Privacy Policy

Your privacy matters to us. This policy explains how Book With Sheilla collects, uses, and protects your personal data in compliance with the General Data Protection Regulation (GDPR).

Last updated: 5 April 2026

1. Data Controller

Book With Sheilla
Operated by Sheilla Jepkemboi
Belgium
Email: [email protected]

For any privacy-related questions or to exercise your data rights, please contact us at the email address above or visit our Data Rights page.

2. Data We Collect

Contact & Booking Inquiries

When you submit a contact form or booking request, we collect: your name, email address, phone number (optional), travel dates, group size, special requests, and any message you provide.

Customer Records

When you become a customer, we may additionally collect: nationality, passport number (for travel arrangements), and postal address. Passport information is only collected when necessary for international travel logistics.

Newsletter Subscription

When you subscribe to our newsletter, we collect your email address.

Technical Data

When you interact with our website, we collect minimal technical data through essential cookies (session management only). We record IP addresses and browser information when you submit forms, solely for consent record-keeping as required by GDPR.

3. Purposes & Legal Basis

PurposeLegal Basis (GDPR Art. 6)
Responding to contact inquiriesLegitimate interest (Art. 6(1)(f))
Processing booking requestsPerformance of a contract (Art. 6(1)(b))
Managing customer records & travel logisticsPerformance of a contract (Art. 6(1)(b))
Sending newslettersConsent (Art. 6(1)(a))
Financial record-keeping (invoices)Legal obligation (Art. 6(1)(c)) — Belgian accounting law
Consent record-keepingLegal obligation (Art. 6(1)(c)) — GDPR accountability

4. Data Recipients & Sub-processors

Your data is never sold to third parties. We share data only with the following service providers who process data on our behalf:

1

Amazon Web Services (AWS SES)

Email delivery — EU/US regions with Standard Contractual Clauses

2

MinIO (Self-hosted)

File storage for tour images and documents — hosted on our own infrastructure

3

Safari lodges & local partners

Name, nationality, and passport data shared only when required for travel arrangements, with your knowledge

5. Data Retention

Contact inquiries2 years after last activity
Customer & booking records7 years (Belgian accounting law)
Financial records (invoices, payments)7 years (Belgian accounting law)
Newsletter subscriptionsUntil you unsubscribe
Consent recordsRetained indefinitely as legal proof of consent

6. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of inaccurate personal data.

Right to Erasure

Request deletion of your personal data (subject to legal retention requirements).

Right to Restrict Processing

Request that we limit how we use your data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interest.

To exercise any of these rights, visit our Data Rights page or email us at [email protected]. We will respond within 30 days.

7. Cookies

We use only strictly necessary cookies for session management (keeping you logged in during your visit). We do not use any marketing, analytics, or third-party tracking cookies.

Under Belgian law (transposing the ePrivacy Directive), strictly necessary cookies do not require consent. We inform you of their use via a banner on your first visit.

8. International Data Transfers

Our servers are hosted in Germany (EU). Email delivery via AWS SES may involve data transfers to the United States, governed by Standard Contractual Clauses (SCCs) as approved by the European Commission. Safari partner data sharing is limited to what is strictly necessary for travel arrangements and is done with your knowledge.

9. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Belgian Data Protection Authority:

Autorité de protection des données (APD)
Gegevensbeschermingsautoriteit (GBA)
Rue de la Presse 35, 1000 Brussels, Belgium
Phone: +32 (0)2 274 48 00
Website: www.dataprotectionauthority.be

10. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be communicated via a notice on our website. We encourage you to review this page periodically.

Questions about your privacy?

We're here to help. Reach out to us or exercise your data rights directly.

Data RightsContact Us