Skip to main content

Privacy Policy

Last updated: 15 June 2026

1. Who We Are

Jemeka Tours & Travel (“we”, “our”, or “us”) is a travel agency registered in Nairobi, Kenya (P.O. Box 46376-00100). We operate the website at jemekatours.com and related services. You may contact our data controller at njoros2025@gmail.com or +254 726 912577.

2. Information We Collect

  • Account data: name, email address, and password (hashed) when you create an account or sign in with Google.
  • Booking data: package selection, travel dates, number of travellers, special requests, and payment reference numbers.
  • Enquiry data: name, email, phone number, and message content submitted via our contact or enquiry forms.
  • Usage data: pages visited, browser type, IP address, referring URL, and session duration, collected via server logs and analytics tools.
  • Cookies: authentication session cookies and optional analytics cookies. See our Cookie Policy for details.

3. How We Use Your Information

  • To process and manage your tour bookings and send confirmation emails.
  • To respond to enquiries and provide customer support.
  • To operate, maintain, and improve our website and services.
  • To send transactional communications (booking confirmations, itinerary updates).
  • To send promotional communications — only where you have given explicit consent, which you may withdraw at any time.
  • To comply with legal obligations and resolve disputes.

4. Legal Basis for Processing

We process your personal data on the following grounds:

  • Contract performance: processing necessary to complete your booking.
  • Legitimate interests: operating and securing our platform.
  • Consent: marketing communications and optional analytics cookies.
  • Legal obligation: tax records and fraud prevention.

5. Data Sharing

We do not sell your personal data. We share it only with:

  • Payment processors (Paystack) to handle secure transactions.
  • Email providers (Resend) to deliver transactional emails.
  • Authentication providers (Google OAuth via Auth.js) if you choose Google sign-in.
  • Cloud hosting infrastructure for server and database operations.
  • Legal authorities when required by law or to protect our rights.

All third-party processors are bound by data processing agreements.

6. Data Retention

Booking and financial records are retained for 7 years in accordance with Kenyan tax legislation. Account data is retained for as long as your account remains active and for 2 years after closure. Marketing consent records are retained for 3 years. You may request deletion at any time (subject to legal retention requirements).

7. Your Rights

You have the right to:

  • Access a copy of the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data (subject to legal retention requirements).
  • Object to or restrict processing in certain circumstances.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent for marketing at any time.

To exercise any right, email njoros2025@gmail.com. We will respond within 30 days.

8. Security

We implement industry-standard security measures including HTTPS/TLS encryption, hashed passwords, HTTP security headers, and rate limiting. However, no transmission over the internet is 100% secure and we cannot guarantee absolute security.

9. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or a prominent notice on our website. The “Last updated” date at the top of this page reflects the most recent revision.

10. Contact

Questions or complaints about this policy should be directed to njoros2025@gmail.com.

Terms of ServiceCookie Policy← Back to Home