Privacy Policy

Come Travel Kenya Limited ("we," "us," or "our") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with Kenya's Data Protection Act, 2019, and international data protection standards. By using our website (www.cometravelkenya.com) or our services, you consent to the collection and use of your information as described in this policy. We respect your privacy rights and are transparent about our data practices. **Data Controller:** Come Travel Kenya Limited Roslyn Riviera Mall, Limuru Road Nairobi, Kenya Email: safaris@cometravelkenya.com Phone: +254 711 082254

**Personal Information:** When you use our services, we may collect: • Full name and contact details (email, phone number, address) • Date of birth and nationality • Passport details (number, expiry date, issuing country) • Payment information (credit card details, billing address) • Travel preferences and special requirements • Dietary restrictions and medical conditions (if relevant to services) • Emergency contact information • Passport and visa photographs (for immigration services) **Automatically Collected Information:** • IP address and browser type • Device information and operating system • Pages visited and time spent on our website • Referring website and search terms used • Cookies and similar tracking technologies • Location data (with your permission) **Information from Third Parties:** • Hotel and airline confirmations • Payment processor information • Social media profiles (if you connect them) • References or recommendations **Communication Records:** • Email correspondence • Phone call recordings (for quality assurance, with notice) • Chat messages and inquiries • Feedback and complaints

We use your personal information for the following purposes: **Service Delivery:** • Processing and confirming bookings • Arranging travel services (hotels, transport, activities) • Processing immigration applications (ETAs, permits) • Communicating service details and itineraries • Providing customer support **Payment Processing:** • Processing payments and refunds • Preventing fraud and unauthorized transactions • Maintaining financial records **Communication:** • Sending booking confirmations and updates • Providing travel information and tips • Responding to inquiries and requests • Sending service-related notifications **Marketing (with your consent):** • Sending newsletters and promotional offers • Sharing travel tips and destination guides • Informing you about new services • Conducting customer satisfaction surveys **Legal and Operational:** • Complying with legal obligations • Maintaining records for tax and accounting • Resolving disputes and enforcing agreements • Improving our services and website • Analyzing usage patterns and preferences **Safety and Security:** • Ensuring traveler safety during services • Emergency contact and assistance • Insurance claims processing • Incident reporting and investigation

We share your personal information only when necessary: **Service Providers:** • Hotels, lodges, and accommodation providers • Airlines and transportation companies • Tour operators and activity providers • Immigration authorities (for permit applications) • Insurance companies • Payment processors **Business Partners:** • Local guides and ground handlers • Restaurant and catering services • Event venues and conference facilities • Emergency medical services (if needed) **Legal Requirements:** • Government authorities when required by law • Law enforcement and regulatory bodies • Courts and legal proceedings • Tax authorities **With Your Consent:** • Third parties you specifically authorize • Social media platforms (if you choose to share) • Testimonials and reviews (with your permission) **Business Transfers:** In the event of merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. **We DO NOT:** • Sell your personal information to third parties • Share information for unrelated marketing purposes • Disclose sensitive information without consent • Transfer data to countries without adequate protection (except with safeguards)

We implement robust security measures to protect your information: **Technical Measures:** • SSL/TLS encryption for data transmission • Secure servers with firewalls • Encrypted storage of sensitive data • Regular security audits and updates • Access controls and authentication • Secure payment gateways (PCI DSS compliant) **Organizational Measures:** • Staff training on data protection • Confidentiality agreements with employees • Limited access to personal information (need-to-know basis) • Regular security policy reviews • Incident response procedures • Data backup and recovery systems **Physical Security:** • Secure office premises with access controls • Locked storage for physical documents • Secure disposal of outdated records • Visitor management systems **Note:** While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security but commit to addressing any breaches promptly and transparently.

We retain your personal information for as long as necessary: **Active Bookings:** Information is retained throughout service delivery and for the period needed to resolve any issues or claims. **Completed Services:** • Financial records: 7 years (tax and legal requirements) • Travel records: 2-3 years (for references and repeat bookings) • Marketing consent: Until you opt out • Website analytics: 12-24 months **Immigration Records:** Passport copies and permit applications retained for 3-5 years (legal requirement). **Legal Holds:** Information may be retained longer if required for legal proceedings or regulatory compliance. **Deletion:** After retention periods, data is securely deleted or anonymized. You may request earlier deletion (subject to legal obligations).

Under Kenya's Data Protection Act, 2019, you have the following rights: **Right to Access:** Request copies of your personal information we hold. **Right to Correction:** Request correction of inaccurate or incomplete information. **Right to Deletion:** Request deletion of your personal information (subject to legal retention requirements). **Right to Object:** Object to processing of your information for marketing or other purposes. **Right to Restrict Processing:** Request limitation of how we use your information. **Right to Data Portability:** Receive your information in a structured, machine-readable format. **Right to Withdraw Consent:** Withdraw consent for processing at any time (where consent is the legal basis). **Right to Lodge Complaint:** File a complaint with Kenya's Office of the Data Protection Commissioner if you believe your rights have been violated. **Exercising Your Rights:** Contact us at safaris@cometravelkenya.com with subject line "Data Protection Request" We will respond within 30 days and may require identity verification.

Our website uses cookies and similar technologies: **Essential Cookies:** Necessary for website functionality (login, shopping cart, security). **Analytics Cookies:** Help us understand how visitors use our website (Google Analytics). **Marketing Cookies:** Track effectiveness of advertising campaigns and personalize content. **Third-Party Cookies:** Social media plugins, payment processors, and embedded content may set cookies. **Managing Cookies:** You can control cookies through your browser settings. Note that disabling cookies may affect website functionality. **Do Not Track:** We honor "Do Not Track" browser signals where technically feasible.

Our services are not directed at children under 18. We do not knowingly collect personal information from minors without parental consent. For family travel bookings: • Parents/guardians must provide minor's information • Consent is assumed from the booking adult • We protect children's data with enhanced security If we become aware of unauthorized collection of children's data, we will delete it promptly.

Your information may be transferred to and processed in countries outside Kenya when: • Service providers operate internationally • Airlines and hotels are based in other countries • Payment processors use international systems • Cloud services store data globally **Safeguards:** We ensure adequate protection through: • Standard contractual clauses • Privacy Shield frameworks (where applicable) • Encryption during transfer • Compliance with international standards We only transfer data to countries with adequate data protection or implement appropriate safeguards.

**Consent:** We send marketing communications only with your explicit consent. **What We Send:** • Travel tips and destination guides • Special offers and promotions • Newsletter with company updates • Seasonal holiday packages • Service announcements **Frequency:** We respect your inbox and send marketing emails no more than weekly (typically monthly). **Opt-Out:** You can unsubscribe at any time by: • Clicking "unsubscribe" in any marketing email • Contacting us at safaris@cometravelkenya.com • Updating preferences in your account **Note:** Even after opting out of marketing, you'll still receive service-related communications (booking confirmations, travel documents, etc.).

We may update this Privacy Policy periodically to reflect: • Changes in our practices • New legal requirements • Technological developments • Service enhancements **Notification:** Material changes will be communicated via: • Email to registered users • Prominent notice on our website • Update date at the top of this policy **Your Responsibility:** Review this policy periodically. Continued use of our services after changes constitutes acceptance of the updated policy.