Kodama

Kodama Travel Privacy and Cookie Policies

1. Introduction & Data Controller

Kodama Travel Ltd (“we”, “us”, “our”, or “Kodama Travel”) is committed to protecting your privacy and ensuring you have a positive experience on our website and when using our services.

This Privacy and Cookie Policy (“Policy”) describes how and why we might collect, store, use, and share (“process”) your information when you use our website, mobile application, and related services (collectively, “Services”).

Data Controller Details:

  • Company: Kodama Travel Ltd
  • Registration: England & Wales (15352750)
  • Address: 124 City Road, London, EC1V 2NX
  • Email: hello@kodamatravel.com

Please read this Policy carefully. If you have any questions, please contact us using the details provided in Section 14 below.

2. What We Do

Kodama Travel operates a marketplace platform that connects travellers with independent third-party travel experience providers (“Suppliers”). We enable you to search, discover, and book travel experiences globally.

We do not operate, deliver, or directly provide the travel experiences ourselves. Our role is to facilitate the booking and payment process between you and the relevant Supplier. Each Supplier is responsible for delivering the experience in accordance with their own terms and conditions, and local regulations.

3. What Personal Information Do We Collect?

3.1 Information You Provide to Us

When you use our Services, you may provide us with personal information, including:

Contact Information:

  • Name
  • Email address
  • Phone number
  • Postal address
  • Payment information (processed securely via Stripe)

Booking and Experience Information:

  • Travel dates and preferences
  • Destination choices
  • Dietary requirements
  • Age and date of birth
  • Height and weight (where required by a Supplier for safety or activity-specific reasons)
  • Nationality and passport information (where required for international travel)
  • Accessibility requirements
  • Emergency contact information
  • Any other information you choose to provide in booking notes or communications

3.2 Information Automatically Collected

When you visit or use our Services, we automatically collect certain technical information, including:

  • Device Information: Device type, operating system, browser type, and device identifiers
  • Usage Information: Pages visited, time spent on pages, links clicked, searches performed, and features used
  • IP Address and Location: Your IP address, country, and approximate location based on IP geolocation
  • Cookies and Tracking Technologies: Information collected via cookies, web beacons, and similar technologies (see Section 8 for details)
  • Referral Information: How you accessed our Services (e.g., search engine, referral link, advertising campaign)
  • Currency and Language Preferences: Your selected currency and language settings

This technical information does not directly identify you but may be combined with other information to create a profile of your browsing behaviour and preferences.

3.3 Information from Third Parties

We may receive information about you from:

  • Payment Processors: Stripe provides us with payment confirmation and transaction details to process your booking
  • Travel Suppliers: Suppliers may share feedback, ratings, or incident reports related to your travel experience
  • Third-Party Referral Partners: Referral platforms and marketing partners may provide information about how you were referred to our Services
  • Third-Party Service Providers: Our analytics, hosting, and customer support providers may share aggregated or anonymised data

We do not receive or purchase personal data from data brokers or other commercial data sources.

4. How Do We Use Your Personal Information?

We process your personal information for the following purposes:

4.1 Delivery of Services

  • Processing and fulfilling your bookings
  • Communicating booking confirmations, itineraries, and amendments
  • Sharing your booking details with the relevant Supplier to enable them to deliver the experience
  • Processing payments and refunds
  • Managing cancellations and changes to bookings
  • Providing customer support and responding to enquiries

4.2 Communication

  • Sending you transactional emails (booking confirmations, payment receipts, cancellation notices, changes to terms)
  • Responding to your customer service enquiries and complaints
  • Sending service-related announcements and updates
  • Notifying you of important changes to our Services, policies, or terms

4.3 Safety and Fraud Prevention

  • Detecting, investigating, and preventing fraud, abuse, and other illegal activities
  • Protecting the security of our Services and users
  • Verifying your identity and preventing unauthorised access
  • Complying with legal obligations and law enforcement requests

4.4 Analytics and Service Improvement

  • Analysing how you use our Services to improve functionality, user experience, and content
  • Identifying trends and patterns in user behaviour
  • Measuring the effectiveness of our marketing campaigns
  • Conducting research and generating anonymised, aggregated reports

4.5 Marketing and Promotional Communications

  • Sending you marketing emails about travel experiences, special offers, and promotions (only where you have consented or where permitted by law)
  • Personalising content and recommendations based on your preferences and booking history
  • Conducting surveys and requesting feedback on your experience

4.6 Legal Compliance

  • Complying with legal obligations, court orders, and regulatory requirements
  • Exercising or defending our legal rights
  • Maintaining records for accounting, tax, and audit purposes

5. What Is Our Legal Basis for Processing Your Information?

Under the UK General Data Protection Regulation (UK GDPR), we must have a valid legal basis to process your personal information. We rely on the following lawful bases:

5.1 Performance of a Contract

  • Processing your booking
  • Delivering the Services you have requested
  • Managing payments and refunds
  • Providing customer support

5.2 Consent

  • Marketing and promotional communications (email, SMS, push notifications)
  • Non-essential cookies and tracking technologies
  • Processing special category data (see Section 6 below)

You can withdraw your consent at any time by contacting us or using the unsubscribe link in our communications.

5.3 Legitimate Interests

  • Fraud prevention and detection
  • Improving our Services and user experience
  • Analytics and performance measurement
  • Protecting the security of our platform and users
  • Enforcing our terms and policies
  • Marketing and business development (where not requiring explicit consent)

In each case, we have assessed that our legitimate interests do not override your rights and freedoms.

5.4 Legal Obligation

  • Tax and accounting compliance
  • Compliance with regulatory authorities
  • Responding to law enforcement requests
  • Fulfilling statutory reporting obligations

6. Special Category Data (Sensitive Personal Information)

6.1 What Is Special Category Data?

Special category data (also called "sensitive personal information") includes information about health, race, ethnicity, religion, political beliefs, trade union membership, genetic data, biometric data, and sex life.

6.2 Health and Fitness Information

  • Dietary requirements (allergies, intolerances, religious or ethical restrictions)
  • Mobility or accessibility requirements
  • Medical conditions relevant to the activity (e.g., fitness level for hiking, swimming ability for water sports)
  • Pregnancy status (for certain activities)
  • Medication requirements

6.3 Children's Data

  • Age and date of birth
  • Height and weight (for safety equipment sizing)
  • Health and dietary information

6.4 Legal Basis for Processing Special Category Data

We process special category data only with your explicit consent. When you provide this information during the booking process, you are explicitly consenting to its collection and processing for the purposes of:

  • Enabling the Supplier to deliver the experience safely
  • Accommodating your specific needs
  • Ensuring your health and safety during the activity
  • Complying with the Supplier's safety and insurance requirements

You have the right to withdraw this consent at any time by contacting us, although this may prevent the Supplier from delivering the experience.

6.5 Sharing of Special Category Data

Special category data is shared only with the relevant Supplier(s) necessary to deliver your booked experience. We do not share this information with any other third parties without your explicit consent.

7. How Do We Share Your Personal Information?

7.1 Travel Suppliers

  • Name, email, and phone number
  • Booking details (dates, times, location, group size)
  • Any special requirements (dietary, accessibility, health, fitness information)
  • Payment confirmation

7.2 Payment Processors

We share payment information with Stripe to process your booking payment securely. Stripe is our payment processor and data processor. For more information about how Stripe handles your data, please visit: https://stripe.com/privacy

We do not store your full credit card details on our platform.

7.3 Tour Management Software

We use Bokun (tour management software) to manage bookings, generate reports, and communicate with Suppliers. Your booking information (name, email, booking details, special requirements) may be stored and processed through Bokun. Bokun is a data processor acting on our instructions. For more information about Bokun's privacy practices, please visit: https://www.bokun.io/privacy-policy

7.4 Customer Support and Service Providers

  • Customer support platforms
  • Email service providers
  • Analytics providers
  • Hosting and cloud infrastructure providers
  • Security and fraud prevention services

7.5 Legal Compliance and Law Enforcement

  • Responding to court orders, subpoenas, or legal investigations
  • Complying with regulatory authorities
  • Protecting the rights, property, or safety of Kodama Travel, our users, or the public
  • Enforcing our terms and policies

7.6 Business Transfers

If Kodama Travel is involved in a merger, acquisition, bankruptcy, or sale of assets, your personal information may be transferred as part of that transaction. We will provide notice of any such change and any choices you may have regarding your information.

7.7 What We Do NOT Do

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. Your data is not a commodity, and we do not monetise your personal information through data sales.

8. Cookies and Tracking Technologies

8.1 What Are Cookies?

Cookies are small text files stored on your device that allow websites to recognise you and remember your preferences. We also use similar tracking technologies, including:

  • Web beacons and pixels
  • Local storage and session storage
  • Device fingerprinting
  • Tracking scripts and tags

8.2 Why Do We Use Cookies?

We use cookies and tracking technologies for the following purposes:

Strictly Necessary Cookies (No Consent Required):

  • Maintaining your login session and authentication
  • Keeping you logged in across pages
  • Processing your booking and payment
  • Remembering your preferences (language, currency)
  • Preventing fraud and detecting abuse
  • Ensuring website security

Functional Cookies (No Consent Required):

  • Remembering your choices and settings
  • Enabling features like "save for later" or wishlists
  • Personalising your experience based on your activity
  • Improving website performance

Analytics Cookies (Consent Required):

  • Tracking how you use our website (pages visited, time spent, clicks)
  • Identifying which features are most popular
  • Measuring the effectiveness of marketing campaigns
  • Generating anonymised usage reports
  • Using Google Analytics to understand user behaviour

8.3 Consent for Cookies

Strictly necessary and functional cookies do not require your consent and are placed automatically.

Your consent choice is saved in a cookie and honoured for twelve (12) months, after which we may ask you to renew your preferences.

8.4 Third-Party Cookies

  • Analytics providers (Google Analytics)
  • Advertising networks (Google Ads, Meta, other platforms)
  • Payment processors (Stripe)

We do not control these third-party cookies, and we recommend reviewing the privacy policies of these services.

9. International Data Transfers

9.1 Data Transfers Outside the UK

  • Travel Suppliers in destination countries
  • Payment processors and service providers in the EU, US, and other countries
  • Analytics and hosting providers outside the UK

9.2 Supplier Responsibility

Each Supplier is responsible for complying with data protection laws in their jurisdiction.

10. How Long Do We Keep Your Personal Information?

  • Booking and Transaction Data: 7 years
  • Payment Information: 7 years
  • Customer Support Records: 3 years
  • Marketing and Consent Records: 2 years
  • Inactive Accounts (no bookings): 3 months
  • Website Analytics Data: 26 months
  • Cookies: Session cookies deleted on browser close; persistent cookies expire after 12 months
  • Special Category Data (Health/Fitness): Duration of booking + 3 months

10.1 Deletion and Anonymisation

  • Delete it securely, or
  • Anonymise it so it can no longer be linked to you

10.2 Backup and Archive Data

Personal information may be retained in backup or archive systems for longer periods for disaster recovery and compliance purposes, but this data is not actively used or accessible for business purposes.

11. How Do We Protect Your Information?

11.1 Security Measures

  • Encryption: Data in transit (HTTPS/TLS) and at rest is encrypted
  • Access Controls: Role-based access restrictions and authentication requirements
  • Firewalls and Intrusion Detection: Network security monitoring
  • Employee Training: Data protection and security awareness training
  • Incident Response Plan: Procedures for responding to data breaches
  • Payment Security: PCI DSS compliance for payment processing via Stripe

11.2 Limitations of Security

Despite our security measures, no electronic transmission or storage system is 100% secure. We cannot guarantee absolute protection against all cyberattacks, hacking, or unauthorised access.

11.3 Your Responsibility

  • Use a secure internet connection when accessing our Services
  • Report suspicious activity immediately

12. Data Breaches and Incident Notification

12.1 Breach Notification

  • Notify you without undue delay, and in any event within 72 hours of becoming aware of the breach
  • Provide information about the nature of the breach, the data affected, and potential consequences
  • Recommend steps you can take to protect yourself
  • Notify the Information Commissioner's Office (ICO) as required by law

12.2 Breach Report Contents

  • Description of the personal data affected
  • Likely consequences of the breach
  • Measures we have taken or will take to address the breach
  • Contact details for further information
  • Recommended actions you should take

13. Children and Minors

13.1 Age Requirement

Our Services are intended for users aged 18 and older. We do not knowingly collect personal information from children under 18.

To use our Services, you must be at least 18 years old or have parental/guardian consent.

13.2 Booking Travel for Minors

  • The lead traveller (parent/guardian) must be 18 or older and legally responsible
  • We collect the child's personal information (name, age, date of birth, health/fitness information) as part of the booking
  • This information is used solely to enable the Supplier to deliver the experience safely
  • The parent/guardian provides explicit consent on behalf of the child

13.3 Special Category Data for Minors

  • Height and weight (for safety equipment sizing)
  • Dietary requirements and allergies
  • Health conditions or fitness limitations
  • Accessibility requirements

13.4 Child Safety

  • Data Protection Act 2018 (children's rights)
  • Children Act 1989
  • Online Safety Act 2023 (where applicable)

14. Your Privacy Rights

14.1 Right of Access

You have the right to request a copy of the personal information we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days of your request.

How to request: Contact us at hello@kodamatravel.com with the subject line "Data Access Request."

14.2 Right to Rectification

You have the right to request that we correct inaccurate or incomplete personal information about you.

How to request: Contact us with details of the information you believe is inaccurate.

14.3 Right to Erasure ("Right to Be Forgotten")

You have the right to request that we delete your personal information, subject to certain exceptions (e.g., where we have a legal obligation to retain it, or where deletion would prevent us from fulfilling a contract with you).

Exceptions:

  • Booking and transaction data (retained for 7 years for tax and legal compliance)
  • Information needed to resolve disputes or complaints
  • Information required by law

How to request: Contact us with details of the information you wish to be deleted.

14.4 Right to Restrict Processing

You have the right to request that we limit how we use your personal information while we verify its accuracy or assess your other rights requests.

How to request: Contact us explaining why you wish to restrict processing.

14.5 Right to Data Portability

You have the right to request your personal information in a portable, machine-readable format and to transmit it to another data controller.

How to request: Contact us at hello@kodamatravel.com with the subject line "Data Portability Request."

14.6 Right to Object

You have the right to object to our processing of your personal information on the basis of legitimate interests, including for marketing purposes.

How to request: Contact us specifying which processing activities you object to. You can also unsubscribe from marketing emails using the unsubscribe link in our communications.

14.7 Right to Withdraw Consent

Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

  • Unsubscribe from marketing emails using the link in our communications
  • Adjust your cookie preferences using our cookie preferences tool
  • Contact us at hello@kodamatravel.com

14.8 Right Not to Be Subject to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produces legal or similarly significant effects. We confirm that we do not use automated decision-making or profiling to make decisions about you.

14.9 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's independent data protection authority.

  • Website: https://ico.org.uk
  • Email: casework@ico.org.uk
  • Phone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

14.10 Exercising Your Rights

  • Contact us at hello@kodamatravel.com
  • Include your name, email address, and booking reference (if applicable)
  • Specify which right you are exercising
  • Provide any supporting information

We will respond to your request within 30 days. If your request is complex, we may extend this deadline by up to 60 days, and we will notify you of the extension.

15. Automated Decision-Making and Profiling

15.1 Our Policy

Kodama Travel does not use automated decision-making or profiling to make decisions about you that have legal or similarly significant effects.

  • Automatically reject or approve bookings based on algorithms
  • Make eligibility decisions based solely on automated processing
  • Use profiling to determine whether you can access our Services
  • Make decisions about your account based on automated scoring

15.2 Personalisation

We may use your information to personalise your experience (e.g., showing relevant travel recommendations), but these are suggestions only and do not restrict your access to our Services or affect your rights.

16. Policy Updates and Changes

16.1 How We Update This Policy

We review and update this Policy regularly to reflect changes in our practices, technology, legal requirements, and other factors. We may update this Policy at any time without prior notice.

16.2 Notification of Material Changes

  • Notify you via email (if we have your email address)
  • Display a prominent notice on our website
  • Request your consent if required by law

16.3 Effective Date

This Policy is effective as of 19th March 2026.

The date at the top of this Policy indicates when it was last updated. Your continued use of our Services after any updates constitutes your acceptance of the revised Policy.

16.4 Previous Versions

Previous versions of this Policy are available upon request. Contact us if you would like to review a prior version.

17. Third-Party Links and Services

Our website may contain links to third-party websites, applications, and services that are not operated by Kodama Travel. This Policy does not apply to third-party services, and we are not responsible for their privacy practices.

We recommend reviewing the privacy policies of any third-party services before providing your personal information.

  • Travel Supplier websites
  • Payment processors
  • Social media platforms
  • Advertising networks
  • Analytics providers

18. Contact Us

18.1 Privacy Enquiries

  • Email: hello@kodamatravel.com
  • Postal Address: 124 City Road, London, England, EC1V 2NX

We will respond to your enquiry within 30 days.

18.2 Data Protection Officer

We do not currently have a designated Data Protection Officer (DPO). However, you may direct privacy enquiries to our compliance team at hello@kodamatravel.com, and we will ensure your request is handled appropriately.

18.3 Supervisory Authority

  • Website: https://ico.org.uk
  • Email: casework@ico.org.uk
  • Phone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

19. Governing Law

This Privacy and Cookie Policy is governed by and construed in accordance with the laws of England and Wales. Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.

  • UK General Data Protection Regulation (UK GDPR)
  • Data Protection Act 2018
  • Privacy and Electronic Communications Regulations (PECR) 2003
  • Online Safety Act 2023 (where applicable)