top of page

Privacy Policy

Last updated: 13th April 2026

GosRaha Journeys (“GosRaha”, “we”, “us”, or “our”) respects your privacy and is committed to handling your personal data lawfully, fairly, and transparently.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you visit our website, enquire about our services, request a bespoke itinerary, make a booking, or otherwise interact with us.
 

Because GosRaha curates and organises bespoke travel experiences, we may need to collect and use a broader range of personal information than a standard website inquiry form would suggest. This includes information needed to design itineraries, arrange bookings, coordinate with travel suppliers, issue travel documents, comply with legal obligations, and support your journey.
 

By using our website or services, you acknowledge that your personal data may be processed in accordance with this Privacy Policy. Where your consent is required by law for a particular type of processing, we will ask for it separately.
 

1. Who we are

GosRaha Journeys is the data controller of the personal data covered by this Privacy Policy, except where another party clearly acts as the controller in its own right.

If you have questions about this Privacy Policy, or would like to exercise any of your privacy rights, you may contact us at shyam@gosrahajourneys.com.
 

2. The personal data we may collect

Depending on your interaction with us, we may collect and process the following categories of personal data:

• identity and contact information, such as your full name, email address, telephone number, postal or physical address, nationality, date of birth, and emergency contact details;

• travel information, such as proposed or confirmed travel dates, destinations, accommodation preferences, activity preferences, rooming preferences, baggage information, passenger details, and other itinerary-related information;

• booking and travel-document information, such as passport details, visa-related information, copies of travel documents, and information required by airlines, lodges, transfer providers, or other travel suppliers;

• family and group travel information, including information about travelling companions and minor children where relevant to a booking;

• health, mobility, dietary, accessibility, or other special requirement information that you choose to provide, or that is reasonably necessary for us to help arrange suitable travel services;

• insurance-related information, such as insurer name, policy details, proof of cover, and limited information needed to verify that required insurance is in place;

• payment and transaction information, such as payment confirmations, invoicing information, billing references, and limited records relating to payments made to or through us;

• communications and correspondence, including inquiry forms, emails, WhatsApp or other messages, feedback, complaint details, and notes relating to your booking or itinerary;

• website and device information, such as IP address, browser type, device information, cookie identifiers, website usage information, and analytics data; and

• marketing preferences, such as whether you wish to receive promotional emails or other communications from us.

3. How we collect your personal data

We may collect personal data directly from you when you fill in an inquiry form, request a detailed itinerary, communicate with us, submit travel documents, confirm a booking, make a payment, sign or accept our terms, or otherwise engage our services.

We may also collect information from third parties where this is reasonably necessary for your booking, for example from a lead traveller making arrangements on behalf of others, from a travel companion, from a supplier involved in your itinerary, from an insurer or evacuation provider where relevant, or from our website analytics and cookie tools.

4. Our lawful bases for processing

We process personal data only where we have a lawful basis to do so. Depending on the circumstances, this may include:

• taking steps at your request before entering into a contract, such as responding to an inquiry, discussing a proposed trip, or preparing a bespoke itinerary;

• performing our contract with you, including arranging bookings, communicating with suppliers, issuing confirmations and travel documents, handling changes, and supporting service delivery;

• complying with a legal or regulatory obligation, including tax, accounting, anti-fraud, consumer protection, or formal lawful requests from public authorities;

• our legitimate interests, where these are not overridden by your rights, such as running and improving our business, keeping records, managing complaints, preventing fraud, protecting our legal position, and ensuring service quality; and

• your consent, where consent is the appropriate legal basis, including for certain marketing communications, optional cookie activity, and any other processing where consent is specifically requested.

5. How we use your personal data

We may use your personal data to:

• respond to inquiries and discuss potential travel arrangements;

• prepare bespoke itineraries and travel proposals;

• confirm, organise, administer, and manage bookings;

• communicate with accommodation providers, airlines, transfer companies, guides, activity operators, restaurants, insurers, evacuation providers, and other travel suppliers involved in your itinerary;

• issue quotations, invoices, confirmations, vouchers, and travel documents;

• verify that mandatory travel insurance is in place where required;

• tailor travel arrangements to your preferences, needs, and disclosed requirements;

• provide customer service, assist with changes, and handle complaints or disputes;

• maintain business records, accounting records, and internal administration;

• protect our website, services, staff, clients, and business from fraud, misuse, or unlawful activity;

• send service-related communications and, where permitted, promotional communications; and

• analyse website performance, improve our services, and understand how users interact with our website and content.

6. Who we may share your personal data with

We do not sell your personal data. However, we may share personal data where reasonably necessary for the purposes described in this Privacy Policy, including with:

• accommodation providers, lodges, camps, hotels, and other hospitality partners;

• airlines, transfer companies, car hire companies, charter operators, and other transport providers;

• guides, activity providers, conservancies, park authorities, permit issuers, and similar travel-service suppliers;

• insurers, evacuation providers, or emergency assistance providers where relevant or requested;

• payment processors, banks, and other financial-service providers involved in handling payments;

• cloud-storage, communications, and productivity providers, including services used to store documents, emails, and booking information;

• website analytics, advertising, and marketing service providers where used;

• professional advisers such as lawyers, accountants, auditors, and compliance advisers; and

• regulators, law enforcement agencies, courts, public authorities, or other third parties where disclosure is required or permitted by law, or reasonably necessary to protect rights, safety, or legal interests.

Where possible, we limit the personal data shared to what is reasonably necessary for the relevant purpose.

7. International and cross-border transfers

Because travel services often involve international suppliers and because some of the technology and cloud services we use may process or host data outside Kenya, your personal data may be transferred to, stored in, or accessed from countries outside Kenya.

Where we transfer personal data outside Kenya, we will do so only where there is an appropriate legal basis and, where required, suitable safeguards or other lawful transfer conditions are in place. In some cases, the transfer may be necessary in order to take steps at your request, perform a contract with you, or arrange the travel services you have asked us to provide.

8. Google Workspace, Google Drive, and cloud tools

GosRaha may use cloud-based tools and service providers, including Google Workspace and Google Drive, to store, organise, and process business records, communications, itinerary information, and booking-related documents.

We use reasonable access controls and organisational safeguards to help protect data stored in such systems, including limiting internal access to authorised persons on a need-to-know basis. Data stored within Google Workspace services is protected by encryption in transit and at rest, together with the provider’s platform security controls.

Although we take reasonable measures to protect personal data, no system or method of transmission or storage can be guaranteed to be completely secure.

9. Cookies, analytics, and advertising tools

Our website may use cookies and similar technologies to support core site functionality, understand website traffic and performance, remember preferences, and improve user experience.

We may use analytics and similar tools, including tools provided by third parties such as Google, to understand how visitors use our website. Where we use advertising or remarketing tools, they may collect information about your browsing activity in order to measure campaigns or help us present more relevant content.

Where required by law, we will seek consent before placing or using non-essential cookies or similar technologies. You can also manage cookies through your browser settings, although blocking certain cookies may affect website functionality.

10. Marketing communications

We may send you marketing or promotional communications where you have consented, where you have requested them, or where we are otherwise permitted by law to do so.

You may opt out of marketing communications at any time by using the unsubscribe link in the relevant email or by contacting us at shyam@gosrahajourneys.com.

Service-related communications relating to your inquiry, booking, or travel arrangements are not the same as marketing communications and may still be sent where necessary.

11. Sensitive or higher-risk personal data

Some bookings may require us to process higher-risk categories of information, such as information about children, health or mobility requirements, dietary needs, emergency contacts, passport or travel-document details, or limited insurance-related information.

We will only collect such information where reasonably necessary for your inquiry, itinerary, booking, legal compliance, or the safe and practical delivery of your travel arrangements. We seek to limit such processing to what is relevant, restrict access to those who need it, and share it only to the extent reasonably necessary for the related purpose.

12. Data retention

We retain personal data only for as long as reasonably necessary for the purpose for which it was collected, or as required for legal, tax, accounting, dispute-resolution, fraud-prevention, or record-keeping purposes. Retention periods may vary depending on the type of data and the nature of the relationship.

In general:

• general inquiry information may be kept for a limited period to allow follow-up and business administration;

• quotation, itinerary, and booking records may be kept for longer where necessary to administer the booking, manage repeat-client relationships, respond to complaints, or protect legal interests;

• financial and transaction records may be retained for longer periods where required for tax, accounting, or audit purposes; and

• marketing subscription records will be retained until you unsubscribe or until we determine that continued retention is no longer appropriate.

When personal data is no longer reasonably required, we will seek to delete, anonymise, or securely dispose of it.

13. Your rights

Subject to applicable law, you may have the right to:

• request access to the personal data we hold about you;

• request correction of inaccurate or incomplete personal data;

• request deletion of personal data in appropriate circumstances;

• object to certain processing or request restriction of processing in appropriate circumstances;

• withdraw consent where processing is based on consent, without affecting processing carried out before that withdrawal;

• request information about how your personal data is used and shared; and

• lodge a complaint with the Office of the Data Protection Commissioner or another competent authority where you believe your rights have been infringed.

To exercise any of these rights, please contact us at shyam@gosrahajourneys.com. We may request reasonable information to verify your identity before acting on a request.

14. Data accuracy and third-party information

You are responsible for ensuring that personal data you provide to us is accurate, up to date, and complete.

If you provide personal data relating to another person, including a travel companion or child, you should ensure that you are authorised to do so and that the relevant individual has been informed, where appropriate, that their data may be provided to us for the purposes described in this Privacy Policy.

15. Data security

We use reasonable technical and organisational measures to help protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, account authentication measures, supplier selection controls, internal restrictions on who may access particular records, and the use of reputable service providers.

However, no method of electronic transmission, storage, or processing is entirely secure, and we cannot guarantee absolute security.

16. Data breaches

If we become aware of a personal data breach, we will assess the incident and take appropriate steps to contain, investigate, and remediate it.

Where required by applicable law, we will notify the relevant regulatory authority and affected data subjects within the required timeframes.

17. Third-party websites and services

Our website, emails, or other communications may contain links to third-party websites, booking platforms, or services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy policies separately.

Where a third-party supplier provides travel services in connection with your booking, that supplier may process personal data under its own privacy practices and legal obligations.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, our services, or our business practices.

The version published on our website or otherwise provided to you at the relevant time will apply, subject to any legal requirements to notify you of material changes.

19. Contact us

If you have questions about this Privacy Policy or wish to make a privacy-related request, please contact:

Email: shyam@gosrahajourneys.com

bottom of page