Zamzam
experience 

Privacy Policy

Last updated: October 12, 2025

Table of Contents

At ZamZam XP, we respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information.

1. Data Collection

Information You Provide

When you book an adventure or contact us, we collect:

  • Contact Information: Name, email, phone number, address
  • Booking Details: Adventure preferences, dates, group size
  • Payment Information: Billing details (processed securely by payment providers)
  • Health Information: Medical conditions relevant to activity safety (optional but recommended)
  • Travel Documents: Passport details, emergency contacts

Information We Collect Automatically

When you visit our website:

  • Device Information: IP address, browser type, operating system
  • Usage Data: Pages viewed, time spent, navigation patterns
  • Location Data: Approximate location based on IP (for content personalization)
  • Cookies: See our Cookies section below

2. How We Use Your Data

We use your information to:

Provide Services

  • Process and confirm bookings
  • Arrange guides, accommodation, and transportation
  • Communicate important trip information
  • Ensure your safety during adventures
  • Handle payments and invoicing

Improve Experience

  • Personalize website content and recommendations
  • Analyze usage patterns to improve our services
  • Send relevant adventure suggestions
  • Request feedback and reviews

Legal & Safety

  • Comply with legal obligations
  • Protect against fraud and security threats
  • Maintain records for insurance and liability purposes
  • Respond to legal requests from authorities

3. Cookies

We use cookies and similar technologies to enhance your browsing experience.

Types of Cookies

  • Essential Cookies: Required for website functionality (login, security)
  • Analytics Cookies: Help us understand how visitors use our site
  • Preference Cookies: Remember your settings and choices
  • Marketing Cookies: Track visits to show relevant ads (opt-in)

Managing Cookies

You can control cookies through:

  • Browser settings (block, delete, or accept cookies)
  • Our cookie consent banner (first visit)
  • Privacy preferences in your account settings

Note: Disabling certain cookies may affect website functionality and your user experience.

4. Third Parties

We work with trusted third-party services to operate our business:

Service Providers

  • Payment Processors: Stripe, PayPal (secure payment handling)
  • Email Services: SendGrid, Mailchimp (communications)
  • Analytics: Google Analytics (website usage insights)
  • Hosting: Vercel, Cloudflare (website infrastructure)
  • Communication: WhatsApp (customer support)

Data Sharing

We share your data only when necessary:

  • Local Partners: Guides, hotels, transport providers (trip logistics)
  • Insurance Companies: In case of accidents or emergencies
  • Legal Authorities: When required by law
  • Business Transfers: If we're acquired or merged (you'll be notified)

We never sell your personal data to third parties.

5. Your Rights

You have the following rights regarding your personal data:

Access & Portability

  • Request a copy of your data
  • Export your data in machine-readable format

Correction & Deletion

  • Update incorrect or incomplete information
  • Request deletion of your data (subject to legal requirements)

Control & Objection

  • Opt out of marketing communications
  • Object to data processing for specific purposes
  • Restrict how we use your data

How to Exercise Rights

Contact us at timothyalcaide+zamzamxp@gmail.com with your request. We'll respond within 30 days.

Data Security

We protect your data through:

  • SSL/TLS encryption for data transmission
  • Encrypted storage of sensitive information
  • Access controls (only authorized staff)
  • Regular security audits and updates
  • Secure payment processing (PCI DSS compliant)

No system is 100% secure. While we use industry-standard security measures, we can't guarantee absolute security. You're responsible for keeping your login credentials confidential.

Data Retention

We retain your data for:

  • Active Data: Duration of our relationship + 7 years (legal/insurance requirements)
  • Marketing Data: Until you unsubscribe + 2 years
  • Analytics Data: Anonymized after 26 months
  • Financial Records: 7 years (tax and legal requirements)

Children's Privacy

Our services are not directed to children under 16. We don't knowingly collect data from children without parental consent. If you believe we've inadvertently collected such data, contact us immediately.

International Transfers

We operate internationally. Your data may be transferred to and processed in countries outside your residence, including Nepal, USA (for cloud services), and EU. We ensure adequate protections through:

  • Standard contractual clauses
  • Privacy Shield compliance (where applicable)
  • Equivalent data protection standards

Changes to This Policy

We may update this policy occasionally to reflect:

  • Changes in legal requirements
  • New services or features
  • Improved privacy practices

Significant changes will be notified via email or prominent website notice. Continued use after changes constitutes acceptance.

6. Contact

Questions, concerns, or data requests?

Data Protection Contact

  • General: timothyalcaide+zamzamxp@gmail.com
  • WhatsApp: +977 1234567890
  • Address: ZamZam XP, Kathmandu, Nepal

GDPR Compliance

For EU residents, we comply with GDPR requirements:

  • Legal Basis: Contract fulfillment, legitimate interests, consent
  • EU Representative: Available upon request
  • Supervisory Authority: Right to lodge complaints with your local data protection authority
  • Data Transfers: Adequacy decisions and safeguards in place

Your privacy matters to us. We're committed to transparency and giving you control over your personal data. If you have any concerns or questions about how we handle your information, please don't hesitate to reach out.