Kezivaro
Discover Services How it works Travel help
Sign in Start planning

Privacy

Privacy Notice

This Notice explains what personal data we collect, why we use it, who we share it with, how long we keep it, and the choices available to you.

Effective date: 1 June 2018 Data controller: Kezivaro Limited
Contents 1. Scope 2. Who controls your data 3. Data we collect 4. Where data comes from 5. Why we use data 6. Required and optional data 7. Who we share data with 8. International transfers 9. Payments 10. Cookies and tracking 11. Marketing choices 12. Retention 13. Security 14. Your rights 15. Children 16. Third-party services 17. Changes 18. Contact and complaints

1. Scope of this Privacy Notice

This Privacy Notice applies when you visit or use the Kezivaro website, applications, booking tools, customer support channels, newsletters, promotions, and related services (collectively, the “Platform”). It also applies when you communicate with us, create an account, make or manage a booking, submit a review, join a promotion, or otherwise interact with us.

This Notice does not replace the privacy notice of an airline, hotel, car rental company, payment provider, insurer, or other independent organisation that processes personal data for its own purposes. You should review those notices as well.

2. Who controls your personal data

Kezivaro Limited, operating under the brand Kezivaro, is the data controller for personal data that we determine how and why to process in connection with the Platform.

Legal entity: Kezivaro Limited

Registration number: BN2749712841

Address: Alt Reinickendorf 88, Berlin 13407, Germany

Privacy email: Contact Us

Data protection contact: Contact Us

3. Personal data we collect

The information we collect depends on how you use the Platform and which Travel Services you request.

Identity and traveller information

  • full name, title, nationality, date of birth, and gender where required by a Supplier;
  • passport, identity-document, visa, frequent-flyer, loyalty, driving-licence, or international-driving-permit details where required;
  • information about additional Travellers included in a booking; and
  • special assistance, accessibility, meal, seating, room, or vehicle requirements.

Contact and account information

  • email address, telephone number, postal address, country, language, and preferred currency;
  • account credentials, authentication records, saved preferences, and communication settings; and
  • emergency-contact information where you choose or are required to provide it.

Booking and transaction information

  • destinations, routes, travel dates, accommodation details, flight details, vehicle selections, and booking references;
  • price, currency, tax, fee, refund, cancellation, chargeback, voucher, credit, and loyalty information;
  • Supplier communications and status updates relating to a booking; and
  • records of support requests, complaints, disputes, and resolutions.

Payment and fraud-prevention information

  • payment method type, billing address, transaction identifiers, authorisation results, and limited payment-card details such as card brand and last four digits;
  • fraud-risk signals, device information, account activity, and verification results; and
  • refund destination or bank details where required to complete a lawful refund.

Technical and usage information

  • IP address, device identifiers, browser type, operating system, language, approximate location, referring URL, and network information;
  • pages viewed, searches, filters, clicks, session activity, error logs, and feature interactions;
  • cookie identifiers, consent choices, advertising identifiers, and analytics events; and
  • security logs used to detect abuse, fraud, or unauthorised access.

Communications and content

  • emails, messages, call records, chat transcripts, and support attachments;
  • reviews, ratings, photographs, survey responses, and feedback; and
  • marketing preferences, campaign interactions, and promotion entries.

Sensitive or special-category information

Travel arrangements may occasionally reveal or require sensitive information, such as health, disability, religious meal preferences, or other special-assistance needs. We process this information only where necessary for the requested service, where you have provided the required consent, or where another lawful basis applies. Do not provide sensitive information that is not needed for your travel request.

4. Where personal data comes from

We may collect personal data:

  • directly from you when you search, register, book, pay, contact support, or submit content;
  • from the person who makes a booking on your behalf;
  • from Suppliers and distribution partners that confirm, update, change, or cancel a Travel Service;
  • from payment providers, banks, fraud-prevention providers, identity-verification providers, and chargeback networks;
  • from cookies, SDKs, analytics tools, advertising tools, server logs, and similar technologies;
  • from customer-service, CRM, email, and communications providers; and
  • from public sources or lawful third-party sources where necessary for fraud, sanctions, safety, or compliance checks.

5. Why we use personal data

We may process personal data for the following purposes:

Provide and manage travel services

Search inventory, create bookings, issue confirmations, process changes and cancellations, manage trip details, and communicate service updates.

Process payments and refunds

Authorise payments, reconcile transactions, issue refunds, manage disputes, and maintain financial records.

Customer support

Respond to questions, investigate complaints, coordinate with Suppliers, and maintain support histories.

Security and fraud prevention

Authenticate users, detect suspicious behaviour, prevent abuse, protect accounts, and enforce Platform rules.

Personalisation and improvement

Remember preferences, improve search relevance, test features, measure performance, and understand how the Platform is used.

Marketing and communications

Send newsletters, promotions, abandoned-search reminders, surveys, and relevant offers where permitted and subject to your choices.

Legal and regulatory compliance

Meet accounting, tax, consumer, sanctions, law-enforcement, data-protection, and other legal obligations.

Business administration

Audit operations, manage Suppliers, protect legal rights, complete corporate transactions, and maintain business records.

Depending on the applicable law and context, we rely on one or more grounds such as performing a contract or taking steps requested before a contract, complying with legal obligations, pursuing legitimate business interests, protecting vital interests, or obtaining consent. Where we rely on consent, you may withdraw it for future processing, although this does not affect processing already carried out lawfully.

6. Required and optional information

Fields marked as required, or information requested by a Supplier as necessary for a Travel Service, must be provided if you want us to process the booking. If required information is not provided, we may be unable to create, confirm, change, refund, or support the booking.

Other information is optional. Choosing not to provide optional information may limit personalisation or certain features, but should not prevent access to unrelated core services.

7. Who we share personal data with

We disclose personal data only where reasonably necessary for the purposes described in this Notice, including to:

  • Travel Suppliers and distributors: airlines, hotels, property managers, car rental companies, transfer providers, insurers, wholesalers, aggregators, and global distribution systems involved in the requested Travel Service.
  • Payment and financial partners: payment gateways, acquirers, card networks, banks, wallet providers, refund providers, and chargeback services.
  • Technology and operations providers: hosting, cloud, storage, communications, CRM, customer-support, analytics, security, identity-verification, fraud-prevention, email, and software providers.
  • Professional advisers: auditors, accountants, insurers, lawyers, and consultants subject to appropriate confidentiality duties.
  • Authorities and legal recipients: regulators, courts, law-enforcement bodies, tax authorities, immigration authorities, and other parties where disclosure is required or permitted by law.
  • Corporate transaction parties: prospective buyers, sellers, investors, lenders, or advisers in connection with a merger, acquisition, restructuring, financing, or transfer of business, subject to appropriate safeguards.
  • Other people you authorise: co-travellers, travel organisers, employers, agents, or persons you ask us to communicate with.

Suppliers may use the data they receive for their own independent purposes, including operating the Travel Service, meeting legal requirements, and communicating with Travellers. Their own privacy notices apply to that processing.

8. International data transfers

Travel is international by nature. Personal data may be transferred to, accessed from, or stored in countries outside Malaysia or outside your country of residence, including the country where a Travel Service is provided and countries where Suppliers or service providers operate.

Data-protection standards may differ between countries. Where applicable law requires safeguards for an international transfer, we will use an appropriate mechanism, contractual protection, consent, or another lawful basis. Operationally necessary transfer to a destination Supplier may be required to fulfil the booking you request.

9. Payment information

Full payment-card data should be collected and processed by a compliant payment provider rather than stored directly in ordinary application databases. We may receive limited card information, transaction identifiers, risk results, billing information, and payment status from the provider.

The payment provider’s privacy notice and terms apply to its processing. Do not send complete card numbers, security codes, passwords, or online-banking credentials through ordinary email or support chat.

10. Cookies and similar technologies

We may use cookies, local storage, pixels, SDKs, and similar technologies for:

  • Strictly necessary functions: security, authentication, load balancing, booking flow, consent storage, and essential Platform operation.
  • Preferences: language, currency, saved searches, display choices, and remembered settings.
  • Analytics: measuring traffic, diagnosing errors, understanding journeys, and improving features.
  • Advertising and measurement: measuring campaigns, limiting repeated advertisements, creating audiences, and showing relevant marketing where permitted.

Where required, non-essential cookies will be used only after you make a consent choice. You can change cookie preferences through the Platform’s cookie settings and may also control cookies through your browser. Blocking some technologies may affect functionality.

Your production cookie banner and this Notice must identify the actual tools deployed. Do not list analytics or advertising providers that are not installed, and do not omit providers that are installed.

11. Marketing communications and choices

We may send booking-related and service communications that are necessary to operate your account or Travel Services. These are not marketing messages and may continue even if you opt out of promotional communications.

Where permitted, we may send newsletters, destination ideas, fare or price alerts, promotions, surveys, and personalised offers. You can unsubscribe using the link in a marketing email, adjust account preferences, or contact us. It may take a short period to apply an opt-out across all systems.

Opting out of one channel does not automatically withdraw consent for unrelated channels unless your request clearly covers them. You may also object to certain profiling or direct marketing where applicable law gives you that right.

12. How long we retain personal data

We retain personal data only for as long as reasonably necessary for the purpose for which it was collected, including to complete and support bookings, maintain transaction and tax records, resolve disputes, prevent fraud, enforce agreements, and meet legal or regulatory obligations.

Retention periods vary based on the type of data, the Travel Service, legal requirements, limitation periods, security needs, and whether an account remains active. When data is no longer required, we delete it, anonymise it, or securely isolate it until deletion is possible.

13. Security

We use administrative, technical, and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Measures may include access controls, encryption in transit, logging, secure development practices, monitoring, backups, vendor assessments, and staff confidentiality obligations.

No internet or storage system is completely secure. You should use a unique password, protect one-time codes, avoid sharing booking references publicly, and contact us immediately if you suspect account compromise or fraudulent activity.

Where required by applicable law, we will assess personal-data incidents and notify the relevant authority and affected individuals within the legally required timeframe.

14. Your privacy rights

Depending on the law that applies to you, you may have rights to:

  • ask whether we process your personal data and request access to it;
  • request correction of inaccurate, incomplete, misleading, or outdated data;
  • withdraw consent for future processing where consent is the basis used;
  • object to or restrict certain processing, including direct marketing;
  • request deletion where the data is no longer required and no legal reason requires retention;
  • request a portable copy of eligible data or ask for transfer to another controller where applicable;
  • request information about relevant international transfers or recipients;
  • complain to us or to an appropriate data-protection authority; and
  • request review of certain decisions made solely through automated processing where applicable.

To submit a request, email Contact Us. Describe the right you wish to exercise and provide enough information for us to locate the relevant records. We may need to verify your identity and authority before responding. We may refuse or limit a request where permitted by law, including where it would adversely affect another person’s rights or conflict with a legal obligation.

A request concerning data controlled independently by a Supplier may need to be sent directly to that Supplier. We can help identify the relevant party where reasonably possible.

15. Children and young Travellers

The Platform is intended for adults who can enter into binding contracts. We do not knowingly allow a child to create an independent booking account. An adult may provide a child Traveller’s information where necessary to arrange a family or group booking and where the adult has authority to do so.

If you believe a child has provided personal data without appropriate authority, contact us so we can investigate and take appropriate action.

16. Third-party websites and services

The Platform may link to or integrate third-party websites, maps, payment pages, social platforms, Supplier portals, or applications. Their privacy practices are controlled by those organisations, not by this Notice. Review their notices before submitting personal data.

17. Changes to this Privacy Notice

We may update this Notice to reflect changes in law, technology, Suppliers, services, or business operations. The latest version will be published on this page with a revised effective date. Where a change materially affects your rights or how we use existing data, we will provide additional notice where required.

18. Contact, requests, and complaints

Contact us with privacy questions, requests, or complaints:

Kezivaro Limited

Company registration number: BN2749712841

Address: Alt Reinickendorf 88, Berlin 13407, Germany

Privacy email: Contact Us

Data protection contact: Contact Us

Telephone: Contact Us

If you are not satisfied with our response, you may have the right to complain to the Personal Data Protection Commissioner of Malaysia or another competent supervisory authority in your place of residence.

Kezivaro

Hotels, flights, and car rentals—planned as one journey.

Kezivaro. Plan and book hotels, flights, and car rentals in one smooth journey with Kezivaro.

Book

Hotels Flights Car rentals Destinations

Support

Help centre Manage booking Cancellation guide Contact us

Company

About Travel guides Partner with us Careers

Legal

Terms Privacy Cookie settings Supplier terms

© 2026 Kezivaro. All rights reserved.