This policy describes what personal data we collect from you, how we use it, who we share it with, how long we keep it, and what rights you have under GDPR and Tanzania data protection law. Written plainly.
Tanzania Rewilded Ltd (“we”, “us”, “our”) is a limited liability company incorporated under the laws of Tanzania, registered in Arusha (Registration No. 142850), with its registered address at Sokoine Road, Arusha, Tanzania. We are the data controller responsible for the personal data described in this policy.
For any privacy-related enquiries, you can contact our Data Protection Officer at privacy@tanzaniarewilded.com.
The personal data we collect depends on how you interact with us.
We process your personal data on the following lawful bases.
| Purpose | Legal basis |
|---|---|
| Responding to your enquiry, preparing itineraries | Legitimate interest |
| Processing bookings and fulfilling our contract with you | Contract performance |
| Park entry, flight bookings, insurance (where we arrange) | Contract performance |
| Marketing emails (newsletter, trip reports) | Consent |
| Financial record-keeping | Legal obligation |
| Emergency medical support during your trip | Vital interests |
| Website analytics, fraud prevention | Legitimate interest |
Some of our service providers are based outside Tanzania. Where we transfer personal data to countries that do not have an adequacy decision under Tanzanian or EU data protection law, we rely on Standard Contractual Clauses or equivalent safeguards.
Specifically, data may be transferred to the EU, UK, and USA (payment processors, email infrastructure). On request we will provide a copy of the relevant safeguards.
We keep personal data only for as long as we need it for the purposes for which it was collected, or as required by law.
| Category | Retention period |
|---|---|
| Enquiry data (no booking made) | 24 months |
| Booking and financial records | 7 years (Tanzanian tax law) |
| Passport details after trip | Deleted within 90 days |
| Newsletter subscription | Until you unsubscribe |
| Marketing photographs (where consented) | Until you withdraw consent |
| Website analytics | 26 months |
You have the following rights regarding your personal data:
To exercise any of these rights, email privacy@tanzaniarewilded.com. We will respond within 30 days. You also have the right to complain to your local data protection authority.
We take appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls limited to staff with a need-to-know, regular security audits, and staff training on data protection.
No system is absolutely secure. If a data breach occurs that risks your rights and freedoms, we will notify you within 72 hours of becoming aware of it, as required by law.
Our services are not directed at children under 16. We do process personal data of children when they travel with parents or guardians who book with us — but always with parental consent and parental responsibility for the data.
We may update this policy from time to time to reflect changes in our practices or legal requirements. When we do, we will update the “Last updated” date at the top. Material changes will be notified by email where we have your contact details.
This is version 3.2 of our privacy policy. Previous versions are archived and available on request.
Our Data Protection Officer is a named person, not a role email. Real responses, within 30 days, always.
Plan my trip →