Last updated: April 2026
At CocoVolare — Coco Managed Services Group Co S.A.S — we value and protect the privacy of our clients, travelers and visitors to cocovolare.com. This policy transparently describes how we collect, use, store, transfer and protect your personal data, in compliance with Colombia's Law 1581 of 2012 (Statutory Data Protection Law), its implementing Decree 1377 of 2013, guidelines from the Superintendencia de Industria y Comercio (SIC) and, where applicable, the European Union's General Data Protection Regulation (GDPR) for European travelers.
The data controller is Coco Managed Services Group Co S.A.S, Tax ID (NIT) 901970280-5, registered in Colombia's National Tourism Registry under RNT 256778, with registered office at Calle 25B #71-18, Bogotá D.C., Colombia. Privacy contact: contact@cocovolare.com.
This policy is governed by Article 15 of the Colombian Constitution, Law 1581 of 2012, Decree 1377 of 2013, Decree 1074 of 2015, Law 1266 of 2008 (financial Habeas Data where applicable), Law 300 of 1996 (General Tourism Act) and binding circulars of the SIC. For EU residents, we additionally apply Regulation (EU) 2016/679 (GDPR) standards.
We collect only the data strictly necessary to deliver the service: (a) identification data such as full name, ID type and number, nationality and date of birth; (b) contact data including email, phone, WhatsApp and postal address; (c) travel data such as destinations of interest, tentative dates, number of travelers, culinary, dietary and relevant medical preferences, accommodation preferences, estimated budget range; (d) passport and visa data when strictly required to book with airlines, hotels and operators; (e) billing and payment data processed through PCI-DSS certified gateways (we do not store card numbers on our servers); (f) navigation data, IP address, device type, language and pages visited, collected via cookies and similar technologies.
We process your personal data to: (a) design, quote and deliver your trip; (b) manage reservations with airlines, hotels, ground operators, cruises, restaurants, guides and other suppliers; (c) issue tickets and vouchers; (d) provide concierge and 24/7 support during travel; (e) send transactional and support communications; (f) send commercial content, offers and inspiration only when you expressly authorize it; (g) fulfill tax, accounting and regulatory obligations before Colombian authorities; (h) prevent fraud and protect the security of our clients and staff; (i) improve our services through aggregated and anonymized analytics.
Processing is based on your free, prior, express and informed authorization granted when you contact us, complete the trip design form or accept this policy. We also process data when necessary for the performance of a tourism service contract (confirmed booking), to comply with a legal obligation, or to pursue proportionate legitimate interests such as fraud prevention.
CocoVolare does not request or process data from minors for its own commercial purposes. When a trip involves minors, data is provided by the parent, mother or legal representative and processed solely to deliver the requested tourism service. We recognize the prevailing rights of children and adolescents (Article 44 of the Colombian Constitution).
Some trips require sensitive data (medical conditions, reduced mobility, health-related dietary restrictions, religious beliefs for dietary observance). Processing is strictly voluntary, requires your explicit authorization and is limited to what is essential to ensure your safety and comfort during the trip. You are not obliged to authorize the processing of sensitive data.
Our site uses strictly necessary cookies (session, preferences, security) and aggregated analytics cookies to understand site usage. We do not use third-party advertising cookies, cross-site tracking cookies or social media pixels for profiling. You may configure your browser to reject them. See our Cookies Policy for details.
To deliver your trip we share only strictly necessary data with: airlines and global distribution systems (Amadeus, Sabre, Travelport); hotels, resorts and hotel chains; ground operators, guides and transport companies; travel insurance providers; certified payment gateways; communication platforms (email, WhatsApp Business). Each processor is bound by data transfer and processing agreements ensuring equivalent standards. We never sell, rent or transfer your information to third parties for commercial purposes unrelated to the contracted service.
Given the international nature of tourism, your data may be transferred to countries where service providers executing your trip operate (Europe, Asia, Middle East, Americas). Such transfers are carried out with the safeguards required by Law 1581 of 2012 and, where applicable, under GDPR standard contractual clauses. By accepting this policy you expressly consent to such international transfers when necessary to deliver the contracted service.
As data subject you have the right to: (a) access, update and rectify your data; (b) request proof of the authorization granted; (c) be informed about the use we make of your data; (d) file complaints with the SIC for breaches; (e) revoke authorization and/or request deletion when there is no legal or contractual obligation to retain it; (f) access your processed data free of charge.
To exercise your rights write to contact@cocovolare.com with the subject ",Habeas Data" indicating: full name, ID number, facts giving rise to the request, right you wish to exercise and supporting documents. We respond to queries within 10 business days and to claims within 15 business days, pursuant to Articles 14 and 15 of Law 1581 of 2012. If more time is required we will inform you of the reasons.
We apply reasonable technical, human and administrative measures to protect your data against loss, unauthorized access, misuse, alteration or destruction: TLS encryption, role-based access control, periodic backups, staff confidentiality agreements and internal audits. We retain your data while the contractual relationship exists and for the additional periods required by Colombian tax, accounting and tourism law (up to 10 years for accounting purposes). Thereafter data is securely deleted or anonymized.
The Superintendencia de Industria y Comercio (SIC) is the authority competent in Colombia to protect the rights of data subjects. You may turn to them if you believe your rights have been violated (www.sic.gov.co). We may update this policy when legal, operational or technological changes so require. Any modification will be published on this page with an updated effective date. Continued use of our services implies acceptance of the changes.