Privacy Policy for Ekamba Travels

Effective Date: January 03, 2026

1. Introduction

Ekamba Travels (“we,” “us,” or “our”) is a Nigerian-based online travel agency operating through ekambatravels.com. We specialize in booking travel holidays for our customers, including searching for flight deals, hotel accommodations, tours, and related services. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in compliance with the Nigeria Data Protection Act 2023 (NDPA), as well as relevant international regulations such as the General Data Protection Regulation (GDPR) where applicable (e.g., for customers in the European Union).

We are committed to safeguarding your privacy and ensuring transparency in our data practices. By using our website or services, you consent to the practices described in this policy. If you do not agree, please do not use our services.

Our contact details:

Ekamba Travels Ltd.

Princess & Angel Plaza, Km 22 Lekki-Epe Expressway, Opposite Lagos Business School (LBS), Ajah, Lagos state.

Email: privacy@ekambatravels.com

Phone: +234 818 4783 433/818 4783 444

We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws. You can contact our DPO at dpo@ekambatravels.com.

2. Information We Collect

We collect personal data necessary to provide our services. This includes:

Contact Information: Name, email address, and phone number, which you provide when booking services or subscribing to our newsletter.
Travel-Related Information: Details such as travel preferences, destinations, and any additional information required to fulfill your bookings (e.g., passport details if necessary for international travel).
Usage Data: Automatically collected information like IP address, browser type, device information, pages visited, and time spent on our site.
Marketing Preferences: Information related to your newsletter subscription.

We do not collect sensitive personal data (e.g., racial or ethnic origin, health data) unless strictly necessary for your travel arrangements and with your explicit consent.

3. How We Collect Information

Directly from You: Through forms on our website for bookings, inquiries, or newsletter subscriptions.
Automatically: Via cookies, web beacons, and similar tracking technologies to analyze site usage and improve user experience (see Section 10 for details).
From Third Parties: If you interact with us through partners or social media, we may receive limited information from them.

4. Use of Information

We process your personal data based on lawful bases under the NDPA and GDPR, including:

Contractual Necessity: To fulfill your travel bookings, such as arranging flights, hotels, tours, and ancillary services.
Consent: For sending newsletters, marketing communications, or processing optional data.
Legitimate Interests: To improve our website, prevent fraud, and analyze usage patterns.
Legal Obligations: To comply with regulatory requirements, such as reporting to authorities.

Specific purposes include:

Processing and confirming your bookings.
Communicating with you about your travel plans, updates, or changes.
Sending promotional offers or newsletters (you can opt out at any time).
Enhancing our services through analytics.

5. Sharing of Information

We share your personal data only as necessary:

With Service Providers: Airlines, hotels, tour operators, and other third-party partners to fulfill your holiday packages. These partners are contractually obligated to protect your data and use it only for the specified purposes.
For Legal Reasons: With regulatory authorities, law enforcement, or in response to legal requests if required by law.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner.
Aggregated Data: Non-personal, anonymized data may be shared with partners for analytics.

We do not sell your personal data. All sharing complies with NDPA requirements for data processing agreements.

6. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption, firewalls, access controls, and regular security audits. However, no system is completely secure, and we cannot guarantee absolute security. In case of a data breach posing a high risk, we will notify you and the Nigeria Data Protection Commission (NDPC) within 72 hours as required by the NDPA.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined, or as required by law (e.g., for tax or audit purposes). Booking data is typically kept for 7 years under Nigerian regulations. Newsletter subscription data is retained until you unsubscribe. After this, data is securely deleted or anonymized.

8. Your Rights

Under the NDPA and GDPR (if applicable), you have the following rights:

Access: Request a copy of your data.
Rectification: Correct inaccurate data.
Erasure: Request deletion where no longer needed (subject to legal obligations).
Restriction: Limit processing in certain cases.
Objection: Object to processing based on legitimate interests or for marketing.
Portability: Receive your data in a machine-readable format.
Withdraw Consent: At any time, without affecting prior processing.
Complain: Lodge a complaint with the NDPC or relevant supervisory authority.

To exercise these rights, contact us at privacy@ekambatravels.com. We will respond within 30 days (extendable under GDPR). For children’s data (under 18), we require parental consent.

9. International Data Transfers

Your data may be transferred outside Nigeria (e.g., to international partners for bookings). We ensure adequate protections through standard contractual clauses, binding corporate rules, or other mechanisms approved under the NDPA and GDPR. Transfers without adequate safeguards occur only with your explicit consent or for contract performance.

10. Cookies and Tracking Technologies

We use cookies to enhance your experience, such as remembering preferences and analyzing traffic. Types include:

Essential cookies for site functionality.
Analytics cookies (e.g., Google Analytics) for usage insights.
Marketing cookies for personalized ads.

You can manage cookies via your browser settings. Refusing may limit site features. For more details, see our Cookie Policy [link if separate]. We anonymize IP addresses in analytics tools.

11. Changes to This Policy

We may update this policy to reflect changes in laws or practices. Updates will be posted here with the new effective date. We encourage you to review periodically. Continued use after changes implies acceptance.

12. Contact Us

For questions, complaints, or rights requests, contact: