PRIVACY POLICY

Last Updated: January 28, 2025

1. INTRODUCTION

AMAHORO Apartments, operated by EPR Investment Company Ltd (“we,” “us,” “our”), is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit our website (amahoroapartments.com), make a reservation, or use our services.

This policy complies with Rwanda’s Law No. 058/2021 of 13/10/2021 relating to the protection of personal data and privacy, the General Data Protection Regulation (GDPR), and other applicable international data protection laws.

Contact Information:

  • Company: EPR Investment Company Ltd
  • Address: KK 515 St, Kigali, Rwanda
  • Email: info@amahoroapartments.com
  • Phone: +250 791 944 602

2. INFORMATION WE COLLECT

2.1 Personal Information You Provide

Booking Information:

  • Full name and contact details
  • Email address and phone number
  • Payment information (credit card details, billing address)
  • Passport/ID information (for registration requirements)
  • Special requests and preferences
  • Emergency contact information

Account Information:

  • Login credentials (username, password)
  • Profile preferences
  • Communication preferences
  • Loyalty program information

Communication Data:

  • Correspondence via email, phone, or chat
  • Feedback and reviews
  • Survey responses
  • Customer service interactions

2.2 Information We Collect Automatically

Website Usage Data:

  • IP address and device information
  • Browser type and version
  • Pages visited and time spent
  • Referring websites
  • Search terms used

Technical Data:

  • Cookies and similar tracking technologies
  • Session information
  • Location data (with consent)
  • Device identifiers

3. HOW WE USE YOUR INFORMATION

3.1 Primary Purposes

Reservation Management:

  • Processing and confirming bookings
  • Managing check-in and check-out procedures
  • Providing accommodation services
  • Handling payment transactions
  • Communicating booking updates

Customer Service:

  • Responding to inquiries and requests
  • Resolving complaints and issues
  • Providing concierge services
  • Managing special accommodations

Legal Compliance:

  • Meeting Rwanda Tourism Board requirements
  • Complying with tax and financial regulations
  • Fulfilling government reporting obligations
  • Anti-money laundering compliance

3.2 Secondary Purposes (With Consent)

Marketing Communications:

  • Sending promotional offers and newsletters
  • Sharing information about new services
  • Conducting customer satisfaction surveys
  • Personalized marketing campaigns

Service Improvement:

  • Analyzing usage patterns
  • Improving website functionality
  • Developing new services
  • Quality assurance monitoring

4. LEGAL BASIS FOR PROCESSING

We process your personal data based on:

Contract Performance: Processing necessary for booking fulfillment Legal Obligation: Compliance with Rwanda tourism and tax laws Legitimate Interest: Service improvement and security Consent: Marketing communications and optional services

5. INFORMATION SHARING AND DISCLOSURE

5.1 Service Providers

We share information with trusted third parties:

Payment Processors:

  • Credit card processing companies
  • Banking partners
  • Payment gateway providers

Technology Partners:

  • Website hosting services
  • Cloud storage providers
  • Email service providers
  • Booking system partners

Business Partners:

  • Tourism service providers
  • Transportation companies
  • Local tour operators
  • Restaurant partners

5.2 Legal Requirements

We may disclose information when required by:

  • Rwanda government authorities
  • Tourism regulatory bodies
  • Law enforcement agencies
  • Court orders or legal proceedings

5.3 Business Transfers

In the event of merger, acquisition, or sale, your information may be transferred to the new entity with appropriate safeguards.

6. INTERNATIONAL TRANSFERS

When transferring data outside Rwanda, we ensure adequate protection through:

  • Adequacy decisions by Rwanda authorities
  • Standard contractual clauses
  • Binding corporate rules
  • Your explicit consent

7. DATA RETENTION

Booking Records: Retained for 7 years for tax and legal compliance Marketing Data: Retained until consent withdrawal Website Analytics: Anonymized after 26 months CCTV Footage: Retained for 30 days unless incident-related Financial Records: Retained per Rwanda tax law requirements

8. YOUR RIGHTS

Under Rwanda’s data protection law and international standards, you have the right to:

Access: Request copies of your personal data Rectification: Correct inaccurate information Erasure: Request deletion of your data Portability: Receive data in a structured format Restriction: Limit processing in certain circumstances Objection: Object to processing based on legitimate interests Withdrawal: Withdraw consent at any time

To exercise your rights: Email: info@amahoroapartments.com Include: Your name, booking reference, and specific request

9. SECURITY MEASURES

We implement comprehensive security measures:

Technical Safeguards:

  • SSL encryption for data transmission
  • Secure payment processing (PCI DSS compliant)
  • Regular security audits and updates
  • Access controls and authentication
  • Data backup and recovery systems

Physical Security:

  • Secure server facilities
  • Restricted access to data centers
  • Surveillance and monitoring systems
  • Staff security training

Organizational Measures:

  • Privacy impact assessments
  • Data protection policies
  • Staff training programs
  • Incident response procedures

10. COOKIES AND TRACKING

10.1 Cookie Types

Essential Cookies: Required for website functionality Performance Cookies: Analyze website usage (Google Analytics) Functional Cookies: Remember your preferences Marketing Cookies: Deliver targeted advertisements

10.2 Cookie Management

You can control cookies through:

  • Browser settings
  • Our cookie preference center
  • Third-party opt-out tools

Cookie Duration:

  • Session cookies: Deleted when browser closes
  • Persistent cookies: Stored for specific periods
  • Third-party cookies: Managed by respective providers

11. CHILDREN’S PRIVACY

We do not knowingly collect personal information from children under 16 without parental consent. If we become aware of such collection, we will delete the information promptly.

12. THIRD-PARTY LINKS

Our website may contain links to third-party websites. We are not responsible for their privacy practices. Please review their privacy policies before providing personal information.

13. UPDATES TO THIS POLICY

We may update this Privacy Policy to reflect:

  • Changes in our practices
  • Legal or regulatory requirements
  • New technologies or services

Significant changes will be communicated via:

  • Email notification to registered users
  • Website banner announcements
  • Updated “Last Modified” date

14. COMPLAINTS AND CONTACT

Data Protection Officer Contact: Email: info@amahoroapartments.com Phone: +250 XXX XXX XXX

Rwanda Supervisory Authority: National Cyber Security Authority (NCSA) Email: info@cyber.gov.rw Website: cyber.gov.rw