Privacy Policy

1. Who we are

We are Nkuringo Bwindi Gorilla Lodge Ltd (NBGL Ltd) or Nkuringo Lodges and we respect your privacy. This policy describes how we use your personal information.

We are NBGL Limited (company number 80010001015223 with registered address at Nkuringo, Nteko Ridge, Kanungu District in Uganda). When you visit our website, make an enquiry about one of our properties, or make a booking with us either directly or via a third party, you trust us with your information. There are many ways this information can help us make our service better. For example, we can make sure you only see offers/products in which you’re likely to be interested and we can remember your details in order to provide you with a better service.

We respect your privacy and we value the trust you’ve placed in us by sharing your information. This privacy policy sets out the way we use your information: what we collect, how we collect it, how we use it, why we use it, who we share it with and the rights to which you may be entitled.

For instance, if you provide your contact details and make an enquiry through our site we will use this information to get in touch with you to discuss the property you have enquired about.

We’re committed to protecting the privacy of any personal information you give to us and we will comply with all relevant data protection legislation and related applicable UK legislation. For the purposes of relevant data protection legislation, NBGL is the data controller of personal information that we hold and process about you.

We have tried to keep this document as clear and direct as possible. If you have any questions or anything in this policy is unclear, please get in touch at the following email address: marketing@nkuringosafaris.com

2. Your information

Data Collection and Usage

We will collect and use your personal information when you visit our website, subscribe to our services, make an enquiry about one of our properties, or make a booking with us either directly or via a third party as set out in more detail in this section.
Your information may be shared with members of our group and some third parties.

Please click the expanders below for further details on how we use your information and with whom we may share it.

We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

You may choose to opt in to receive our newsletter via our website subscribe page, contact us page and property feedback forms. We may also be able to send you relevant email marketing about our news and offers when you make a reservation with our hotels, restaurants and spas.

You can opt out of direct marketing at any time. The easiest way to do this is to click the unsubscribe link at the bottom of your email or let us know by mailing bwindi@nkuringolodges.com

WHAT WE COLLECT

1. Information that you give us to purchase or enquire about our services, whether online or over the phone including:

  • Your contact details including: your name, address, country of residence, email address, phone number;
  • Your passport number;
  • Your bank account details;
  • The names of any additional guests;
  • Your arrival and departure time;
  • Details of the holiday purchased

2. Information that you give us when you visit one of our properties including:

  • Information you provide on registration (e.g. your name, email address, home address, phone number, passport details and date of birth and swimming capability);
  • Information you provide when you give us feedback (e.g. your name and contact details, your arrival date, departure date, address, email address, what you liked about your visit and what we can do to improve);
  • Activities you book as part of your stay with us;
  • Your preferences (e.g. your favourite bottle of wine/ room).

3. Information about the way you use our services including:

  • What you’ve purchased;
  • When and where you’ve made the purchases;
  • What you paid and how;
  • Whether you’ve opened electronic communications from us.

4. Information when you communicate with us whether in person, through our website or via email, over the phone, or via any other medium, including:

  • Your contact details;
  • The details of your communications with us;
  • The details of our messages to you.

5. Information provided as part of your account including:

  • Your username;
  • Your password;
  • Your account settings;
  • Your account preferences;
  • Your email address.

6. Information that we collect through your use of our website including:

  • Device information such as operating system, unique device identifiers, the mobile network system;
  • Hardware and browser settings;
  • Date and time of requests;
  • The requests you make;
  • The pages you visit and search engine terms you use;
  • IP address.

7. Information that we collect from third party booking partners which could include:

  • Your contact details including: your name, address, country of residence, email address, phone number;
  • Your passport number;
  • Your bank account details;
  • Details of any dietary, mobility / disability or room requirements;
  • Your medical status;
  • The names of any additional guests;
  • Your arrival and departure time; and
  • Details of the holiday purchased.

8. Information that we collect about you if are visiting one of our properties for our business purposes (e.g. a journalist or B2B contacts) which could include:

  • CVs (if you travel to the BVI)
  • Passport information
  • Name and age of children who travel with you.

HOW WE USE IT

1. We use this information, including to:

  • Provide our services;
  • Manage and administer our services;
  • Process your booking;
  • Take payment from or give you a refund;
  • Register you as a guest;
  • Send personalised offers or holiday ideas;
  • For business development and business analysis purposes.

2. We use this information including to:

  • Provide our services;
  • To reply to the feedback you provide us;
  • Carry out internal and group reporting on our performance;
  • Send personalised offers or holiday ideas;
  • For business development and business analysis purposes.

3. We use this information, including to:

  • Develop new services;
  • Improve our services;
  • Identify products and marketing that may be of interest to you;
  • Personalise our service of things you’re interested in and how you use our services.

4. We use this information, including to:

  • Answer any issues or concerns;
  • Monitor guest communications and experiences for quality and training purposes;
  • Send you our newsletter if you have signed up to receive it;
  • Develop new services;
  • Improve our services;
  • Personalise our service.

5. We use this information, including to:

  • Provide our services;
  • Manage and administer our systems;
  • Identify how you’d like to use your account.

6. We use this information, including to:

  • Provide our services, including making our website and other related content available to you;
  • Develop new services;
  • Improve our services, including to make the website more relevant for you and our other visitors;
  • Identify issues with the website and user’s experience of it;
  • Monitor the way our website is used.

7. We use this information, including to:

  • Provide our services;
  • Manage and administer our services;
  • Process your order;
  • Take payment from or give you a refund;
  • Register you as a guest;
  • Help us ensure that our guests are genuine and to prevent fraud;
  • Send personalised offers or holiday ideas.

8. We use this information, including to:

  • Make a reservation for you (and your children if applicable) at the properties
  • Obtain work permits where required.

WHY WE USE IT

1. Our legal basis for processing include:

  • It is necessary to perform the contract (i.e. to provide, manage and administer our services, process your booking, take payment and provide refunds);
  • Consent (to marketing);
  • Legitimate interests (to improve and provide you with a quality service, to develop our services)

2. Our legal basis for processing include:

  • It is necessary to perform the contract (i.e. to provide our services).
  • Consent (to marketing).
  • Legitimate interests (to improve and provide you with quality services across the group)

3. Our legal basis for processing include:

  • We have a legitimate business interest to improve our service and better understand how customers use it.

4. Our legal basis for processing include:

  • We have a legitimate business interest in understanding customer feedback and in responding to customer communications in a consistent way.

5. Our legal basis for processing include:

  • It is necessary to provide an account;
  • We have a legitimate business interest in enabling you to update your preferences and settings online.

6. Our legal basis for processing include:

  • We have a legitimate business interest in understanding how our website is accessed, how it is used and any problems users have with it across multiple devices.

7. Our legal basis for processing include:

  • It’s necessary to perform the contract;
  • Consent (to marketing); Where we rely on your consent to marketing, you will have the right to withdraw the consent by contacting the Head of Privacy.

8. Our legal basis for processing include:

  • It’s necessary to perform the contract;
  • Legal obligation (to obtain a work permit for you in the BVI);
  • Legitimate interests (to improve and provide you with a quality service and to ensure we obtain quality reviews)

Legitimate Interests

A legitimate interest will only apply where we consider that it is not overridden by individuals’ interests or rights which require protection of their personal data. If you require further information regarding our legitimate interests as applied to your personal data, you may contact the Head of Privacy.

Legal requirements

Your personal information may also be processed if it is necessary on reasonable request by a law enforcement or regulatory authority, body or agency or in the defence of a legal claim. We will not delete personal information if relevant to an investigation or a dispute. It will continue to be stored until those issues are fully resolved.

Special information we collect

Certain types of personal information are more sensitive than others, and as a result can only be processed in restricted circumstances. As part of the booking or registration process at the properties, we may collect dietary or allergy requirements that imply specific religious beliefs or medical conditions. We may also need to process information regarding your health in the event of an accident, illness or subsequent complaint. Separately we may collect or receive criminal offence information in connection with fraud or crime prevention.

We will only process your special information in accordance with the following legal bases:

  • The processing is necessary for the purposes of medical diagnosis and/or provision of healthcare treatment by or under the responsibility of a health professional;
  • The processing is necessary to protect your vital interests where you are legally or physical incapable or providing your consent;
  • The processing is based on your explicit consent for a specified purpose;
  • The processing is necessary for the establishment, exercise or defence of legal claims;

Minors

Protecting the online privacy of children is especially important to us. Outside of required guest details and relevant medical information (i.e. medical information and disability information), we do not intentionally gather personal information about minors save for the data required in order to facilitate you and your child’s stay with us. If you believe we have inadvertently collected personal information about your child, please contact us, and we will attempt to remove this information. If a minor (according to applicable laws) has provided us with personal information without parental or guardian consent, the parent or guardian should contact us to remove the relevant personal information and unsubscribe them from our website and/or services.

How long we keep your information

We will keep your information for as long as it is reasonably necessary and to deal with claims. It will depend on factors such as whether you’ve made a booking or an enquiry with us or have interacted with recent offers. We will also retain your information as necessary to comply with legal, accounting or reporting requirements.

Information we share

There are certain circumstances where we may transfer your personal data to employees, contractors and to other third parties.

  • We share information about you with employees at the properties and other members of our group of companies. They are bound to keep your information in accordance with this privacy policy.
  • We may also share your information with certain contractors or service providers. They may process your personal data for us, for example, if you book an activity package provided by a third party supplier at a NBGL property. Other recipients/service providers include database management providers, website digital agents, IT systems specialists and email providers.
  • Our suppliers and service providers will be required to meet our standards on processing information and security. The information we provide them, including your information, will only be provided in connection with the performance of their function.
  • We may also share your information with certain third parties. We will do this either when we receive your consent or because we need them to see your information to provide products or services to you. These include other partners we do business with such as charity organisations and third party activity suppliers approved by NBGL.
  • We will share a copy of your passport and your CV with the BVI tourist board if you are a journalist or a B2B contact who has provided us with a copy of your CV for the purposes of obtaining a work permit in Uganda.
  • In the event that you suffer an accident or an injury whilst visiting one of our properties details of your accident including your health information will be shared with our on site nurses (where applicable) or our third party medical providers.

Your personal information may be transferred to other third party organisations in certain scenarios:
1). If we’re discussing selling or transferring part or all of our business – the information may be transferred to prospective purchasers under suitable terms as to confidentiality;
2). If we are reorganised or sold, information may be transferred to a buyer who can continue to provide services to you;
3). If we’re required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority – for example the Police;
4). If we are defending a legal claim your information may be transferred as required in connection with defending such claim.

Your personal data may be shared if it is made anonymous and aggregated, as in such circumstances the information will cease to be personal data.

Where your information will be held

When we share your information your information may be transferred outside the European Economic Area.

We store our information on servers located in the EU. This data will be transferred to the NBGL properties and third parties (as identified above). In some circumstances this may result in data being transferred outside of the EEA to countries which do not have an equivalent level of data protection laws to those applicable in Europe. The transfer of this information is governed by a contract including standard contractual clauses (SCCs) approved by the European Commission in accordance with Article 46(c) of the General Data Protection Regulation.

We will only transfer data to jurisdictions outside the scope of the European General Data Protection Regulation (GDPR) where the appropriate safeguards set out in the GDPR are in place.

We are happy to provide you with copies of the regulator-approved SCCs which you can request from our Head of Privacy whose contact details are below in the section titled ‘How to contact us‘.

Your rights

You may have certain rights in relation to your information including a right to access or to correct the information we hold on you.
Other rights may be available in certain circumstances.

Some rights will only apply in certain circumstances. For example, the right to be forgotten or the right to request that we transfer your information to another company. Generally, these rights will not be available if you have an outstanding booking with us, if we are required by law to keep the information or if the information is relevant to a legal dispute. If you would like to exercise, or discuss any of these rights, please contact the Head of Privacy.

Where we receive a request to exercise one of these rights, we shall provide information on the action we take on the request within one month of receipt of the request. This may be extended by a further two months in certain circumstances, for example where requests are complex or numerous.

The information will be provided to you free of charge, except where requests are manifestly unfounded or excessive, in particular because of their repetitive character. In these circumstances we may charge a reasonable fee or may refuse to act on the request. We will advise you of any fees prior to proceeding with a request.

We may ask you to verify your identity before carrying out a request.

Where we do not carry out your request, we shall inform you without delay and within one month of receipt of the request, together with our reasons for not taking the action requested. You shall have a right to raise a complaint with a supervisory authority or seek a remedy from a Court.

We’ve listed the rights you have over your information and how you can use them below. These rights are subject to restrictions in the GDPR and, subject to the exemptions in that law, may only apply to certain types of information or processing.

YOUR RIGHT AND HOW TO USE IT

How to contact us

If you have any questions about this policy please contact our Head of privacy: marketing@nkuringosafaris.com or +256 392 176327, or Nkuringo Lodges Booking Office, Plot 2 Uringi Crescent, Kiwafu, Entebbe.

Changes to the policy

This policy will be changed from time to time.
If we change anything important about this policy (the information we collect, how we use it or why) we will highlight those changes at the top of the policy and provide a prominent link to it for a reasonable length of time following the change.

Links to third party websites

Our website, newsletters, email updates and other communications may, from time to time, contain links to and from the websites of others including our partner networks, advertisers and other group companies and/or social networks as offered to you and supported by your browser.

The personal data that you provide through these websites is not subject to this Privacy Policy and the treatment of your personal data by such websites is not our responsibility. If you follow a link to any of these websites, please note that these websites have their own privacy policies which will set out how your information is collected and processed when visiting those links. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of entities through which you chose to share.

Other policies

Cookies
We use cookies that identify your browser or device. They collect and store information when you visit our website about how you use it.

Security
We are committed to keeping your personal information safe. We’ve got physical, technical and administrative measures in place to prevent unauthorised access or use of your information.