Pygmy Elephant Privacy Policy

Last Modified: 2 March, 2026

Contact Information

For any questions, concerns, or requests, please contact us via email at privacy@pygmy-elephant.com.

Introduction and organizational info

Pygmy Elephant is committed to protecting your privacy. Part of our commitment is the responsible management of personal information we collect from you. Our primary goals in processing this information include:

  • Enhancing the user experience on our platform by understanding customer needs and preferences.
  • Providing timely support and responding to inquiries or service requests.
  • Improving our products and services to meet the evolving demands of our users.
  • Conducting necessary business operations, such as billing and account management.

It is our policy to process personal information with the utmost respect for privacy and security. We adhere to all relevant regulations and guidelines to ensure that the data we handle is protected against unauthorized access, disclosure, alteration, and destruction. Our practices are designed to safeguard the confidentiality and integrity of your personal information while enabling us to deliver the services you trust.

We do not have a designated Data Protection Officer (DPO) but remain fully committed to addressing your privacy concerns. Should you have any questions or require further information about how we manage personal information, please contact us.

Our commitment to processing your personal information transparently and with your safety in mind extends to our collaboration with third-party services that may process personal information on our behalf. All activities are conducted in compliance with applicable privacy laws.

We may update this Privacy Policy at any time and encourage you to review it periodically. We will post any Privacy Policy changes on this page and, if the changes are material, notify you directly (for example, by sending you an email notification). You will be informed about any significant changes to our sharing practices, and, where applicable, you will have the option to consent to such changes.

Scope and application

Our privacy policy is designed to protect the personal information of all our stakeholders, whether you are just browsing our website pygmy-elephant.com, using our services as a registered user, or engaging with us as a valued customer.

Data collection and processing

We gather personal data through various interactions, including direct communication with us, visiting our website, and using our services to design travel itineraries and place bookings on your behalf. We process only information that is essential for delivering our services, complying with legal obligations, or enhancing your user experience.

The following list details the types of personal information we may process:

  • First and last name
  • Date of birth
  • Passport information
  • Email address and/or phone number
  • Address and city
  • IP-based approximate location
  • Interaction logs (e.g., email clicks, time spent on pages)
  • Health data (e.g., chronic conditions, allergies, fitness level)
  • Payment method and history
  • Payment information (e.g., bank details)

Here are the key ways in which we use the personal information collected:

  • Authentication and security
  • Content delivery
  • Communication efforts
  • Analytics and performance tracking
  • Marketing and advertising
  • Processing transactions
  • Providing access to exclusive content
  • Compliance with legal obligations
  • Customer support
  • Payment processing
  • User engagement and retention
  • User feedback and satisfaction

Lawful Basis for Processing

Under the GDPR and similar regulations, we process your data based on the following legal grounds:

  • Performance of a Contract: To fulfill your travel bookings and provide customer support.
  • Consent: When you opt-in to our newsletter or SMS marketing.
  • Legitimate Interests: To improve our website, prevent fraud, and conduct business analysis.
  • Legal Obligation: To comply with tax, health and safety, and regulatory requirements.

Special categories of data

Some of the information we collect about you may be considered “special category” or otherwise particularly sensitive under data protection laws (for example, the EU/UK GDPR). This includes:

  • Health data, such as medical conditions you disclose, information about past surgeries or relevant medical history, and any mobility or health‑related limitations that could affect your participation in a trip.
  • Health‑related inferences, such as your detailed fitness and hiking experience and any information you provide about how strenuous activities you can safely undertake.
  • Dietary and allergy information, such as nut, shellfish, lactose or other allergies and intolerances, and any other diet‑related information you choose to share that may relate to your health or religious beliefs.
  • Passport and nationality information, which can be sensitive if combined with other personal data and travel details.

We only collect this type of information where it is necessary for one or more of the following reasons:

  • To protect your vital interests and support your health and safety during travel (for example, ensuring guides are aware of relevant medical or allergy information).
  • To perform the contract we have with you (for example, where health, fitness, or documentation information is essential to assess whether a particular itinerary is appropriate or to complete travel arrangements).
  • Based on your explicit consent, where required by law. In these cases, you are free to withdraw your consent at any time, although this may affect our ability to provide certain services or accept your booking for particular trips.

We handle all such information with particular care, limit access to those who need it, and retain it only for as long as necessary for the purposes described in this policy or as required by law.

Precise location in background for Pygmy Elephant application

The Pygmy Elephant app collects location data to display the real-time risk alerts and personalized assistance notification features, even when the app is closed and not in use. This option can be changed later by going to the device settings.

Data storage and protection

Data storage

  • Personal information is stored in secure servers located in the United States and European Union. For services that require international data transfer, we ensure that such transfers comply with all applicable laws and maintain data protection standards equivalent to those in our primary location.
  • Data hosting partners: We partner with reputable data hosting providers committed to using state-of-the-art security measures. These partners are selected based on their adherence to data protection standards.

Data protection measures

  • Access control: Access to personal information is strictly limited to authorized personnel who have a legitimate business need to access the data. We enforce strict access controls and regularly review permissions.
  • Security audits and monitoring: Regular security audits are conducted to identify and remediate potential vulnerabilities. We also monitor our systems for unusual activities to prevent unauthorized access.

Data sharing and disclosure

Sharing personal information

We do not sell your personal information. However, as a travel provider, we may share your data with:

Third-party service providers: We may share your information with third-party service providers, like hotels, transfers companies, local guides, and digital service providers. Such trusted parties may have access to personally identifiable information on a need-to-know basis and will be contractually obliged to keep your information confidential. These partners are prohibited from using your personal information for any purpose other than to provide these services to Pygmy Elephant, and they are required to maintain the confidentiality of your information.

Government or law enforcement agencies: If required by law, we may disclose information to government or law enforcement agencies (e.g., for customs or border control).

For a full list of our digital third-party service providers, please click here.

Data processing agreements

When we share your data with third-party service providers, we do so under the protection of Data Processing Agreements (DPAs) that ensure your information is managed in accordance with GDPR and other relevant data protection laws. These agreements mandate that third parties implement adequate technical and organizational measures to ensure the security of your data.

Transparency and control

Your trust is important to us, and we strive to ensure that your personal information is disclosed only in accordance with this policy and when there is a justified reason to do so. For any queries or concerns about how we share and disclose personal information, please contact us.

Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect personal data from children without parental or guardian consent. If we learn we have collected data from a child without verification of parental consent, we will delete that information immediately.

International data transfers

We may transfer your personal information to locations outside of your country of residence, including to countries that may have different data protection laws than those in your jurisdiction. We want to assure you that any such transfers are conducted with the utmost care and in compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR).

User rights and choices

We recognize and respect your rights regarding your personal information in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We are committed to ensuring you can exercise your rights effectively. Below is an overview of your rights and how you can exercise them:

  • Right of access (Art. 15 GDPR): You have the right to request access to the personal information we hold about you and to obtain information about how we process it.
  • Right to rectification (Art. 16 GDPR): If you believe that any personal information we hold about you is incorrect or incomplete, you have the right to request its correction or completion.
  • Right to erasure (“right to be forgotten”) (Art. 17 GDPR): You have the right to request the deletion of your personal information when it is no longer necessary for the purposes for which it was collected, among other circumstances.
  • Right to restriction of processing (Art. 18 GDPR): You have the right to request that we restrict the processing of your personal information under certain conditions.
  • Right to data portability (Art. 20 GDPR): You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
  • Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal information, under certain conditions, including processing for direct marketing.
  • Right to withdraw consent (Art. 7(3) GDPR): Where the processing of your personal information is based on your consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable data protection laws.

Exercising your rights

To exercise any of these rights, please contact us by email at privacy@pygmy-elephant.com or submit a data privacy request. We will respond to your request in accordance with applicable data protection laws and within the timeframes stipulated by those laws. Note that we may need to verify your identity as part of the process to ensure the security of your personal information. To appeal a decision we may make regarding your request, please contact us within 60 days of receiving our response. In your appeal request, please include your original request, the date of our response, and a brief explanation of why you believe our decision was incorrect.

SMS Marketing and Consent

Terms and Conditions

We may use your phone number to send you text messages if you have expressly consented to receive SMS communications. Phone numbers collected for SMS consent:

  • Will only be used for communication purposes directly related to our products, services, or promotions.
  • Will be collected via digital intake questionnaire.
  • Information obtained as part of the SMS process will not be shared with third parties for marketing purposes.

The types of messages you may receive from us include:

  • Updates and/or information regarding your accommodation, transport, or activity reservations.
  • Weather and trail condition updates.
  • Other notifications related to your itinerary, as necessary.

Standard messaging disclosures:

  • Messaging frequency may vary.
  • Message and data rates may apply.
  • You can opt out at any time by texting "STOP."
  • For assistance, text "HELP" or refer to this Privacy Policy.

Cookies and tracking technologies

We use cookies on our website pygmy-elephant.com to help ensure the smooth operation of our digital platforms, enhance your user experience, and provide insights that help us improve.

Understanding cookies and tracking technologies

Cookies are small data files placed on your device that enable us to remember your preferences and collect information about your website usage. Tracking technologies, such as web beacons and pixel tags, help us understand how you interact with our site and which pages you visit.

How we use these technologies

  • Essential cookies: Necessary for the website’s functionality, such as authentication and security. They do not require consent.
  • Performance and analytics cookies: These collect information about how visitors use our website, which pages are visited most frequently, and if error messages are received from web pages. These cookies help us improve our website.
  • Functional cookies: Enable the website to provide enhanced functionality and personalization, like remembering your preferences.
  • Advertising and targeting cookies: Used to deliver advertisements more relevant to you and your interests. They are also used to limit the number of times you see an advertisement and help measure the effectiveness of the advertising campaign.

Your choices and consent

Upon your first visit, our website will present you with a cookie consent banner, where you can:

  • Accept all cookies: Consent to the use of all cookies and tracking technologies.
  • Reject non-essential cookies: Only essential cookies will be used to provide you with necessary website functions.
  • Customize your preferences: Choose which categories of cookies you wish to allow.

Compliance with United States privacy laws

For residents of the United States of America the following provisions apply:

A. Individual rights

The California Consumer Privacy Act provides residents of California specific rights regarding their personal information additional to what has been described above.

B. Right to Know

You may request that we disclose to you what personal information we have collected, used, or shared, and why we collected, used, or shared that information. Specifically, you may request the disclosure of:

  • The categories of personal information collected
  • Specific pieces of personal information collected
  • The categories of sources from which we collected personal information
  • The purposes for which personal information is used
  • The categories of third parties with whom personal information is shared
  • The categories of information that are disclosed to third parties

C. Right to Delete

You may request that we delete personal information we have collected about you.

D. Right to Correct

You may ask us to correct inaccurate information that we have about you.

E. Right to Limit

You can request us to use your sensitive personal information only for limited purposes, such as providing you with the services you requested.

F. Right to Opt-Out

You may request that we stop sharing your personal information (“opt-out”).

G. Right to Non-Discrimination

You have the right to be protected from discrimination for exercising your rights.

H. Submitting requests

You may submit your request by email to privacy@pygmy-elephant.com or by submitting a data privacy request. We will compare the information you submit to us with the information we have in our records to verify your request. We will then respond to your request in accordance with the requirements.

J. Sensitive data and/or biometric data

We only process sensitive personal data with your prior consent and only for specific purposes that are clearly disclosed at the time of collection. You may withdraw your consent at any time by submitting your request through the link on our website or by contacting us.

Direct marketing and communications

We may use your personal information to send you direct marketing communications about our products, services, promotions, and other relevant information that we believe may be of interest to you. We are committed to ensuring that our direct marketing practices are transparent, lawful, and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

Opting out from direct marketing

Unsubscribe option: Every direct marketing communication we send will include clear instructions on how to unsubscribe or opt-out from receiving future marketing communications. You can exercise your right to opt-out at any time, and we will promptly honor your request to stop sending you marketing messages.

Types of direct marketing communications

We may use your personal information to send you direct marketing communications via email.

Managing your preferences

You have control over the direct marketing communications you receive from us. You can manage your communication preferences by using the unsubscribe link provided in our marketing emails.

Links to Other Websites

Our site may contain links to third-party websites. Pygmy Elephant is not responsible for the privacy practices or content of external sites, and we encourage you to review their privacy policies before providing any personal information.