Privacy Policy

Brownline Tours Ghana Limited is a tour operator registered in Ghana, specialising in immersive travel experiences across all 16 regions of Ghana — including heritage, wildlife safari, cultural, culinary, adventure, and diaspora-return journeys.

Data Controller:
Brownline Tours Ghana Limited
4 Airport Road, Kotoka Area, Accra, Ghana
Email: privacy@brownlinetours.com

We operate under the Ghana Data Protection Act, 2012 (Act 843) and, where applicable, the EU General Data Protection Regulation (GDPR) for visitors from the European Economic Area.

2.1 Information you give us directly

• Identity data — first name, last name, date of birth, nationality, passport or ID number (required for certain tours and permits).
• Contact data — email address, phone number, postal address.
• Booking data — tour selection, travel dates, group size, dietary or medical requirements relevant to your tour, emergency contact details.
• Payment data — billing address and payment method. Card numbers are processed directly by our payment processor (Paystack or Stripe) and are never stored on our servers.
• Communications — messages you send us via contact forms, email, WhatsApp, or social media.
• Account data — username and password if you create an account, saved wishlists, and booking history.

2.2 Information we collect automatically

• Usage data — pages visited, time spent, links clicked, referring URL.
• Device data — IP address, browser type and version, operating system, screen resolution.
• Cookie data — see our Cookie Policy for full details.

2.3 Information from third parties

• Travel agents or group organisers who book on your behalf.
• Review platforms (e.g., TripAdvisor, Google) where you leave public reviews.
• Social login providers (Google, Facebook) if you choose to sign in that way.

We do not sell your personal data. We share it only as necessary:

• Tour ground operators & guides — local operators and licensed guides who deliver your tour. They receive only the data needed to facilitate your experience (name, date, group size, any relevant health/dietary notes).
• Accommodation and transport partners — hotels, lodges, and vehicle operators, solely to complete your reservation.
• Payment processors — Paystack (Ghana) and/or Stripe (international), who process card payments under their own security standards (PCI-DSS compliant).
• Email and CRM platforms — services such as Mailchimp or similar, used to send booking confirmations and newsletters.
• Analytics providers — Google Analytics (anonymised aggregates) to help us understand how the website is used.
• Legal and regulatory bodies — Ghana Tourism Authority, Ghana Immigration Service, or law enforcement where legally required.
• Professional advisers — lawyers, auditors, and insurers, under strict confidentiality obligations.

Where we share data internationally (e.g., with processors based outside Ghana), we take steps to ensure adequate protection through contractual safeguards or equivalent mechanisms.

• Booking and transaction records — 7 years (Ghana tax and business law requirement).
• Account data — for as long as your account is active, plus 2 years after the last login unless you request deletion.
• Marketing preferences — until you withdraw consent or unsubscribe.
• Customer support communications — 3 years.
• Website analytics — 26 months (rolling).

After the applicable retention period, data is securely deleted or anonymised.

Under the Ghana Data Protection Act 2012 and, where applicable, the GDPR, you have the right to:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your data where there is no compelling reason for us to keep it.
• Restriction — ask us to limit how we process your data in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest, including direct marketing.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, email us at privacy@brownlinetours.com. We will respond within 30 days. You also have the right to lodge a complaint with the Data Protection Commission of Ghana at dpc.gov.gh.

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include TLS/SSL encryption on all web traffic, hashed password storage, role-based access controls for staff, and regular security reviews.

However, no method of transmission over the internet is completely secure. In the event of a data breach that is likely to result in risk to your rights, we will notify you and the relevant authority in accordance with applicable law.

Our website and services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately and we will delete it.

Where a minor travels as part of a group or family booking, the booking adult is responsible for providing any necessary consents on their behalf.

Our website may contain links to third-party sites (e.g., travel insurance providers, attraction pages). We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies before providing any personal data.

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page and, for material changes, notify you by email or a prominent notice on the website. Your continued use of our services after such changes constitutes acceptance of the revised policy.

For any privacy-related questions or to exercise your rights, please contact our Data Protection Officer: