+254 718 664 422
Request A Free Quote
Request A Free Quote
Menu
+254 718 664 422
Request A Free Quote

Privacy Policy

MOUTI TOURS & TRAVEL — Privacy Policy

Effective date: 6 February 2026
Last updated: 6 February 2026

MOUTI TOURS & TRAVEL (“MOUTI”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, share and protect personal data when you interact with our websites, make enquiries or bookings, use our services (tours, safaris, transfers, vehicle hire), contact us on WhatsApp/email/phone, or otherwise provide us information. It also explains your rights and how to exercise them.

This policy applies to personal data collected by MOUTI via:

  • our websites (including booking or quote forms),
  • email, phone and WhatsApp communications,
  • in-person interactions at our offices or events,
  • bookings made through third-party marketplaces and agents (e.g., SafariBookings, Google),
  • and any other services where MOUTI collects personal information.

If you have questions about this Policy or want to exercise your privacy rights, please contact us — contact details are at the end of this policy.

1. Who we are & contact details

Data Controller / Company:
MOUTI TOURS & TRAVEL
Email: info@moutitours.co.ke
Operations & 24/7 (while travelling): +254 718 664 422 (WhatsApp & voice)
Postal/Registered office:
Company registration:

Data Protection Officer (or privacy contact): info@moutitours.co.ke

If you are located in Kenya and have a complaint you may also contact the Office of the Data Protection Commissioner (ODPC) — see their website for details.

2. Summary — what this policy covers

This policy explains:

  • what personal data we collect and why;
  • how we use and share your personal data;
  • how long we keep your data;
  • how we protect your information;
  • how you can access, correct, move or delete your data; and
  • how to contact us or lodge a complaint.

We describe special cases (children’s data, international transfers, marketing, cookies, third-party services) and our legal bases for processing personal data (contract, consent, legitimate interest, legal obligation).

3. Personal data we collect

We collect different kinds of personal data depending on how you interact with us.

3.1. Data you give us directly

  • Identity & contact data: name, email address, postal address, telephone/WhatsApp number, emergency contact.
  • Travel & booking data: travel dates, passenger names, passport numbers, nationality, visa information, special requirements (dietary / mobility), accommodation preferences, flight details, number of travellers, payment and billing address.
  • Payment data: payment card details if you pay via a card on our site (note: we use third-party payment processors and do not retain raw card data except tokens as described below).
  • Communications: enquiries, messages and correspondence (email, WhatsApp chats, call recordings if recorded with consent for quality/training), reviews or testimonials you submit.
  • Marketing preferences & consent: your choices about receiving marketing communications.
  • Files & attachments: uploads you provide (e.g., group lists, ID scans where required for permits).

3.2. Data we collect automatically

  • Technical / usage data: IP address, device/browser type, operating system, pages visited, time on site, referrer URL, search terms, click and navigation information.
  • Cookies and analytics identifiers: Google Analytics, Facebook Pixel, other tags and cookies (see Cookies section).
  • Location data: approximate location derived from IP address or mobile network if you use location-enabled features; we do not track real-time location during normal web browsing unless you expressly use a tracking service.

3.3. Data from third parties

  • Third-party booking platforms: if you booked through SafariBookings, an agent or OTA we may receive booking data from them.
  • Payment processors: payment status or transaction IDs.
  • Public reviews & social media: if you leave reviews on Google / SafariBookings or mention us on social media, we may collect and display them (with your consent where required).
  • Partners & suppliers: when we coordinate multi-supplier services we share/receive personal data with/from suppliers (lodges, carriers, ground handlers).

3.4. Sensitive personal data / special categories

We avoid collecting special category data unless strictly necessary. If we need health or medical information (e.g., mobility needs, allergies), this is collected to protect your safety and delivered only to relevant suppliers and emergency services. You must consent to this processing at booking.

4. Why we collect & how we use personal data (purposes and legal basis)

We process data only where we have a lawful basis. Depending on the purpose, lawful bases include: performance of a contract, your consent, legitimate interests, and compliance with a legal obligation (e.g., anti-money-laundering, tax).

4.1. To arrange and provide travel services (Contract)

  • Purpose: make reservations, buy permits, book flights, arrange transfers, organise guides and vehicle hires.
  • Lawful basis: performance of a contract with you.
  • Data used: identity, contact, passport/visa, booking details, payment/billing information, special needs.

4.2. To manage payments and refunds (Contract / Legal obligation)

  • Purpose: process payments, refunds, invoicing, tax and accounting records.
  • Lawful basis: performance of contract and compliance with legal obligations (tax, accounting).
  • Data used: billing information, payment transaction IDs; note: card numbers are processed by our payment providers — we do not store card numbers unless tokenized.

4.3. To respond to enquiries, quotes and customer service (Contract / Legitimate interest)

  • Purpose: respond to quote requests, update you about changes, handle complaints and provide 24/7 support.
  • Lawful basis: performance of contract and legitimate interest in providing reliable customer support.
  • Data used: contact details, communications history.

4.4. For marketing & promotions (Consent / Legitimate interest)

  • Purpose: send promotional emails, newsletters, offers and tailored recommendations.
  • Lawful basis: consent (where required) or legitimate interest (where allowed).
  • Your choice: you may opt out at any time using links in emails or by contacting us.

4.5. For safety, emergency & medical reasons (Contract / Consent)

  • Purpose: handle medical emergencies, arrange evacuation, or comply with safety protocols.
  • Lawful basis: performance of contract and your consent for sharing medical info with medical providers/suppliers.

4.6. For fraud prevention & legal compliance (Legal obligation / Legitimate interest)

  • Purpose: prevent fraud, comply with laws, respond to law enforcement requests and record keeping for financial audits.
  • Lawful basis: compliance with legal obligations and legitimate interest.

4.7. For analytics, site improvement & personalization (Legitimate interest / Consent)

  • Purpose: improve website, monitor performance, personalise marketing and measure campaign effectiveness.
  • Lawful basis: legitimate interest and consent for non-essential cookies/tracking.

4.8. For storing reviews and testimonials (Consent)

  • Purpose: publish reviews on our site and third-party platforms with your permission.
  • Lawful basis: consent.

5. How we share personal data

We share personal data only where necessary and with appropriate safeguards.

5.1. Third-party service providers (processors)

We use carefully selected service providers to deliver our services. Typical categories:

  • accommodation partners, lodges, guides and ground handlers (to fulfil bookings);
  • airline and domestic flight partners;
  • payment processors and banks (to process payments);
  • IT, analytics & hosting providers (website, email, booking platform);
  • customer relationship management (CRM) & reservation systems;
  • marketing platforms (email delivery, social ads);
  • professional advisers (lawyers, accountants).

We require these providers to process data only on MOUTI’s instructions and to implement adequate security.

5.2. Third-party marketplaces & partners

If you booked through a third-party platform (SafariBookings, OTAs), we share necessary booking details with those platforms and they may share booking data with us.

5.3. Legal & safety disclosures

We may disclose personal data to law enforcement, public authorities, or other third parties when required by law, regulation, court order or to protect rights, property or safety.

5.4. Emergencies & medical assistance

We will share relevant medical and contact information with medical providers, evacuation companies or authorities in case of emergencies.

5.5. Mergers & business transfers

In the event of a sale, merger, reorganisation or insolvency, personal data may be transferred as part of business assets; we require the successor to honour data protection commitments.

6. International transfers

MOUTI is based in Kenya and may transfer personal data to countries outside Kenya (for example: hosting providers, payment processors, third-party partners located in other jurisdictions). Some of these countries may not provide the same level of data protection.

When we transfer data internationally we will:

  • rely on appropriate safeguards (standard contractual clauses, data processing agreements, or other lawful mechanisms); or
  • only transfer to countries with adequate protection or where necessary for contract performance.

If you are in the EU/EEA, transfers outside the EEA are governed by safeguards under EU law (e.g., SCCs). Contact us for further details of the safeguards we use.

7. Data retention — how long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected, or to comply with legal, tax or regulatory requirements.

Typical retention periods:

  • Booking records & invoices: retained for 7 years for tax/accounting and legal compliance (or longer if law requires).
  • Contact & quote enquiries: kept for 24 months after last contact unless you become a client or ask us to delete earlier.
  • Marketing consent & preferences: until you withdraw consent or opt-out.
  • Employment or supplier records: retained as required by law (varies).
  • Website analytics: aggregated data retained for up to 26 months (or as set by analytics tool); you can opt out of analytics cookies.
  • Support tickets & complaints: retained for minimum 3–5 years depending on relevance.

If you request deletion we will delete your personal data unless there is a valid legal reason to retain it (e.g., pending legal claims, tax obligations).

8. Cookies & tracking technologies

We use cookies, pixels and other tracking technologies to make our website work and to analyse/optimise our site. You can control cookie preferences via our cookie banner and your browser settings.

Cookie categories & examples

  • Essential cookies — required to operate the site (session cookies, security). They cannot be turned off.
  • Functional cookies — remember preferences (language, form entries).
  • Analytics cookies — Google Analytics and similar to measure site use (retain ~26 months).
  • Advertising & remarketing cookies — used for ad targeting and measuring ad campaigns (Google Ads, Facebook Pixel).

You can manage cookies in your browser settings or opt-out via the cookie banner. For targeted ads you can also manage preferences at the advertising platforms (Google Ads settings, Facebook ad settings).

9. Security

We implement organisational, technical and physical measures to protect personal data, including:

  • secure servers and encryption for sensitive data in transit (SSL/TLS);
  • access controls and role-based permissions;
  • background checks and data protection obligations for staff and suppliers;
  • regular security audits and vulnerability testing.

No internet transmission or storage is completely secure. We cannot guarantee absolute security but will take reasonable steps to protect data.

Data breach: In the unlikely event of a security incident, we will notify affected individuals and relevant authorities without undue delay and within the timeframes required by applicable law (including within 72 hours where required by law).

10. Children & minors

We do not knowingly collect personal data from children under 16 without parental consent. If you are booking travel for minors we will require guardian details and may require proof of parental consent. If you believe we have collected data from a child without consent, contact us to request deletion.

11. Your rights (access, correction, deletion, objection, portability, restriction)

Where applicable under local law (including Kenya’s Data Protection Act and the EU GDPR for EU/EEA residents), you have rights to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your personal data (right to be forgotten) subject to legal retention obligations;
  • restrict or object to certain processing (e.g., direct marketing);
  • data portability — obtain your personal data in a structured, commonly used machine-readable format;
  • withdraw consent for processing based on consent (this does not make prior processing unlawful);
  • lodge a complaint with your local data protection authority or the ODPC in Kenya.

How to exercise: Contact info@moutitours.co.ke with your request. We may need to verify your identity before fulfilling requests. We will respond within applicable statutory periods (for GDPR: one month, extendable in complex cases).

If you are an EU/EEA data subject and unsatisfied, you may lodge a complaint with your local supervisory authority or the Data Protection Officer in Kenya (Office of the Data Protection Commissioner).

12. Marketing communications

We send marketing emails only where you have consented (or if we have a legitimate interest and you have not opted out). Every marketing email contains an unsubscribe link. You can opt out by:

  • clicking the unsubscribe link in any marketing email;
  • emailing info@moutitours.co.ke with “unsubscribe”; or
  • contacting us via WhatsApp.

If you opt out we will stop sending marketing messages but may still send transactional messages (booking confirmations, operational messages).

13. Booking & payment processors

Payment transactions are handled by third-party payment processors (e.g., Stripe, PayPal, local banks). We do not keep full payment card numbers unless stored as tokens by a certified payments provider. Check your payment provider’s privacy policy for details.

14. Third-party sites & links

Our websites may include links to external sites (suppliers, booking partners, review platforms). This Privacy Policy does not apply to third-party sites. Review such sites’ privacy policies before providing personal information.

15. Reviews & public feedback

When you post reviews on Google, SafariBookings or our site you grant us permission to publish your review and first name, location and review content. If you want your review removed contact us and we will consider your request consistent with applicable law and platform policies.

16. Automated decisions & profiling

We do not make automated decisions that have legal or similarly significant effects on you. We may use automated tools to segment users for marketing (profiling) — where required we will obtain consent.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The “Last updated” date will show the effective date. Material changes will be notified by email (where we hold a contact email) or via a prominent notice on our website.

18. How to contact us & make requests

For privacy enquiries, to exercise your rights, or to lodge complaints:

Email (privacy contact): info@moutitours.co.ke
General enquiries: info@moutitours.co.ke
Operations / WhatsApp (24/7 while traveling): +254 722 221 070
We will acknowledge receipt of privacy requests within a reasonable time and respond in accordance with applicable law.

19. Governing law & supervisory authority

This Privacy Policy is governed by the laws applicable in the jurisdictions where we operate. If you are in Kenya, the Office of the Data Protection Commissioner (ODPC) is the supervisory authority. If you are based in the EU/EEA, you may also contact your local supervisory authority.

20. Additional notes for travellers

  • If you want us to remove your personal data from marketing lists and third-party review summaries, contact info@moutitours.co.ke.
  • For group bookings where an organiser submits passenger lists, the organiser must have lawful basis for sharing passenger data with us and should inform travellers in advance.

A final note

We aim to be transparent, fair and responsible in our data practices. If anything in this policy is unclear or you would like a different format (plain-language summary, downloadable PDF), please contact info@moutitours.co.ke and we will assist.