Privacy Policy – Sitara Retreat Kenya
Last updated: 30/11/2025]
Sitara Retreat Kenya (“we,” “our,” “us”) is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you visit our website, make a booking, or interact with our services.
This policy applies to all guests, including those from regions governed by the EU General Data Protection Regulation (GDPR) and UK GDPR.
1. Information We Collect
We collect personal information to provide you with a seamless experience during browsing, booking, and staying with us.
1.1 Information You Provide Directly
- Name
- Email address
- Phone number
- Country of residence
- ID/passport details (for check-in compliance)
- Payment confirmation data
- Booking preferences and special requests
- Feedback or inquiry details submitted through forms
We do not store or process full credit card numbers. Payments are routed securely through third-party payment processors.
1.2 Information Collected Automatically
Through cookies and tracking technologies (see Cookies Policy), we collect:
- IP address
- Device type
- Browser type & version
- Pages visited
- Time spent on pages
- Location approximations
- Booking behavior
- Referral sources (e.g., ads, social media, search engines)
This data helps us improve user experience and website performance.
1.3 Third-Party Data Sources
We may receive limited data from third-party platforms such as:
- Google Analytics
- Facebook/Meta Pixel
- Online travel agencies (OTAs)
- Payment processors
- Email marketing tools
This data is used solely to improve service delivery and marketing efficiency.
2. How We Use Your Information
We use your data for the following purposes:
2.1 Booking & Service Delivery
- Process reservations and payments
- Send booking confirmations and updates
- Manage check-in, stay, and check-out
- Respond to inquiries and provide customer support
2.2 Website Improvement & Analytics
- Enhance functionality and performance
- Personalize content and browsing experience
- Monitor website usage trends
- Track and improve marketing campaigns
2.3 Legal & Security Purposes
- Comply with legal obligations in Kenya
- Prevent fraud or misuse
- Maintain safety and protect property
2.4 Marketing Communications
With your consent, we may send:
- Offers & promotions
- Retreat updates
- Wellness program announcements
You may unsubscribe at any time.
3. Legal Basis for Processing (GDPR)
For guests from the EU/UK, we process personal data based on the following legal grounds:
- Contractual necessity: To complete bookings and manage your stay
- Legitimate interest: Website analytics, service improvement
- Consent: Marketing emails, non-essential cookies, analytics
- Legal obligation: Required guest records, tax compliance
4. How We Share Your Information
We do not sell personal data.
We may share your information only with:
- Payment processors
- Booking & reservation software
- Email/SMS service providers
- Analytics and marketing tools
- Legal authorities (only if required)
All third parties must comply with strict data privacy standards and sign data processing agreements (DPAs) where applicable.
5. International Data Transfers
Some of our third-party service providers may store or process data outside Kenya, including in:
- The European Union
- The United Kingdom
- The United States
We ensure protection through:
- Standard Contractual Clauses (SCCs)
- GDPR-compliant security practices
- Encrypted data transfers
6. Data Retention
We retain personal data only as long as necessary for:
- Booking and service fulfillment
- Legal, accounting, and reporting obligations
- Safety and operations
Retention periods vary depending on the data type, but we never store data longer than required.
7. Your Rights (GDPR & International)
You have the right to:
- Access your personal data
- Correct inaccurate information
- Delete your data (right to erasure)
- Withdraw consent at any time
- Object to certain processing activities
- Request data portability
- Restrict processing in certain situations
To exercise these rights, contact us using the details below.
8. Cookies & Tracking Technologies
We use cookies to improve website functionality, personalize the booking experience, and analyze traffic.
Our detailed Cookies Policy explains:
- Types of cookies
- Why they are used
- GDPR consent requirements
- How to manage cookie preferences
You may control or disable cookies in your browser settings or through our cookie banner.
9. Data Security
We implement robust security measures, including:
- Encryption (SSL/HTTPS)
- Secure servers
- Limited-access controls
- Regular security monitoring
- Protected payment gateways
Despite this, no system is 100% secure. We continually update our protocols to protect your data.
10. Children’s Privacy
Our website and services are not directed at children under 18.
We do not knowingly collect data from minors unless required for family bookings and only with parental consent.
11. Changes to This Privacy Policy
We may update this policy when:
- Legal requirements change
- We introduce new services or technologies
- Our data processing practices evolve
The most recent version will always be available on this page.
12. Contact Us
For privacy concerns, GDPR requests, or data inquiries, please contact:
Sitara Retreat Kenya
Email: reservations@sitararetreatkenya.com
Phone: +254 745 448966
Location: Diani, Kenya
Website: www.sitararetreatkenya.com