We are committed to protecting your personal data in accordance with the EU General Data Protection Regulation (GDPR/DSGVO) and German data protection laws. As the data controller, Mombasa Homes processes guest information transparently and securely for booking, payment, and stay management only.​ Data Collected and Purpose Required: Name, email, phone, payment details, passport/ID (for Kenyan registration if needed)—legal basis: Contract fulfillment (Art. 6(1)(b) GDPR) and legal obligations (Art. 6(1)(c)).​ Voluntary: Marketing preferences—requires explicit consent (Art. 6(1)(a)). Data shared solely with processors like Smoobu (via Data Processing Agreement) and Kenya Power for utilities; never sold.​ Your Rights and Storage Access, rectification, erasure, objection, or portability: Contact us at info@mombasa-homes.com within 1 month response.​ Storage: Bookings retained 10 years for tax law; other data deleted post-stay unless legally required.​ Security: SSL encryption; breaches reported within 72 hours if high-risk. No Data Protection Officer required (small-scale processing).