Gosheni Shuttle

Privacy Policy

Last updated: 26 Sept 2025 • Email: hello@goshenishuttle.com • WhatsApp/Phone: +254 720 321 043

This Privacy Policy explains how Gosheni Shuttle (“we”, “us”, “our”) collects, uses, shares and protects your personal data in connection with our coach and shuttle services and the website goshenishuttle.com. We process personal data in accordance with the Kenya Data Protection Act, 2019 and its Regulations.

1Who we are (Data Controller)

Gosheni Shuttle, Nairobi, Kenya, is the Data Controller for personal data we collect through our website, booking platform, email and WhatsApp.

Contact: hello@goshenishuttle.com • WhatsApp: +254 720 321 043

2Data we collect

  • Identity & contact: name, phone, email, company/organisation.
  • Booking details: pickup/drop-off, dates/times, flight number, passenger count, luggage notes, special requests.
  • Payment: transaction references from our payment providers (we do not store full card or M-Pesa credentials).
  • Communications: messages sent by email, site forms or WhatsApp, plus call/notification logs related to your booking.
  • Website & device: IP address, pages viewed, basic device/browser data; cookies/analytics (see Cookies & Analytics).

3How we use your data & legal bases

  • To provide services: create/manage bookings, send confirmations/receipts, coordinate drivers, customer support. Legal basis: performance of a contract or to enter into a contract.
  • Safety & operations: scheduling, incident handling, fraud prevention. Legal basis: legitimate interests and legal obligations.
  • Payments: process payments and refunds via third-party gateways. Legal basis: performance of a contract.
  • Marketing (optional): send offers or updates via email/WhatsApp if you opt-in; you can opt out any time. Legal basis: consent or legitimate interests (where permitted).
  • Compliance: maintain records, respond to lawful requests, tax/audit requirements. Legal basis: legal obligations.

4Payments & processors

We use reputable payment providers (e.g., card gateways and M-Pesa integrators) to process transactions securely. We receive limited information (payment status, reference, masked card type) to reconcile your booking. Full card details are handled by the gateway and are not stored by us.

5WhatsApp & communications

If you contact us via WhatsApp, your messages are processed by WhatsApp according to their own terms. We may store relevant conversation details in our booking records (e.g., pickup change) to deliver your service.

6Cookies & analytics

Our site may use cookies to ensure core functionality (e.g., session, security) and basic analytics to understand site usage and improve performance.

  • Essential cookies: required for the site/booking form to work.
  • Analytics cookies: measure visits and performance (aggregated). Where required, we’ll ask for consent.

You can manage cookies via your browser settings. Blocking essential cookies may affect site functionality.

7Sharing your data

  • Service partners: drivers/operations staff and, where needed, trusted subcontractors to fulfil your trip.
  • Payment providers: to process payments, prevent fraud and issue refunds.
  • IT vendors: hosting, email/SMS providers, website security, analytics—under contracts that protect your data.
  • Legal & compliance: where required by law, regulation or court order, or to protect our rights and safety.

We do not sell your personal data.

8International transfers

Some providers may store or process data outside Kenya. Where we transfer data internationally, we take reasonable steps to ensure comparable protection (contractual safeguards and provider due diligence).

9Data retention

  • Bookings & invoices: typically kept for 7 years for tax/audit purposes.
  • Support messages: kept as long as needed to manage your booking and for a reasonable period thereafter.
  • Marketing lists: until you opt out or we delete inactive contacts.

When no longer needed, we delete or anonymise data safely.

10Your rights (Kenya DPA 2019)

You have rights under Kenya’s Data Protection Act, including:

RightWhat it means
Access Request a copy of your personal data we hold.
Correction Ask us to correct inaccurate or incomplete data.
Deletion Request deletion where we no longer need the data and no legal obligation requires retention.
Objection/Restriction Object to or request restriction of certain processing (e.g., direct marketing).
Portability Receive data you provided in a usable format where applicable.
Withdrawal of consent Withdraw consent at any time where processing is based on consent.

To exercise your rights, contact hello@goshenishuttle.com. We may need to verify your identity.

11Security

We use reasonable technical and organisational measures to protect personal data (access controls, encryption in transit for our site, provider due diligence). No system is completely secure; please take care with what you share by email or messaging apps.

12Children

Our services are intended for adults and organisations. If you believe a child’s data has been provided without appropriate consent, contact us to review and act as required by law.

13Changes to this policy

We may update this policy to reflect operational or legal changes. We will post the updated version on this page with a new “Last updated” date.

14Contact & complaints

Questions or requests: hello@goshenishuttle.com • WhatsApp: +254 720 321 043

If you are not satisfied with our response, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC), Kenya.

Email a Privacy Request WhatsApp Us