Privacy Policy — Elegant Haven KE

Section 01

Who We Are

Elegant Haven KE ("Elegant Haven", "we", "us", "our") is a property discovery and booking platform operating at eleganthavenke.com and all associated mobile applications and services. We connect guests with property hosts and sellers across Kenya and beyond.

We act as the data controller for all personal information collected through our platform. This Privacy Policy applies to all visitors, registered users, hosts, guests, and property enquirers who interact with our services.

We process personal data in accordance with the Kenya Data Protection Act 2019, the EU General Data Protection Regulation (GDPR) where applicable to EU-resident users, and all other applicable data protection legislation.

Section 02

Information We Collect

We collect information you provide directly and data generated automatically when you use our platform:

Category	Examples	When Collected
Identity	Full name, profile photo	Account registration, host listing
Contact	Email address, phone number, physical address	Registration, booking, enquiry forms
Booking data	Check-in/out dates, unit selected, guest count	Reservation flow
Payment reference	M-Pesa transaction reference, amount	Payment confirmation — we never store card details
Property data	Listing details, photos, videos, ownership documents	Host or seller listing submission
Reviews	Written review text, star ratings	Post-stay review submission
Device & usage	IP address, browser type, pages visited, session duration	Automatically on all page visits
Approximate location	City and country inferred from IP address — not precise GPS	Automatically — used for proximity listing sorting
Communications	Messages sent to us via email or contact forms	When you contact us
OTP verification	Email address used in verification flow	During host listing registration

Section 03

How We Use Your Information

We use your personal data only for the purposes below. We never use it in ways incompatible with these purposes.

To provide our services — processing bookings, reservations, and property sale enquiries, and facilitating M-Pesa payment instructions between guests and hosts.

To verify listings — reviewing ownership documents submitted by hosts and sellers to confirm legitimacy before approving listings on the platform.

To personalise your experience — sorting listings by your approximate location, surfacing relevant properties, and remembering your session preferences.

To send transactional communications — booking confirmations, OTP codes, payment instructions, enquiry responses, and important account notifications.

To send marketing emails (only with your consent) — new listings, seasonal offers, and platform updates. You may unsubscribe at any time via the link in any email or by contacting us.

To improve the platform — analysing aggregated, anonymised usage data to understand how our platform is used, identify bugs, and improve features.

To comply with legal obligations — retaining records as required by Kenyan law, responding to lawful authority requests, and preventing fraud and misuse.

Section 04

Legal Basis for Processing

Under the Kenya Data Protection Act 2019 and the GDPR, we are required to have a lawful basis for processing your personal data. We rely on the following grounds:

Legal Basis	When We Apply It
Contract performance	Processing your booking, reservation, or listing — necessary to fulfil the agreement between you and Elegant Haven.
Legitimate interests	Platform analytics, fraud prevention, security monitoring, and improving user experience — where our interests do not override your fundamental rights.
Legal obligation	Retaining financial and booking records as required by Kenyan law; responding to lawful requests from public authorities.
Your consent	Sending optional marketing and promotional communications. You may withdraw consent at any time without affecting lawfulness of prior processing.

Section 05

Data Sharing & Third Parties

We do not sell your personal data. We do not share your information with advertisers. We do not allow third parties to target you with advertisements through our platform.

We may share your data only in the limited circumstances below:

With hosts and sellers — when you make a booking or enquiry, we share your name, phone number, and email with the relevant property host or seller to facilitate the transaction.

With service providers — trusted third-party providers who help us operate the platform (e.g. email delivery, server hosting, analytics). These providers process data only on our instructions and are bound by confidentiality obligations.

With payment processors — M-Pesa payment is handled directly between you and Safaricom. We receive only a transaction reference and confirmation; we do not store financial credentials.

For legal compliance — we may disclose data to law enforcement or regulatory authorities if required to do so by applicable law or a valid court order.

In a business transfer — if Elegant Haven is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. You will be notified in advance.

Section 06

Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy, or as required by law.

Data Type	Retention Period
Account and profile data	For the life of your account, plus 2 years after account closure
Booking and reservation records	7 years (for financial and legal compliance)
Property listing data and documents	Duration of listing plus 3 years after removal
Reviews	Indefinitely, as they form part of our public platform record
Communications (emails, enquiries)	2 years from last interaction
Server and access logs	90 days, unless required longer for security investigations
Marketing consent records	Until consent is withdrawn, then archived for 3 years

When data is no longer required, it is securely deleted or anonymised so that it can no longer be linked to you.

Section 07

Your Rights

Under the Kenya Data Protection Act 2019, you have the following rights regarding your personal data. To exercise any of these rights, contact us at reservations@eleganthavenke.com. We will respond within 30 days.

Right to Access

Request a copy of all personal data we hold about you, free of charge.

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold.

Right to Erasure

Request deletion of your data where there is no compelling reason to continue processing it.

Right to Object

Object to processing based on legitimate interests, including direct marketing.

Right to Restrict

Request that we restrict processing of your data while a complaint is being investigated.

Right to Portability

Receive your data in a structured, machine-readable format to transfer to another provider.

Withdraw Consent

Withdraw consent for marketing or optional processing at any time without penalty.

Right to Complain

Lodge a complaint with the Office of the Data Protection Commissioner of Kenya (ODPC).

Section 08

Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include:

Encrypted data transmission — all data transmitted between your browser and our servers uses TLS/HTTPS encryption.

Access controls — personal data is accessible only to staff who need it to perform their role, governed by role-based access permissions.

OTP email verification — listing hosts must verify their email address using a one-time code before a listing is submitted, reducing the risk of fraudulent submissions.

No financial credential storage — we do not store M-Pesa PINs, card numbers, or any payment credentials. Payment is handled entirely by Safaricom's M-Pesa infrastructure.

Despite our measures, no internet transmission is completely secure. If you believe your data has been compromised, please contact us immediately at reservations@eleganthavenke.com.

Section 09

Children's Privacy

Our platform is intended for users aged 18 years and over. We do not knowingly collect personal data from children under the age of 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at reservations@eleganthavenke.com and we will delete the information promptly.

Section 10

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you by email (if you have an account) and by displaying a prominent notice on our website for at least 30 days before the changes take effect.

The date at the top of this policy indicates when it was last revised. Continued use of our platform after the effective date constitutes your acceptance of the updated policy.

We encourage you to review this policy periodically. All previous versions are available on request.

Section 11

Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or want to raise a concern, please reach out to us:

Elegant Haven Privacy Team

We aim to respond to all privacy requests within 30 days. For urgent matters please include "URGENT" in your subject line.

reservations@eleganthavenke.com WhatsApp

You also have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya (ODPC) at www.odpc.go.ke.