Your privacy matters to us. This policy explains what personal data we collect when you use komodocruises.com, why we collect it, how we use it, and the rights you have. We aim for plain language — no jargon, no dark patterns.
01Who We Are
Komodo Cruises is operated by PT Komodo Cruises Indonesia, based in Labuan Bajo, Flores, Nusa Tenggara Timur, Indonesia. We are the data controller for personal data collected through this website and during our booking and trip services.
If you have any questions about this policy or how we handle your data, you can reach our privacy team at privacy@komodocruises.com.
02Information We Collect
We only collect what's necessary to serve you. The categories of data we collect are:
Information You Provide
- Booking details — name, email, phone number, nationality, passport number (where required), travel dates, and cabin preferences.
- Payment information — processed directly by our payment providers (Xendit, Stripe). We do not store full card numbers on our servers.
- Communications — messages you send us via contact forms, WhatsApp, or email.
- Marketing preferences — if you subscribe to our newsletter or opt into promotional emails.
Information Collected Automatically
- Device and browser data — IP address, browser type, operating system, screen size.
- Usage data — pages visited, time on site, referring site, actions taken.
- Cookies and similar technologies — see our Cookies Policy for details.
Information from Third Parties
We may receive data from travel partners, operators, or referral sources when they book a trip on your behalf. We also receive data from payment processors confirming your transaction status.
03How We Use Your Data
We use your data for these specific purposes:
| Purpose | Data Used |
|---|---|
| Processing your booking | Name, email, phone, payment info, travel dates |
| Confirming your trip and sending pre-departure info | Contact details, booking reference |
| Responding to your questions | Contact details, message content |
| Improving our website and services | Usage data, device data (aggregated) |
| Sending promotional emails (opt-in only) | Email, marketing preferences |
| Legal compliance and fraud prevention | Transaction records, identity data |
We will never sell your personal data, and we only use it for purposes you'd reasonably expect.
04Legal Basis for Processing
Under applicable data protection laws (including Indonesia's PDP Law and the EU GDPR where relevant), we process your data based on:
- Contract — to fulfill your booking and deliver the trip you purchased.
- Legal obligation — to comply with tax, immigration, and safety rules.
- Legitimate interest — to improve our services, prevent fraud, and secure our platform.
- Consent — for marketing emails and optional cookies. You can withdraw consent at any time.
05Sharing Your Data
We share data only with parties who need it to deliver your booking or support our operations:
- Boat operators — the operator running your specific cruise receives your name, contact info, and special requests so they can prepare your trip.
- Payment processors — Xendit and Stripe handle your payment securely. They operate under their own privacy policies.
- Infrastructure providers — Cloudflare (CDN and security), our hosting providers, and email services (Purelymail).
- Analytics — Google Analytics and similar services, only if you've accepted optional cookies.
- Authorities — when legally required, for example by immigration, tax, or court order.
We do not sell your personal data to advertisers or data brokers. Full stop.
06Data Retention
We keep personal data only as long as needed for the purpose it was collected, plus any period required by law:
- Booking and transaction records — 7 years (Indonesian tax and accounting requirements).
- Customer support conversations — 3 years from last contact.
- Marketing email lists — until you unsubscribe or we close the list.
- Analytics data — 26 months (Google Analytics default), fully anonymized where possible.
After the retention period ends, we delete or anonymize the data.
07Your Rights
You have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Deletion — request that we delete your data (subject to legal retention rules).
- Restriction — ask us to pause certain uses of your data.
- Portability — get your data in a machine-readable format to transfer elsewhere.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — for any processing that relies on consent (e.g., marketing).
To exercise any of these rights, email privacy@komodocruises.com. We'll respond within 30 days. No fees for reasonable requests.
08International Transfers
We are based in Indonesia, but some of our service providers (Cloudflare, Google, Stripe) operate internationally. When your data is transferred outside Indonesia, we rely on:
- Standard contractual clauses approved by relevant regulators.
- Adequacy decisions where the destination country offers equivalent protection.
- Providers certified under recognized privacy frameworks.
09Security
We protect your data with technical and organizational measures including:
- HTTPS encryption for all site traffic.
- Encrypted database storage for sensitive fields.
- Role-based access control — staff only see the data they need.
- Regular security reviews and penetration testing.
- Secure payment processing via PCI-DSS compliant providers.
No system is 100% secure, but we take our responsibility seriously. If a breach occurs that affects you, we'll notify you without undue delay.
10Children's Privacy
Our services are not directed at children under 13. We do not knowingly collect data from children without parental consent. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
For family trips, parents or guardians book on behalf of minor travelers and are responsible for providing consent to process that data.
11Changes to This Policy
We may update this policy as our services evolve or laws change. The "Last updated" date at the top reflects the most recent revision.
For significant changes (for example, new purposes or new partners), we'll notify you via email or a banner on the site before the change takes effect. Continued use of the site after changes means you accept the updated policy.
12Contact
For privacy questions, requests, or complaints:
Komodo Cruises — Privacy Team
PT Komodo Cruises Indonesia
Labuan Bajo, Flores, Nusa Tenggara Timur, Indonesia
Email: privacy@komodocruises.com
WhatsApp: +62 822-1000-3928
If you believe we have not adequately addressed your concern, you have the right to lodge a complaint with the Indonesian data protection authority or your local regulator.
Questions About Your Data?
Reach out anytime — we'll respond within a few business days.