Acceptance Of Policy
Our travellers are from many different countries – in recognition of this, we endeavour to process all data in accordance with principles of internationally accepted best practices and compliance regulations. We regularly review our compliance with this policy. Whenever we receive a formal complaint, we will contact the person who made the complaint to attempt to resolve his or her concerns.
Please note that by using our websites (as a user browsing the websites), you are consenting to our collection and use of your information as more fully set out in this policy. If you have any concerns about using your information or the contents of this policy, please feel free to contact us.
Notice to European Users: This privacy statement has been prepared in fulfilment of the obligations under the European general data protection Regulation 2016/679 (“GDPR”), on the subject of cookies.
We distinguish in this policy between ‘personal data’ (data required to facilitate international travel) and ‘non-personal data’ (data regarding usage of the websites and de-identified information extracted from the websites for analysis). We collect both personal and non-personal data through our websites and third parties, either automatically or by your providing this information to us during enquiring, signing up for our newsletter, or during the consultation phase to help us improve the info we will be providing you with.
- Failure to provide requested information may impair our ability to provide professional advice when curating and sharing proposed travel itineraries.
- You will need to ensure that your personal information submitted to us is accurate and up-to-date.
- You are responsible for any third-party information obtained, published or shared through the websites, and you consent to only use or share this third-party data with the third party’s consent.
- We collect and store the personal information that you may provide through our websites when you enquire with us, update or change your information with us, or use our services.
- We also collect and store information in relation to your travel itinerary, travel preferences and particulars of those travelling with you, for example, through communications, surveys and other data submitted by you.
- Anyone involved with the processing, transmitting, or storing of card data must comply with the Payment Card Industry Data Security Standards (PCI DSS). Stripe has been audited by an independent PCI Qualified Security Assessor (QSA) and is certified as a PCI Level 1 Service Provider. This is the most stringent level of certification available in the payments industry. Finch Hattons does not collect or store any credit card or account details.
- In addition to personal data, we also store non-personal data, which cannot be used to identify our users. The kinds of non-personal data that we collect includes de-identified data about usage of our websites.
Cookies & Similar Technologies
A cookie is a small piece of code that is installed in your web browser by a website that you visit. They help the website to remember information about your visit, and assist to make the website, and advertisements that you encounter while browsing, more relevant to you. We’ve provided some further detail on cookies below to try and clarify how and why we use them.
Technical cookies and cookies serving aggregated statistical purposes:
How can I manage the installation of cookies?
- You can manage preferences for cookies directly from within your own browser and prevent websites from installing them. Through your browser preferences, it is also possible to delete cookies installed in the past. It is important to note that by disabling all cookies, the functioning of the websites may be compromised. You can find information about how to manage cookies in your browser using the following links: Mozilla Firefox, Apple Safari, Google Chrome and Microsoft Internet Explorer.
- If you would like to go deeper into behavioural advertising and cookies, we find the website at Your Online Choices to be a helpful information source (particularly for users residing in the European Union). This service advises you on how to select your tracking preferences for most advertising tools.
Use Of Non-Personal Data
We use your non-personal data for purposes like product improvement, internal reporting, analytics, performing statistical analyses of collective behaviour of our users, measuring demographics and interests, and for other legitimate business purposes. We will take all reasonable steps to properly de-identify all information that is stored and analysed as non-personal data. This non-personal data may also be shared with the current and future partners and service providers (since there is no prejudice to our users from the disclosure of this non-personal information).
Use Of Personal Data
Except as set out in this policy or specifically agreed by you, we won’t disclose your personal data that we receive through the websites. In general we will always aim to de-identify the information that we store (as non-personal information), but some information will need to still be attached to your name or email address (as personal information), for reasons listed below, and with the aim of supporting personalised and customised experiences and journeys. We work hard to ensure that access to a traveller’s information doesn’t disadvantage or prejudice our travellers.
The ways in which (and the purposes for which) we use personal data are described in further detail below:
Contacting you for the purpose of marketing, advising you on travel information and options, assisting you to complete your bookings and reservations with us, with the aim of keeping travellers informed and providing on-the-go support and information, other legitimate business purposes, and all communications with you for these purposes will be kept on record.
For analytics purposes (and product improvement more generally), including: analysing client characteristics, demographics, activities and behaviours on our websites and applications allowing us to continually improve the design of our website and relevant applications for the benefit of you and other travellers, providing analytical information to all relevant personnel who are involved in assisting and supporting travellers, to enable them to optimise the traveller’s experience, or other legitimate business purposes, reporting internally on traveller choices and related matters, for behavioural marketing and remarketing to website users and travellers, and marketing to potential travellers with similar interests, recording, tracking and analysing activities on the websites, researching, developing and improving, as well as training.
For disclosure: to personnel within Finch Hattons and our third party contractors for business purposes, including but not limited to internally used software and systems providers, and courier companies for shipping of documentation and gifts; to government authorities in response to court orders, subpoena/summons or other legal processes, to establish or exercise a legal right, defend a claim, or as otherwise required by law; to investigate, prevent or take action in relation to any suspected illegal activities, or to protect our own rights and the rights of our service providers; to acquirers, assignees or other successor entities in connection with a sale, merger or reorganisation of all or substantially all of our equity, business or assets.
For any other purpose: for which we receive your consent, that is in the public interest, or within the bounds of the laws in Kenya.
You agree that we may also share any of your personal data with the service provider that you and Finch Hattons choose to use, and these service providers may use your personal data in accordance with their own privacy policies.
We may also disclose all your personal data between our associated Finch Hattons companies, who shall have all the same rights as us in relation to such personal data, and shall comply with this policy in the processing of such information.
We use several external service providers to assist us to process personal data for the above purposes, and they may hold this personal data on their own servers for these purposes. We have provided some further information on some of these external parties below, but we may use other service providers as well – if you would like access to a full list of our service providers please contact us. We are not responsible for, nor do we endorse the privacy practices of these external third parties.
The following service providers enable us to monitor and analyse web traffic and can be used to keep track of user behaviour:
Google Analytics (Google Inc.):
Like most websites, we use Google Analytics. Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the data collected to track and examine the use of our Websites, to prepare reports on activities and share them with other Google services. Google may use the personal data collected to contextualize and personalize the ads of its own advertising network.
Google AdWords conversion tracking (Google Inc.):
Google AdWords conversion tracking is an analytics service provided by Google Inc. that connects data from the Google AdWords advertising network with actions performed on our Websites.
Google Tag Manager (Google Inc.):
Google Tag Manager is an analytics service provided by Google Inc.
Facebook & Instagram Ads conversion tracking (Facebook, Inc.):
Facebook Ads conversion tracking is an analytics service provided by Facebook, Inc. that connects data from the Facebook advertising network with actions performed on our Websites.
Remarketing & Behavioural Targeting:
The following service providers allow us to inform, optimise and serve advertising based on past use of the websites. This activity is performed by tracking usage data and by using cookies. The information will be shared with data processors that manage the remarketing and behavioural targeting activity: Facebook & Instagram Remarketing (Facebook, Inc.), AdWords Remarketing (Google Inc.) and LinkedIn Remarketing (LinkedIn Corporation).
Methods of Processing:
We undertake to process your personal data in a reasonable manner and take appropriate, reasonable security measures to prevent unauthorised access, disclosure, modification, or unauthorised destruction of your personal data. All data processing shall be carried out by employees, consultants or third party service providers using computers and/or IT enabled tools, following standard organizational procedures and modes.
In some cases, personal and non-personal data may be accessible to certain types of persons involved with the operation of the websites (administration, sales, marketing, finance, legal, system administration) or external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies to name a few) appointed, if necessary, by us as data processors.
All data collected through our websites is managed and processed primarily at our various operating offices, and in any other place where the parties involved with the processing are located. For further information on our servers and places where we process data, please contact us.
Due to the fact that we have travellers from all over the world, and hosting services have become more ‘cloud-based’ and international in recent years, we may send and store your personal data outside of the country in which you reside, and there will therefore be some cross-border transfer of this personal data. We are nevertheless committed to protecting the privacy and confidentiality of personal information when it is transferred, in accordance with this Policy and the data privacy requirements in the EU.
If you would like to inspect and review your records, you may submit a request through our contact page. Requests for access will receive a response within 45 days, although certain records may be excluded from records made available for inspection (within the bounds of the law and our confidentiality undertakings with third parties). You may also request amendment of records that you believe are inaccurate, misleading or in violation of your rights.
Your personal data may be used for legal purposes as reasonably determined by us, in court or in the stages leading to possible legal action. You also acknowledge that we may be required to reveal your personal data upon request of public authorities.
Additional Information about Personal Data:
In addition to the information contained in this policy, we may provide you with additional and contextual information concerning particular services or the collection and processing of personal data on request.
System Logs and Maintenance:
For operation and maintenance purposes, our websites and any third party services may collect files that record interaction with the websites (System Logs) or use for this purpose other personal data (such as IP Address).
The Right Of Users
You have a right to know what personal data is being stored, and processed, as well as the categories of recipients with whom it may be shared. You may contact us to learn about the contents and origin of this personal data, to verify its accuracy or to ask for this data to be supplemented, cancelled, updated or corrected, or for their transformation into an anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to us at email@example.com or on our contact page.
Our websites do not currently support “Do Not Track” (“DNT”) requests. DNT is a feature offered by some browsers which, when enabled, sends a signal to websites to request that your browsing is not tracked, such as by third party ad networks, social networks and analytic companies. To determine whether any of the third party services linked on our Website honour DNT requests, please read their privacy policies.
Changes To This Policy
We review our privacy practices from time to time, and reserve the right to make changes to this policy at any time by giving notice through a website feature or by emailing you. We recommend that you check the contents of the policy whenever you have any new questions about privacy and our use of data, referring to the date of the last modification listed at the bottom of the policy.
If you object to any changes to the policy, you must cease using the websites and can request that we delete your personal data. Unless stated otherwise, the then-current policy applies to all data that we maintain.
Contacting Us About This Policy
If you have any questions or comments about this policy, please use the contact us feature on our website, or email us at firstname.lastname@example.org. The data controller for the purpose of this Policy is Future Hotels LTD, Purshottam Place, 9th Floor, Westlands Road, Nairobi, Kenya.
The relevant data controller will be charged with making decisions regarding the purposes and methods of processing of data in terms of this Policy.
Date of last amendment: 18 February 2021