.png)
Privacy Policy
The Manor Maasai Mara
Last updated: February 2026
1. INTRODUCTION
The Manor Maasai Mara ("we", "us", "our", or "The Manor") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, store, and protect your personal information in compliance with the Data Protection Act, 2019 (No. 24 of 2019) of Kenya ("DPA") and other applicable laws.
By using our services, making a booking, or visiting our website, you consent to the collection and use of your personal data as described in this Privacy Policy.
Data Controller: The Manor Maasai Mara is the data controller responsible for your personal data collected through our services.
2. PERSONAL DATA WE COLLECT
We collect personal data that you provide directly to us and information automatically collected when you use our services. The types of personal data we collect include:
2.1 Information You Provide
Identity Information: Full name, date of birth, passport number, national ID number, nationality
Contact Information: Email address, phone number, postal address
Booking Information: Arrival and departure dates, number of guests, special requests, dietary requirements
Payment Information: Billing address, payment method details (processed securely through third-party payment processors)
Health Information: Medical conditions, allergies, mobility requirements (only when voluntarily provided for safety purposes)
Communications: Correspondence, feedback, complaints, and reviews
2.2 Information Automatically Collected
Website Usage Data: IP address, browser type, pages visited, time spent on pages, referring website
Cookies and Tracking Technologies: See Section 9 for details on our cookie policy
3. HOW WE USE YOUR PERSONAL DATA
We process your personal data for the following purposes, based on lawful grounds under the DPA:
3.1 To Provide Our Services (Contractual Necessity)
Processing and confirming your booking reservations
Providing accommodation, meals, and safari activities
Managing check-in and check-out procedures
Processing payments and issuing receipts
3.2 To Comply with Legal Obligations
Meeting tourism and hospitality regulatory requirements
Complying with tax, accounting, and financial reporting obligations
Responding to legal requests from authorities
3.3 For Legitimate Business Interests
Improving our services and guest experience
Responding to inquiries and providing customer support
Conducting market research and analyzing usage trends
Protecting our property, guests, and staff from harm
Preventing fraud and ensuring security
3.4 With Your Consent
Sending marketing communications and promotional offers (you may opt-out at any time)
Sharing photographs or testimonials featuring you (with explicit consent)
4. DATA SHARING AND DISCLOSURE
We do not sell, rent, or trade your personal data. We may share your information with the following categories of recipients:
Service Providers: Payment processors, IT service providers, booking platforms, and marketing agencies who process data on our behalf
Business Partners: Tour operators, airlines, and transport providers to facilitate your safari experience
Regulatory Authorities: Tourism Regulatory Authority, Kenya Revenue Authority, immigration officials, and other government bodies as required by law
Emergency Services: Medical facilities, evacuation services, and insurance providers in case of emergencies
5. INTERNATIONAL DATA TRANSFERS
In accordance with Section 48 of the DPA, we store at least one serving copy of your personal data on servers located within Kenya. Some of our service providers may be located outside Kenya. When transferring data internationally, we ensure:
The destination country has adequate data protection safeguards
Appropriate contractual protections are in place
We have obtained your explicit consent where required
6. DATA RETENTION
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
Booking and Financial Records: 7 years (for tax and accounting purposes)
Marketing Communications: Until you withdraw consent or opt-out
Guest Preferences: Until you request deletion or 3 years of inactivity
Website Analytics: 26 months
7. DATA SECURITY
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:
Encryption of data in transit and at rest
Secure access controls and authentication procedures
Regular security assessments and updates
Staff training on data protection
Physical security measures at our premises
8. YOUR DATA SUBJECT RIGHTS
Under the Data Protection Act, 2019, you have the following rights regarding your personal data:
8.1 Right to Access (Section 26(1)(a))
You have the right to request confirmation of whether we process your personal data and to obtain a copy of such data.
8.2 Right to Rectification (Section 26(1)(b))
You may request correction of inaccurate, outdated, incomplete, or misleading personal data.
8.3 Right to Erasure (Section 26(1)(c))
You may request deletion of your personal data when it is no longer necessary for the purposes collected, subject to legal retention requirements.
8.4 Right to Restrict Processing (Section 26(1)(d))
You may request restriction of processing in certain circumstances, such as when contesting data accuracy.
8.5 Right to Data Portability (Section 26(1)(e))
You may request transfer of your personal data to another data controller in a structured, commonly used format.
8.6 Right to Object (Section 26(1)(f))
You may object to processing based on legitimate interests or for direct marketing purposes.
8.7 Right to Withdraw Consent (Section 26(1)(g))
Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
8.8 How to Exercise Your Rights
To exercise any of these rights, please contact us at maasaimarathemanor@gmail.com or +254 713 274 717. We will respond to your request within 30 days as required by law.
9. COOKIES AND TRACKING TECHNOLOGIES
Our website uses cookies and similar tracking technologies to enhance user experience, analyze website traffic, and deliver personalized content. Cookies are small text files stored on your device.
9.1 Types of Cookies We Use
Essential Cookies: Required for website functionality
Analytics Cookies: Help us understand how visitors use our website
Marketing Cookies: Used to deliver relevant advertisements
9.2 Managing Cookies
You can control cookies through your browser settings. However, disabling certain cookies may affect website functionality.
10. CHILDREN'S PRIVACY
In accordance with Section 33 of the DPA, we do not knowingly collect personal data from children under 18 years without parental or guardian consent. If we become aware of such collection without proper consent, we will delete the information promptly.
11. DATA BREACH NOTIFICATION
In accordance with Section 41 of the DPA, if we experience a data breach that poses a risk to your rights and freedoms, we will notify the Office of the Data Protection Commissioner within 72 hours and inform affected data subjects within a reasonably practicable period.
12. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The updated policy will be posted on our website with the revision date. Continued use of our services after changes constitutes acceptance of the updated policy.
13. CONTACT US
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
The Manor Maasai Mara
Nashulai Maasai Conservancy
Masai Mara National Reserve
Narok County, Kenya
Email: maasaimarathemanor@gmail.com
Phone: +254 713 274 717 / +254 729 170 335