Privacy Policy

1. Introduction and Commitment

Epashikino Resort & Spa ("we," "us," "our," or "the Resort") is committed to protecting the privacy of our guests and ensuring transparency in how we handle your personal data. We comply with all applicable data protection regulations, including but not limited to the Data Protection Act and international data protection standards.

This Privacy Policy applies exclusively to our guests—individuals who book accommodations and services at Epashikino Resort & Spa. This policy governs how we collect, use, protect, and manage guest personal data through our booking systems, website, and physical facilities during your stay and related interactions.

2. Information We Collect

We collect and process various categories of personal information:

Booking and Reservation Information

• Full name, date of birth, and identification documents
• Contact details (email, phone number, home address)
• Payment information and billing details
• Special requests, dietary requirements, and accessibility needs
• Passport or travel document information

Guest Experience Data

• Room preferences and service requests
• Communication records with our staff
• Guest feedback, complaints, and survey responses
• CCTV footage in public areas for security purposes

Website and Digital Interaction Data

• IP addresses and device identifiers
• Browsing behavior and website usage patterns
• Cookies and similar tracking technologies
• Email open rates and link clicks

3. How We Use Your Information

We process your personal data for the following legitimate purposes:

• To fulfill and manage your accommodation booking and reservations
• To provide resort services and personalize your guest experience
• To process payments and manage billing and financial records
• To communicate important information about your stay or account
• To comply with legal obligations and immigration requirements
• To maintain security and prevent fraud or illegal activities
• To improve our services through analytics and feedback analysis
• To send marketing communications (with your consent)
• To respond to inquiries and provide customer support

4. Legal Basis for Processing

We only process your personal data when we have a valid legal basis to do so, including:

• Contractual Necessity: Data required to fulfill your booking and provide accommodation services
• Legal Obligation: Information needed to comply with taxes, immigration, and local laws
• Legitimate Interest: Improving services, fraud prevention, and security
• Consent: Marketing communications and optional data collection

5. Data Protection and Security

We implement comprehensive security measures to protect your personal data:

• Encryption of sensitive data in transit and at rest
• Secure payment processing through PCI-compliant systems
• Access controls and staff training on data protection
• Regular security audits and vulnerability assessments
• Secure disposal and deletion of data according to retention schedules
• CCTV systems in public areas for guest safety and security
• Confidential handling of sensitive documents and records

While we implement industry-standard security practices, no system is completely immune to breaches. We maintain incident response procedures and will notify affected individuals as required by law.

6. Hotel Operational Standards and Guest Privacy

As a professional hospitality establishment, we maintain strict standards regarding guest privacy and conduct:

Guest Room Privacy

• Guest rooms are private spaces; housekeeping respects "Do Not Disturb" notices
• Room entry by staff occurs only for essential services or emergencies
• No unauthorized access to guest belongings or information
• Confidentiality of guest identity and room location maintained

Staff Conduct and Confidentiality

• All staff members are bound by strict confidentiality agreements
• Staff training on data protection and guest privacy rights
• Prohibition of sharing guest information with unauthorized parties
• Professional conduct standards and harassment prevention policies
• Regular audits to ensure compliance with privacy standards

Complaint and Incident Handling

• Formal procedures for reporting privacy breaches or misconduct
• Confidential investigation of complaints
• Remedial actions and corrective measures as needed
• No retaliation against guests who report privacy concerns

7. Data Sharing and Third Parties

We may share your personal data with trusted third parties only when necessary:

• Payment Processors: To process your payment safely and securely
• Immigration Authorities: As required by local and international travel laws
• Service Providers: Including cleaning, maintenance, and catering contractors
• Business Partners: For coordinated services (tours, transfers, activities)
• Legal and Regulatory Bodies: When required by law or court orders

We do not sell or rent your personal data to third parties for marketing purposes without your explicit consent. All third-party processors are contractually obligated to protect your data to the same standards we maintain.

8. Your Data Protection Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal retention requirements)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Obtain your data in a structured, portable format
• Right to Object: Opt-out of marketing communications and certain processing activities
• Right to Lodge Complaints: File complaints with relevant data protection authorities

To exercise any of these rights, please contact our Privacy Officer at privacy@epashikinoresort.com with your request and sufficient information to verify your identity.

9. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for website functionality and security
• Performance Cookies: Analyze usage patterns to improve services
• Marketing Cookies: Track behavior for personalized advertising (with consent)

You can manage cookie preferences through your browser settings. Disabling certain cookies may impact website functionality. By continuing to use our website, you consent to our use of cookies as described in this policy.

10. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Booking and guest records: Retained for 3 years after departure for accounting and legal purposes
• Payment information: Retained in compliance with PCI-DSS standards
• Marketing preferences: Retained until you unsubscribe
• CCTV footage: Retained for 30 days unless required for investigations
• Legal claims: Retained for the duration of any legal proceedings and applicable statute of limitations

11. Children's Privacy

Our services are designed for adult guests who make and manage their own bookings. However, if a child travels as a guest with parental or guardian consent, we collect only the necessary personal data for their accommodation and safety. Parental/guardian consent is required for any child guest. We do not knowingly collect personal data from children without proper parental or guardian authorization. If we become aware that a child's data has been collected without proper consent, we will delete such data promptly.

12. International Data Transfers

If your data is transferred to countries outside Kenya, we ensure such transfers comply with applicable data protection laws through standard contractual clauses, binding corporate rules, or adequate protection mechanisms. By providing your data, you consent to such transfers where necessary for service provision.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, and legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the "last modified" date. Your continued use of our services following such changes constitutes your acceptance of the updated policy.

14. Contact Information

For questions about this Privacy Policy or to exercise your data protection rights, please contact:

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

Last Updated: January 2025

Effective Date: January 2025