Privacy Policy

Website Data Privacy Policy

1. Introduction
Sentrim Kenya Limited (trading as Sentrim Hotels & Lodges) is committed to protecting personal data in accordance with the Data Protection Act, 2019 (Kenya), the Data Protection (General) Regulations, 2021 and related Regulations.

2. Data Controller
In accordance with Section 29 of the Data Protection Act, Sentrim Kenya Limited acts as the Data Controller for personal data processed through its website and digital platforms.

3. Personal Data Collected
We may collect identification data, contact details, booking information, payment confirmations, IP addresses, browser/device information, and marketing preferences.

4. Lawful Basis for Processing
Pursuant to Section 30 of the Data Protection Act, personal data is processed on the basis of contract performance, legal obligation, legitimate interest, consent, and vital interest where applicable.

5. Purpose of Processing
To facilitate reservations, provide hospitality services, process payments, communicate confirmations, comply with tourism and tax laws, and conduct marketing where consent is obtained.

6. Data Subject Rights
Under Sections 26 and 33 of the Act, individuals have the right to access, rectify, object, withdraw consent, request deletion, and lodge complaints with the Office of the Data Protection Commissioner (ODPC).

7. Retention
In compliance with Section 39, personal data is retained only as long as necessary for legal, contractual, or audit purposes.

8. Security Measures
Pursuant to Section 41, appropriate technical and organisational measures are implemented to safeguard personal data.

9. Cross-Border Transfers
Any international transfer of personal data complies with Sections 48–50 of the Act and appropriate safeguards are applied.