Privacy Policy
Home

 Effective Date: [April 08, 2026]

At www.rammangrammang.com, we are committed to protecting your personal data and respecting your privacy in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services as a tour operator specializing in Rammang-Rammang and South Sulawesi tourism.

1. Data Controller

The data controller responsible for your personal data is:

www.rammangrammang.com
South Sulawesi, Indonesia
Email: amiruddinemail@gmail.com

2. Personal Data We Collect

We may collect and process the following categories of personal data:

a. Identity Data

  • Full name
  • Nationality

b. Contact Data

  • Email address
  • Phone number

c. Booking Data

  • Travel details
  • Tour preferences
  • Special requests

d. Payment Data

  • Payment-related information (processed securely via third-party providers)

e. Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Website usage data

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following lawful grounds:

  • Contractual Necessity: To process bookings and provide tour services
  • Consent: For marketing communications and optional cookies
  • Legitimate Interests: To improve our services and website functionality
  • Legal Obligation: To comply with applicable laws and regulations

You have the right to withdraw your consent at any time.

4. How We Use Your Data

We use your personal data for the following purposes:

  • To manage and confirm your tour bookings
  • To communicate with you regarding your travel plans
  • To provide customer support
  • To improve our website and services
  • To send marketing communications (only with your consent)
  • To comply with legal and regulatory requirements

5. Data Sharing and Processors

We may share your personal data with trusted third parties, including:

  • Local tour guides and operators
  • Transportation providers
  • Accommodation partners
  • Payment processors
  • IT and website service providers

All third parties act as data processors and are contractually obligated to protect your data in accordance with GDPR standards.

We do not sell your personal data.

6. International Data Transfers

As we are based in Indonesia, your data may be transferred and processed outside the European Economic Area (EEA).

When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)
  • Working with providers that comply with GDPR-equivalent standards

7. Data Retention

We retain your personal data only as long as necessary for:

  • Providing our services
  • Meeting legal, accounting, or reporting obligations

Typical retention periods:

  • Booking data: up to 5 years
  • Marketing data: until you withdraw consent

After this period, your data will be securely deleted or anonymized.

8. Your GDPR Rights

As a data subject under GDPR, you have the following rights:

  • Right of Access – request a copy of your personal data
  • Right to Rectification – correct inaccurate or incomplete data
  • Right to Erasure (“Right to be Forgotten”)
  • Right to Restrict Processing
  • Right to Data Portability
  • Right to Object to processing
  • Right to Withdraw Consent at any time
  • Right to Lodge a Complaint with an EU supervisory authority

To exercise your rights, contact us at: amiruddinemail@gmail.com

9. Cookies and Tracking Technologies

We use cookies in accordance with GDPR and the ePrivacy Directive.

Types of cookies we use:

  • Essential Cookies – necessary for website functionality
  • Analytics Cookies – to understand user behavior
  • Marketing Cookies – only with your explicit consent

When you visit our site, you will be presented with a cookie consent banner allowing you to accept or manage your preferences.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • SSL encryption
  • Secure servers
  • Access controls
  • Regular security monitoring

Despite these measures, no system is completely secure.

11. Third-Party Links

Our website may contain links to external websites. We are not responsible for their privacy practices.

We encourage users to review third-party privacy policies before sharing personal data.

12. Automated Decision-Making

We do not use automated decision-making or profiling that significantly affects users under GDPR Article 22.

13. Children’s Data

Our services are not intended for individuals under the age of 18. We do not knowingly collect data from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date.

15. Contact Information

If you have questions about this Privacy Policy or your data, please contact:

www.rammangrammang.com
Email: amiruddinemail@gmail.com
Location: South Sulawesi, Indonesia

16. Consent

By using our website, you confirm that you have read and understood this Privacy Policy and agree to its terms.