Privacy Policy

Silverback Adventures Ltd is a licensed Rwandan tour operator with offices in Kigali, Rwanda. For the purposes of data protection law we are the data controller of any personal information you share with us in connection with travel planning, bookings, and after-trip support. References to “we”, “us”, “our”, or “Silverback” throughout this policy mean Silverback Adventures Ltd.

Our registered office is located in Kigali, Rwanda. We are registered with the Rwanda Development Board and operate under Rwandan tourism licensing regulations.

We only collect information that is necessary to design, book, and deliver your safari:

• Identity & contact data: full name, nationality, date of birth, phone number, and WhatsApp handle.
• Travel data: passport details (for park permits and lodge check-in), preferred travel dates, party size, dietary needs, mobility considerations, and emergency contact.
• Payment data: billing name and address; card details are processed directly by our PCI-DSS compliant payment partners — we never store full card numbers on our servers.
• Communications: messages exchanged on WhatsApp, email, this website's contact form, or by phone.
• Technical data: IP address, browser type, device, pages visited, and approximate location collected through privacy-friendly analytics.
• Special categories: health or dietary information you voluntarily share so we can accommodate your needs during trekking and lodge stays.

We use your data only for the purposes you would reasonably expect from a travel concierge:

• Building tailor-made itineraries and quoting trips.
• Reserving gorilla permits with the Rwanda Development Board, lodge rooms, internal flights, and ground transport.
• Processing payments and issuing receipts and invoices.
• Sending pre-trip information, packing lists, and on-trip support messages.
• Improving our website, services, and itineraries based on aggregated, anonymous usage data.
• Complying with Rwandan tax, tourism, immigration, and conservation regulations.
• Sending occasional updates about new itineraries, conservation news, or special offers — only if you have opted in.

Under data protection law, we process your personal data on the following legal bases:

• Contractual necessity: to perform our contract with you (booking, payment, trip delivery).
• Legal obligation: to comply with Rwandan tax, tourism, and immigration laws.
• Legitimate interests: to improve our services and prevent fraud, balanced against your rights.
• Consent: for marketing communications and optional cookies, which you can withdraw at any time.

We share the minimum information necessary with carefully selected partners — the Rwanda Development Board (for gorilla and chimp permits), national park authorities, lodges, hotels, internal flight operators, transport providers, and licensed guides. We also use trusted technology providers for hosting, analytics, and payments, all bound by data-processing agreements.

We never sell your personal data, and we never share it for third-party marketing. We only disclose data when legally required by Rwandan authorities or to protect our legal rights.

Some of our service providers are located outside Rwanda (e.g., cloud hosting, payment processors, email delivery). When your data is transferred internationally we rely on Standard Contractual Clauses, adequacy decisions, or your explicit consent, and we apply the same level of protection set out in this policy.

Booking files and financial records are retained for seven years to meet Rwandan tax law. Marketing contacts are kept until you ask us to remove them. Website analytics data is anonymised after 14 months.

Passport and permit information is retained only for the duration necessary to complete your trip and satisfy park authority record-keeping requirements, after which it is securely deleted.

We protect your data with encryption in transit (TLS 1.3), encryption at rest, role-based access controls, and routine security audits. Access to traveller files is restricted to authorised concierge staff who are bound by confidentiality agreements.

In the unlikely event of a data breach that poses a risk to your rights, we will notify you and the relevant supervisory authority within 72 hours in accordance with applicable law.

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct or update inaccurate information.
• Erasure: Ask us to delete your data, subject to legal retention obligations.
• Restriction: Object to or restrict certain processing, including marketing.
• Portability: Receive your data in a structured, commonly used format.
• Withdraw consent: At any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Complaint: Lodge a complaint with Rwanda's National Cyber Security Authority (NCSA) or your local data protection authority.

To exercise any of these rights, contact our concierge team by WhatsApp or phone — the numbers are listed in the footer of every page.

We use a small number of essential cookies to keep the site working and optional analytics cookies that help us understand which itineraries our visitors love. You can disable non-essential cookies in your browser at any time without losing access to the site.

Essential cookies include session identifiers and security tokens. Analytics cookies collect anonymised data about page views, referral sources, and device types. We do not use cookies to track you across unrelated websites.

Our services are intended for adults arranging family travel. We do not knowingly collect personal data directly from children under 16. Information about minor travellers is provided by the booking adult and used only for trip logistics, permit applications, and emergency contact purposes.

If you believe we have inadvertently collected data from a child without parental consent, please contact us immediately and we will delete the information.

Our website may contain links to third-party websites (e.g., Rwanda Development Board, partner lodges, airlines). This privacy policy applies only to Silverback Adventures. We encourage you to review the privacy policies of any external sites you visit.

We may update this policy as our services evolve. The date at the top of this page always reflects the most recent revision. Material changes will be highlighted on our homepage for 30 days.

For any privacy question or data request, reach our team through the channels listed on our contact page. We answer every privacy enquiry within five working days.