Emerald Stay Logo

Emerald by Skyline Villa - Naivasha, Kenya

Privacy Policy

Last updated: 2026-03-18

At Emerald by Skyline Villa, we value your privacy and are committed to protecting your personal data in accordance with the Data Protection Act, 2019 (KDPA) of the Republic of Kenya. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

Return to home page

1. Data Controller Identity and Contact Details

For the purposes of the KDPA 2019, the Data Controller is:

If you have any questions regarding this Privacy Policy or our data practices, please contact us via the email address above.

2. Information We Collect

We collect the following categories of personal data to provide and improve our services:

  • Account data: Full name, email address, and phone number.
  • Identity verification data: National ID number (for Kenyan citizens), passport number (for non-citizens), and photographs of identity documents.
  • Booking data: Details about your stay, room selections, and guest information.
  • Payment data: Transaction references (we do not store card details; these are handled by our payment processor).
  • Device data: Push notification tokens and device identifiers for app functionality.

3. How We Use Your Information

We use personal data for the following purposes:

  1. Booking Management: To facilitate your property reservations and manage your stay.
  2. Identity Verification: To verify guest identity as required for security and regulatory compliance.
  3. Payment Processing: To securely process payments for bookings and services.
  4. Communications: To send booking confirmations, respond to inquiries, and provide customer support.
  5. Notifications: To send push notifications regarding your booking status or messages.
  6. Security: To detect and prevent fraud and maintain platform integrity.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under the KDPA 2019:

  • Consent: You provide explicit consent when you check the consent box during signup or identity verification.
  • Performance of a Contract: Processing is necessary for the execution of your booking agreement and the provision of accommodation services.
  • Legal Obligation: We may process data to comply with Kenyan laws, such as tax reporting requirements.

5. Third-Party Services

We work with service providers to operate our platform. The following third parties may receive your data:

ServicePurposeData Shared
Payment processorSecure payment processingTransaction details
Cloud infrastructureHosting and databaseAll user data
Email serviceTransactional emailsEmail addresses
Authentication providersSocial loginEmail and name

We ensure that all third parties respect the security of your personal data and treat it in accordance with applicable law.

6. Cross-Border Data Transfers

Your personal data may be stored on servers located outside Kenya, including in the United States and European Union. By using the app, you acknowledge and consent to this cross-border transfer. We ensure that such transfers are protected by appropriate safeguards as required by the KDPA 2019.

7. Data Security

We implement robust technical and organizational measures to protect your data:

  • Sensitive identity information is encrypted at rest in our database.
  • Access to personal data is strictly limited to authorized personnel.
  • Identity documents are stored in secure, access-controlled storage.
  • All data is transmitted over encrypted connections.

8. Data Retention

We retain your personal data only for as long as necessary:

  • Account data: Deleted within 30 days of account deletion request.
  • Booking records: Retained for 7 years to comply with Kenyan tax regulations.
  • Identity documents: Retained for the duration of your account plus one year.

9. Your Rights under KDPA 2019

Under the Data Protection Act, 2019, you have the following rights:

  1. Right of Access (Section 26): Confirm whether we hold your data and receive a copy.
  2. Right to Rectification (Section 27): Request correction of inaccurate or incomplete data.
  3. Right to Erasure (Section 28): Request deletion of your personal data.
  4. Right to Object (Section 29): Object to processing for specific purposes.
  5. Right to Data Portability (Section 30): Receive your data in a structured, machine-readable format.
  6. Right to Restriction: Request that we limit how we use your data.

10. How to Exercise Your Rights

To exercise any of the rights listed above, please send a formal request to:

Email: privacy@emeraldskyline.co.ke

We will respond to your request within the timelines mandated by the KDPA 2019. We may require you to verify your identity before processing your request.

11. Device Identifiers and Notifications

We do not use traditional browser cookies. However, we use:

  • Push notification tokens to deliver essential notifications regarding your bookings.
  • Device identifiers to ensure the app functions correctly on your device.

12. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor without appropriate consent, we will take steps to delete that information.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. When we make significant changes, we will notify you through the mobile application and update the effective date. Continued use of the app after such changes constitutes your acknowledgment of the updated policy.

14. Contact the Office of the Data Protection Commissioner

If you believe your data protection rights have been violated and we have not resolved your concern, you have the right to lodge a complaint with the Kenyan regulator:

Office of the Data Protection Commissioner

Website: www.odpc.go.ke

Email: complaints@odpc.go.ke