Privacy Policy

Definitions

• Kymaya / We: Kymaya Parapente, publisher of the website kymaya.com and data controller for data related to the site.
• The Website: all pages and services available on kymaya.com.
• You / The User: any person browsing the website, sending a message, or making a booking/purchase.
• Guidap: our service provider for booking management, online sales (gift vouchers, activities), and sometimes related invoicing.

1. Categories of personal data we collect

Depending on how you use the Website (browsing, forms, booking/purchase), we may process the following categories of data:

• Identity data: first name, last name (e.g., when you contact us or make a booking).
• Contact data: email address, phone number.
• Booking/order data: selected activity, requested date, number of participants, information required to deliver the service.
• Payment data: when you pay online, payment information is processed via the solutions integrated into Guidap (Kymaya does not store your bank card details).
• Technical data: IP address, browser type, event logs, data required for website operation and security.

2. Purposes of processing and legal bases

We use your data only to:

• Reply to your requests (form, email, phone) — legitimate interest / pre-contractual steps.
• Manage your bookings and purchases (activity, gift voucher, payment, follow-up) — performance of a contract / pre-contractual steps.
• Ensure website security (fraud prevention, abuse, attacks) — legitimate interest.
• Audience measurement and improvements (navigation statistics) — consent where required (cookies).

3. Guidap and sharing of data with third parties

Kymaya does not sell your personal data. For bookings and online sales, some data is processed via Guidap, our management provider (bookings, gift vouchers, payments, follow-up).

4. Prior notice in the event of merger / transfer

In the event of a merger, acquisition, or asset transfer, we undertake to protect the confidentiality of your data and to inform you before any transfer to a new entity.

5. Technical data & device information

Collection for operational purposes

Some technical information is collected automatically to provide the service: IP address, browser configuration, language, event logs, etc.

Statistics

Technical data may be used to produce traffic statistics and improve the user experience. Analytics cookies/statistics require your consent when required by applicable regulations.

6. Cookies

Retention period

In line with CNIL recommendations, the maximum retention period for cookies is 13 months after they are stored (and consent must be renewed after this period).

Purpose

Cookies may be used for technical (operation), security, and/or statistical purposes in order to improve our services.

Refusal / settings

You can refuse or manage cookies via the consent banner (if displayed) and/or via your browser settings.

7. Data retention periods

• Contractual relationship: your data is kept for as long as necessary to deliver the services and comply with related obligations.
• Beyond that: data may be archived or anonymised for legal, accounting, or statistical purposes.
• Inactivity: certain tool/account-related data may be deleted after a period of inactivity (e.g., 3 years) according to the applicable rules of the services used.

8. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration, or disclosure. In the event of a data breach that presents a risk, we will notify you in accordance with legal requirements.

9. Transfers of data outside the European Union

We ensure that your data is not transferred outside the European Union, unless required by a service we use, with appropriate safeguards (standard contractual clauses, adequate countries, etc.) in compliance with applicable regulations.

10. Your rights

In accordance with the GDPR, you have the following rights in particular: access, rectification, erasure, objection, restriction, data portability, and withdrawal of consent (where applicable).

To exercise your rights, contact us via: contact@kymaya.com or by phone at +33 6 25 79 16 51.

11. Applicable law and complaints

This policy is governed by French law. In the event of a dispute, we will seek an amicable solution before any action. You may also lodge a complaint with the competent supervisory authority (CNIL).

12. Updates to this policy

We may update this policy to reflect legal, technical, or organisational changes. In the event of a material change, we will inform you and, if necessary, request your consent.