Introduction

In the course of its activities, Masai Mara (Sopa) Lodge Limited processes personal data of its employees, customers and their agents, suppliers, visitors, service providers, shareholders, directors and other stakeholders (hereinafter, the “Data Subjects” “you”, or “your”).

This policy describes the information privacy practices that Masai Mara (Sopa) Lodge Limited follows when handling personal information that we collect or receive in conducting our business. Such information is normally collected through business transactions and interactions, websites, employee(s) and user application(s) such as emails and network platforms.

This privacy policy statement demonstrates our commitment to protect the privacy of individuals with respect to personal identifiable information and is designed to assist you in understanding our policies and practices in relation to the collection, use, retention, transfer and access of your personal information.

Personal Identifiable Information (PII)

Personal Identifiable Information (also referred to as personal data in this policy) means any information relating to an identified or identifiable natural person (the data subject). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location information, an online identifier or by one or more factors specific to the physical, psychological, genetic, mental, economic, cultural or social identity of the natural person.

Application of this privacy policy

This policy applies to all those who have access to PII in our possession. This includes our employees, all service providers and consultants who are our agents or working on our behalf or in our name, through outsourcing of services and processes or any business activity.

Independent contractors and consultants will be made aware of the Privacy Policy as it applies to our staff, potential and/or existing customers and counterparties in their dealings with them. This policy also serves to inform the public of the personal data collected by Masai Mara (Sopa) Lodge Limited, the purpose of collection and how that data is handled.

Data subject rights

As a data subject, you have rights regarding the processing of your personal information as follows:

1. To be informed of the use your personal data is to be put by us;
2. Request access to any personal information held about you by us and details of the processing of your personal information by us;
3. Object to or restrict the processing of your personal data (including profiling), including where the processing is unlawful or no longer necessary;
4. Have inaccurate personal data amended or erased, and to have incomplete personal data completed;
5. To deletion of false or misleading data about them.

In exercise your rights, you may:

1. Withdraw any consent you have given, or are deemed to have given, in relation to our collection or use of your personal information;
2. Request the erasure of your personal data where: (i) the processing was not lawful, (ii) where the data is no longer necessary for the purpose for which it was collected, (iii) where you withdraw consent which was the lawful basis of processing, (iv) where the erasure is necessary to comply with legal obligation, (iv) where processing was for direct marketing, or (v) you object to processing and there is no overriding legitimate interest for us to continue processing.
3. Request to receive your personal data in a format suitable for transmission to another data controller;
4. Object to processing of your personal information for direct marketing.
5. Object to any decision about you based solely on automated processing (including any profiling) that produces legal effects or otherwise significantly affects you; and
6. Complain to the relevant data protection supervisory authority, if you think that we are not complying with our obligations in relation to our processing of your personal information.

You can make a request to us in relation to these rights at any time by contacting us via email at This email address is being protected from spambots. You need JavaScript enabled to view it.. All requests will be dealt with promptly, in line with the provisions of Data Regulations of 2021. Any information to which you are entitled will be provided within a reasonable timeframe, subject to any exemptions stipulated in applicable data privacy laws.

Collection of personal data and purpose of processing

1. Employment and recruitment
   • We may collect information you provide to us through the recruitment processes such as name, passport sized image of you, date of birth/age, gender, contact information, identification number, education and academic qualifications, professional and employment history, reference contacts and current employment remuneration details.
   • On your employment with Masai Mara (Sopa) Lodge Limited, we collect additional information related to your bank account number, next of kin details, details relating to personal good conduct, medical history, biometrics such as finger print, and other information relevant to meeting our obligations under the employment laws and to process the periodic payroll. We may also collect and retain background information as permitted under applicable law.
   • This information is only collected for the purposes of recruitment and background reference checks, human resource management and development, staff welfare, and payroll processing.
   • This information is only collected for the purposes of human resource management and development, payroll processing, and recruitment.
2. Business partners
   • For all counterparties doing business with us, we collect information that might be PII in nature. This could be names, personal email addresses, or phone numbers provided in the course of communications, individual tax PIN numbers, or physical addresses of (company) agents and representatives.
   • Information collected through these processes is only used for legitimate trading purposes such as facilitating the processing of transactions, receipting, and making of payments.
   • To ensure we do business with reputable, honest and qualified business partners and agents, we may also conduct due diligence checks on companies and their directors and shareholders to establish the legal status of all potential new business partners to evaluate whether they may be involved in illegal or corrupt practices. Such checks may include the collection of personal identification documents for such directors and shareholders.  
3. Information provided through our security procedures
   • As part of our security procedures, we obtain information from our visitors. This information may include their name, national identification number, phone number, vehicle registration, name of employer, and other business contact details. Such information is only processed for purposes of maintaining a record of our visitors for security management purposes.
4. Information you provide to us through our website
   • We may collect the information you provide to us through our web-based enquiries. This information includes your name, phone number, and email address. This information is only processed for business purposes.
   • We may also collect this information indirectly through our booking engine service providers and online hotel booking sites.
5. Information we may receive from our counterparties
   • We may receive personal information about you from our counterparties (booking engines, sales representatives) who may share your information to enable us to offer our services to you. This includes basic contact information about you, such as your name, company name, title, address, phone number, fax number and email address. It may also include information on the products you have shown interest in or may be interested in purchasing from us.
   • We may also obtain personal information about you from our counterparties in connection with business transactions you initiate with us, such as through credit verification or other processes related to the transaction.
   • If we use such information to contact you, it will only be to see if you are interested in our products. We will not use this information for other purposes without your consent. In addition, if you inform us that you are not interested in these products, we will stop using the information to contact you.
6. Others who may get in touch with us
   • We collect personal data when an individual gets in touch with us with a question, complaint, comments or feedback such as name, contact details and content of the communication. In this case, we will only use the data for the purpose of responding to the communication and handling the matter.
7. Visitors
   • We collect identification details of visitors to our premises such as name, mobile numbers, vehicle registration number, and Identification card number for the purposes of security measures.
8. CCTV installations
   • Our premises are equipped with CCTV cameras for the purposes of safety and security.

Use of personal information

1. For business use
   • We use your personal information to facilitate our ongoing and proposed business dealings with you. This includes:
     • To offer hospitality services to guests;
     • To process business transactions with us;
     • To communicate with you about updates, maintenance, outages, or other technical matters concerning these products;
     • To verify the accuracy of account and technical contact information we have on file for you and your company in relation to these products;
     • To respond to questions or inquiries that you or your company may have about our products.
   • We may use your personal information as required for us to comply with relevant laws and regulations relating our business.
2. Marketing Purposes
   • With your consent or as otherwise permitted by applicable law, we may use your personal information for purposes relating to the marketing of our products, or those of our business partners where you may have shown interest in. This means we may from time to time:
     • Send you newsletters, press releases, event announcements and other similar communications regarding the products that we offer;
     • Market or promote our products to you;
     • Solicit input from you regarding improvement of our products;
     • Send you announcements or requests on behalf of other customers of ours who believe you would benefit from use of our products; and
     • Use your personal information for other purposes that we disclose to you at the time we obtain your consent.
   • You may at any time opt-out to receiving marketing related communication from us, by contacting us at This email address is being protected from spambots. You need JavaScript enabled to view it..
3. Employment
   • As permitted by applicable laws we maintain employment records of our current and former employees. With respect to current employees, we only use the processed personal information for human resources management activities, staff welfare and legal obligations.
   • With respect to former employees, we archive the records and only use them on lawful basis only as permitted by the law. After the required retention period (in line with Income Tax Act and Companies Act), the records are destroyed.
4. Recruitment
   • We may use your personal information you provide to us through job applications, using our online website, email or via fax solely for the purposes of processing your job application for the position you have shown interest in and in accordance with this privacy notice and applicable law. This may also include data we collect from third parties such as recruiting firms, your references, prior employers and educational history in order to identify and evaluate candidates for potential employment. We may conduct vetting for specific job roles, which may include background checks as permitted by local laws. With your consent, we may retain a record of your job application and references for a period of 1 year.

Personal data integrity

While you are responsible for the accuracy of all personal information that you provide to us, we will use reasonable efforts to maintain the accuracy and integrity of your personal information, and to update that information as appropriate. We will take reasonable steps to ensure that the personal information we collect from you is relevant to its intended use, and that it is used only in ways that are compatible with the purposes for which it was collected or otherwise authorised by you.

Personal data sharing

1. Internal
   • Masai Mara (Sopa) Lodge Limited may transact business with affiliated parties. From time to time we may share your personal information within Masai Mara (Sopa) Lodge Limited structures. Such information may be used for internal business, operational, as well as for purposes consistent with the purpose for which the information was originally collected or subsequently authorised by you.
2. External
   • We may disclose or transfer your personal information with our service providers. Normally, these would include Masai Mara (Sopa) Lodge Limited lawyers, auditors and consultants.
   • We may also, from time to time, employ service providers to perform services on our behalf, such as hosting our data (including your personal information), websites, products and other applications; fulfilling and processing orders for our products; or performing other administrative services for us. Prior to allowing these service providers to access your personal information, we will enter into a formal agreement with them to ensure that they handle and process the information in accordance with this Privacy Policy and applicable law and ensuring they have adequate technical and organisational controls in place to safeguard your personal data.
   • We will not share your personal information with third parties outside of Masai Mara (Sopa) Lodge Limited for their marketing purposes without your consent. However, we may share such information with our counterparties as described for the purposes disclosed to you at the time you provided the information, or as subsequently authorised by you or as permitted by applicable laws.
   • The personal information that we collect from you may be transferred to, and stored at, a destination outside Kenya. It may also be processed by members of staff operating outside of the country who work for us or one of our service providers.
   • If your personal information is held by us within Kenya, it will only be transferred outside the country after the following considerations – as provided by the law:
     1. The appropriateness of data protection safeguards during transfer;
     2. The transfers are to a country where adequate level of protection is ensured;
     3. The transfer is based on necessity and approved by the Office of Data Protection Commissioner; or
     4. If you have given consent to such transfer.
3. Legal Protections and Law enforcement
   1. We may access, use, preserve, transfer and disclose to our counterparties your personal information for the following purposes:
      1. To satisfy any applicable law, regulation, or legal or regulatory process, if in our opinion such is required or permitted by law or reasonably requested by a regulatory authority (including the tax authorities);
      2. To protect and/or defend this privacy policy or other internal policies or terms of use applicable, including investigations of potential violations thereof, ensuring the protection of the safety, rights, property or security of Masai Mara (Sopa) Lodge Limited or any of our counterparties; and
      3. To detect, prevent or otherwise address fraud, security issues or breaches, or technical issues. This may include allowing third parties, such as internet service providers, wireless service providers and/or law enforcement agencies, to access and use your personal information in order to identify you. We may take any of these steps without prior notice to you to the extent permitted by law.

Protection of personal information

We put in place reasonable safeguards and measure based on internationally recognised information security standards to protect your personal information in our possession from misuse, unauthorised access, disclosure, alteration, destruction or loss. We have a framework of policies, procedures and training/awareness in place covering data protection, confidentiality and security. As necessary, we will take additional precautions regarding the security of particularly sensitive information, such as categories of data deemed as sensitive under applicable data protection laws.

While we strive to secure your personal information, we cannot warrant or guarantee that this information will be protected under all circumstances, including those beyond our reasonable control.

Data retention

We will not retain personal information for longer than is necessary for the purposes for which it was collected, except where retention is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims. We have developed an internal data retention policy which is guided by the applicable laws.

Access, objection to processing, rectification and data erasure

Should you require to communicate to us in regard to access of your data, object to processing, request for rectification or erasure, kindly contact us through This email address is being protected from spambots. You need JavaScript enabled to view it..

Request by employees can be communicated through the Human Resource department or in writing through This email address is being protected from spambots. You need JavaScript enabled to view it..

Monitoring and enforcing this policy

We will conduct periodic internal compliance audits and assessments of our relevant privacy practices to verify adherence to this privacy policy.

Policy revision

This privacy policy is kept under regular review and is therefore subject to change.

Our contacts

Masai Mara (Sopa) Lodge Limited
P.O BOX 72630-00200, Block D1, 1^st Floor, Peponi Plaza
Nairobi, Kenya