Privacy Policy

Last Updated: April 23, 2026 · Version 1.1

Jamaica Data Protection Act 2020 Compliant

1 Who We Are

Tek a Hike ("we," "us," or "our") operates the Tek a Hike Partners Portal at partners.tekahike.com and the public marketplace at tekahike.com. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in accordance with the Jamaica Data Protection Act 2020 ("JDPA").

Tek a Hike Limited is the Data Controller for all personal data processed through the Platform — including partner account information, hiker accounts, and event participant registrations and waivers. We determine the purposes and means of that processing (the registration schema, the waiver content, the security safeguards, the retention periods, and the data-subject rights workflow). Partners that deliver experiences receive limited participant data as authorised recipients under our Data Sharing & Processing Annex; they are not joint or independent controllers for that data unless they collect it again outside the Platform.

Data Controller Contact Information

Organization: Tek a Hike Limited
Address: Kingston, Jamaica
Email: dpo@tekahike.com
Data Protection Officer: Available at above email
OIC registration: Application pending — Office of the Information Commissioner of Jamaica (JDPA s.19)

2 Information We Collect

Partner Account Information

Name, email address, phone number
Company details (name, address, registration number)
Business verification documents
Bank account details (for payouts)
Guide certifications and qualifications

Event Participant Information (we are the Controller)

When a hiker registers for an event listed by a partner, Tek a Hike collects and processes the following participant data as the Data Controller:

Registrant name, email, phone, and (where applicable) emergency contact
Age category, party size, and any special requirements you choose to disclose
Digital waiver acceptance, signature, IP, timestamp, and PDF render
Booking, payment, refund, and attendance records
Messages exchanged through the in-platform inbox

What the partner sees: the operator running the experience receives a limited recipient view (name, party size, special requirements relevant to safety, attendance status, and in-platform messaging) so they can deliver and steward the booking. The partner processes that data only on Tek a Hike's documented instructions through the Platform — they are not authorised to export it for independent marketing, resale, or unrelated uses. Full terms are in the Data Sharing & Processing Annex.

Technical Information

IP addresses and device identifiers
Browser type and operating system
Usage data (pages visited, features used)
Security logs and access records

3 Legal Basis for Processing (JDPA Article 6)

Data Type	Legal Basis
Partner account & company details	Contract Performance
Financial records (payouts, commissions)	Legal Obligation
Marketing communications	Consent
Security & fraud prevention	Legitimate Interest

4 Your Rights Under the Jamaica Data Protection Act

Under the JDPA 2020, you have the following rights:

Right to Access (Article 15)

Request a copy of all personal data we hold about you.

Right to Rectification (Article 16)

Correct inaccurate or incomplete data.

Right to Erasure (Article 17)

Request deletion of your data ("Right to be Forgotten").

Right to Portability (Article 20)

Receive your data in machine-readable format.

Right to Lodge a Complaint

If you believe we have not complied with the JDPA, you may lodge a complaint with:

Office of the Information Commissioner (Jamaica)

Website: oic.gov.jm

5 Data Retention

Data Type	Retention Period	Legal Basis
Active partner accounts	Duration of partnership	Contract performance
Inactive accounts	7 years after last activity	Jamaican Revenue Act
Financial records	7 years	Jamaican Revenue Act
Security logs	2 years	Security & fraud prevention

6 Data Security (JDPA Article 32)

We implement appropriate technical and organizational measures to protect your data:

Password hashing (Bcrypt)
HTTPS/TLS encryption
Access controls & RBAC
Regular security audits
Encrypted backups
24/7 monitoring

7 Data Breach Notification (JDPA Article 33-34)

In the event of a data breach, we will:

72h Notify the Office of the Information Commissioner within 72 hours of discovery
ASAP Notify affected individuals without undue delay if the breach poses a high risk
LOG Document all breaches, even if not required to notify authorities

8 Third-Party Sharing

We may share your data with:

Partner operators: Limited recipient view of participants who book their events, so they can deliver the experience (governed by the Data Sharing & Processing Annex)
Payment Processors: Stripe and Scotiabank, for secure payment authorisation and settlement (PCI DSS compliant)
Cloud Hosting: For secure data storage and application hosting
Email & SMS Service: For transactional emails (booking confirmations, receipts, safety alerts) and SMS notifications via Twilio
Legal Authorities: When required by Jamaican law, court order, or to protect users from imminent harm

9 Contact Us

Data Protection Officer

Organization: Tek a Hike Limited
Email: dpo@tekahike.com

Response Time: We will respond to all requests within 30 days as required by the Jamaica Data Protection Act.

This Privacy Policy complies with the Jamaica Data Protection Act 2020 (Act 15 of 2020).