Privacy Policy

Tracking Gorillas Uganda (“we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data responsibly in accordance with the Data Protection and Privacy Act, 2019 (as amended) and the Data Protection and Privacy Regulations, 2021 of Uganda.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you interact with us, including through our website (www.trackinggorillasuganda.com or any associated sites), when you book tours, contact us, or engage with our services. By using our services or providing your personal data, you consent to the practices described in this policy.

1. Information We Collect

We may collect the following categories of personal data:

• Contact and Identification Information: Full name, email address, phone number, postal address, date of birth, nationality, passport/ID details, and emergency contact information.
• Booking and Travel Details: Travel preferences, tour package details, gorilla trekking permits, accommodation preferences, dietary requirements, health declarations (where relevant for safety), payment information (processed securely via third-party providers), and flight/travel itineraries.
• Technical and Usage Data: IP address, browser type, device information, cookies, and website usage data (e.g., pages visited, booking inquiries).
• Special Category Data: Limited sensitive information such as health data (e.g., fitness level or medical conditions relevant to gorilla trekking) or biometric data (if applicable for permits), collected only with your explicit consent or where necessary for safety and legal compliance.
• Other: Any additional information you voluntarily provide, such as feedback, inquiries, or marketing preferences.

We collect this data directly from you, from third parties (e.g., travel agents, Uganda Wildlife Authority for permits), or automatically through our website.

2. How We Use Your Personal Data

We process your personal data for the following purposes, based on consent, contractual necessity, legal obligations, or legitimate interests:

• To process bookings, reservations, and payments for gorilla trekking safaris, wildlife tours, and related services.
• To communicate with you about your bookings, provide trip updates, confirmations, and customer support.
• To comply with legal and regulatory requirements, including those from the Uganda Wildlife Authority (UWA), immigration, or tax authorities.
• To improve our services, analyze website usage, and personalize your experience.
• To send marketing communications (e.g., newsletters, special offers) where you have consented or where permitted by law. You can opt out at any time.
• To ensure safety during treks (e.g., health-related information) and protect our operations.
• For internal administrative purposes, fraud prevention, and security.

We only process data that is adequate, relevant, and not excessive for these purposes.

3. Legal Basis for Processing

Under the Data Protection and Privacy Act, we rely on:

• Your consent (which you may withdraw at any time, though this may affect our ability to provide services).
• Performance of a contract (e.g., fulfilling your tour booking).
• Compliance with legal obligations.
• Legitimate interests (e.g., improving services), provided these do not override your rights.

For special category (sensitive) data, we obtain explicit consent or process it where necessary for substantial public interest or your vital interests (e.g., safety in remote trekking areas).

4. Sharing Your Personal Data

We may share your personal data with:

• Trusted service providers and partners (e.g., lodges, transport companies, guides, UWA for permits, payment processors) who process data on our behalf under strict confidentiality agreements.
• Legal and regulatory authorities (e.g., government bodies in Uganda) where required by law.
• Professional advisers or in the event of a business transfer.

We do not sell your personal data. When sharing data outside Uganda (e.g., with international partners or booking platforms), we ensure appropriate safeguards are in place as required by the Act and Regulations.

5. Data Security

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, disclosure, or destruction. These include secure servers, encryption for sensitive transmissions, access controls, and staff training.

However, no system is completely secure. If a data breach occurs that risks your rights and freedoms, we will notify the Personal Data Protection Office (PDPO) and affected individuals as required by law.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations (e.g., accounting or tax records), or resolve disputes. Typically, booking-related data is kept for [insert period, e.g., 7 years] after the tour, after which it is securely deleted or anonymized.

7. Your Rights as a Data Subject

Under the Data Protection and Privacy Act, you have the following rights (subject to certain exceptions):

• Right to access: Request a copy of the personal data we hold about you.
• Right to rectification: Correct inaccurate or incomplete data.
• Right to erasure: Request deletion of your data (where applicable).
• Right to object: Object to processing for direct marketing or based on legitimate interests.
• Right to restrict processing: In certain circumstances.
• Right to withdraw consent: At any time, where processing is based on consent.
• Right to prevent processing that causes unwarranted damage or distress.
• Right against automated decision-making (if applicable).

To exercise these rights, contact us using the details below. We will respond within 30 days (or as required by law). You may also lodge a complaint with the Personal Data Protection Office (PDPO) via www.pdpo.go.ug.

8. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance functionality, analyze traffic, and provide personalized experiences. You can manage cookie preferences through your browser settings. For more details, see our [Cookie Policy] (if separate) or contact us.

9. Children’s Privacy

Our services are not directed at children under 18. We do not knowingly collect personal data from minors without verifiable parental consent, as required by the Act. Special protections apply to data relating to children.

10. International Transfers

If we transfer personal data outside Uganda, we take steps to ensure the recipient provides an adequate level of protection, consistent with the Data Protection and Privacy Regulations.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top indicates when changes were made. We encourage you to review it periodically. Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact our Data Protection Officer:

Tracking Gorillas Uganda [Insert Physical Address, Kampala or relevant location, Uganda] Email: [insert email, e.g., privacy@trackinggorillasuganda.com] Phone: [insert phone number]

You may also contact the Personal Data Protection Office (PDPO) for complaints.

Tracking Gorillas Uganda respects your right to privacy and is committed to transparency and accountability in handling your personal data.

This policy is governed by the laws of the Republic of Uganda.