WILDLIFE VOLUNTEERING: THE RED FLAGS MOST PEOPLE MISS

Get the free guide
Student typing into a laptop

Privacy Policy

Last updated: 8 April 2026

1. Introduction

African Conservation Experience Limited ("ACE", "we", "us" or "our") respects your privacy and is committed to protecting your personal data.

This Privacy Notice explains how we collect, use, store, share and protect your personal data when you:

  • Visit our website;
  • Submit an enquiry or contact form;
  • Contact or communicate with us by phone, email or other channels;
  • Sign up for our newsletter or other marketing communications;
  • Enquire about or book travel arrangements through us; or
  • Travel with us.

It also explains your privacy rights and how the law protects you.

2. Who we are

African Conservation Experience Limited is the controller of your personal data.

Company details

  • Legal entity name: African Conservation Experience Limited
  • Company number: 03794924
  • Registered office: 2nd Floor Nucleus House, 2 Lower Mortlake Road, Richmond, United Kingdom, TW9 2JA
  • Trading / head-office address: Equinox South, Bradley Stoke, Bristol, BS32 4QL, United Kingdom

Privacy contact

If you have any questions about this Privacy Notice or want to exercise your privacy rights, please contact:

  • Mark Harris
  • Director
  • Email: mark@conservationafrica.net
  • Telephone: +44 1454 269 182

Complaints

You have the right to make a complaint to the UK Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection matters. We would, however, appreciate the opportunity to deal with your concerns first.

3. Children and school groups

Our website is not directed at children. However, minors may submit enquiries to us.

Children under 13 should not provide personal data to us without the involvement of a parent or guardian.

If a traveller is under 18 and wishes to travel with us, we require written parent or guardian consent before accepting the booking.

For school trips, we may receive student information from a lead teacher, from the school itself, from parents, or directly from students where appropriate, including where they are over 18.

4. The personal data we collect

We may collect, use, store and transfer the following categories of personal data.

Identity data

This includes your first name, middle name, last name, title, date of birth, birth year, gender, nationality, passport details and similar identifying information.

Contact data

This includes your email address, telephone number, mobile / cellphone number, billing address, postal address, country of residence and other contact details.

Traveller and profile data

This includes information about your travel interests, goals, expectations, motivations for travelling, preferred destinations, previous conservation or volunteering experience, occupation, group type, preferred travel timing and duration, and similar information that helps us tailor suitable travel options.

Special category / duty of care data

This includes health, medical and welfare-related information that is relevant to your trip or enquiry, such as medical conditions, disabilities, reduced mobility, dietary requirements, allergies, mental or emotional issues, phobias, special assistance needs and similar information.

It may also include emergency contact details for a nominated friend, parent, guardian or relative.

Booking and transaction data

This includes details about bookings, quotes, itineraries, payments to and from you, products and services purchased, and related transaction records.

Payment data

Card payments are processed through third-party payment providers. We do not store your full payment card details. We may see limited payment-related information such as the last four digits of a card, card type, transaction status, amount, payment date and similar booking-payment records.

Communications data

This includes emails, messages, call notes, enquiry history, customer service records and other communications between you and us.

Call recording data

If you speak to us by phone, we may record calls with your permission at the start of the call. We currently use recorded calls for training and quality purposes.

Technical and website usage data

This includes internet protocol (IP) address, browser type and version, device type, operating system, time zone, approximate location, pages viewed, navigation paths and similar information about how you use our website.

Marketing and communications preferences

This includes your preferences about receiving marketing from us and how you prefer to be contacted.

Social media interaction data

If you interact with our social media content, we may see profile and engagement information that you choose to make available through those platforms, such as comments, likes, shares or direct messages.

5. How we collect your personal data

We collect personal data in different ways.

Directly from you

You may give us personal data when you:

  • complete our enquiry form or contact form;
  • subscribe to our newsletter;
  • contact us by phone, email or other communication channels;
  • request a quote, itinerary or booking;
  • provide passport or emergency contact details;
  • share health, medical or dietary information relevant to your trip;
  • send us feedback or testimonials; or
  • meet us at an event.

From lead bookers, schools, parents and guardians

Where a booking involves multiple travellers, school groups or minors, we may receive personal data from a lead teacher, lead booker, school, parent or guardian.

From agents, online platforms or other third parties

We work with agents, online platforms, ambassadors and other third parties who may provide use with personal data as part of initial enquiries.

From suppliers and operational partners

We may receive personal data or trip-related updates from conservation projects, accommodation providers, transport providers, excursion providers, insurers, and operational partners where relevant to your enquiry, booking, travel arrangements, welfare or safety.

Automatically through website technologies

When you use our website, we may automatically collect limited technical and usage data through analytics tools, cookies or similar technologies.

6. Why we use your personal data and our lawful bases

We only use your personal data where the law allows us to do so.

For ordinary personal data, we generally rely on one or more of the following lawful bases:

  • performance of a contract;
  • taking steps at your request before entering into a contract;
  • our legitimate interests;
  • compliance with a legal obligation; and
  • consent, where required.

For health, medical, dietary and other special category data, we rely on:

  • an Article 6 lawful basis, usually performance of a contract, steps at your request before entering into a contract, legitimate interests, or legal obligations; and
  • your explicit consent under Article 9, where required.

If you choose not to provide special category information that is necessary for us or our suppliers to assess suitability, safety or practical arrangements, we may not be able to proceed with your enquiry or booking.

7. Purposes for which we use your data

We use your personal data for the following purposes.

PurposeType of data and reasons for useLawful basis for processing including basis of legitimate interestRetention period
To respond to enquiries and provide travel adviceWe use identity, contact, traveller/profile, communications and relevant duty of care data to respond to enquiries, discuss options, assess suitability and provide quotations or proposed itineraries.Steps taken at your request before entering into a contract; legitimate interests in operating and improving our business.24 months from last meaningful contact where no booking is made, or 24 months for active quote / pre-booking records.
To arrange and manage bookingsWe use identity, contact, booking, transaction, passport, traveller/profile and relevant duty of care data to arrange, administer and deliver bookings.Performance of a contract; steps at your request before entering into a contract; legitimate interests in administering bookings and recovering sums due.6 years after return date of travel, or 6 years after a minor traveller turns 18 where appropriate.
To assess health, safety and welfare requirementsWe use health, dietary, welfare and emergency contact information to assess whether arrangements are suitable and to help us and relevant suppliers support your travel safely and appropriately.Performance of a contract or steps at your request before entering into a contract; legitimate interests in traveller welfare and safe trip delivery; legal obligations where applicable; explicit consent for special category data where required.Detailed health and welfare data is kept only for as long as operationally necessary and then deleted, minimised or restricted where appropriate, although core booking and legal records may be retained longer.
To communicate with you and provide customer supportWe use identity, contact, communications, booking and related data to communicate with you about your enquiry, booking, trip, payments, changes to terms or policies, customer service issues and post-trip follow-up.Performance of a contract; steps at your request before entering into a contract; legitimate interests in customer service and business administration; legal obligations where applicable.Generally aligned with enquiry or booking retention periods depending on context.
To take and use call recordings for training and qualityWhere you agree at the start of the call, we may record calls for training, quality assurance, checking instructions given to us and, where relevant, establishing, exercising or defending legal claims.Consent to recording where required at the start of the call; legitimate interests in training, service quality and claim handling.6 months
To send marketing communicationsWe use identity, contact and marketing preference data to send newsletters, updates and other marketing communications where permitted by law.Consent for email and SMS marketing where required; in some cases, we may rely on the soft opt-in for existing customers where the law allows.While you remain subscribed, and thereafter limited suppression records for as long as necessary to ensure we respect your opt-out.
To administer payments and financial recordsWe use identity, contact, booking and transaction data to process payments, keep financial records, prevent fraud and comply with tax, accounting and regulatory requirements.Performance of a contract; legal obligations; legitimate interests in financial administration and debt recovery.6 years plus the current financial year where required, or longer where law or a live claim requires it.
To protect our business, website and systemsWe use technical, usage and related data to administer and secure our website, detect misuse, troubleshoot issues, maintain systems and improve website performance.Legitimate interests in running a secure and effective business and website; legal obligations where applicable.Varies depending on the relevant system logs and security records.
To improve our services and marketingWe may use technical, usage, profile, enquiry, booking and feedback data to understand how people use our services, improve our website and offerings, train staff and develop our business.Legitimate interests in improving our services and business.Varies depending on the underlying dataset and whether the data is anonymised.
To use anonymised information with AI tools for internal assistanceWe may use anonymised information with AI systems such as Claude or ChatGPT to help summarise notes or support internal staff with information and workflow assistance. We do not use AI alone to make decisions about whether someone can travel, and our staff remain responsible for all decisions.Legitimate interests in improving internal efficiency, consistency and staff support.Depends on the underlying source records and the relevant internal workflow.
To publish testimonials, feedback and reviewsWe may publish testimonials, feedback and similar content on our website or other public platforms where we have the right to do so.Consent where required; legitimate interests in promoting our services and sharing customer experiences.For as long as reasonably useful for the relevant publication or marketing purpose, unless consent is withdrawn or removal is otherwise required.
To establish, exercise or defend legal claims and manage insuranceWe may use relevant personal data where necessary to obtain or maintain insurance, obtain professional advice, investigate incidents, manage complaints and establish, exercise or defend legal claims.Legitimate interests in protecting our legal and commercial position; legal obligations where applicable.For as long as reasonably necessary in light of the relevant risk, complaint, claim or legal limitation period.

8. Marketing

We may send you marketing by email or SMS about our services, opportunities or related information where you have consented to receive it or where another lawful route is available under applicable marketing rules.

You can unsubscribe from marketing emails at any time by using the unsubscribe link in the message. You can opt out of SMS marketing by following the instructions in the relevant message or by contacting us.

Opting out of marketing does not stop service communications that are necessary for your enquiry, booking or travel arrangements.

We do not sell customer data to third parties for their marketing purposes.

9. Call recording

We use recorded calls for training and quality purposes. We will ask your permission at the beginning of the call before recording.

Call recordings are currently retained for 6 months unless we need to keep a recording longer in connection with a complaint, dispute, legal claim or regulatory issue.

10. Sharing your personal data

We share personal data only where necessary and proportionate.

We may share your personal data with:

  • Operational partners and suppliers involved in your enquiry, booking or travel arrangements, such as conservation projects, accommodation providers, transfer providers, excursion providers, airlines, insurers and visa-related providers;
  • Our South African operational partner, Conservation Volunteers in Africa (Pty) Ltd, where relevant to in-country logistics and trip delivery;
  • Technology and business service providers, including providers of email, cloud storage, CRM, payment processing, call recording, communications, scheduling and marketing tools;
  • Professional advisers such as lawyers, accountants, auditors, insurers and bankers;
  • Regulators, authorities, law enforcement and courts where required; and
  • Prospective buyers or successors if all or part of our business is sold, transferred or reorganised.

Some recipients process personal data on our behalf. Others, especially many travel suppliers and insurers, may process personal data as separate controllers for their own operational, legal or regulatory purposes.

11. International transfers

Because ACE arranges travel in southern Africa and works with suppliers and service providers in different countries, your personal data may be transferred outside the UK.

This may include transfers to countries such as South Africa, Botswana, Kenya and other countries relevant to the services we provide.

Where we transfer personal data outside the UK, we take steps to ensure that appropriate safeguards are used where required by law. Depending on the circumstances, this may include:

  • Transferring data to a country recognised as providing an adequate level of protection;
  • Using UK-approved contractual safeguards; or
  • Relying on a relevant legal exception where the transfer is necessary for the performance of your travel contract or for steps taken at your request before entering into that contract.

Where we need to transfer your personal data to overseas suppliers in order to arrange or deliver travel arrangements you have requested, some of those recipients may be located in countries whose privacy laws do not provide the same level of protection as UK law. In such cases, we will still take reasonable steps to protect your data, but there may be additional risks associated with the transfer.

If you would like more information about international transfers, please contact us.

12. Data security

We use appropriate technical and organisational security measures designed to protect personal data against accidental loss, unauthorised access, misuse, alteration or disclosure.

We limit access to personal data to people who need it for legitimate business purposes.

We also have processes for dealing with suspected personal data breaches and will notify affected individuals and regulators where we are legally required to do so.

13. Data retention

We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including for legal, tax, accounting, regulatory, insurance and claims-related purposes.

Our current retention periods are:

  • General enquiry data where no booking is made: 24 months from last meaningful contact;
  • Active quote or pre-booking records: 24 months from last meaningful contact;
  • Completed booking and travel records: 6 years after return date of travel;
  • Records relating to minors on a booking: 6 years after the minor turns 18;
  • Financial and accounting records: 6 years plus the current financial year where required;
  • Call recordings: 6 months;
  • Marketing subscription records: while you remain subscribed;
  • Suppression / opt-out records: for as long as necessary to honour the opt-out;
  • Raw Matomo analytics data: 24 months; and
  • Detailed health and welfare data: only for as long as operationally necessary, after which it will be deleted, minimised or restricted where appropriate, subject to any legal or claims-related need to keep it longer.

We may also anonymise personal data so that it can no longer be linked to you. Anonymous information may be used for statistical or business-analysis purposes for longer.

14. Your privacy rights

You may have the following rights, subject to legal limits and exemptions:

  • The right to access your personal data;
  • The right to have inaccurate personal data corrected;
  • The right to request deletion of your personal data;
  • The right to object to certain processing;
  • The right to request restriction of processing;
  • The right to request transfer of certain data in a machine-readable format; and
  • Where we rely on consent, the right to withdraw that consent.

If you want to exercise any of these rights, please contact mark@conservationafrica.net.

We may ask for information to confirm your identity before responding.

We will usually respond within one month, although we may take longer where the law allows, for example if a request is complex.

15. Third-party websites and platforms

Our website and communications may contain links to third-party websites, platforms or services. We do not control those third parties and are not responsible for their privacy practices. You should read their privacy notices separately.

16. Cookies and website tracking

Our website uses cookies and analytics tools to help us understand website use and performance. Unless you send us an Enquiry, your data is anonymous. If you do send us an Enquiry, then we receive data relating to your use of our website.

ACE currently uses Matomo Cloud for website analytics. Matomo is configured as a first-party analytics tool with anonymised IP handling and limited cookie use.

We do not currently use Meta Pixel, LinkedIn Insight Tag, Google Ads conversion tracking, reCAPTCHA, chat widgets or other third-party tracking scripts on the website.

Our website also includes embedded Vimeo video content and may include YouTube videos, and interactions with that content may involve those platforms processing data in accordance with their own privacy practices.

17. Providers and categories of recipients

ACE may use or disclose data to categories of recipients including:

  • Google Workspace for email, documents and cloud storage;
  • CRM providers, including ACE’s custom CRM and Darwin Travel System;
  • Payment providers, including Trust Payments and NatWest Bank;
  • Marketing and communications providers, including Mailchimp for email marketing, Twilio for SMS messaging, RingCentral for phone communications and Acuity for scheduling and related communications;
  • Call-recording and training providers, including Krisp;
  • Website analytics providers, including Matomo Cloud;
  • Insurance providers, including Howden where ACE arranges insurance as an approved agent;
  • Social and content platforms used for marketing and communications, such as Facebook, Instagram, LinkedIn, YouTube, Vimeo, X, Pinterest, TikTok and WhatsApp, where applicable; and
  • Travel suppliers and in-country service providers relevant to the enquiry, booking or trip.

18. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. We will post the latest version on our website and update the date at the top of the notice.

19. Contact us

If you have questions about this Privacy Notice or about how ACE uses personal data, please contact:

  • Mark Harris
  • Director
  • African Conservation Experience Limited
  • Email: mark@conservationafrica.net
  • Telephone: +44 1454 269 182

Your Favourites

Your Favourites

You haven't added any favourites to your enquiry yet

Save what inspires you

Heart Icon

While you’re exploring our site, use the heart icon to add experiences, projects and trip ideas to your favourites.

Everything you add will be saved right here.

To see all your favourites, simply click or tap the heart icon in the website menu.

Search