INTRODUCTION
We care about your privacy and are dedicated to keeping your personal information safe. This privacy notice explains how we handle your data when you visit our website, informs you about your privacy rights, and outlines the legal protection you have. Feel free to check the Glossary for explanations of some terms used in this privacy notice.
1. IMPORTANT INFORMATION AND WHO WE ARE
This privacy notice is here to inform you about how Summit Seekers gathers and handles your personal information when you use our website. This includes details you share when booking a trip, signing up for marketing, or giving a trip review. Please read this notice alongside any other privacy or fair processing notices we might provide on specific occasions. This way, you'll understand fully how and why we use your data. This notice adds to the other ones and doesn't replace them.
Controller Summit Seekers, operated by Bobby Tours Limited, is the one in charge of and responsible for your personal information (referred to as "Summit Seekers," "we," "us," or "our" in this privacy notice).
After checking the data we have, we've decided not to appoint a data protection officer (DPO). Instead, we've assigned a data privacy manager to handle any questions related to this privacy notice. If you have inquiries about this notice or want to exercise your legal rights (explained below), please reach out to the data privacy manager using the provided contact details.
Our full details are:
Full name of legal entity: Bobby Tours & Safaris Tanzania
Email address: , [email protected], [email protected],
Office address: Bobby Tours Street, Olorien, Arusha, Tanzania
Telephone number: +255 (0) 749-087-101
You have the right to make a complaint at any time to the Information for data protection issue.
Making sure the personal info we have about you is accurate and up-to-date is crucial. If there are any changes to your personal data while you're connected with us, please let us know.
Third-party linksOur website might have links to other websites, plug-ins, or applications from third parties. Clicking on those links could let these third parties gather or share data about you. We don't manage these third-party websites and aren't accountable for their privacy statements. Once you leave our site, we recommend checking the privacy notice of every website you visit.
2. THE DATA WE COLLECT ABOUT YOU
Personal data, or information that identifies an individual, covers a range of details. We won't include data where the identity is removed (anonymous data).
Here's what we may collect, use, store, and transfer about you:
- Identity Data: First name, maiden name, last name, username, marital status, title, date of birth, and gender.
- Contact Data: Billing address, delivery address, email address, and telephone numbers.
- Financial Data: Bank account and payment card details.
- Transaction Data: Payment details and information about products or services you've purchased.
- Technical Data: IP address, login data, browser type, time zone, location, device technology, and more.
- Profile Data: Username, password, purchases, interests, preferences, feedback, and survey responses.
- Usage Data: Details about how you use our website, products, and services.
- Marketing and Communications Data: Preferences for receiving marketing and communication preferences.
We also gather Aggregated Data, like statistical or demographic information, not directly identifying you. However, if combined with your personal data, we treat it as such. We may also collect Special Categories of Personal Data, like details about disabilities or medical conditions for trip arrangements. We only collect this information with your positive consent for providing services, meeting your needs, or acting in your interest.
If you fail to provide personal data
If we must collect personal data according to the law or as part of a contract with you, and you don't provide the required information, we may be unable to fulfil the contract we have with you. For our climbs, participants need to fill out a medical form, as high-altitude climbing may not be suitable for everyone due to certain medical conditions. Knowing about your health and fitness is crucial for your safety, and we may decline to offer a trip based on this information.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We gather information from and about you through various methods, including:
Direct interactions: When you fill in a Booking Form, contact us by phone, email, or in other ways. This covers data like your Identity, Contact, and Financial details. For instance, when you book our products, subscribe to deals, request marketing, or provide feedback on a trip.
Automated technologies or interactions: As you use our website, we automatically collect Technical Data about your device, actions, and browsing patterns. This involves using cookies, server logs, and similar technologies. If you visit other websites using our cookies, we may also get Technical Data. Check our cookie policy for more details.
Third parties or publicly available sources: We might receive your personal data from different third parties and public sources, such as:
-Technical Data from analytics providers like Google.
-Contact, Financial, and Transaction Data from providers of technical, payment, and delivery services based in Tanzania.
-Technical Data from advertising networks like Google Ads, Yahoo Ads, pay-per-click advertisers such as Bing, and search information providers like Google, Yahoo, and Bing, both inside and outside the EU.
4. HOW WE USE YOUR PERSONAL DATA
We'll only use your personal data when permitted by law, and commonly, we'll use it in the following situations:
-To perform the contract we're entering into or have entered into with you.
-Our staff, customers, and suppliers may take photos and videos during climbs, including pictures of our customers, for social media updates and future marketing. These images are stored physically and digitally.
-To share your details with companies and organisations necessary for your climb, such as your hotel, other suppliers, credit/debit card company, or bank.
-With insurers, their agents, and medical staff to exchange relevant information in emergencies or when acting on your behalf.
-When necessary for our legitimate interests (or a third party's), provided your interests and rights don't override those interests.
-To comply with legal or regulatory obligations.
We usually don't rely on consent, except for third-party direct marketing via email or text. You can withdraw consent anytime.
Regarding marketing, we aim to give you choices, including opting out of third-party marketing. You can stop marketing messages at any time, but this doesn't apply to data from previous bookings.
You can manage cookies in your browser settings, but note that disabling them may affect website functionality. We won't use your data for purposes other than those we collected it for, and we'll notify you if we need it for an unrelated purpose. We may process your data without your knowledge or consent, where required or permitted by law.
5. DATA SECURITY
We've implemented effective security measures to avoid accidental loss, unauthorised access, or misuse of your personal data. Access to your information is restricted to employees, agents, contractors, and other relevant third parties with a legitimate need to know. They process your data based on our instructions and are bound by confidentiality.
If there's a suspected breach of personal data, we've established procedures to address it. We'll notify you and any relevant regulator of a breach if legally required.
6. DATA RETENTION
We'll keep your personal data only for as long as necessary for the purposes we collected it, meeting legal, accounting, or reporting requirements. The retention period depends on factors like the amount, nature, and sensitivity of the data, potential risks, processing purposes, and applicable legal requirements.
For tax purposes, basic customer information (Contact, Identity, Financial, and Transaction Data) is kept for six years after they stop being customers, as required by law. You can request data deletion in certain circumstances.
In some cases, we might anonymize your personal data for research or statistical purposes, using it indefinitely without notice once it's no longer associated with you.
7. YOUR LEGAL RIGHTS
You have rights under data protection laws regarding your personal data. To ensure your rights, we might need specific information to confirm your identity. This helps prevent unauthorised disclosure of personal data. We may contact you for additional details to expedite our response.
We aim to address legitimate requests within one month. If a request is complex or multiple, it might take longer. We'll notify you and keep you informed in such cases.
8. GLOSSARY
LAWFUL BASIS
Legitimate Interest: This refers to our business’s interest in efficiently managing our operations to provide you with the best service and secure experience. We carefully assess the impact on you (both positive and negative) and your rights before processing your personal data for our legitimate interests. We won’t use your data if our interests are outweighed by the impact on you, unless we have your consent or it’s required or permitted by law.
Performance of Contract: Processing data is necessary for fulfilling a contract you’re part of or taking steps at your request before entering into such a contract.
Comply with a Legal or Regulatory Obligation: Processing your data is necessary to meet legal or regulatory obligations we are subject to.
Protection of Vital Interests: This means safeguarding your health or safety, particularly in emergencies.
THIRD PARTIES
External Third Parties
-Service providers acting as processors based in Tanzania, providing accommodation and medical assistance.
-Professional advisers, including lawyers, bankers, accountants, and insurers based in Tanzania, offering consultancy, banking, legal, insurance, and accounting services.
-Customs, regulators, and other authorities acting as processors based in Tanzania, requiring reporting of processing activities in certain circumstances, such as tax or for obtaining consents or visas.
YOUR LEGAL RIGHTS
You have the right to:
-Request correction of your personal data for accuracy.
-Request erasure of your personal data, subject to legal considerations.
-Object to processing of your personal data based on legitimate interest or for direct marketing purposes.
-Request the transfer of your personal data in a structured, commonly used, machine-readable format.
-Withdraw consent at any time, though it may affect the provision of certain products or services, and we’ll advise you accordingly.