top of page

Privacy Policy

Last updated: October 2025

About This Policy

This privacy policy explains how Fortress Essentials & Errands uses and protects personal information related to our customers, website users, and others who interact with us. We are committed to protecting your personal data, and it is important that you read this privacy policy along with any other privacy notices we may provide when collecting or processing personal data, so you fully understand how and why we use your data. This notice supplements other privacy notices and does not override them.

Fortress Essentials & Errands (referred to as “we,” “us,” or “our” in this notice) values your privacy and strives to provide a secure, trustworthy experience across all interactions, whether you’re making a purchase, managing an account, or using our website.

Our Commitment

We value your privacy and are committed to safeguarding your personal data. We collect and process information lawfully, fairly, and transparently, ensuring that your data is used solely for the purposes stated in this policy.

We do not sell or rent your personal data to third parties and only share information where necessary to provide our services or comply with legal obligations.

How we collect your Personal Data

We collect personal data in several ways, including:

  • Directly from you: When you register, contact us, fill out forms, or engage with our services.

  • Automatically: Through cookies, analytics tools, and similar technologies when you use our website.

  • From third parties: Such as payment processors, social media platforms, or public databases.

How we collect your Personal Data

Categories of Personal Data

  • Identity Data: Includes first name, last name, username or similar identifier, title, date of birth, and gender.

  • Contact Data: Includes billing address, delivery address, email address, and telephone numbers.

  • Financial Data: Includes bank account and payment card details.

  • Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.

  • Technical Data: Includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

  • Profile Data: Includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.

  • Usage Data: Includes information about how you use our website, products, and services.

  • Marketing and Communications Data: Includes your preferences in receiving marketing from us and your communication preferences.

  • Call Recordings: Includes recordings of calls made to our reservation centres.

Legal Bases for Processing

We process your personal data on the following legal grounds:

  • Consent: When you voluntarily provide information or opt-in to communications.

  • Contractual necessity: To deliver products or services you have requested.

  • Legal obligation: To comply with applicable laws or regulatory requirements.

  • Legitimate interest: For purposes such as improving our services, fraud prevention, or analytics.

Business-Related Information

If you are associated with a business or organisation that is our customer, we may collect personal data, including:

  • Business Details: Name, address, contact information, payment details, and financial information of the business.

  • Role Within the Business: Your position (e.g., owner, partner, director, employee, agent).

  • Work Contact Details: Work address, telephone numbers, fax number, and work email.

Purpose: This data is collected to fulfil contractual obligations and manage our business relationships effectively.

Legal Bases: The processing is necessary for the performance of a contract and is based on our legitimate interests in managing customer relationships and providing services.

Data Generated by Us

We and our suppliers or subcontractors may generate personal data about you in the following ways:

  • Enquiries, Bookings, Complaints: Data generated when handling enquiries, bookings, or complaints.

  • Fulfilment of Contracts: Data generated during the fulfilment of bookings or contractual agreements.

  • Analysis of Personal Data: Insights gained through data analysis to improve services and customer experience.

  • Website Usage: Data collected from your use of our website, as detailed in our cookie policy.

  • Telephone Calls: Recordings of telephone calls for training and quality purposes.

Purpose: This data is used for operational purposes such as improving customer service, service delivery, and business analytics.

Legal Bases: The processing is based on legitimate interests to maintain and improve our services, fulfil contractual obligations, and comply with legal requirements.

Account, Registration, and Loyalty Information

If you create an account or register for a loyalty or membership program, we collect details such as your name, email, contact information, and login credentials. This data is used to manage your account, personalize your experience, and deliver member benefits.

Correspondence

We retain records of correspondence between you and our team, including support requests, inquiries, and feedback. These records help us respond effectively and improve customer support.

Website Usage Information

We collect personal data from your use of our website, including:

  • Data Collection: Information about your visits and interactions, including IP address, device details, browser type, operating system, and time-zone.

  • Cookies and Web Beacons: Data collected through cookies and web beacons to enhance user experience and analyse website performance.

  • Page Interactions: Data about the pages visited, services/products viewed, duration of interaction, etc.

Purpose: This data helps us improve website functionality, personalise user experience, and optimise marketing efforts.

Legal Bases: Processing is based on legitimate interests to understand user preferences, improve performance, and deliver relevant content and advertising.

User-Generated Content (UGC)

By submitting content such as reviews, comments, testimonials, or media files to our platform, you consent to our collection, storage, and publication of such material. We reserve the right to remove or moderate UGC that violates our terms of use, applicable law, or public decency.

Sharing Data with Third Parties

We do not sell, lease, or trade your personal data. However, we may share personal data with third parties in the following circumstances:

  • Service Providers: To trusted partners who perform functions on our behalf, such as IT services, data storage, marketing, analytics, and payment processing.

  • Legal or Regulatory Authorities: When required to comply with legal obligations, court orders, or law enforcement requests.

  • Corporate Transactions: In connection with mergers, acquisitions, reorganizations, or asset transfers, in which case we ensure that confidentiality and data protection obligations are maintained.

All third parties are bound by contractual obligations to handle personal data in compliance with the Data Protection Act and to maintain strict confidentiality and security.

Children’s Personal Information

Our website is not meant for children, as defined by data protection laws, and we cannot always know the age of those using it. If a child has shared personal information without permission from a parent or guardian, the parent or guardian should contact us. If we find out that a child’s personal information was collected without proper consent, we will delete the child’s account, if they have one.

In some cases, we may need to collect children’s personal information, such as for bookings, buying travel-related services, or other special situations (like family-focused features). When we handle children’s information, we follow strict rules to ensure it is used lawfully, only when necessary, and kept secure.

If you have questions about how we protect children’s personal information,  or if you are a parent or guardian who wants to delete or update your child’s information, please contact us.

Your Rights as a Data Subject

Under Part V of the Data Protection Act, you have the following rights:

  1. Right to be informed – To be informed of how your data is being collected and processed.

  2. Right of access – To request access to your personal data held by us.

  3. Right to rectification – To correct or update inaccurate or incomplete data.

  4. Right to erasure – To request deletion of your personal data, subject to lawful limitations.

  5. Right to object – To object to the processing of your personal data based on legitimate interests or direct marketing.

  6. Right to data portability – To receive your data in a structured, commonly used format.

  7. Right to restriction – To request limited processing under specific circumstances.

Requests to exercise these rights should be submitted in writing to the contact provided below.

Right to Lodge a Complaint with the Supervisory Authority

If you believe that we have violated your data protection rights or processed your personal data in a manner inconsistent with the Act, you may lodge a formal complaint with the:

Office of the Data Protection Commissioner (ODPC)
P.O. Box 30920-00100, Nairobi, Kenya
Email: info@odpc.go.ke
Website: https://www.odpc.go.ke

Data Security

We prioritise your data security with strict measures to prevent unauthorised access, loss, or disclosure:

  • Physical Security: Secure premises and controlled access to storage areas.

  • Encryption and Network Security: Data encryption, firewalls, and advanced security protocols.

  • Access Control: Restricted data access with strong authentication.

  • Data Minimisation: Collect and retain only necessary data.

  • Audits and Monitoring: Regular checks for vulnerabilities and compliance.

  • Staff Training: Ongoing education on data protection practices.

  • Incident Response: Rapid action plan for data breaches.

  • Third-party Compliance: Ensured through contracts.

  • Privacy by Design: Privacy integrated into our systems from the start.

  • Continuous Improvement: Regular updates to security measures.

These measures ensure your personal data is safe and handled responsibly at all times.

Changes to This Privacy Policy

We reserve the right to amend or update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or technological advancements. The updated version will be posted on our website and will take effect immediately upon publication, unless otherwise stated.

We encourage you to periodically review this Policy to remain informed of how we handle your personal data.

By using our Services, you acknowledge that you have read, understood, and consent to the collection and processing of your personal data in accordance with this Privacy Policy.

bottom of page