Up to 26 months | |
| Performance cookies | Monitor site speed and error reporting to ensure optimal performance | 30 days | |
| Marketing cookies | Track visits from advertising campaigns so we can measure effectiveness (only with your consent) | Up to 90 days |
How long we keep your personal information
We retain personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by law. The following retention periods apply:
| Data Type | Retention Period | Reason |
|---|---|---|
| Booking records | 7 years | Tax and accounting compliance |
| Customer account data | 3 years after last activity | Service delivery and support |
| Payment data | 7 years | Financial regulation and fraud prevention |
| Marketing preferences | Until consent withdrawn | Consent-based; deleted on opt-out |
| Health & accessibility data | 12 months post-visit | Safety records; deleted thereafter |
| Website analytics data | 26 months (anonymised) | Website improvement |
| CCTV footage (on-site) | 30 days | Security; overwritten automatically |
After applicable retention periods expire, your data is securely deleted or permanently anonymised so it can no longer be linked to you.
The rights you hold over your personal information
Under the Kenya Data Protection Act and applicable international regulations, you hold the following rights over your personal data. We will respond to all valid requests within 30 days.
Request a copy of the personal data we hold about you at any time, free of charge.
Ask us to correct any inaccurate or incomplete data held about you.
Request deletion of your data where we no longer have a lawful reason to retain it.
Object to processing based on our legitimate interests, including direct marketing.
Ask us to pause processing of your data in specific circumstances while a dispute is resolved.
Receive your data in a structured, machine-readable format to transfer to another service.
Withdraw any consent previously given at any time without affecting prior processing.
Lodge a complaint with the Office of the Data Protection Commissioner of Kenya (ODPC).
How we protect your personal information
We take data security seriously and have implemented a comprehensive set of technical and organisational safeguards to protect your personal information from unauthorised access, accidental loss, destruction, or disclosure.
How we handle data relating to minors
WildSafari is committed to protecting the privacy of children. Our website and online booking services are directed at adults aged 18 and over. We do not knowingly collect personal data directly from children under the age of 18 without verifiable parental consent.
What happens when your data crosses borders
WildSafari is based in Kenya, but some of our trusted service providers (such as cloud hosting and payment processing platforms) may process your data in other countries, including within the European Economic Area (EEA), the United Kingdom, or the United States.
Whenever personal data is transferred outside Kenya, we ensure it receives equivalent protection by relying on one or more of the following safeguards:
You may request further information about the specific safeguards in place for any international transfer by contacting our DPO at privacy@wildsafari.com.
How we notify you when this policy changes
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or best practices. The "Last updated" date at the top of this page will always reflect the most recent revision.
Have a question about this policy, want to exercise your rights, or want to report a privacy concern? Our dedicated Data Protection Officer is ready to help.