PRIVACY NOTICE

Please read these carefully

Contact Us
travelshoppe company ltd

Privacy notice of Travelshoppe Company Limited

Introduction

Travelshoppe Company Limited (‘Travelshoppe’) respects your privacy, and we are committed to protecting your privacy through our compliance with this Privacy Notice (‘Notice’). We will only collect personal information, and process as described in this Notice and in accordance with the Kenyan Data Protection Act,2019 and subsequent regulations as amended from time to time.

In this Notice, we have referred ourselves as ‘Travelshoppe’, ‘We’, ‘Our’ or ‘Us’. An individual who is the subject of the personal data is referred to as ‘Customer’, ‘User’ or ‘You’.

This Notice covers the processing of data that you have provided to us directly, or data that we collect about you from third parties whenever we do so.

We handle the personal details of our customers and or third-party vendors according to the terms of our contractual relationships, or separate policies that we provide as relevant and independent of this policy.

Information we collect from you.

We respect the principle of data minimization, and we will only collect information about you that is minimal and relevant to accomplish a specific purpose. 

Depending on the purpose and relationship we have with you, the information we process about you includes, but is not limited, to the following.

  1. Personal details – Name, postal address, signature, date of birth, nationality, age, photo.
  2. Sensitive personal data – Gender, race, religion, health status, marital status, disability status.
  3. Contact details – Email address, telephone number
  4. Identity details – National identification number, passport details and copies, visa information, birth Certificate details and copies.
  5. Financial details – KRA PIN, credit card details, travel insurance details, bank statements, pay slips, medical insurance details.
  6. CCTV Footages when you visit our offices.

How we collect your personal data.

We collect personal data from various sources, including:

  1. Our clients, vendors, and customers.
  2. Our own staff, contractors, and vendors.

You provide us with your personal data in various ways, including:

  1. Forms filled out and submitted to us by yourself;
  2. Personal details shared during our meetings with you (virtual or physical);
  3. Information you sent to us via email;
  4. Data provided about you by referrals, such as another client, and;
  5. Information you submitted to us during the recruitment process

Use of your information.

Depending on the nature of the relationship we have with you, we may use your information for one or more of the following purposes:

  1. Provide our services
      1. We use our clients, vendors, and customers data for KYC and communication.
      2. We require the client’s personal identification data to access the premises.
      3. Visa Application.
      4. Hotel, accommodation and flight bookings.
      5. Billing and receipts.
  2. Make payments for services you have rendered to us;
  3. Invoicing.
  4. Marketing and collecting reviews about our products and services.
  5. To comply with any legal, governmental, statutory or regulatory requirements.

Recruitment

At Travelshoppe, we take the privacy of your data collected during the recruitment process very seriously. All personal information provided will be used solely for recruitment purposes and handled with the highest level of confidentiality and security. Your data will not be shared with unauthorized third parties and will be stored securely in compliance with Kenya Data Protection Regulations.

Lawful Basis for processing your information.

We will process your personal data based on either one of the following lawful bases:

  1. Performance of our contract with you or our clients.
  2. Our legitimate interests
  3. Compliance with any legal obligations
  4. Performance of task carried out by a public authority
  5. For the exercise, by any person in the public interest, of any other functions of a public nature.
  6. To protect your vital interests
  7. For the purposes of historical, statistical, journalistic, literature and art or scientific research.

If processing of your Personal Data does not fall in any of the lawful basis, we will seek and rely on your consent which shall be freely given, specific, informed and unambiguous. If we ask for your consent to process your personal information, you have a right to withdraw your consent at any time. You can exercise the right by contacting data@travelshoppe.co.ke

Your rights under the Data Protection legislation

As stipulated under the Kenya Data Protection Act, you have a right to:

  1. Be informed about our collection and use of your personal data;
  2. To access the personal data we hold about you;
  3. To have your personal data corrected if any of your personal data held by us is false, erroneous or misleading;
  4. Restrict (i.e., prevent) the processing of your personal data;
  5. Object to us to our use of your personal data for a particular purpose or purposes;
  6. Data portability. You have a right to request your personal data, which you have provided to us in a structured and commonly used format for your own use across different services;
  7. Automated decision-making and profiling. We do not process any of your data using automated decision-making;
  8. Withdraw consent. This means that, if we are relying on your consent as the lawful basis for using your personal data, you are free to withdraw that consent at any time.

If you wish to exercise any of the rights mentioned above, kindly submit your request to data@travelshoppe.co.ke

We may request specific information from you to help us confirm your identity anytime you exercise any of your rights. This is a security step to prevent unauthorized disclosure.

Retention period

We will only keep your personal data for as long as is necessary to fulfil the purposes we collected it for.

The key factors that we will use to determine the time it takes before we delete or anonymize your data includes legal requirements and compliance with regulatory requirements as well as the business needs.

Anonymized information/data that can no longer be associated /referred to you may be held indefinitely.

Sharing your personal data

We will share your personal data only in accordance with the data protection legislation.

The following are circumstances where we may have to share your personal data with third parties:

  1. Where obliged by law, we will share some personal data with the Government, law and enforcement agencies, or regulatory bodies. Where possible, we make this anonymous and only share statistics.
  2. Where your consent is needed to transfer the data, we will make this clear to you in simple and clear language so you may make an informed decision.

We will never share your information if it is not legal to do so, and will always consider your rights, and whether there is another way of achieving our aim, before doing so.

Sharing your personal data outside the Republic of Kenya

We usually keep your data within the Republic of Kenya. If necessary, we ensure it is properly protected according to Data Protection Laws. This involves applying stringent safeguard mechanisms, verifying the destination country’s commitment to data protection principles, and establishing a comprehensive agreement with the recipient to safeguard your data.

Before we make any transfer of your data outside the Republic of Kenya, we ensure that the conditions on section 48 of the Act is met:

  1. Travelshoppe has given proof to the Data Commissioner on the appropriate safeguards with respect to the security and protection of the personal data;
  2. Travelshoppe has given proof to the Data Commissioner of the appropriate safeguards with respect to the security and protection of personal data, and the appropriate safeguards including jurisdictions with commensurate data protection laws;
  3. The transfers are necessary —
    1. for the performance of a contract between the data subject and the data controller or data processor or implementation of precontractual measures taken at the data subject’s request;
    2. for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another person;
  • for any matter of public interest;
  1. for the establishment, exercise or defense of a legal claim;
  2. in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent; or
  3. for the purpose of compelling legitimate interests pursued by the data controller or data processor which are not overridden by the interests, rights and freedoms of the data subjects.

The processing of sensitive personal data out of Kenya shall only be effected upon obtaining consent of a data subject and on obtaining confirmation of appropriate safeguards.

How we keep your data safe

We have implemented appropriate technical and organizational measures to safeguard your Personal Data, including but not limited to

  1. Organizational Measures.

Travelshoppe has enforced a Data Protection Policy and related policies enhancing a culture of data privacy such as:

  • Employee Privacy Notice.
  • Data breach plan and response.
  • Data Controller and Processor agreements
  • Privacy notice.
  1. Technical Measures
  • Inventory Management – An up-to-date inventory of all network devices, servers, laptops, IoT devices, and other IT devices that process or store personal data is maintained.
  • Data Access Rights -Data access rights and permissions are established based on user roles and responsibilities.
  • Authentication Mechanisms – Strong authentication mechanisms such as multi-factor authentication (MFA) are implemented for accessing network devices, servers, laptops, and IoT devices.
  • Password Policies – Strict password policies, including password complexity, regular password changes, and account lockout mechanisms, are enforced.
  • User Management System – A centralized user management system with detailed user access logs and audit trails is maintained.
  • Encryption – Personal data is encrypted at rest, utilizing robust encryption algorithms and secure key management practices.
  • Secure Protocols – Secure protocols (e.g., TLS, SSH) are implemented for network communications, and encrypted VPN connections are used for remote access.
  • Endpoint Security Solutions – Endpoint security solution is in place to detect and prevent malware infections on network devices and endpoints.
  • Network Monitoring System – A network monitoring system is established to detect anomalous activities and potential security breaches in real-time.

How we use Cookies

We employ cookies to gather insights regarding your interaction with our website. Further details can be found in our Cookie Policy on our website – Privacy Statement.

How to contact us

If you wish to contact us in respect of any part of this Privacy Notice or have any questions   regarding our handling of your personal data, please find below contact details:

Travelshoppe Company Limited

The Odyssey Building, 5th Floor,

84 Muthithi Road, Westlands,Nairobi.

Tel no: +254 20 514 8700

Email address: data@travelshoppe.co.ke

Amendments to this Privacy Notice

We may change, modify, or adopt a new Privacy Notice from time to time. This version was last updated on 12-05-2025.

Contact Us

If you have any questions or suggestions about our Privacy statement, do not hesitate to contact us.

Terms & Conditions
Travel Terms & Conditions
Tours Terms & Conditions
Privacy Statement
Scroll to Top