Privacy Policy
Last updated: March 19, 2025
This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.
We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.
CUMBAYA PRIVACY AND COOKIE POLICY
1. SCOPE AND APPLICABILITY
1.1. Cumbaya BV, having its office at Dalenstraat 17A, 3020 Herent, Belgium, registered with the CBE under number 0794.505.818 (“Cumbaya” or the “Company”), is a company offering travel (organization) software services through an online platform ‘Cumbaya’, allowing its users to plan, book and manage trips (the “Service(s)”). The Services provided by the Company include a mobile application ‘Cumbaya’ or any web version thereof (the “Application”), the Company’s website (https://cumbaya.travel or any relating domain name, the “Website”), any extension of the Website or any ancillary service provided by the Company.
1.2. This privacy policy applies to any natural person making use of the Services in any capacity whatsoever (the “User”) and describes the Company’s policies and procedures on the collection, use and disclosure of the Users’ personal information, its privacy rights and protection of its personal information under any relevant legislation (the “Privacy Policy”).
1.3. By clicking ‘I accept’ or by downloading, installing, or otherwise accessing or using the Service(s), a User agrees that he or she has read and understood, and, as a condition to the use of the Services, agrees to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy should be read and understood in conjunction with the general terms and conditions of the Company.
1.1 Cumbaya BV, having its office at Dalenstraat 17A, 3020 Herent, Belgium, registered with the CBE under number 0794.505.818 (“Cumbaya” or the “Company”), is a company offering travel (organization) software services through an online platform ‘Cumbaya’, allowing its users to plan, book and manage trips (the “Service(s)”). The Services provided by the Company include a mobile application ‘Cumbaya’ or any web version thereof (the “Application”), the Company’s website (https://cumbaya.travel or any relating domain name, the “Website”), any extension of the Website or any ancillary service provided by the Company.
2. DEFINITIONS
2.1. Capitalized terms used in these Terms and Conditions shall have the meaning set out in this Clause 2.
2.2. “Account” means a unique account created for a User to access the Service or parts of the Service.
2.2. “Affiliate” means an entity that controls, is controlled by or is under common control with a party, within the meaning of article 1:14 and 1:20 of the Belgian Code of Companies and Associations.
2.4. “Application” has the meaning assigned to it in Clause 1.1;
2.5. “Cookies” are small files that are placed on the User’s computer, mobile device or any other device by a website, containing the details of the Users’ browsing history on that website among its many uses.
2.6. “Device” means any device that can access the Service such as a computer, a cellphone or a digital tablet.
2.7. “GDPR” means the General Data Protection Regulation 2016/679 of 27 April 2016;
2.8. “Personal Data” is any information that relates to an identified or identifiable individual natural person;
2.9. “Service” has the meaning assigned to it in Clause 1.1 of this Privacy Policy;
2.10. “Service Provider” means any natural or legal person who processes the data on behalf of the Company, including any entity employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used, or any provider of IT systems or databases in which Personal Data is processed;
2.11. “Travel Service Provider” means any third party that sells or offers travel services to the Users, as an organiser or a retailer, as a result of a referral or advertisement within the Application;
2.12. “Third-party Content” means any goods, services or content, policy, or practice (including data, information, products or services) provided by a third-party that may be displayed, included or made available by or within the Application;
2.13. “Usage Data” refers to (Personal) Data that is collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit);
2.14. “User” has the meaning assigned to it in Clause 1.2;
2.15. “Website” has the meaning assigned to it in Clause 1.1.
3. PERSONAL DATA
3.1. The Company will process the Personal Data listed in this Clause 3. Personal Data shall be processed in accordance with applicable data protection rules and only as required for the relevant purposes set out in Clause 4. Personal Data will be retrieved and processed only by the relevant personnel, under the responsibility of one of our representatives bound by professional secrecy or confidentiality.
3.2. Personal Data. Users may be asked to provide certain Personal Data that can be used to contact or identify them. Such Personal Data may include, but is not limited to:
The Users’ email address;
The Users’ first name and last name;
The Users’ birth date;
The Users’ preferences with respect to travel prospects (such as destination, travel budget, travel companions, activity preferences, etc.).
3.3. Usage Data
3.3.1. Usage Data is collected automatically when using the Service.
3.3.2 Usage Data may include information such as the Device's Internet Protocol address (e.g. IP address), browser type, browser version, the items, sections or pages of the Service that are visited, the time and date of the visit, the time spent on those pages, sections or items, unique Device identifiers and other diagnostic data, or any information on the Users’ (mobile) Device with which the Service is accessed (such as the type of mobile device, the mobile device’s unique ID, the mobile operating system,, unique device identifiers and other diagnostic data).
3.3.3. The Company may also collect information that the Users’ browser sends whenever the User visits the Service or when accesses the Service by or through a mobile device.
4. USE OF YOUR PERSONAL DATA
4.1. Processing purposes. The Company may use Personal Data for the following purposes:
Provision of Services: To provide and maintain our Service, including to monitor the usage of our Service:
Account management: To manage User Accounts and to manage registrations as a User of the Service (the Personal Data provided can give a User access to different functionalities of the Service that are available to registered Users);
Execution of the agreement: For the performance and execution of an agreement for the use of the Service or any other service purchased by a User from the Company;
User updates: To contact Users by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation
Direct marketing: To provide Users with news, special offers and general information about other goods, services and events which the Company offers that are similar to those goods and services already purchased or received by the User, unless the latter as opted not to receive such information;
Market research & statistics: To monitor User preferences and User behaviour in order to optimize, update, upgrade, maintain or repair the Services;
Feedback and complaints: To deal with quality complaints and feedback relating to the Services;
User requests: To attend to and manage any User requests;
Business restructuring: To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution of the Company, or an other sale or transfer of some or all of the Company’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by the Company is among the assets transferred or is part of a due diligence procedure;
Training or educational purposes;
Other purposes: The Company may use Personal Data for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of promotional campaigns and to evaluate and improve the Service, products, services, marketing and your experience.
4.2. Processing Grounds. The Company will not process Personal Data for a particular purpose if it does not have a legal basis for such purpose as provided by law. Accordingly, the Company will only process Personal Data for the purposes set out in Clause 4.1 on the following legal bases:
The useful performance and ensuring compliance of the Services (purpose a, b, c, d, g & h);
The Company’s legal obligations under any relevant legislation (purpose c, d & h);
Protecting the vital interests of the Users or any other person (purpose c, g & h);
Safeguarding the Company’s own legitimate interests, provided that this does not compromise the interests and fundamental rights and freedoms of the Users, it being understood that the Company shall always strive to maintain a balance between its own legitimate interests and the User's privacy when processing Personal Data on the latter basis (purpose a, f, g, i, j & k).
Examples of such "legitimate interests" include data processing activities carried out:to provide the User with accurate and timely information about the Services and to facilitate communication; and
to prevent misuse of our Services.
The Users’ consent: Users provide consent by creating an Account, by signing up for Cumbaya’s email list or by otherwise indicating their interest in receiving marketing communications from Cumbaya (all purposes).
4.3. Retention of Personal Data
4.3.1. The Company will retain Personal Data only for as long as is necessary for the purposes set out in Clause 4.1. The Company will retain and use Personal Data to the extent necessary to comply with its legal obligations, resolve disputes, and enforce legal agreements and policies.
4.3.2. The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of the Service, or if the Company is legally obligated to retain this data for longer time periods.
5 DATA TRANSFERS
5.1. The Company shall not sell, share or otherwise transfer Personal Data to third parties not identified in the present Privacy Statement. In the course of business and for the same purposes as those stated in the present Privacy Statement, Personal Data may be made available or disclosed to the following persons (who are contractually obligated to protect the confidentiality and security of such Personal Data, in accordance with applicable law):
Service Providers: The Company may share Personal Data with Service Providers, such as (but not limited to) Google, Meta or Tik Tok, to monitor and analyze the use of our Service or to contact its Users.
(Candidate) parties for business restructurings: The Company may share or transfer Personal Data in connection with any merger, sale of Company assets, financing, or acquisition of all or a portion of the Company’s business to another company, subject to the enforcement of a confidentiality obligation and the same privacy obligations that are applicable to the Company and upon prior written notice to the Users.
With Affiliates: The Company may share Personal Data with its Affiliates, in which case those Affiliates will be required to honor this Privacy Policy, upon prior written notice to the Users.
Travel Service Providers: The Company may share Personal Data with Travel Service Providers, to the extent that a User has shown legitimate interest in any product, service or promotion offered by such Travel Service Provider (by clicking on a referral link within the Application or making a booking).
Other Users: When Users share Personal Data or otherwise interact in the public areas of the Application or the Website with other Users, such information may be viewed by all Users.
Other parties: The Company may disclose Personal Data to any other party with the Users’ explicit consent.
6 DATA SECURITY AND TRANSFER
6.1. Security. The Company has implemented appropriate technical and organisational measures to ensure the confidentiality of Personal Data and to protect such data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. The Company stores Personal Data in an encrypted database and uses appropriate technical and organizational measures to protect it from unauthorized access, disclosure, alteration, or destruction. Please note that no method of transmission over the internet or method of electronic storage is 100% secure. While the Company strives to use commercially acceptable means to protect Personal Data, it cannot guarantee its absolute security.
6.2. Transfer to other jurisdictions. Users’ information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be processed on, transferred to or maintained on servers or computers located outside of the Users’ state, province, country or other governmental jurisdiction, so that the data protection laws may differ from those in their own jurisdiction. The Company will take all steps reasonably necessary to ensure that no transfer of Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of such Personal Data and other personal information. The Company has made appropriate contractual arrangements with the Service Providers for the processing of Personal Data. No Personal Data is transferred outside the European Economic Area without ensuring that such data enjoys an equivalent level of protection there.
7. USER RIGHTS
7.1. Rights relating to Personal Data. Users have the right to:
Access their Personal Data;
Rectify any inaccurate or incomplete Personal data;
Erase their Personal Data:
Restrict the processing of their Personal data;
Object to the processing of their Personal Data:
Withdraw their consent at any time;
Delete (within the Application) or have deleted (with the Company’s assistance) their Personal Data;
7.2. Users may update, amend, or delete their Personal Data at any time by signing in to their Account, if they have one, and visiting the account settings section that allow them to manage their Personal Data. Users may also contact the Company, in accordance with Clause 7.3, to request access to, correct or delete any Personal Data that they have provided to the Company. Please note, however, that the Company may need to retain certain information under a legal obligation or lawful basis to do so.
7.3. Exercising the Rights.
7.3.1. Users wishing to exercise any of their aforementioned rights may contact the Company at info@cumbaya.travel. Any request will be followed up within 1 month.
7.3.2. A notification under Clause 7.3.1 shall include a justification the Users’ request and a proof of identity (e.g. a copy of the front side of the Users’ identity card).
8. CHILDREN'S PRIVACY
8.1. The Company does not knowingly collect personally identifiable information from anyone under the age of 12. Users that are a parent or guardian and are aware that their child has provided the Company with Personal Data, may contact the Company. If the Company becomes aware that it has collected Personal Data from anyone under the age of 12 without verification of parental consent, it shall take steps to remove that information from its servers.
8.2. If the Company needs to rely on consent as a legal basis for processing Personal Data and the User’s country requires consent from a parent, the Company may require the User’s parent's consent before collecting and using that information.
9. MISCELLANEOUS
9.1. Links to other websites. The Service may contain links to other websites that are not operated by the Company. If a User clicks on a third party link, he or she will be directed to that third party's site. The Company has no control over, and assumes no responsibility for any Third Party Content. The access to and use of Third Party Content by a User, and the disclosure and processing of any Personal Data in such respect, shall be exclusively governed by the privacy policy of such third party.
9.2. Changes to this Privacy Policy. the Company reserves the right, at its sole discretion, to modify or replace the Terms and Conditions at any time. Users shall be notified of any changes by publishing the new Privacy Policy on the Website and within the Application. By continuing the use of the Services, the User will be deemed to have accepted any amended terms. The User will be informed of these amendments via email and/or a prominent notice within the Service prior to the change becoming effective.
9.3. Contact us. Users can contact the Company by email, via info@cumbaya.travel.
10. COOKIE POLICY
10.1. General. The Company uses Cookies and similar tracking technologies to track the activity on the Service and store certain information. This is done to improve and optimize your browsing experience and to better tailor the Services to your needs and preferences. This cookie policy describes the use of Cookies on the Service and the User rights in relation thereto (“Cookie Policy”).
10.2. About Cookies. Cookies are small text files that may be placed on your Device when you visit websites and store certain information. Other tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze the Service. The technologies We use may include:
“Persistent Cookies”: Cookies that remain on the Users” Device when he or she goes offline
“Session Cookies”: Cookies that are deleted as soon as the User closes its web browser.
“Third-party Cookies”: Cookies that are placed on the Website by third parties and/or used to transmit certain information about a User’s visit to that third party. This happens, for example, because the Website contains elements from other websites, such as images, social media plug-ins or advertising. When the browser or other software retrieves these elements from other websites, the cookies set by those other websites are considered third-party cookies.
“Necessary Cookies”: Cookies that are necessary for the Services to work correctly (e.g., ensuring an even load on the Website that keeps it functional and accessible).
“Functional Cookies”: Cookies that are necessary to improve the browsing experience or to provide a functionality explicitly requested by a User (e.g., remembering its login or tracking selected items, as well as video playback).
“Analytical Cookies”: Cookies that collect information about how the Website is used in order to improve search engine hits and website performance (e.g., by tracking whether and how Users the Website's features in order to improve the Website). Analytical Cookies are set only upon User consent.
“Marketing Cookies”: Cookies that collect information about User’s browsing, search and purchasing habits in order to provide them with personalized advertising based on their personal interests. Marketing Cookies are set only upon User consent.
“Social Media Cookies”: Cookies that make it possible to share website content on social media networks (e.g. via the ‘Facebook thumb’). Furthermore, these cookies collect information about your browsing, search and purchasing behavior on the website in order to offer you personalized advertising on these social media networks. These cookies are only set if you have given your consent. It is possible that these social media networks also use the information they collect via these cookies for their own purposes. You can always find more information about this in the privacy statements of the respective social media networks.
“Web Beacons”: Certain sections of the Service and the Company’s emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count Users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain item or section and verifying system and server integrity).
10.3. Use of Cookies. The Company uses the following Cookies for the following purposes:
10.3.1. Necessary / Essential Cookies
Type: Session Cookies
Administered by: the Company
Purpose: These Cookies are essential to provide the Users with the Services and to enable the Users to use some of its features. They help to authenticate Users and prevent fraudulent use of User accounts. Without these Cookies, the Services cannot be provided, and they are only used to provide the Services.
10.3.2. Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: the Company
Purpose: These Cookies identify if Users have accepted the use of Cookies on the Website.
10.3.3. Functional Cookies
Type: Persistent Cookies
Administered by: the Company
Purpose: These Cookies allow the Company to remember choices Users make when they use the Website, such as remembering login details or language preference. The purpose of these Cookies is to provide Users with a more personal experience and to avoid Users having to re-enter its preferences every time they use the Website.
10.3.4. Analytical and Marketing Cookies
Type: Persistent Cookies
Administered by: the Company or by third party service providers (such as Google)
Purpose: These Cookies allow the Company to track whether and how Users use the Website's features in order to improve the Website or to provide Users with personalized advertising based on their personal interests.
10.3.5. Social Media Cookies
Type: Persistent Cookies
Administered by: the Company and by third parties (hosting the social network platform)
Purpose: These Cookies enable the sharing of Website content on social media networks (e.g. via the “Facebook thumb”) and to offer Users personalized advertising on these social media networks.
10.4. User Cookie preferences.
10.4.1. When Users first visit the Website, they are asked for their Cookie preferences via a banner. Users cannot refuse the Necessary Cookies and Functional Cookies when using the Services. These will be placed automatically during a visit to and a certain use of the Services. Analytical Cookies and Marketing cookies will only be placed when Users consent to them via the Cookie preferences. The consent can be given per type of Cookie. Refusing certain Cookies means that certain functionalities of the Services will not be available.
10.5. Amendments. This Cookie Policy may be amended from time to time to the extent permitted in accordance with applicable data protection regulations. Users can always access the most current version via the Website.
11. GOOGLE ANALYTICS
11.1. This website uses Google Analytics, a service of Google, Inc. (hereinafter “Google”) to collect and detail statistics of a website.
11.2. Google Analytics uses cookies to help us analyze how Users use the Website, for example, the number of visitors to the Website, the websites from which Users came to us, and the pages they visited. The Company uses this information to improve the Website's offerings and services. Basically, all information collected by the Cookies about the use of the Website is transmitted by Google and stored on servers in the United States.
11.3. Google, as the Company’s authorized data processor, will use this data to help the Company evaluate the use of the Website, compile reports on the Website activities and provide other statistical and analytical services related to the use of the Website.
11.4. The IP address transmitted by a User’s browser in the context of Google Analytics will not be linked to any other data held by Google.
11.5. Google's privacy policy can be consulted here.