Last updated: December 1st, 2025 At Experiya Tour Company (“Experiya,” “we,” “us,” or “our”), we value your privacy and are committed to protecting your personal information. This Privacy Policy explains what information we collect from our website visitors and clients, how we use and share that information, and the steps we take to safeguard it. We comply with relevant data protection laws, including Uganda’s Data Protection and Privacy Act 2019 and international standards such as the EU General Data Protection Regulation (GDPR), to ensure your information remains secure. By using our website or services, you agree to the practices described in this Privacy Policy. If you have any questions or concerns about your data, please contact us at info@experiyatourcompany.com.

Information We Collect

We only collect personal data necessary to provide you with our tour services and to improve your experience. The types of information we may collect include:

• Contact Information: When you inquire or book with us, we collect details such as your name, email address, phone number, and mailing address. This allows us to communicate with you, send confirmations, and deliver any travel documents.
• Booking Details: If you book a safari, we will ask for information related to your trip, such as the travelers’ names (as they appear on passports), nationality, age, and any special requirements (e.g. dietary needs or health conditions we should know about). For certain permits or reservations (like gorilla trekking permits), we may need passport numbers or other identification details. We only request what is necessary to arrange your tour.
• Payment Information: For processing payments, we might collect billing information like your bank transfer details or credit card information. Payment transactions are handled through secure, PCI-compliant third-party processors – we do not store your credit card numbers on our servers for longer than needed to complete the transaction.
• Travel Preferences: We may note your preferences such as room type, bedding configuration, special occasions (honeymoon, anniversary), and other personal likes (e.g. interest in birding or cultural tours) to tailor your experience. Providing this information is optional but helps us customize your trip.
• Website Usage Data: Like many websites, we automatically collect certain technical data when you visit experiyatourcompany.com. This includes your IP address, browser type, device information, pages viewed, and the dates/times of access. We use cookies and similar technologies to gather this data (see Cookies below). This information does not personally identify you, but it helps us analyze web traffic and improve our site’s functionality and content.
• Communication Records: If you contact us via email, contact form, or phone, we may keep a record of that correspondence. This includes queries, feedback, or complaints you send us, along with our responses. These records help us manage your bookings and improve our customer service.
• Marketing Preferences: With your consent, we may also collect information on whether you wish to subscribe to our newsletter or receive promotional offers. For example, if you opt-in to our mailing list, we will record that preference along with your email address. You can unsubscribe from marketing communications at any time.

We do not knowingly collect personal information from children under 16. Our services are intended for adults and any minors on tour must have consent from a parent or guardian. If we learn we have received information from a child without proper consent, we will delete it.

How We Use Your Information

Experiya Tour Company uses the collected information for the following purposes, and we will not use your data in ways unrelated to these objectives:

• To Plan and Provide Your Safari: The primary use of your information is to arrange the travel services you’ve requested. We use names and passport details to book hotels, park permits, and activities; contact info to send you itineraries and updates; and payment info to process deposits and final balances. Essentially, your data enables us to confirm your bookings and ensure all components of your tour run smoothly.
• To Communicate with You: We use your email and/or phone number to correspond about your trip. This includes answering your inquiries, sending booking confirmations and invoices, providing pre-departure information (packing lists, meeting instructions), and notifying you of any changes or important updates. Good communication is part of our customer service commitment – we want you to be informed and prepared at every step.
• For Customer Support: If you reach out with questions or need assistance, we will reference your information to help resolve issues efficiently. For instance, if you have a question during your trip, our team may access your itinerary details to give you accurate guidance. We also might follow up after your safari to ensure everything went well, using your contact info to do so.
• Personalization and Improvement: Information like your travel preferences or past trips with us helps us personalize our service. We may suggest tours or add-ons that fit your interests. Additionally, we analyze aggregated website usage data (which is not linked to individual identities) to understand how users navigate our site. This analysis helps us improve site design, fix technical issues, and refine our content to better serve future visitors.
• Marketing (With Your Consent): If you have opted in to receive our newsletter or promotions, we will use your name and email to send you occasional travel inspiration, special offers, or company news. We typically send a newsletter no more than once a month, and you can opt out anytime. We do not spam, and we will never subscribe you without your explicit consent.
• Legal Obligations and Records: In some cases, we may need to use or retain certain data to comply with legal and regulatory requirements. For example, Ugandan tourism regulations might require us to keep a passenger manifest or proof of certain permit uses. We also keep transaction records for accounting and tax purposes. If law enforcement or government authorities lawfully require information (for instance, for visa processes or security reasons), we may use and share data as needed to comply with those laws.

We do not sell or rent your personal information to any third parties. We use your data solely to serve you and improve our services, as outlined above. Should we ever need to process your information for a new purpose not covered by this policy, we will seek your consent first.

Cookies and Tracking Technologies

Our website uses “cookies” (small data files stored on your browser) and similar technologies to enhance your browsing experience. For example, cookies allow our site to remember your preferred currency or to keep track of items in an inquiry form. We also use Google Analytics, a common web analytics service, which sets cookies to collect anonymized statistics about site visitors (e.g. which pages are most popular, how users find our site). This helps us understand usage patterns and improve our website content and navigation. Cookies are not used to identify you personally. They simply assign a unique ID to your browser and gather data like IP address, browser type, and pages visited. You can choose to disable cookies in your browser settings if you prefer not to allow them. However, note that some parts of our site (such as our contact/booking forms or interactive maps) may not function properly without cookies enabled. We do not use cookies for third-party advertising on our site. Any cookies we use are primarily for internal analytics and site functionality. For more information on cookies and how to manage or delete them, you can visit AllAboutCookies.org. By continuing to use our website without disabling cookies, you consent to our use of them as described here.

How We Share Your Information

Experiya understands the importance of keeping your personal information confidential. We share your data only in the following circumstances and only with trusted parties, as necessary to provide our services or comply with the law:

• Service Providers and Partners: As a tour operator, we work closely with third parties to fulfill your travel arrangements. This includes hotels and lodges, transport companies (airlines, safari vehicle providers), local guides, park authorities (for permits), and other ground handlers. We share only the information required for them to do their part – for example, giving your name and nationality to a lodge for your reservation, or providing your passport details to secure a gorilla permit. We never share more than necessary. All our partners are reputable companies or organizations that are likewise committed to protecting your data. We ensure that such third parties will use your info solely for the intended purpose of your booking and not for anything else.
• Payment Processing: When you make a payment by credit card or online transfer, your information may be processed through secure third-party payment gateways or banks. These payment processors are PCI-DSS compliant and specialize in keeping your financial data safe. We share the needed payment details with them to complete the transaction, and in return they inform us of the payment status. Such providers do not store, use, or share your data except for transaction processing.
• Business Operations & Support: In some cases, we might use third-party tools or services for tasks like email communications, secure data storage, or customer relationship management. For instance, if we use an email service to send newsletters (to those who subscribed) or cloud storage for itinerary documents, those providers may handle your data on our behalf. We select these providers carefully and ensure they have strong privacy and security policies. They are bound by contracts to protect your information and are not allowed to use it for their own purposes.
• Legal Compliance: We may disclose personal information if required to do so by law or in response to valid requests by public authorities (e.g., for immigration, customs, or law enforcement purposes). For example, if Ugandan law requires us to provide traveler information for security screenings or if a court order subpoenas records, we will comply as legally necessary. We may also share information to enforce our Terms and Conditions or to protect our rights, property, or safety of our clients and staff if you engage in fraud or other harmful activities.
• Business Transfers: In the unlikely event that Experiya Tour Company undergoes a business transition such as a merger, acquisition, or sale of assets, the personal information we hold might be among the transferred assets. If this happens, we will ensure the new owner continues to respect your personal data in line with this Privacy Policy, or we will notify you and give an opportunity to opt-out before information is transferred under a different policy.

Crucially, we do NOT sell, trade, or share your personal data with third-party marketers or unrelated companies for their own use. Your information is used strictly to serve you and operate our business. All third parties who assist us are either under contractual obligation to protect your data or are subject to legal duties of confidentiality. If you have questions about third parties we work with (for example, which airline or lodge we’re booking for you) we are happy to provide those details. Transparency is important to us, and you have a right to know how your information is handled at every stage.

Data Security

Experiya Tour Company takes robust measures to safeguard your personal information from unauthorized access, alteration, disclosure, or destruction. We understand that your trust in us depends on how well we protect your data. Here are some of the security practices we implement:

• Secure Servers & Encryption: All pages on our website that collect personal data (such as our contact and booking forms) are protected by SSL (Secure Socket Layer) encryption. You will see “https://” and a padlock icon in your browser address bar, indicating that information you submit is encrypted during transmission. This ensures that sensitive data (like payment details or passwords) is scrambled and cannot be intercepted by malicious parties. Our website and databases are hosted on secure servers with firewalls in place.
• Restricted Access: Internally, we limit access to personal information strictly to those employees and agents who need it to perform their work (for example, our reservations staff or your safari guide may need certain details). Each authorized person is trained on confidentiality and data protection. We have authentication controls to prevent unauthorized staff or third parties from viewing your data[24]. No one outside Experiya (except the trusted partners mentioned in the sharing section) can access your identifiable information.
• Data Minimization: We collect only what we need, and we retain personal data only for as long as necessary. When information is no longer required (and we’re past any legal retention requirements), we securely delete or anonymize it. For instance, if you inquire but don’t book, we may purge your contact after some time. For booked clients, we may keep basic records for a few years for accounting and possible repeat travel references, but we regularly clean our databases to avoid accumulating unnecessary data.
• Monitoring and Updates: We keep our software, website platform, and security protocols up to date to protect against vulnerabilities. Security patches and updates are applied promptly. We also monitor our systems for any signs of intrusion or anomalies. In the unlikely event of a data breach that could affect you, we have a response plan to notify you and authorities as required by law, and to remediate the issue swiftly.
• Third-Party Security: We also vet the security measures of any third-party service providers who handle your data (such as payment processors or cloud services). They are required to have strong security practices and, where applicable, compliance certifications. For example, our payment gateway is PCI DSS compliant (a strict security standard for handling credit card data). We also sign confidentiality or data processing agreements with partners when needed, to ensure they protect your info to the same standards we do.

Despite all these precautions, it’s important to note that no method of data transmission over the internet or electronic storage is 100% secure. However, we continuously strive to use commercially acceptable means and best practices to protect your personal data. We take security extremely seriously and regularly review our procedures to adapt to new threats. If you have reason to believe that your interaction with us or your information might not be secure (for example, if you suspect someone unauthorized has accessed your data), please contact us immediately. We will work with you to address the problem as best as we can.

Your Rights and Choices

Experiya recognizes that you should have control over your personal information. Depending on the laws that apply (for example, GDPR for EU residents), you may have certain data rights regarding the personal data we hold about you. We honor these rights and provide ways for you to exercise them:

• Right to Access: You have the right to request a copy of the personal data we have about you. We can confirm what information is in our records and provide you with a copy in a readily usable format. For security, we may ask you to verify your identity before releasing data. We will respond to access requests within a reasonable timeframe (and within any timeframe required by law, generally within 30 days for GDPR requests).
• Right to Rectification: If any of your personal information is inaccurate or incomplete, you have the right to ask us to correct or update it. For instance, if you change your phone number or notice a spelling error in your name, let us know and we will fix our records promptly. Keeping your data accurate helps us serve you better.
• Right to Erasure: Also known as the “right to be forgotten.” In certain circumstances, you may request that we delete your personal data from our systems. If you withdraw your consent or no longer wish to use our services, you can ask us to erase your info. We will do so provided we do not have a compelling reason to retain it (such as a legal obligation or an ongoing contractual relationship). For example, if you completed a tour with us years ago, you can request we remove your contact details from our marketing list, and we will comply. Note that we might retain minimal information if required for legal/tax record-keeping, but we’ll inform you.
• Right to Object or Restrict Processing: You have the right to object to our processing of your data in certain cases, or ask that we limit how we use it. For example, you can object to processing for direct marketing – if you don’t want any promotional emails, just let us know and we will stop (or simply use the “unsubscribe” link in our emails). You can also request that we temporarily suspend processing if you contest the accuracy of data or have another dispute while we address it.
• Right to Data Portability: For clients in jurisdictions with this right (like the EU), you can request to receive your personal data in a structured, commonly used, machine-readable format, and have the data transmitted to another service provider where technically feasible. In plain terms, if you wanted us to send your records to another tour company, we can assist with providing your info in a transferable format.
• Right to Withdraw Consent: If we are processing any of your information based on your consent (for instance, for optional marketing emails), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any use of your data before you withdrew, but it means we will stop the specific activity you no longer consent to. For example, if you consented to receive newsletters, you can opt out later and we will cease sending them.

To exercise any of these rights, please contact us at info@experiyatourcompany.com. We will gladly assist you and explain the process. We may need to verify your identity to ensure we don’t disclose or modify data for someone impersonating you. There is no fee for making a reasonable request; however, excessive or unfounded requests may incur a fee as permitted by law. Additionally, if you are ever dissatisfied with how we handle your data or a request related to your data, you may have the right to lodge a complaint with a relevant data protection authority (for example, the Personal Data Protection Office in Uganda, or an EU data protection authority if applicable). We would appreciate the chance to address your concerns directly first, so please feel free to reach out to us with any issue.

International Data Transfers

Given that Experiya Tour Company is based in Uganda and many of our clients are international, your personal information may be transferred across international borders. If you are located outside of Uganda, be aware that the data you provide will likely be transferred to and stored on servers in Uganda or in other countries where our third-party service providers are located. Uganda, or those other countries, may not have the same data protection laws as your home jurisdiction. However, we take steps to ensure any international transfers of data are done securely and in compliance with applicable law. For instance, for clients from the European Economic Area (EEA) or UK, if we transfer data to a country not deemed “adequate” by EU/UK standards, we will rely on approved mechanisms such as standard contractual clauses or your explicit consent to legitimize the transfer. Our goal is to ensure your personal information enjoys a high level of protection no matter where it is processed. By providing your information to us and using our services, you acknowledge that your data may be transferred to our facilities and those third parties with whom we share it as described in this policy. Rest assured, we handle your data with care and implement safeguards to protect it during transit and in storage, regardless of location.

Updates to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make significant changes, we will notify you either by prominently posting a notice on our website or by sending you an email (if you have an account or active booking with us). The “last updated” date at the top will always indicate when the latest changes were made. We encourage you to review this policy periodically to stay informed about how Experiya is protecting your information. If you continue to use our services after an update, it will signify your acceptance of the revised terms. Of course, if any change requires individual consent by law (for example, if in the future we planned to use your data for a new marketing purpose), we would seek your consent.

Contact Us

Your privacy matters to us. If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: Experiya Tour Company Email: info@experiyatourcompany.com Phone: +256 777842166 / +256 753518160 Address: [Company’s Physical Address in Kampala, Uganda] We will be happy to assist you. Thank you for trusting Experiya Tour Company with your travel plans and your personal information. We are excited to help you explore East Africa and are committed to safeguarding your privacy every step of the way.