top of page

Data and Privacy Policy


We may only Process your Personal Data  for a specific purpose. Such purposes may include, amongst others (i) completing an application for Services  (ii) completing the Service Agreement (iii) automated processing including Profiling (iv) completing a transaction (v) verifying your credit card details for payment or arranging for a refund (vi) communications with our tour operators and consultants. By booking a service with us you imply consent. 

Withdrawal of Consent

If after you opt-in you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your Personal Data, at any time, by contacting us at email address

Processing of Personal Data

Subject to your implied consent, we will process your Personal Data for certain purposes (see CONSENT, above) either, via the Site, email, telephone or on paper taken by our tour consultants.

Such Personal Data will typically include, but not be limited to, (i) your valid e-mail address (ii) your passport number (iii) your full name, (iv) your street address, city, postal code and (v) your date of birth. 

Use of Personal Data

We only collect Personal Data that is relevant to the purpose and business of our Site. This information allows us to provide you with a customised and efficient experience.

Your Rights

You have the following rights pertaining to your Personal Data;

To be informed – we must be completely transparent with you in how we are using your Personal Data.

To access – you have the right to know precisely what information is held about you and how it is Processed.

To rectify – you are entitled to have Personal Data rectified if it is inaccurate or incomplete.

To erase – you have the right to having your Personal Data deleted or removed without the need for a specific reason as to why you wish to discontinue.

To restrict – your right to block or suppress processing of Personal Data.

To use – your right to retain and reuse your Personal Data for your own purpose.

To object – in certain circumstances, you may be entitled to object to your personal data being used.

To complain – your right to lodge a complaint with a supervisory authority.

Our Rights

The general use of our Site does not require registration and as such, subject to the restrictions and provisions of this Privacy Policy, you can visit our website without providing your Personal Data. However, in providing certain Services we may require registration which may involve the Processing of Personal Data.

In such circumstances, if you choose not to provide consent or withhold certain Personal Data from us, then in such instance, it may not be possible for you to gain access to certain parts of the Site nor for us to be able to provide the Services or certain aspects of the Services.

Our Obligations

Notwithstanding the obligations provided for in this Privacy Policy, we are also obligated by the provisions of the Data Protection Act ensuring that processing of your Personal Data is lawful, fair, transparent, adequate, relevant, accurate, kept for as long as required and proportionate to the purposes for which it is being used.

Subject to a written request by you, we are obligated to provide you with access to your Personal Data and as such provide you with a copy our records pertaining to your Personal Data. 

If you cease to be a  customer of Kenyan Photo Tours then, subject to not contravening the requirements of the law, we will be obliged to destroy your Personal Data.

Might there be a security breach concerning your Personal Data and such breach is likely to result in a high risk to your rights and freedoms, then, in such instance, we will be obliged to inform you as soon as possible without undue delay.

Online Payments

If you pay us by credit or debit card we will use a direct payment gateway to complete your purchase, then we will store your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a global joint effort of the Card Associations.

PCI-DSS requirements help ensure the secure handling of credit card information by our Site and its service providers.

Third Party Services

Certain third-party services, such as payment gateways and other transaction or payment processors are required to abide by security standards imposed on them, such as the Payment Card Industry Data Security Standard (PCI-DSS), which is a set of security standards designed to ensure that all payment processors that accept, process, store or transmit credit card information maintain a secure environment. All direct payment gateways we utilise adhere to PCI-DSS, which is a joint effort of brands like Visa, MasterCard, American Express and Discover, to safeguard card data handling.

Whilst we shall not store your credit card information, such payment gateways and other transaction or payment processors, under PCI-DSS, may store your purchase transaction data for only as long as is necessary to complete the transaction and thereafter for only as long as it is required by law.

Such third-party payment gateways and other transaction or payment processors and other third parties, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

Once you leave our Site or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or the Agreements.

External Links

When you click on links on our Site, they may direct you away from our Site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

This data and privacy policy has been drafted to comply with the EU General Data Protection Regulation 2016/679 (GDPR),

bottom of page