Regional Compliance Addendum

1. General Applicability

1.1 This Addendum supplements the Privacy Policy and Terms of Use and applies where required by applicable data protection and consumer protection laws in specific jurisdictions.

1.2 In the event of any conflict between this Addendum and the general Privacy Policy or Terms of Use, the provisions of this Addendum shall prevail to the extent required by applicable law.

1.3 This Addendum applies to users located in or whose data is processed under the laws of the European Economic Area, the United Kingdom, Nigeria, and other applicable jurisdictions.

2. European Economic Area (GDPR Compliance)

2.1 Legal Framework

2.1.1 Processing of personal data for users located in the European Economic Area is governed by the General Data Protection Regulation (GDPR).

2.1.2 For the purposes of GDPR, the Platform acts as a Data Controller in relation to user account data and as a Data Processor where processing is conducted on behalf of guides or partners.

2.2 Lawful Bases for Processing

2.2.1 Processing is carried out under one or more lawful bases, including contractual necessity, legal obligation, legitimate interest, and explicit consent.

2.3 Data Subject Rights

2.3.1 Users have the right to access, rectification, erasure (“right to be forgotten”), restriction, and data portability.

3. United Kingdom (UK GDPR)

3.1 Processing of personal data for users in the United Kingdom is governed by the UK GDPR and the Data Protection Act 2018.

3.2 Users in the United Kingdom are entitled to rights equivalent to those under EU GDPR.

4. Nigeria (NDPR Compliance)

4.1 Processing of personal data for users in Nigeria is governed by the Nigeria Data Protection Regulation (NDPR).

4.2 Consent must be obtained before processing personal data unless another lawful basis applies.

4.3 Users have the right to access, correct, and request deletion of their personal data.

5. Other Jurisdictions

5.1 The Platform complies with applicable data protection laws in African (e.g., Kenya, South Africa, Ghana) and Caribbean jurisdictions where it operates.

5.2 In Kenya, compliance aligns with the Data Protection Act, 2019. In South Africa, it aligns with POPIA. In Ghana, it aligns with the Data Protection Act, 2012.

6. Caribbean and International Jurisdictions

6.1 The Platform shall comply with applicable data protection and consumer laws in Caribbean jurisdictions where services are offered, such as Jamaica and Barbados.

7. Payment & Financial Compliance

7.1 Payment processing may involve global providers such as Stripe and Flutterwave. These providers may process financial data in accordance with their own regulatory obligations.

7.2 The Platform complies with applicable anti-money laundering (AML) and counter-terrorism financing (CTF) regulations.

8. Consumer Protection & Liability

8.1 EU and UK Consumers may have additional rights under consumer protection laws, including withdrawal rights for certain bookings where applicable.

8.2 The Platform acts as an intermediary and does not assume liability for services provided by guides, except where required by law.

9. Dispute Resolution

9.1 EU Users may access alternative dispute resolution mechanisms as provided under EU law.

9.2 Nigeria and African users may resolve disputes through mediation, arbitration, or courts of competent jurisdiction.

10. Data Breach Notification

10.1 In the event of a data breach, affected users shall be notified in accordance with applicable laws (e.g., within 72 hours for GDPR jurisdictions).

11. Updates to This Addendum

11.1 This Addendum may be updated to reflect regulatory changes. Continued use of the Platform constitutes acceptance of updated provisions.