Legal ยท Version 1.0
Privacy Policy
Protection of Personal Data of Clients and Website Visitors
Effective Date: 30 May 2026
1. Introduction
Porto Tanganyika LTD ("the Company," "we," "us," or "our") is a private limited company duly registered under the laws of the Republic of Burundi, with its registered office located at Tokyo Business Center, 2nd Floor, Office A206, Bujumbura, Republic of Burundi.
This Privacy Policy ("the Policy") describes how Porto Tanganyika LTD collects, uses, stores, discloses, transfers, and otherwise processes personal data of individuals who: (i) visit our website; (ii) communicate with us by any means; (iii) request, purchase, or use our services; or (iv) interact with our representatives, suppliers, or commercial partners in any capacity ("you," "the Client," or "the Data Subject").
Porto Tanganyika LTD recognizes that the protection of personal data is a fundamental right of every individual. We are committed to processing personal data lawfully, fairly, and transparently in accordance with the Burundian Civil Code, applicable Burundian sectoral regulations, regional East African Community (EAC) data norms, and, where reasonably applicable to our cross-border operations, international standards including the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR").
By accessing our website, communicating with us, or engaging our services, you acknowledge that you have read and understood this Policy and consent to the practices described herein.
2. Scope of Application
This Policy applies to all personal data collected by Porto Tanganyika LTD through any channel, including but not limited to:
- Our official website (https://portotanganyika.com) and any subdomain operated by the Company;
- Booking forms, contact forms, registration forms, and online enquiries;
- Email, telephone, postal correspondence, and instant messaging exchanges;
- In-person interactions at our offices, partner offices, or any service location;
- Social media channels operated by or on behalf of the Company;
- Documents and information transmitted by Clients, suppliers, or third-party intermediaries in the course of providing or receiving services.
This Policy does not apply to third-party websites, applications, or services that may be linked from our platforms. We are not responsible for the privacy practices of such third parties, and we encourage you to review their respective privacy policies before disclosing any personal data.
3. Categories of Personal Data Collected
3.1 Personal Data
Personal Data refers to any information relating to an identified or identifiable natural person. We may collect, depending on the nature of your interaction with us, the following:
- Identification data: full legal name, date of birth, nationality, gender, photograph (where applicable);
- Contact data: physical mailing address, residential address, email address, telephone and mobile numbers;
- Identity document data: passport number, national identity card number, visa records, and supporting travel documents;
- Payment data: billing address, credit or debit card details processed through secure third-party gateways, mobile payment identifiers, bank transfer references, and proof-of-payment documentation;
- Service-related data: booking history, travel preferences, dietary requirements, accommodation preferences, special assistance needs, and emergency contact information;
- Commercial correspondence: the content of communications between you and the Company, including email exchanges, written messages, and recorded conversations where you have been notified of recording;
- Marketing data: preferences regarding receipt of newsletters and commercial communications.
3.2 Non-Personal and Technical Data
When you access our website, we may automatically collect certain non-identifying technical information, including:
- Device and browser data: browser type and version, operating system, device model, and screen resolution;
- Connection data: Internet Protocol (IP) address, Internet Service Provider, and approximate geographic location derived therefrom;
- Usage data: pages visited, time spent on each page, click-stream data, referring and exit pages, date and time of access, and search terms used;
- Cookies and similar technologies: as further described in Section 10 of this Policy.
3.3 Sensitive Personal Data
In limited circumstances, and only where strictly necessary for the provision of services (for example, dietary or medical requirements relating to a booking), we may collect sensitive personal data. Such data shall only be processed with your explicit consent, on a need-to-know basis, and shall be subject to enhanced security measures.
4. Purposes of Processing
Porto Tanganyika LTD processes personal data only for specified, explicit, and legitimate purposes, including:
4.1 Service Delivery and Booking Management
- Processing reservations, confirming bookings, and issuing service vouchers, tickets, or itineraries;
- Coordinating with hotels, transport operators, tour guides, restaurants, and other third-party suppliers necessary to fulfill the services requested;
- Processing payments and other financial transactions;
- Managing client accounts and maintaining commercial records as required by applicable law.
4.2 Communication
- Responding to enquiries, requests, complaints, and feedback;
- Sending booking confirmations, itinerary updates, schedule modifications, and pre-departure or arrival information;
- Notifying Clients of changes to our services, terms, or policies.
4.3 Marketing and Commercial Development
- Sending newsletters, promotional offers, and information about new services, where you have provided your express consent;
- Conducting Client satisfaction surveys and market research;
- Personalizing offers and recommendations based on previous interactions.
You may withdraw your marketing consent at any time by contacting us using the details set out in Section 14, or by clicking the "unsubscribe" link present in every commercial email.
4.4 Operational and Analytical Purposes
- Improving our website, services, and operational processes;
- Conducting statistical analyses on aggregated and anonymized data;
- Detecting and preventing fraud, security incidents, and unauthorized access;
- Debugging technical issues and ensuring the integrity of our systems.
4.5 Legal and Regulatory Compliance
- Complying with Burundian tax, accounting, anti-money laundering (AML), and counter-terrorism financing obligations;
- Responding to lawful requests from public authorities, including immigration, customs, judicial, and regulatory bodies;
- Establishing, exercising, or defending legal claims;
- Enforcing our Terms and Conditions and other contractual rights.
5. Legal Basis for Processing
Porto Tanganyika LTD relies on one or more of the following legal grounds when processing your personal data:
- Performance of a contract: where processing is necessary to perform our contractual obligations to you, including the execution of bookings and the delivery of services;
- Compliance with a legal obligation: where processing is required by Burundian law or other applicable legislation;
- Consent: where you have given your free, specific, informed, and unambiguous consent for a particular purpose, such as marketing communications;
- Legitimate interests: where processing is necessary for the legitimate interests pursued by the Company (such as fraud prevention, network security, internal administration, and commercial development), provided such interests are not overridden by your fundamental rights and freedoms;
- Vital interests: where processing is necessary to protect your vital interests or those of another natural person (for example, in cases of medical emergency during the provision of services).
6. Disclosure to Third Parties
Porto Tanganyika LTD does not sell, rent, or trade personal data. We may, however, disclose personal data in the following limited circumstances:
6.1 Service Providers and Commercial Partners
We share personal data with carefully selected third parties who provide services on our behalf or in partnership with us, including:
- Hotels, lodges, resorts, and accommodation providers;
- Airlines, ground transport operators, ferry services, and other transport providers;
- Tour operators, local guides, and excursion providers;
- Payment processors, banking institutions, and mobile payment service providers;
- Information technology, hosting, and cloud-storage service providers;
- Insurance providers (where insurance is procured on your behalf);
- Professional advisors including legal counsel, auditors, and consultants bound by confidentiality obligations.
All such third parties are required, by contractual arrangement or by law, to process personal data only in accordance with our instructions and to implement appropriate security measures.
6.2 Corporate Reorganization
In the event of a merger, acquisition, sale of assets, reorganization, insolvency, or similar corporate transaction, personal data may be transferred to the acquiring or successor entity, provided that such entity undertakes to maintain protection consistent with this Policy.
6.3 Legal and Regulatory Disclosures
We may disclose personal data where required to do so by Burundian law, court order, subpoena, or lawful request from public authorities, including immigration, tax, financial intelligence, and security services. We may also disclose data to protect our legal rights, our property, or the safety of our Clients, staff, or the public.
7. International Data Transfers
Given the international nature of travel, tourism, and related services, personal data collected by Porto Tanganyika LTD may be transferred to and processed in jurisdictions outside the Republic of Burundi, including destination countries and locations where our service providers, partners, or cloud servers are situated.
Data protection laws in such jurisdictions may differ from, and may not offer the same level of protection as, the laws of Burundi. Where reasonably practicable, we implement contractual safeguards, including standard data-transfer clauses, to ensure that personal data continues to be protected in accordance with this Policy.
By engaging our services or providing personal data, you acknowledge and consent to such international transfers, to the extent necessary to deliver the services you have requested.
8. Data Security
Porto Tanganyika LTD implements appropriate technical, organizational, and administrative safeguards designed to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include, without limitation:
- Access controls restricting personal data to authorized personnel only, on a need-to-know basis;
- Secure storage of electronic records, including encryption where technically appropriate;
- Use of secure transmission protocols (such as TLS/SSL) for online communications;
- Confidentiality obligations imposed on all staff, contractors, and service providers;
- Regular review of security practices and incident-response procedures.
Notwithstanding the above, you acknowledge that no method of electronic transmission or digital storage can be guaranteed to be one hundred percent (100%) secure. While we strive to use commercially reasonable means to protect your personal data, Porto Tanganyika LTD cannot guarantee absolute security and you accept this inherent residual risk.
9. Data Retention
Porto Tanganyika LTD retains personal data only for as long as is necessary to fulfill the purposes for which it was collected, including:
- The duration of the contractual relationship with the Client;
- The period necessary to comply with applicable legal, tax, accounting, and regulatory retention requirements under Burundian law (typically a minimum of ten (10) years for accounting and tax records);
- The period necessary to defend or pursue legal claims (until the expiration of applicable limitation periods);
- Where consent is the legal basis, until consent is withdrawn.
Upon the expiration of the applicable retention period, personal data shall be securely deleted, destroyed, or irreversibly anonymized.
10. Cookies and Similar Tracking Technologies
Our website may use cookies and similar tracking technologies (such as web beacons, pixels, and local storage) to ensure the proper functioning of the site and to enhance the user experience.
10.1 Categories of Cookies
- Strictly necessary cookies: essential to the operation of the website (such as session management and security). These cannot be disabled without affecting site functionality;
- Performance and analytics cookies: collect anonymized information about how visitors use the website, allowing us to improve its functionality;
- Functionality cookies: remember choices you make (such as language preference) to provide enhanced features;
- Marketing cookies: used to deliver advertising relevant to your interests, where you have consented.
10.2 Managing Cookies
You may control cookies through your browser settings, including by refusing cookies, deleting existing cookies, or being notified when cookies are placed. Please note that disabling certain cookies may affect the functionality of our website.
11. Your Rights as a Data Subject
Subject to applicable law and reasonable verification of your identity, you have the following rights with respect to your personal data:
- Right of access: to obtain confirmation of whether we process your personal data and, if so, to receive a copy of such data;
- Right of rectification: to request correction of inaccurate, incomplete, or outdated personal data;
- Right of erasure: to request deletion of your personal data, subject to overriding legal retention obligations or the establishment, exercise, or defense of legal claims;
- Right to restrict processing: to request that we limit the processing of your personal data under defined circumstances;
- Right to data portability: where technically feasible and legally applicable, to receive your personal data in a structured, commonly used, and machine-readable format;
- Right to object: to object to processing carried out on the basis of our legitimate interests, including processing for direct marketing purposes;
- Right to withdraw consent: where processing is based on consent, to withdraw such consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal;
- Right to lodge a complaint: to file a complaint with the competent supervisory authority in Burundi or in your country of residence, where applicable.
To exercise any of these rights, please contact us using the details set out in Section 14. We shall respond to your request within a reasonable timeframe, and in any event within thirty (30) days of receipt, unless an extension is justified by the complexity of the request.
12. Children's Privacy
Our services are not directed to, and we do not knowingly collect personal data from, persons under the age of eighteen (18) without the verifiable consent of a parent or legal guardian. Where a minor is included in a booking, such booking must be made and supervised by a parent or legal guardian, who shall be solely responsible for providing the necessary personal data and consents. If we become aware that we have collected personal data from a minor without appropriate consent, we shall take steps to delete such data without undue delay.
13. Changes to This Policy
Porto Tanganyika LTD reserves the right to amend, update, or revise this Policy at any time, in response to changes in our practices, applicable law, or industry standards. The current version of this Policy shall always be available on our website, with the "Effective Date" indicated at the beginning of the document. We encourage you to review this Policy periodically. Continued use of our services following the publication of an updated Policy shall constitute acceptance of such updates.
14. Contact Information
Any questions, comments, requests for the exercise of rights, or complaints regarding this Privacy Policy or the processing of personal data should be addressed to:
Porto Tanganyika LTD
Attention: Data Protection Officer / Privacy Contact
Tokyo Business Center, 2nd Floor, Office A206
Bujumbura, Republic of Burundi
Email: services@portotanganyika.com
Telephone: +257 65 612 251
Website: https://portotanganyika.com
Acknowledgment. By accessing the Porto Tanganyika LTD website, communicating with the Company by any means, or engaging the Company's services in any capacity, you acknowledge that you have read, understood, and accepted the terms of this Privacy Policy.
ยฉ Porto Tanganyika LTD โ All rights reserved.