Data Processing Agreement

DATA PROCESSING AGREEMENT

This Data Processing Agreement (“Agreement”) is entered into as of the Effective Date by and between:

1. African Adventure Experts (“Company”), a safari and adventure travel company registered in Kenya, with its head office at Westlands Business Park, 6th Floor, Junction of Chiromo Lane & Westlands Road, PO BOX 31341 -00600, Nairobi, Kenya, and contact details +254 735 629 660 | +254 717 629 661 | safaris@africanadventure.co.ke, and
2. The Data Processor (“Processor”), which processes personal data on behalf of the Company.

1. DEFINITIONS

• Personal Data: Any information relating to an identified or identifiable natural person.
• Processing: Any operation performed on Personal Data, such as collection, storage, alteration, retrieval, or deletion.
• Controller: The Company, which determines the purposes and means of processing Personal Data.
• Processor: The entity that processes Personal Data on behalf of the Controller.
• Data Subject: Any individual whose Personal Data is processed under this Agreement.
• Applicable Laws: Any data protection laws, including the General Data Protection Regulation (GDPR), Kenya Data Protection Act, and other relevant international regulations.

2. SCOPE OF PROCESSING
The Processor shall process Personal Data solely for the purposes defined by the Company, including but not limited to:

• Booking and travel arrangements for customers
• Customer support and communication
• Marketing and promotional activities (subject to customer consent)
• Compliance with legal and regulatory obligations

3. OBLIGATIONS OF THE PROCESSOR
The Processor shall:

• Process Personal Data only as instructed by the Company.
• Implement appropriate technical and organizational measures to ensure data security and prevent unauthorized access.
• Ensure that all personnel handling Personal Data are bound by confidentiality obligations.
• Assist the Company in complying with data subject rights requests, including access, rectification, and erasure.
• Notify the Company without undue delay of any data breaches affecting Personal Data.
• Ensure that any sub-processors engaged comply with this Agreement.

4. SECURITY MEASURES
The Processor shall implement appropriate security measures, including:

• Encryption of sensitive data
• Regular security assessments
• Access control and authentication mechanisms
• Secure storage and transfer protocols

5. DATA TRANSFERS
If Personal Data is transferred outside Kenya or the European Economic Area (EEA), the Processor shall ensure compliance with international data transfer mechanisms such as Standard Contractual Clauses (SCCs) or an Adequacy Decision.

6. TERM AND TERMINATION

• This Agreement shall remain in force for the duration of the processing activities.
• Upon termination, the Processor shall return or securely delete all Personal Data unless retention is legally required.

7. AUDIT RIGHTS
The Company reserves the right to audit the Processor’s compliance with this Agreement upon reasonable notice.

8. LIABILITY & INDEMNITY

• The Processor shall be liable for breaches of this Agreement.
• The Processor shall indemnify the Company against any losses or claims resulting from non-compliance.

9. GOVERNING LAW
This Agreement shall be governed by and interpreted in accordance with the laws of Kenya. Any disputes shall be resolved in the courts of Nairobi, Kenya.