TRAVELOMBIA Privacy Policy
1. Who We Are
Travelombia Tours SAS (“Travelombia,” “we,” “our,” or “us”) is a Destination Management Company (DMC) registered in Colombia:
- Address: Envigado, Antioquia, Colombia
- Phone: +57 301 335 5800
- Email: [email protected]
We design and operate travel experiences throughout Colombia for clients worldwide.
2. Scope of This Policy
This Policy explains how we collect, use, disclose, store, and protect your personal data when you interact with our website, social‑media channels, marketing communications, or travel services (collectively, “Services”). By using our Services, you agree to the practices described below.
3. Personal Data We Collect
| Category | Examples | Legal Basis (GDPR) |
|---|---|---|
| Identification | Full name, passport/ID number, nationality | Contract performance |
| Contact | Email, phone, postal address | Contract performance, legitimate interest |
| Travel Details | Arrival/departure dates, flight numbers, accommodation preferences, dietary or accessibility requirements | Contract performance; explicit consent for special‑category data |
| Payment | Cardholder name, last 4 digits, billing address (processed via PCI‑compliant providers) | Contract performance |
| Marketing & Analytics | Cookie IDs, IP address, browsing behavior | Consent; legitimate interest |
Special‑category data (e.g., health conditions, dietary restrictions) is processed only with your explicit consent and solely to tailor travel services or handle emergencies.
4. How We Use Your Data
- Booking & Operations – reserve accommodation, activities, transportation.
- Customer Support – answer inquiries, issue confirmations, handle changes or cancellations.
- Payment Processing – process deposits and balances via secure processors.
- Legal & Compliance – comply with Colombian tourism regulations, immigration rules, tax obligations, and anti‑fraud screening.
- Marketing (Opt‑In) – send newsletters, special offers, or surveys. You can opt out at any time.
- Analytics & Improvement – understand site traffic and optimize our Services.
5. Sharing & International Transfers
| Recipient | Purpose | Safeguard |
|---|---|---|
| Local suppliers (hotels, guides, transport operators) | Deliver booked services | Contractual clauses requiring data protection |
| Payment gateways (e.g., Stripe, PayU) | Secure transaction processing | PCI‑DSS compliance |
| Cloud / IT providers (hosting, email) | Service functionality and security | Standard Contractual Clauses (SCCs) or equivalent |
| Public authorities | Immigration, health, or tax requirements | Legal obligation |
Because we serve travelers worldwide, your data may be transferred outside Colombia, including to the EU, UK, or United States. We implement appropriate safeguards such as SCCs, encryption in transit, and minimal‑data transfers.
6. Your Rights
Under Colombian Law 1581/2012, GDPR, and other applicable laws, you may:
- Access – know what personal data we hold.
- Rectify – correct inaccurate or incomplete data.
- Delete – request erasure when legally permissible.
- Restrict or Object – limit or oppose certain processing.
- Data Portability – receive your data in a structured, machine‑readable format.
- Withdraw Consent – at any time, without affecting processing already performed.
To exercise any right, email [email protected] or write to our address (Attn: Data Protection Officer). We will respond within the legally required timeframe (15 working days in Colombia, 30 days under GDPR).
7. Cookies & Similar Technologies
We use essential, analytics, and marketing cookies. Non‑essential cookies are loaded only after you give consent via our cookie banner. See our separate Cookie Notice for details.
8. Data Security
- SSL/TLS encryption for all web traffic
- Role‑based access controls and multi‑factor authentication
- Regular penetration testing and vulnerability scans
- Secure data‑center hosting compliant with ISO 27001 standards
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Booking records | 5 years from trip completion (tax & accounting rules) |
| Marketing consents | Until you unsubscribe + up to 2 years for audit trail |
| Analytics data | 26 months (Google Analytics default) |
When the retention period ends, data is securely deleted or anonymized.
10. Children’s Privacy
Our Services are not directed at children under 18. We do not knowingly collect data from minors without verifiable parental consent.
11. Changes to This Policy
We may update this Policy from time to time. Material changes will be posted on our website with a new “Last updated” date. Continued use of our Services constitutes acceptance of the revised Policy.
12. Contact & Complaints
Questions, concerns, or complaints?
Data Protection Officer
Travelombia Tours SAS
Email: [email protected]
Phone: +57 301 335 5800