Privacy Policy for Tsavaro.com

Last updated: August 8, 2025


1. Introduction

Tsavaro Limited (“Tsavaro,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit or make a booking through our website, www.tsavaro.com (the “Site”), which operates as an online travel agency (OTA). Tsavaro is registered in Kenya and complies with the Kenya Data Protection Act, 2019, the European Union General Data Protection Regulation (GDPR), and other applicable data protection laws.


2. Data Controller
The data controller for your personal data is:
Tsavaro Limited
P.O. Box 68151-00200, Nairobi, Kenya
Email: [email protected]


3. Information We Collect


3.1 Information You Provide Directly

    • Identity & Contact Data: Name, email address, telephone number, postal address.
    • Booking & Travel Data: Travel dates, destinations, passenger details (including passport/ID numbers), payment information (collected securely by our payment processors), special requests.
    • Account Data: Username, password, profile preferences if you register for an account.

3.2 Information Automatically Collected

    • Technical Data: IP address, device identifiers, browser type/version, operating system.
    • Usage Data: Pages viewed, search queries, clickstream data, date/time stamps.
    • Location Data: Approximate location inferred from IP or mobile GPS (where permitted).

3.3 Information from Third Parties

    • Social Media: If you log in via Facebook, Google, etc., we receive your public profile information.
    • Partners & Suppliers: Data from airlines, hotels, payment providers, marketing analytics platforms.


4. How We Use Your Information

  • To Facilitate Bookings: Process and confirm your hotel, flight, or package reservations.
  • Customer Service: Respond to inquiries, provide support, handle complaints.
  • Marketing & Communications: Send you promotional emails or SMS (you may opt-out at any time).
  • Personalisation: Tailor offers, recommendations, and content based on your preferences.
  • Security & Fraud Prevention: Verify identity, detect and prevent fraudulent activities.
  • Legal Compliance: Fulfill legal obligations, cooperate with law enforcement or regulatory authorities.


5. Disclosure of Your Information
We may share your data with:

  • Service Providers: Payment processors, hosting providers, IT support, customer relationship management (CRM) platforms.
  • Travel Partners: Airlines, hotels, tour operators, credit agencies for ticketing and accommodation fulfillment.
  • Affiliates & Subsidiaries: For group-wide data processing and marketing.
  • Legal & Regulatory Authorities: When required by law or to protect our rights, property, or safety.
  • Business Transfers: In connection with any merger, acquisition, or sale of assets, with notice to you.

We never sell your personal data to third parties for their own marketing purposes.


6. Cookies and Tracking Technologies
We use cookies, web beacons, and similar technologies to:

  • Remember your preferences and settings.
  • Analyze Site usage and performance.
  • Deliver targeted advertising (with your consent, where required).

You can manage or disable cookies through your browser settings; however, this may affect Site functionality.


7. Data Retention
We retain your personal data only as long as necessary to:

  • Provide the services you request.
  • Comply with legal, tax, or accounting requirements.
  • Resolve disputes and enforce our agreements.

After the retention period, data will be securely deleted or anonymized.


8. International Data Transfers
Your data may be processed or stored in Kenya or other countries where our processors operate. When transferring data from the European Economic Area (EEA), we rely on:

  • Adequacy Decisions: Countries deemed to provide adequate protection.
  • Standard Contractual Clauses: Approved by the European Commission.
  • Binding Corporate Rules: For transfers within our corporate group.


9. Your Rights Under GDPR and Kenyan Law
Where applicable, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your data (“right to be forgotten”).
  • Restrict or object to processing.
  • Portability of data in machine-readable format.
  • Withdraw consent at any time (for processing based on consent).

To exercise these rights, please contact us at [email protected]. We may need to verify your identity before responding.


10. Security
We implement appropriate technical and organizational measures—such as encryption, firewalls, and access controls—to protect your personal data against unauthorized access, alteration, or disclosure. However, no transmission over the internet is 100% secure; we cannot guarantee absolute security.


11. Children’s Privacy
Our services are not directed to children under 18. We do not knowingly collect or maintain personal data from minors. If you believe we have inadvertently collected data from a child, please contact us to have it removed.


12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When significant changes occur, we will post the updated policy on our Site with a revised “Last updated” date and, if required, notify you by email.


13. Contact Us
For questions, concerns, or to exercise your data protection rights, please contact:
Tsavaro Limited
Email: [email protected]
Address: P.O. Box 68151-00200, Nairobi, Kenya


Thank you for choosing Tsavaro. We are committed to safeguarding your privacy and providing you with a secure and trustworthy travel experience.