Enquire Now
Enquire Now
Enquire

Last updated – March 2026

1. Who We Are

Sirikoi is a luxury safari lodge situated in the Lewa Wildlife Conservancy, Kenya. We are the data controller responsible for your personal data collected through this website and in connection with your stay or enquiry.

Registered name: Sirikoi Ltd

Address: Lewa Wildlife Conservancy, Isiolo County, Kenya

Contact email: bookings@sirikoi.com

Telephone: +254 (0)727 232 445

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at bookings@sirikoi.com.

2. What Personal Data We Collect

We collect the following categories of personal data:

2.1 Enquiry and Booking Data

  • Full name
  • Email address
  • Telephone number
  • Travel dates and party size
  • Accommodation preferences and special requests
  • Dietary requirements and health-related information where relevant to your stay
  • Nationality and passport details (required for lodge registration)

2.2 Payment Data

We collect payment information necessary to process your booking. Payment card details are processed securely by our payment processors – DPO and PesaPal – and are not stored on our systems. We retain records of transactions for accounting and legal compliance purposes.

2.3 Newsletter and Marketing Data

  • Name and email address (where you have signed up to receive our newsletter)
  • Your communication preferences

2.4 Website Usage Data

When you visit sirikoi.com, we may automatically collect:

  • IP address and device identifiers
  • Browser type and version
  • Pages visited and time spent on each page
  • Referring website

This data is collected via cookies and analytics tools. Please see Section 7 (Cookies) for more detail.

2.5 Guest Wi-Fi Data

If you use our guest Wi-Fi network during your stay, we may collect your device identifier (MAC address) and general browsing activity. This data is collected solely for network security and operational purposes and is not used for marketing. It is retained for a maximum of 30 days.

2.6 CCTV

For the safety and security of our guests, staff, and wildlife, certain areas of Sirikoi Ltd are monitored by CCTV. Footage is stored securely, accessible only to authorised personnel, and retained for a maximum of 14 days unless required for an active security or legal matter. CCTV is not used in guest accommodation or private areas.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

3.1 To Process Your Booking and Enquiry

This is necessary for the performance of a contract with you (or to take steps prior to entering into a contract). This includes:

  • Responding to your enquiry
  • Confirming and managing your reservation
  • Processing payment
  • Communicating pre-arrival information, itineraries, and any changes to your booking

3.2 To Deliver Your Stay

We use your personal data – including dietary requirements and health-related information –  to ensure that your stay is safe, comfortable, and tailored to your needs. We process this data on the basis of your explicit consent and/or legitimate interest in providing a duty of care.

3.3 To Send Marketing Communications

Where you have signed our newsletter consent form, we will send you updates about Sirikoi Ltd, including news, conservation updates, and special offers. You may withdraw your consent at any time by contacting us at bookings@sirikoi.com or by following the unsubscribe link in any marketing email.

3.4 To Comply with Legal Obligations

We are required by Kenyan law to maintain records of guests staying at licensed accommodation. We may also be required to share guest information with Kenyan government authorities upon lawful request.

3.5 To Improve Our Website and Services

We use anonymised website analytics data to understand how our website is used and to improve your experience. This is based on our legitimate interests.

4. Legal Basis for Processing

Under the Kenya Data Protection Act 2019 and the EU/UK GDPR (where applicable), we process your personal data on the following legal bases:

  • Contract: to fulfil your booking and provide the services you have requested.
  • Legal obligation: to comply with Kenyan law, including lodge registration requirements.
  • Consent: for marketing communications and for processing sensitive data such as dietary or health information. You may withdraw consent at any time.
  • Legitimate interests: to operate and improve our website, and to maintain records for fraud prevention and security – provided these interests are not overridden by your rights.

5. Who We Share Your Personal Data With

We do not sell your personal data. We may share it with the following third parties where necessary:

5.1 Travel Agents and Tour Operators

If your booking is made through a travel agent or tour operator, we will share relevant booking details with them to coordinate your reservation and pre-arrival arrangements.

5.2 Domestic Flight and Ground Transfer Providers

Where you have requested assistance with booking domestic flights or ground transfers as part of your travel arrangements, we will share the necessary personal details — such as your name, contact information, and travel dates — with the relevant airline, charter operator, or transfer company. This sharing is necessary to complete your booking.

5.3 Lewa Wildlife Conservancy

As a lodge operating within Lewa Wildlife Conservancy, we may share relevant guest information with the Conservancy for security and access purposes, in accordance with Lewa’s own privacy and data handling policies.

5.4 Service Providers

We work with trusted third-party service providers who process data on our behalf, including:

  • Payment processors: DPO and PayPal
  • Email marketing platform: Mailchimp (The Rocket Science Group LLC)
  • Website analytics: Google Analytics (Google LLC)
  • Booking management system: ResRequest

All service providers are required to handle your data securely and in accordance with applicable data protection law. Where providers are based outside Kenya or the EEA, appropriate safeguards are in place.

5.5 Legal and Regulatory Authorities

We may disclose your personal data where required to do so by law, court order, or at the request of a competent authority.

6. International Data Transfers

Sirikoi Ltd is based in Kenya. If you are visiting our website from the European Union or United Kingdom, please be aware that your personal data will be transferred to and processed in Kenya.

Kenya does not currently hold an adequacy decision from the European Commission. Where personal data is transferred from the EU or UK to Kenya, or to service providers based outside the EEA, we ensure that appropriate safeguards are in place to protect your data. These safeguards may include Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms. If you would like further information about the safeguards we use, please contact us at bookings@sirikoi.com.

7. Cookies

Our website uses cookies — small text files placed on your device — to help the site function correctly and to understand how it is used.

Essential Cookies

These are necessary for the website to operate and cannot be switched off. They are set in response to actions you take, such as filling in a form.

Analytics Cookies

We use Google Analytics (provided by Google LLC) to collect anonymised information about how visitors use our website. This helps us improve the site and the content we provide. Google may transfer this data to servers in the United States. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on, available at tools.google.com/dlpage/gaoptout.

Managing Cookies

You can control and delete cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website. For more information about cookies, visit www.aboutcookies.org.

8. How Long We Keep Your Data

  • Booking and guest records: retained for seven years following your stay, in accordance with Kenyan tax and legal requirements.
  • Enquiry data (where no booking follows): retained for twelve months, then securely deleted.
  • Marketing data: retained until you withdraw your consent or unsubscribe.
  • Website analytics data: retained in anonymised form in accordance with the terms of our analytics provider.

9. Your Rights

Under the Kenya Data Protection Act 2019 and, where applicable, the EU/UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: to request a copy of the personal data we hold about you.
  • Right to rectification: to ask us to correct inaccurate or incomplete data.
  • Right to erasure: to request that we delete your personal data, subject to legal obligations.
  • Right to restrict processing: to ask us to limit how we use your data.
  • Right to data portability: to receive your data in a structured, machine-readable format.
  • Right to object: to object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at bookings@sirikoi.com. We will respond within 30 days. We may need to verify your identity before processing your request.

If you are based in the EU or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. If you are based in Kenya, you may contact the Office of the Data Protection Commissioner.

10. Children’s Privacy

Our website is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you believe a child has provided us with personal data without appropriate consent, please contact us at bookings@sirikoi.com and we will take steps to delete that information.

11. Security of Your Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or disclosure. These include secure email communications, restricted staff access to personal data, and use of reputable third-party payment and data processors.

Please note that no method of transmission over the internet is entirely secure. While we strive to protect your data, we cannot guarantee absolute security.

12. Data Breach Notification

In the event of a personal data breach, we will notify the ODPC and, where applicable, the relevant EU supervisory authority within 72 hours of becoming aware of it. Where the breach poses a high risk to individuals, we will also notify those affected directly without undue delay. Suspected breaches should be reported immediately to bookings@sirikoi.com.

13. Links to Third-Party Websites

Our website may contain links to third-party websites, including Lewa Wildlife Conservancy, TripAdvisor, and social media platforms. This Privacy Policy applies only to sirikoi.com. We are not responsible for the privacy practices of any third-party sites and encourage you to review their policies before providing any personal data.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Any changes will be posted on this page with an updated date. Where changes are significant, we will notify you by email where we hold your contact details.

We encourage you to review this policy periodically.

15. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:

Email: bookings@sirikoi.com

Telephone: +254 (0)727 232 445

Address: Sirikoi Ltd, Lewa Wildlife Conservancy, Isiolo County, Kenya

Sign up for Sirikoi's Newsletter

Stay informed about the latest news and updates from Sirikoi

* indicates required