top of page

Privacy Policy

Last Updated: August 2025

By using this website as a user (hereinafter “You”), You agree to the following Privacy Policy. Please read this Policy carefully before using this website. This website is owned and operated by WonderWay LLC, doing business as ZOMA Travel (hereafter “Our,” “We,” “Us,” or “Company”).

For any privacy-related questions, you can reach Us at: contact@zoma.travel.

General

We at Zoma Travel respect Your privacy. This Privacy Policy is designed to explain how We collect, use, share, and protect the personal information You provide to Us when You access Our website, purchase Our services, or engage with Us on social media, as well as Your own rights to the information We collect.

Please read this Privacy Policy carefully. We may change Our Privacy Policy from time to time, and at Our sole discretion. We will alert You to any changes to this Policy by changing the “last updated” date at the top of this Policy and/or via email notification where required. Any changes become effective immediately upon publication on Our website, and You waive specific notice of any changes to the Policy by continuing to use and access Our site(s). We will not reduce Your rights under this Privacy Policy without Your consent in accordance with applicable law. We encourage You to review this Privacy Policy periodically, when You use Our website for any purpose or engage with Us on social media. You are deemed to have accepted any changes to any revised Privacy Policy by Your continued use of Our website after the revised Privacy Policy is posted.

Information Collected

We collect a variety of information from You when You visit Our website, make purchases, subscribe to emails, subscribe to mobile or SMS messaging, or interact with Us on social media. By accepting this Privacy Policy, You are specifically consenting to Our collection of the data described below, to Our use of the data, to the processing of this data, and to Our sharing of the data with third-party processors as needed for Our legitimate business interests.

The information We collect may include:

Personal Data: Personal Data is information that can be used to identify You specifically, including Your name, shipping address, email address, telephone number, passport/visa information for travel bookings, or demographic information like Your age, gender, or hometown. You consent to giving Us this information by providing it to Us voluntarily on Our website or any mobile application. Your decision to disclose this data is entirely voluntary.  

Derivative Data: Derivative data is information that Our servers automatically collect about You when You access Our website, such as Your IP address, browser type, the dates and times that You access Our website, and the specific pages You view.

Financial Data: Financial data is data that is related to Your payment methods, such as credit card or bank transfer details. We collect financial data in order to allow You to purchase services from Our website and related platforms.

  • Payments are processed securely through Stripe (a PCI DSS–compliant provider).

  • With Your explicit consent, Your card details may be securely stored in Stripe’s encrypted vault or Our PCI-compliant CRM system to simplify future bookings.

  • Your card will only be charged for services that You approve.

  • You may request deletion of stored card data at any time.

  • We do not store raw card numbers on our own servers.

Social Networking Data: We may access personal information from social networking sites and apps, including Facebook, Instagram, LinkedIn, TikTok, or others, which may include Your name, username(s), location, email address, profile picture(s), and any other information You make publicly available.

Mobile Device Data: If You use Our website via a mobile device, We may collect information about Your device ID, model and manufacturer, and location information.

Other Data: On occasion, You may give Us additional data in order to participate in surveys, contests, testimonials, or other voluntary activities.

Use of Information

Your information allows Us to offer You certain services, including the use of Our website, to fulfill Our obligations to You, to customize Your interaction with Our company and Our website, and to allow Us to suggest other services We think might interest You.

Specifically, We may use the information and data described above to:

  1. Create and administer Your account;

  2. Deliver any travel services purchased by You;

  3. Correspond with You regarding bookings;

  4. Process payments or refunds;

  5. Contact You about new offerings;

  6. Interact with You via social media;

  7. Send You newsletters or updates;

  8. Deliver targeted advertising;

  9. Request feedback from You;

  10. Notify You of updates to Our offerings;

  11. Resolve disputes and troubleshoot problems;

  12. Administer contests or giveaways;

  13. Generate a profile personalized to You;

  14. Compile anonymous statistical data;

  15. Assist law enforcement as necessary;

  16. Prevent fraudulent activity;

  17. Analyze trends to improve Our website and services.

GDPR Legal Basis (EU/EEA clients):
We process data on the basis of (a) contract (to fulfill bookings and payments), (b) consent (e.g., storing payment details, sending marketing, cookies), (c) legal obligations (e.g., tax, accounting), and (d) legitimate interests (e.g., analytics, fraud prevention).

Disclosure of Information

We may share Your information with third-parties in certain situations. In particular:

  • Third-Party Processing: including Stripe (payments), CRM providers, hosting, email, and customer service providers.

  • Suppliers: such as hotels, airlines, and transportation providers, solely to complete Your bookings.

  • By Law: to comply with legal obligations, subpoenas, or government requests.

  • To Protect Our Company: in connection with legal claims, insurance, or compliance.

  • Affiliates: business partners who promote Our services, under strict compliance with this Policy.

  • Advertisers: third-party advertising may use cookies; see Tracking Technologies below.

  • Business Successors: in case of sale, merger, or reorganization.

We do not sell Your personal data.

Tracking Technologies

Like many websites, We make use of log files, cookies, and web beacons. This may include IP addresses, browser type, ISP, referring/exit pages, and clicks.

Cookies may be used to:

  • Authenticate Your identity

  • Personalize Your interaction

  • Analyze performance

  • Deliver targeted advertising

Most browsers accept cookies automatically, but You can disable them.

EU/EEA clients: Non-essential cookies (analytics, marketing) will only be set after You give consent via our cookie banner. You may withdraw consent at any time.

Website Analytics

We may partner with analytic companies, including Google Analytics. These providers may use cookies or tracking technology to analyze visitor use of Our website.

EU/EEA clients: Data may be transferred outside the EU/EEA. Such transfers are safeguarded using Standard Contractual Clauses or equivalent measures.

Data Retention

We retain personal data as long as needed for legitimate business purposes, to comply with legal obligations, or until You request deletion.

  • Booking records may be kept to assist with future bookings.

  • Payment details stored via Stripe/CRM are kept only with Your consent and deleted upon request.

  • Legal and tax records are retained as required by law.

When data is no longer needed, it is securely deleted or anonymized.

Minors

Our website is intended for users who can form legally binding contracts. We do not knowingly collect data from children under 13 (or 16 in the EU). If discovered, it will be deleted immediately.

Your Rights

You have certain rights with respect to Your personal data. These include:

  • Update or correct information You have provided;

  • Confirm what data We hold about You;

  • Withdraw consent where applicable (e.g., card storage, marketing);

  • Request a digital copy of Your data;

  • Request portability to another provider;

  • Delete Your data, subject to legal obligations;

  • Restrict or object to processing.

 

EU/EEA clients (GDPR): You may also lodge a complaint with your local supervisory authority if You believe We have misused Your data.

California residents (CCPA/CPRA): You may have rights to know, correct, delete, and limit certain data use. We do not sell personal information.

Requests can be made to contact@zoma.travel.

Security and Data Breaches

We use encryption, secure servers, PCI DSS–compliant systems (Stripe, CRM), and access controls to protect data. No system is 100% secure.

If a data breach occurs, We will notify affected users and, where applicable, data protection authorities within 72 hours in accordance with GDPR and other applicable laws.

International Transfers

As We serve clients worldwide, Your data may be transferred outside Your country. For EU/EEA clients, these transfers are safeguarded by Standard Contractual Clauses or other lawful mechanisms.

Changes to This Policy

We may update this Policy. Updates will be posted with a new “Last Updated” date. Where required, we will seek Your consent for significant changes.

Contact

For any questions, requests, or complaints regarding this Privacy Policy or Your data, please contact Us at: contact@zoma.travel.

bottom of page