United Arab Emirates
Liwa Heights, JLT Cluster W, office 3407-3408
Tumodo Privacy Policy
Last updated October 2, 2023
Privacy Policy

 Hello. We are Tumodo. Here's how we protect your personal data and respect your privacy.

I. Our role in your privacy

If you are a Tumodo user, a traveler, a prospective customer, or just visiting our website, this Privacy Policy applies on you and us, describes your and our rights and duties, types of data we process, legal grounds for it, technical and organizational measures to protect your data.

II. Responsibilities

Our responsibilities
 We act as the data processor, if we act on behalf of your employer having an agreement with us, or as the data controller of personal data about you, when we got that data directly from you, and process your information for the reasons mentioned in the “How and why we use your data” section below.

 Your responsibilities
 * Read this Privacy Policy.
 * If you are our customer, please also check the Travel Services Agreement, which we entered into: its contains the details on how we process your data as a data processor on behalf of your employer.
 * If you share personal information about someone else, or if someone else shares your information with us, we promise to only use that information for the reasons mentioned here. When you give us this information, you confirm that you have the right to let us use it according to this Privacy Policy.

III. Types of data we collect

 Contact details
 Your name, email address, role in your company, and any other contact details you may share with us.

Professional information
 Details on the company, entity or organization you work for, collaborate with, or represent.

Data that identifies you
 Your identity document, IP and MAC addresses, login information, browser details (such as type and version), time zone settings, browser plug-ins, geolocation information, and operating system details (such as version), device fingerprinting (screen resolution, installed fonts, device configuration).

Data for travelling
 Identity document (number, date of issue, issued authority, expiry date), name, date of birth, country of origin of a traveler, number and other visa details, name of traveler’s employer, reservation code and number of traveler’s ticket, departure and destination points, dates and time, name and address of hotel, details of transfer.

Data on how you use Tumodo
 Your app usage, activities ad interactions with the app and Tumodo website, including your clickstreams (the path you take through our app), the products/services you view, your clicks, searches, page views, page response times, any download errors you encounter, how long you stay on our pages, what you do on those pages, how often you do it, and other actions you take, referral information (information about the website or source that referred you to Tumodo website).

Other information
 Any other information you provide in your requests for information or that is generated during the contractual relationship between your company, organization, or entity and Tumodo.

What about sensitive data?
 We don’t collect any “sensitive data” about you (like racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offences or alleged offences).

What about children’s data?
 Tumodo is a business-to-business service directed to and intended for use only by those who are 18 years of age or over. We do not target Tumodo at children, and we do not authorize people under 18 years of age to create a Tumodo account or directly request our services.
 In some exceptional cases, users who travel with their children, can provide the personal data of those minors to use our services. This is only allowed if it's necessary to use the services. For children under 14, the authorized adult must have legal permission to give consent on behalf of the child. For children between 14 and 18, the authorized adult must obtain and provide proof of the consent given by the child.

IV. How and why we use your data

We can only use your data for specific reasons and if we have a legal basis to do so. These reasons are:

1. Managing our contractual relationship
 Organizing travels in accordance with Travel Services Agreements with clients; executing, fulfilling, monitoring and enforcing compliance of contracts; issuing invoices and cost reports to customers and collecting payments.
 Legal basis: Travel Services Agreement,
Data categories: Contact details, Professional information, Data that identifies you, Data for travelling, Other information

2. Prospective contractual relationship
 Handling information requests about our company or services, processing requests for Tumodo services on behalf of your company, entity, or organization, and managing potential contractual relationships between Tumodo and your company, entity, or organization.
 Legal basis: NDA or consent provided at pre-contractual meetings and communication,
Data categories: Contact details, Professional information, Data that identifies you

3. Marketing communications
 Sending you commercial and promotional communications related to Tumodo’s services or products that are similar to those you have requested or shown interest in. This may include electronic or telephone communications. If applicable regulations allow, we may also send you commercial communications about products or services that could be relevant to your company.
 If you don't want to receive such communications, you can object at any time by clicking the unsubscribe link on the message or by emailing us at hello@tumodo.io
 Legal basis: Travel Services Agreement or Consent, Legitimate interest - developing and growing our business with our clients. You can request to unsubscribe from receiving commercial communications at any time and no cost.
 Data categories: Contact details, Professional information

4. Suppliers
 Sharing Data for traveling with our suppliers (airlines, hotels, car rentals etc.) through duly protected IT-channels.
 Legal basis: Travel Services Agreement, Consent
Data categories: Data for traveling

5. Improving Tumodo
 Managing landing pages and heat mapping our website, testing features, optimizing traffic; collecting your feedback via platforms, questionnaires and live sessions; anonymizing data for development, testing and analytics; recording and reviewing calls with the Tumodo team for quality assurance; analyzing data, including using artificial intelligence and other techniques, and in some cases, using third parties to do this.
 Legal basis: Travel Services Agreement, Consent. Legitimate interests - (i) having tools to improve customer service and be in a position to defend from and minimize claims from our clients, and (ii) analyzing our business practices so that we can make informed decisions and define our strategies for developing and growing our business.
Data categories: Contact details, Professional information, Data that identifies you, Data on how you use Tumodo, Other information (for example, feedback data)

6. Customer support
 Sending you notifications of any changes to our services and solving issues with our platform through email, phone or chat.
 Legal basis: Travel Services Agreement. Legitimate interests - i) fulfilling our contractual obligations towards our clients, and (ii) developing and strengthening our brand reputation and protecting and growing our business.
Data categories: Contact details, Professional information, Data that identifies you, Data for travelling, Other information

7. Maintaining security of the Tumodo services and website
 Ensuring that our services and website are not being used in an unauthorized or abusive way by detecting, investigating or preventing activities that go against Tumodo policies or laws.
 Legal basis: Applicable laws and regulations. Legitimate interest - protecting our assets and clients from cyberattacks and similar malicious actions.
Data categories: Contact details, Professional information, Data that identifies you, Other information

8. Fraud prevention
 Detecting and preventing potentially prohibited or illegal activities, and comply with legal obligations and requirements. This includes issuing invoices to customers and fulfilling applicable fraud prevention laws.
 Legal basis: Applicable laws and regulations. Legitimate interest - protecting our business and clients from fraudulent actions with both internal and external sources.
Data categories: Contact details, Professional information, Data that identifies you, Other information

9. Complying with legal obligations
 Fulfilling valid requests from authorities and complying with applicable regulation on terrorism prevention and other legal requirements.
 Legal basis: Applicable laws and regulations. 
Data categories: Contact details, Professional information, Data that identifies you, Other information

V. Your privacy choices and rights

Your choices
 You can choose not to provide us with personal data
 If you choose to do this, some website functionalities may not work as intended, and you will be unable to access our app.
 You can turn off cookies
 You have the option to block cookies by changing your browser settings or using the cookie banner on our website. Additionally, you may delete cookies via your browser settings. Certain services may not function properly if cookies are turned off.
 You can ask us not to use your data for marketing
 Unless we rely on your consent, which you can also withdraw at any time, we will notify you if we plan to utilize your information for marketing purposes and whether any third parties will be involved. If you wish to opt out of marketing, please contact us at hello@tumodo.io

Your rights
 You can exercise your rights by sending us an email at hello@tumodo.io
 You have the right to access information we hold about you
 You have the right to request additional information about:
 * The categories of data we process
 * The purposes of data processing
 * The categories of third parties to whom the data may be shared
 * The length of time the data will be stored (or the criteria used to determine this)
 * Your other rights relating to our use of your data
 We will respond to your request with the requested information as soon as possible but in all cases within one month.
 You have the right to make us correct any inaccurate personal data about you
 If the data we hold about you is incorrect, please correct it on your Tumodo account or send us an email to correct it at hello@tumodo.io
 You can object to us using your data for profiling you or making automated decisions about you
 We don't adopt any decisions that could affect you in a significant manner based solely on automated processing of your data. Our decision-making processes related to your requests are conducted with human intervention.
 You have the right to port your data to another service
 We can give you a copy of your data in a commonly used digital format that can be shared with another service. However, we cannot share data about another person without their consent.
 You have the right to be ‘forgotten’ by us
 You can ask us to delete any personal information we have about you if we no longer need it for your use of Tumodo. This may not always be possible (for example, if we have a contract with your employer), but we will let you know if we cannot delete your data.
 You have the right to lodge a complaint regarding our use of your data

VI. How secure is the data we collect?
 We have a comprehensive security program designed to keep your personal data safe.
 * ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, PCI DSS Level 1, and BSI’s C5 certified data center.
 * Encryption in transit and at rest with both the platform and at the Tumodo endpoint.
 * Firewalls on Network and Application Layer.
 * Data pseudonymization where necessary.
* Define and enforce data retention policies to delete or archive data that is no longer needed, reducing the risk of exposure.
* Encrypt sensitive data prior to recording to database or on disk, ensure secure management of encryption keys;
* Database security measures, such as safe and reliable authentication, access control and database-level encryption.
 Please, remember:
 * You provide personal data at your own risk: unfortunately, no data transmission is guaranteed to be 100% secure
 * You are responsible of your username and password: keep them secret and safe!
 * If you believe your privacy has been breached, please contact us immediately on hello@tumodo.io

VII. How long do we store your data?
 We will keep your personal data as long as you are in a relationship with Tumodo. If the relationship ends, for any reason, we will block your personal data for the entire duration of any and all statutory limitation periods that apply to the processing. This is to prove that we are complying with our legal and contractual obligations. Once these periods have passed, we will either delete or anonymize your personal data.

VIII. Third parties who process your data
 We may share your data with different companies or organizations for the following reasons:
 * Data processors: We may share your data with service providers who help us provide our services well. These providers include tools for travel, customer service, marketing, operational optimization, cybersecurity, financial services, and Tumodo's affiliates. We sign agreements with these providers and those agreements contain provisions to protect your privacy.
 * Professional advisors: We may need to share appropriate part of your information with professional advisors, such as accountants, auditors, insurers, and law firms, in relation to the professional services provided by them.
 * Public bodies: We may share your data with government and law-enforcement agencies, courts and tribunals if we are required to by law or to make or defend legal claims to protect our rights or the rights of others, including you.
 If we ever need to share your data with any other category of third parties in the future, we will let you know.

IX. Cookies
 We use cookies to enhance your interaction with Tumodo. These cookies may be 'session' cookies, which are deleted when you leave our website or app, or 'persistent' cookies, which remain on your device and allow us to recognize you when you return, providing a tailored service.

How can I block cookies?
 To block cookies, activate a setting on your browser that allows you to refuse their setting. You can also manage your preferences with our cookie banner, or delete cookies through your browser settings. However, if you use your browser settings to disable, reject, or block cookies (including essential cookies), certain parts of our website or app may not function fully. In some cases, our website or app may not be accessible at all. Please note that we have no control over how third parties use cookies when they are used.