How Njiru Safaris & Tours collects, uses, protects, and shares your personal data under the Zimbabwe Data Protection Act, GDPR, and other applicable regulations.
Our Promise
Plain, transparent data practices with detailed accountability for every jurisdiction we serve.
Who We Are & Scope
Njiru Safaris & Tours (Private) Limited acts as the data controller for the personal data collected through this website, direct correspondence, and our offline concierge channels. This Privacy Policy applies globally to all travelers, suppliers, and partners who interact with our services, and it is aligned with the Zimbabwe Data Protection Act (2021), GDPR, and any applicable regional data protection regulations where our guests reside.
Definitions
"Personal Data" means any information that can identify you directly or indirectly.
"Processing" covers any action performed on personal data such as collection, storage, use, disclosure, and deletion.
"Controller" defines the entity that decides how and why personal data is processed; in this case, Njiru Safaris & Tours.
Categories of Personal Data We Collect
We collect information directly from you, from authorized agents acting on your behalf, from partner suppliers, and automatically through digital channels.
Data You Provide
Identity and contact data: names, pronouns, date of birth, nationality, passport details, emergency contacts.
Deliver proactive communications before, during, and after travel such as confirmations, alerts, and service updates.
Improve digital platforms, optimize marketing campaigns, and develop new products based on aggregated insights.
Protect our operations by conducting due diligence, detecting security incidents, and enforcing terms of service.
Sharing & Disclosure
We never sell your personal data. We only share it with parties that help deliver your travel experience or where disclosure is mandated by law.
Service Delivery Partners
Hotels, lodges, charter companies, guides, activity operators, and catering partners receive only the data needed to fulfill your booking.
Transport providers (e.g., airlines, chauffeurs, helicopter charters) receive manifests, passport details, and emergency contacts as required by aviation regulations.
Business Support Vendors
Technology suppliers: hosting, CRM, marketing automation, analytics, customer support chat, and secure document storage.
Professional advisors: legal counsel, accountants, auditors, and insurance brokers bound by confidentiality agreements.
Regulators & Authorities
Immigration, customs, tourism boards, and wildlife authorities when mandated for permits or compliance.
Law enforcement or dispute resolution bodies when necessary to defend legal claims, protect life, or prevent fraud.
International Transfers & Safeguards
Because we operate with suppliers across Africa, Europe, the Middle East, and North America, your data may be transferred to jurisdictions with different data protection laws.
We rely on adequacy decisions, EU Standard Contractual Clauses, UK International Data Transfer Agreements, or other legally recognized safeguards when exporting data.
Encryption in transit (TLS 1.2+) and at rest, zero-trust network segmentation, and least-privilege access limit exposure.
Vendors undergo diligence reviews, contractual audits, and ongoing monitoring to ensure compliance.
Retention & Deletion
Enquiry data: retained up to 24 months to support returning guests unless you request deletion sooner.
Confirmed bookings: kept for seven years after travel completion to meet financial, insurance, and regulatory obligations.
Supplier and partner data: retained for the duration of the partnership plus seven years.
Marketing consents: stored until you unsubscribe, after which we maintain suppression records to honor your preference.
System logs and analytics: anonymized or deleted within 26 months unless extended for active investigations.
Security Measures
Segregated production and staging environments, hardened cloud infrastructure, and automated patch management.
Role-based access controls enforced by SSO/MFA, plus quarterly access reviews.
Encryption of sensitive documents (passports, medical notes) and secure key management.
Incident response playbooks that include 72-hour regulator notification commitments where applicable.
Mandatory privacy and security training for staff and contractors.
Cookies & Similar Technologies
We use cookies, pixel tags, local storage, and device identifiers to ensure the site works correctly and to personalize your experience.
Categories We Use
Strictly Necessary: authentication, load balancing, and booking cart preservation.
Performance: analytics (e.g., Google Analytics, Plausible) to measure website health.
Functionality: remember locale, currency, and saved itineraries.
Targeting: remarketing pixels (Meta, Google Ads) activated only with your consent.
Managing Preferences
Use our on-site cookie banner to opt in or out of non-essential cookies at any time.
Adjust browser settings (Chrome, Safari, Edge, Firefox) to block or delete cookies; note this may affect site functionality.
Mobile app users can reset advertising identifiers through device privacy settings.
Automated Decision-Making & Profiling
We do not make decisions that have legal or similarly significant effects on you solely through automated processing.
Recommendation engines may suggest itineraries based on previous trips, preferences, and aggregated trends.
Risk scoring (e.g., fraud detection) is reviewed by trained staff before any action is taken.
You may request human intervention, express your point of view, or contest any automated assessment.
Children & Special Categories of Data
Our services target adults 18+; minors must have consent and accompaniment from a legal guardian.
We collect children’s data (names, ages, dietary or medical needs) only when needed to deliver family itineraries and only with guardian consent.
Sensitive data such as health or biometric information is processed strictly for safety purposes and protected with enhanced controls.
Your Privacy Rights
Depending on your jurisdiction, you may exercise the following rights. We respond within 30 days or sooner where laws require.
Access: obtain confirmation and a copy of the personal data we hold about you.
Rectification: have inaccurate or incomplete data corrected.
Erasure: request deletion when data is no longer needed or when consent is withdrawn.
Restriction: pause processing while a challenge is investigated.
Portability: receive data you provided to us in a structured, machine-readable format.
Objection: opt out of processing based on legitimate interests or direct marketing.
Withdraw consent: change your mind at any time without affecting prior lawful processing.
Lodge a complaint: escalate concerns to the Zimbabwe Data Protection Authority (POTRAZ) or your local regulator.
Submitting Requests & Complaints
To exercise any right, please email privacy@njirusafaris.com with the subject line "Data Subject Request". We may ask for proof of identity or authorization to protect your data.
We respond within one calendar month; complex requests may require up to 60 days with prior notice.
If you believe we have not addressed your concern, contact the Data Protection Authority, POTRAZ, 1110 Performance Close, Mt Pleasant Business Park, Harare, Zimbabwe (dpa@potraz.gov.zw).
EU/UK residents may also contact their local supervisory authority.
Policy Updates
This notice was last updated on 21 November 2025.
Material changes will be announced on this page, via email to active travelers, or within your client portal.
For archived versions, contact privacy@njirusafaris.com.
Terms of Service
By accessing our website, submitting enquiries, or booking travel services, you confirm that you are at least 18 years old (or have legal guardian consent) and agree to provide accurate information. Confirmed itineraries are subject to supplier availability and applicable deposit schedules. We will always notify you of material changes—such as government fee increases, park levies, or fuel surcharges—and offer alternative arrangements where possible.
Deposits are typically non-refundable once supplier confirmations are issued, unless otherwise stated in your contract. Final balances are due on the dates specified in your invoice; failure to settle may result in automatic cancellation and forfeiture of deposits. We strongly recommend comprehensive travel insurance covering medical emergencies, evacuations, force majeure, cancellations, and baggage losses.
Njiru Safaris & Tours reserves the right to deny service, suspend accounts, or cancel bookings if payment fraud, abusive conduct, or safety risks are detected. Intellectual property on this site—including copy, imagery, video, logos, and itineraries—remains our property or that of our licensors and may not be reused without written consent.
These Terms are governed by the laws of Zimbabwe. Disputes will be handled in the courts of Harare, unless mandatory consumer laws in your jurisdiction require otherwise. If a clause is deemed unenforceable, the remaining provisions will continue in full effect.
Contact & Requests
To exercise your privacy rights, raise a concern, or request a copy of this policy in another format, reach our Data Protection Lead through any of the channels below. We respond within 30 days and sooner where regulations require.
Head Office
Corner Livingstone & Parkway Dr Victoria Falls, Zimbabwe
We may update this notice to reflect operational, legal, or regulatory changes. Significant updates will be highlighted on this page and communicated directly when required.
Book Your Safari Adventure
Ready to embark on an unforgettable journey through the wilds of Africa? Book your safari adventure with Njiru Safaris and experience the magic of Zimbabwe's wildlife, from the majestic Victoria Falls to the incredible wildlife encounters.
