PRIVACY POLICY

Last Updated: October 11, 2025

1. Introduction and Data Controller Information

This Privacy Policy explains in detail how NJUYERA INNOVIESION COMPANY LIMITED (operating under the brand names Sharp Island Lodge / Sharp Island Gorilla Lodge, referred to as "we," "us," or "our") collects, uses, stores, and protects the personal data of individuals ("data subjects") who interact with our website and services.

We are fully committed to processing your personal data lawfully, fairly, and transparently, in compliance with the Uganda Data Protection and Privacy Act, 2019 (DPPA) and its related regulations.

Official Details of the Data Controller:

  • Legal Name: Njuyera Innovision Company Limited
  • Trading Name: Sharp Island Lodge / Sharp Island Gorilla Lodge
  • Registered Address: Sharp Island on Lake Bunyonyi, Mukoni (Trading Center), Kabale (City), Ndorwa West (County), Rubaya (Sub-County), Kitooma (Parish), Mukoni (Village)
  • Company Registration Number: 80034131379850
  • Tax Identification Number (TIN): 1046394856
  • Contact Email (for DPPA matters): infosharpisland@gmail.com
  • Contact Phone: +256 785 142754
  • Website: www.sharpislandlodge.com

2. Personal Data We Collect and Use

We only collect data that is adequate, relevant, and not excessive for the stated purposes.

A. Data Collected via Website Contact Forms

We collect this data when you use our online contact form for inquiries, business requests, or administration:

  • Data Collected: Full name, email address, and (optionally) phone number, plus the content of your message.
  • Purpose and Legal Basis: The purpose of processing is solely to respond to your direct queries. The legal basis is your explicit consent (provided via the mandatory checkbox before submission) and our legitimate interest in maintaining accurate business records.

B. Technical and Usage Data (Cookies and Analytics)

We automatically collect the following information when you visit our website through our service providers, which we then process:

  • Technical Data: IP Address (often anonymized), browser type, operating system, device information, date and time of visit, and pages viewed. We use this data for website security, performance optimization, and general analysis.
  • Analytics Providers and Purpose: We utilize several Google services to monitor and analyze our website's performance and traffic: Google Analytics & Google Search Console.
  • Google Analytics (Marketing and Performance): This tool uses cookies to collect, monitor, and analyze Technical Data, helping us understand user traffic patterns, measure the effectiveness of our marketing campaigns, and improve our website's functionality.
  • Google Search Console (SEO and Technical Monitoring): This service helps us monitor the website's technical performance, identify crawl errors, and understand how our site appears in Google Search results. This tool processes data related to search queries and technical access logs, which assists our Search Engine Optimization (SEO) efforts.
  • Data Aggregation and Anonymization: Where possible, we process this data in an aggregated and pseudonymised form (such as anonymizing your IP address) to minimize the processing of personally identifiable information.
  • Cookie Data: We use cookies to improve user experience and analyze traffic. Detailed information on how we use cookies, how you can opt-out, and how you can manage them can be found in our separate Cookie Policy.

C. Booking Data (Data Processor Status)

Please note: All guest reservations and bookings, including payment processing and the collection of sensitive guest data, are handled exclusively through the Booking.com platform. The Sharp Island Lodge website does not directly collect or store sensitive booking data (such as credit card numbers or physical home addresses).

When a booking is made through Booking.com, we receive limited data from them (e.g., guest name, stay dates) solely to fulfil the accommodation service. In this scenario, we act as the Data Processor for this booking-related data, while Booking.com remains the primary Data Controller.

3. Storage, Security, and Cross-Border Transfer

A. Data Security and Retention

We are mandated under Section 20 of the DPPA to ensure the integrity and confidentiality of your personal data. We have implemented technical and organizational security measures to protect the data we hold. We only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or to satisfy any legal, accounting, or reporting requirements.

B. Cross-Border Data Transfer

The data collected by Google Analytics is stored and processed on Google's servers, which are located outside of Uganda. This constitutes a cross-border data transfer. We comply with DPPA requirements as follows: By accepting our cookies, you explicitly consent to this cross-border transfer of your usage data for the purpose of website analytics, acknowledging that the security standards in the recipient country may differ from those under the DPPA.

C. Disclosure to Third Parties

We will not sell, rent, or trade your personal data. We may share your data with trusted third parties only to the extent necessary to operate our business, such as:

  • IT System Providers (for website hosting and maintenance).
  • Legal or Accounting Advisors. These third parties are bound by strict contractual obligations to keep your data confidential and process it only on our instructions.

4. Your Rights as a Data Subject (DPPA Rights)

Under the Uganda Data Protection and Privacy Act, 2019, you have the following rights regarding your personal data:

  • Right to Access: The right to request confirmation of whether we hold your personal data and to receive a copy of that data.
  • Right to Rectification: The right to request the correction of inaccurate or incomplete personal data.
  • Right to Prevent Processing (Objection): The right to object to the processing of your personal data if it causes or is likely to cause unwarranted substantial damage or distress.
  • Right to Erasure (Deletion): The right to request the deletion or destruction of your personal data where there is no legal basis for us to continue processing it.
  • Right to Prevent Direct Marketing: The right to stop the processing of your personal data for the purpose of direct marketing.

How to Exercise Your Rights and Lodge a Complaint

If you wish to exercise any of these rights, please contact us by email at: infosharpisland@gmail.com. We will respond to your request within thirty (30) days of receipt.

If you are concerned about our compliance with data protection laws, you have the right to lodge a complaint directly with the supervisory authority in Uganda: Personal Data Protection Office (PDPO), National Information Technology Authority - Uganda (NITA-U), at https://www.pdpo.go.ug.

5. Updates to this Policy

We reserve the right to modify this Privacy Policy at any time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Policy periodically.