Privacy Policy

INTRODUCTION

At Legendary Expeditions, we are committed to protecting the privacy and security of the Personal Data that you share with us. This Policy has been prepared to help you understand what information is collected through your interactions with us, and how this information is used. To the extent permitted by the Act, by accessing our website or submitting information to us anywhere this Policy is posted, you consent to our use and sharing of the data collected by or submitted to us consistent with this Policy. 

By providing us with your Personal Data and consent, you (i) agree to this Policy and authorise us to process such information as set out herein; and (ii) authorise us, our Associates, Service Providers and other third parties to use and process your Personal Data for the purposes stated in this Policy

This Policy describes our privacy practices for information that we collect:

– through electronic or verbal communication, 
– via our websites, 
– through our social media pages that we control, if any, and 
– as a result of engagement in respect of any of our products or services with Legendary Expeditions at its offices or owned or managed accommodation facilities (“Lodges”).

Personal Data which we collect from you will be processed by Legendary Expeditions and may be shared with our trade partners for purposes of facilitating your booking and the Services we provide to you.  

For persons with disabilities, please email Legendary Expeditions at Data.Protection@friedkintz.co.tz for further guidance on our Policy.

As we place a high premium on the privacy of every person (whether visiting our Lodges or engaging with us via other means), we recommend you read this Policy thoroughly so that you have a clear understanding as to (i) the type of Personal Data we may process; (ii) how your Personal Data may be collected and processed when engaging with Legendary Expeditions; (iii) what we do with your Personal Data;, (iv) the grounds on which we may share the Personal Data with third parties, and (v) how you can access, amend and/or delete Personal Data which we have collected from you.

By engaging with Legendary Expeditions via electronic mail, continuing to use our websites, or accessing and using our Services, you acknowledge that you have read this Policy and consent to the processing of your Personal Data as provided for herein.

In the event that you do not wish to consent to the processing of your Personal Data, or no longer want us to continue processing your Personal Data in accordance with this Policy, you are kindly requested to indicate same by sending an email to our Legendary Expeditions Group Data Officer at Data.Protection@friedkintz.co.tz

INTERPRETATION

In this Policy, unless the context indicates a contrary intention, the following words and expressions shall bear the meanings assigned to them and cognate words and expressions shall bear corresponding meanings

the “Act”
The Personal Data Protection Act,  2022 and the Personal Data Protection (Personal Data Collection and Processing) Regulations, 2023;

“Ancillary Services”
any additional services provided beyond the core offering of accommodation and safari experiences such as Airport Transfers, Guided Tours and Excursions, Spa and Wellness Services, special events or Travel Insurance Arrangements

“Ancillary Services”
any additional services provided beyond the core offering of accommodation and safari experiences such as Airport Transfers, Guided Tours and Excursions, Spa and Wellness Services, special events or Travel Insurance Arrangements

“Applicable Laws”
The laws of the United Republic of Tanzania

“Associates”
any other person who assists Legendary Expeditions in carrying out or conducting the business of, the directors, employees, and consultants;

“Data Protection Officer”
the individual appointed in terms of the Act;

“Data Processor”
a person who processes Personal Data for and on behalf of Legendary Expeditions, as authorised by Legendary Expeditions;

“Personal Data”
the data about an identifiable person that is recorded in any form including personal data relating to race, education, address, fingerprints, name of an individual appearing on personal data of another person relating to the individual, correspondences sent to Data Controller by the data subject;

“Policy”
this Privacy Policy and the Annexures thereto;

“Commission”
the Personal Data Protection Commission established under Section 6 of the Personal Data Protection Act of 2022;

“Service providers”
third party providers of various services that Legendary Expeditions engage with, including but not limited to, providers of information technology, town planners and developers, communication, file storage, data storage, copying, printing, accounting, or auditing services, legal advisors, insurers, and other professional advisors;

“Services”
refers to the core offerings provided by our safari lodge, including but not limited to, accommodation, safari tours, wildlife viewing experiences, guided excursions, and any related hospitality services.

“Subsidiaries”
refers to any company or entity that is owned or controlled by us, either directly or indirectly, and that operates as part of our corporate group. This includes companies that may assist in providing our core or ancillary services, managing reservations, processing payments, or other facilitation.

DATA PROTECTION OFFICER

Legendary Expeditions has opted to appoint a Data Protection Officer to ensure compliance as well as to oversee its required functions in terms of the Act. 

The contact details of the Data Protection Officer are as follows:

Data Protection Officer: Elibariki Wagolo
Physical Address: Farm No. 181/182, Selian Coffee Estate, Ngare-Olmuntonyi, Arusha, Tanzania.
Postal Address: P.O. Box 2782, Arusha, Tanzania
Telephone Number: +255 754 801881
Email Address: Data.Protection@friedkintz.co.tz

The Data Protection Officer shall: 

– encourage compliance with the Act and its Regulations in processing of Personal Data; 
– provide information on violations of the provisions of the Act or Regulations committed in processing Personal Data and advise rectification measures;
– prepare and submit quarterly reports on the compliance of the Act to the Commission;
– handle the applications or complaints made by the data subject, his Associates, or another person to Legendary Expeditions or its Associates in relation to the collection or processing of Personal Data; and
– ensure internal measures are developed together with adequate systems to process requests for information or access thereto and to ensure internal awareness is created within Legendary Expeditions through training and other measures. 

HOW DO WE COLLECT/PROCESS PERSONAL DATA?

Personal Data may be collected either through or by electronic means, which includes, without limitation, the use of our websites (i.e. www.legendaryexpeditions.com including all other websites and/or landing pages); electronic mail, text, voice, sound, or image messages; or through non-electronic means, which includes, without limitation, the capturing of Personal Data on hard copy documents.

Legendary Expeditions does not link non-personally identifiable information with personally identifiable data.

TYPES OF DATA WE COLLECT/PROCESS

When using our websites, your Personal Data may be collected either actively or inactively.  Data is collected actively when you or your appointed agent provide us with certain Personal Data such as when you submit an enquiry in respect of a specific product or service, when you subscribe to our newsletter, or complete a questionnaire and provide us with your personal details which may include (without limitation) first name, last name, e-mail address, country of residence, as well as your preferred dates of travel.  Data is collected inactively where we collect data from you that you have not actively provided. We may obtain this data through the use of certain technologies such as Cookies, Web Beacons, Embedded Scripts, or Mobile Device identifiers when you visit our websites. Data obtained in this regard cannot be linked to you as a person (i.e. non-personally identifiable data). Personal Data collected actively include:

– Your name and surname
– Your gender, age group, and weight (where required by our flight charter partners)
– Your physical address
– Your email address
– Your telephone and mobile number
– Your identity and/or passport number
– Your company details
– Your passport nationality, issue date, and expiry date
– Marital status (to assist the lodge with rooming services)
– Pre and post travel arrangements (where required by our flight charter partners)
– Your personal opinion, views, interests, and preferences
– Your emergency contact details
– Your medical requirements
– Your dietary, allergies, and special requirements

Personal Data collected inactively include:

– IP Address and any geolocation data derived from that address
– Device type used
– Type of web browser and the version
– Operating system you use
– Date and time of your visit to our websites
– Specific pages you may have visited
– Duration of visit and time spent on each page

We do not receive or process credit card information. We use recognized and respected Paypal, Paysmart, and Paygate portals to securely receive credit card payments. We do not have access to any credit card data.

WHAT DO WE DO WITH YOUR PERSONAL DATA?

Personal Data will only be used in accordance with this Policy or as specifically disclosed to you and/or brought to your attention at the time you provide the Personal Data.

The Personal Data will be processed by us (or by our approved Data Processors who are registered with the Commission for the purposes of fulfilling your booking), pursuant to and for the following purposes:

– Verifying your identity
– Transmitting and receiving correspondence in relation to our services or products, including the preparation of itineraries and submission of quotes
– Transmitting marketing material as specifically requested by you
– Processing payments, refunds, and the like
– Facilitating delivery of the services or the products
– Monitoring and analysing your conduct in respect of the websites and/or services for research and statistical purposes
– For compliance and risk purposes
– To tailor-make marketing and promotional material which we believe may be of relevance and interest to you
– To conduct market and/or academic research to identify potential markets and trends, to develop new products and services, and to improve the nature of the products and/or services

We may share your Personal Data with our Subsidiaries, Associates, or Service Providers in order and only to the extent necessary to render supporting and/or Ancillary Services or products to facilitate our service or product delivery to you. These service providers will be required to comply with and/or adopt the same principles (as may be applicable) contained in this Policy when processing your Personal Data.

We will not sell, transfer, share, or otherwise permit access to your Personal Data with any third parties other than as described in this Policy and within the limits set in the Act.

We further reserve the right to use or disclose your Personal Data to comply with Applicable Laws, regulations, legal processes, and law enforcement inquiries, as required by litigation, to take precautions against liability, and protect the security and integrity of our websites and the safety of its users.

THE GROUNDS ON WHICH WE MAY SHARE THE PERSONAL DATA WITH THIRD PARTIES

Personal Data collected may only be disclosed under the following circumstances: 

– Where the data subject has consented to such disclosure;
– Where authorised or required by the Applicable Laws;
– Where disclosure is directly related to the purpose for which such data was collected; and
– Where such disclosure would preserve health or reduce harm to another person or the society; and
– Where disclosure is necessary 
– In compliance with the Act.

Disclosure of Personal Information may also be permitted where:

– The data subject is not identified; or
– For statistical or research purposes, where it is guaranteed that such data will not be published in a manner that will identify the data subject.

CCTV CAMERAS

CCTV cameras are present in certain public areas of the Lodges and along the guest walkways. Images are monitored and recorded by Legendary Expeditions for the purpose of guest safety and in order to monitor the movement of wildlife.

NEWSLETTERS AND BLOG POST RSS NOTIFICATIONS

Should you request to subscribe to our newsletter and/or blog posts, we will, from time to time, send you promotional emails about Legendary Expeditions’ special offers or other Data using the e-mail address which you have provided.

We do not contact our guests via e-mail, short message service (sms) / text, or similar electronic solutions for marketing purposes unless they have provided us with their consent to do so. Such engagement shall at all times be limited, relevant, and of interest to you as our guest.

Please note that you can unsubscribe from any of these lists at any time should you wish by selecting the “unsubscribe” button at the bottom of the newsletter or blog post, or by emailing us your request at Data.Protection@friedkintz.co.tz or selecting the unsubscribe link at the bottom of any email you receive from us.

HOW YOU CAN ACCESS, AMEND AND/OR DELETE PERSONAL DATA WHICH WE HAVE COLLECTED FROM YOU

You will be given access to your Personal Data to correct errors or to delete any Personal Data which you may have provided. If you wish to correct or delete any of your Personal Data, please contact us by email at Data.Protection@friedkintz.co.tz

Please note that there may be a legal obligation to preserve certain data and that additional information may be requested from you in order to confirm your identity.  

Subject to legal and other permissible considerations, we will make every effort to honour your request without undue delay and in any event within one month of receipt of request or we will inform you if we require further Data to fulfil the request.

RETENTION OF PERSONAL DATA

Legendary Expeditions may retain your Personal Data records for the duration of the Services, and to the extent permitted or required by the Act. 

DATA SECURITY

The transmission of data via the internet is not completely secure and we cannot guarantee the security of data transmitted to our site.  Any transmission of Personal Data will be solely at your own risk.

We will take steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy. we have taken appropriate technical and organisational measures to secure the integrity and confidentiality of your Personal Data, to guard against the loss of damage to, or unauthorised destruction of, Personal Data and unlawful access to, or processing of, Personal Data, 

We restrict access to your Personal Data to our employees and contracted third-party Service Providers who have a legitimate operational reason for having access to such Personal Data. We maintain physical, electronic, and procedural safeguards which comply with the Act so as to protect your Personal Data from any unauthorised access. Where there are reasonable grounds to believe that your Personal Data has been accessed or acquired by any unauthorised person you will be notified in writing.  

In protecting your Personal Data, Legendary Expeditions shall implement suitable measures in order to:

– prevent unauthorised persons from gaining access to data processing equipment where Personal Data is processed;
– prevent the unauthorised manipulation of media, including reading, copying, alteration or removal of the data media used by Legendary Expeditions or its Associates; 
– prevent unauthorised input into data memory and the unauthorised reading, alteration, or deletion of stored data;
– prevent data processing systems from being used by unauthorised persons by means of data transmission equipment;
– ensure that the persons entitled to use data processing systems are limited to access based on their authority / access limitations; 
– enable the verification and tracing of the locations and destinations applicable to the transfer of Personal Data;
– prevent Personal Data from being accessed, copied, altered, or deleted by unauthorised persons during the transmission thereof; and
– maintain our internal organisation in a manner that meets the requirements of this Policy.

CROSS BORDER TRANSFER OF DATA

Legendary Expeditions’ head office is based in and operates from Farm No. 180/192 Ngare-Olmutonyi, Arusha, Tanzania, Africa.  Regardless of where you use or access our websites or Services, your Personal Data may, with the consent of the Commission, be transferred to and/or maintained on servers elsewhere in the world. Please note that any Personal Data we obtain about you will be stored in accordance with the Act. By using our Services, you consent to the transfer, storage, and processing of Data to and in a country other than the country you reside in.

THIRD PARTY POLICIES

On our marketing material or websites, you may see references or links to websites that are owned and/or managed by third parties, which are unrelated to Legendary Expeditions (“Third Party Websites”). Those Third-Party Websites are specifically excluded from this Policy.

Third Party Websites have separate and independent privacy policies applicable to their respective websites, services, and/or products and may follow different practices in the processing and securing of your Personal Data.

You are strongly advised to read the privacy policy of each Third-Party Website you engage with before providing your Personal Data as we cannot accept any liability should the Third-Party Website process your Personal Data in any unlawful manner.

We make no warranties or representations and bear no responsibility or liability whatsoever regarding any services and/or products offered, promoted and/or advertised on Third Party Websites and/or services and/or products rendered by any third party which may have been accessed or used through or by means of our websites and/or their associated services.

GOVERNING LAW

The laws of Tanzania will govern any dispute or claim arising out of this Policy.

CHANGES TO THIS POLICY

Kindly take note that we reserve the right to change this Policy at any time and in our sole discretion. In the event that this Policy is changed, the new policy will be made available on our websites, and you will be notified in writing of the changes.

FEEDBACK

We welcome comments about this Policy. If you have any questions about this Policy or any part of our service, you may contact us by emailing Data.Protection@friedkintz.co.tz or by writing to us at Legendary Expeditions, at P.O. Box 2782, Arusha, Tanzania

COMPLAINTS

Should you believe that we have utilised your Personal Data contrary to the Act, please contact our Data Protection Officer to address your concerns. If you are not satisfied with the feedback from our Data Protection Officer with respect to your concerns, you have the right to lodge a complaint with the Commission as per the procedures set out in the Act.

ANNEXURE A

Legendary Expeditions comprises the following entities:

Entity: Mwiba Holdings Limited

Subject to POPI (Protection Of Personal Data Act)/GDPR (General Data Protection Regulation): POPI and GDPR

Registered address: P.O. Box 2782, Arusha, Tanzania