Privacy Policy

1. Introduction

This Privacy Policy explains how Solive Travel ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our website, book our services, or interact with us. We are registered in Kenya and comply with the Kenya Data Protection Act, 2019 and other applicable data protection regulations.

2. Information We Collect

2.1 Personal Information

When you register, book, or use our services, we collect:

• Identity Information: Full name, date of birth, nationality, passport details
• Contact Information: Email address, phone number, physical address
• Emergency Contact: Name, phone number, and relationship of emergency contact person
• Payment Information: M-Pesa phone number, card details (processed securely through payment gateways), bank account information
• Health Information: Medical conditions, allergies, dietary requirements, fitness level (only as disclosed by you)
• Travel Documents: Passport number, visa details, vaccination certificates

2.2 Booking and Transaction Data

• Trip bookings, departure dates, and preferences
• Payment history, transaction records, and booking references
• Club memberships and event registrations
• Communication history with our team

2.3 Technical and Usage Data

• IP address, browser type, device information
• Pages visited, time spent on site, referring URLs
• Cookies and similar tracking technologies (see Cookie Policy below)
• Login timestamps and activity logs

3. How We Use Your Information

3.1 Service Delivery

• Process and confirm your bookings
• Arrange travel services, accommodation, and activities
• Communicate trip details, itineraries, and updates
• Process payments and issue receipts
• Provide customer support and respond to inquiries

3.2 Safety and Emergency Purposes

• Share participant lists with guides, hotels, and transport providers for safety
• Contact emergency contacts in case of incidents
• Coordinate medical assistance if needed
• Comply with legal requirements and government authorities

3.3 Marketing and Improvement

• Send promotional offers, newsletters, and travel updates (you can opt out)
• Improve our services and customer experience
• Conduct surveys and gather feedback
• Personalize your experience on our website

3.4 Legal and Compliance

• Comply with legal obligations and regulatory requirements
• Prevent fraud, money laundering, and illegal activities
• Enforce our Terms and Conditions
• Protect our rights and property

4. Legal Basis for Processing (Kenya DPA 2019)

We process your personal data based on:

• Contractual Necessity: To fulfill our booking and service agreements with you
• Legal Obligation: To comply with Kenyan laws and regulations
• Legitimate Interest: To improve services, prevent fraud, and ensure safety
• Consent: For marketing communications and non-essential data processing (you may withdraw consent anytime)

5. Data Sharing and Third Parties

5.1 Service Providers

We share your data with trusted third parties to deliver our services:

• Accommodation Providers: Hotels, lodges, campsites (name, contact details)
• Transportation Companies: Airlines, bus operators, car rental companies (name, ID details)
• Activity Providers: Safari operators, tour guides, adventure activity companies (name, health information as needed)
• Payment Processors: M-Pesa, card payment gateways, banks (payment details)
• Technology Providers: Cloudinary (media hosting), hosting services (technical data)

5.2 Legal Requirements

• Government authorities (immigration, customs, law enforcement)
• Courts and regulatory bodies as required by law
• Emergency services and medical facilities in case of incidents

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you of such changes.

6. Data Security

We implement industry-standard security measures:

• Encryption: SSL/TLS encryption for data transmission
• Secure Storage: Encrypted databases and secure cloud storage
• Access Controls: Role-based access restrictions for staff
• Password Protection: Hashed and salted password storage (bcrypt)
• Regular Audits: Security reviews and vulnerability assessments
• Payment Security: PCI-DSS compliant payment processing (we do not store full card details)

While we take reasonable measures to protect your data, no internet transmission is 100% secure. You transmit data at your own risk.

7. Data Retention

• Booking Records: Retained for 7 years for tax and legal compliance
• Payment Records: Retained for 7 years as required by Kenyan financial regulations
• Customer Accounts: Retained while account is active, deleted within 30 days of account closure request
• Marketing Data: Retained until you unsubscribe or withdraw consent
• Technical Logs: Retained for 12 months for security and troubleshooting

8. Your Rights Under Kenya Data Protection Act

You have the following rights regarding your personal data:

To exercise these rights, contact us at info@solivetravel.com or +254 758 006471. We will respond within 30 days as required by law.

9. Cookies and Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device to improve your browsing experience and analyze website usage.

9.2 Types of Cookies We Use

• Essential Cookies: Required for website functionality (login, booking process)
• Performance Cookies: Analyze how visitors use our site (Google Analytics)
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Track conversions and show relevant ads (with your consent)

9.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality. Most browsers accept cookies automatically, but you can modify settings to decline cookies.

10. International Data Transfers

Your data may be transferred to and stored in countries outside Kenya for the following purposes:

• Cloud hosting services (data centers may be located internationally)
• International trip arrangements (hotels, airlines outside Kenya)
• Payment processing through international gateways

We ensure adequate safeguards are in place through contractual agreements and compliance with international standards as required by the Kenya Data Protection Act.

11. Children's Privacy

We do not knowingly collect personal information from children under 18 without parental consent. Bookings for minors must be made by a parent or legal guardian who accepts responsibility for the minor's data. If we become aware of unauthorized collection of children's data, we will delete it promptly.

12. Marketing Communications

12.1 Opt-In and Opt-Out

• We will only send marketing emails if you have consented or have an existing customer relationship
• Every marketing email includes an unsubscribe link
• You can opt out at any time without affecting your bookings or services
• Transactional emails (booking confirmations, payment receipts) cannot be opted out as they are essential

12.2 SMS Communications

We may send SMS messages for booking confirmations, payment reminders, and trip updates. Reply "STOP" to opt out of non-essential SMS communications.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the Office of the Data Protection Commissioner within 72 hours
• Notify affected individuals without undue delay
• Provide information about the breach and steps taken to mitigate harm
• Offer recommendations to protect yourself (e.g., password changes)

14. Third-Party Links

Our website may contain links to third-party websites (hotels, airlines, partners). We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any information.

15. Customer Account Security

• You are responsible for maintaining the confidentiality of your account password
• Never share your password with others
• Notify us immediately if you suspect unauthorized access to your account
• We will never ask for your password via email or phone
• Use strong, unique passwords and change them regularly

16. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be notified via email or a prominent notice on our website. The "Last Updated" date at the top indicates when changes were last made. Continued use of our services after changes constitutes acceptance.

17. Data Controller Information

18. Complaints to Regulatory Authority

If you believe we have not handled your data properly, you have the right to lodge a complaint with: