Name: Komodo Airport Transfer
Address: Jl. Soekarno Hatta No.1, Labuan Bajo, East Nusa Tenggara, 86554, ID
Telephone: +62 811 3810 8110
Price range: $$
Rating: 4.9

Last updated: 5 May 2026. Effective: immediately.

This Privacy Policy describes how Komodo Airport Transfer (“we”, “our”, “us”), operating under PT Juara Holding Indonesia (Indonesian limited liability company), collects, uses, stores, and protects your personal data. We are committed to compliance with the Indonesian Personal Data Protection Law (Undang-Undang Perlindungan Data Pribadi No.27/2022) and the European Union General Data Protection Regulation (GDPR), whichever provides stronger protection in your jurisdiction.

If you have any question about this policy or wish to exercise any of the rights described below, contact us at sales@komodoluxury.com.

1. What personal data we collect

We collect only the data we genuinely need to deliver an airport transfer. The categories are:

1.1 Booking form data (collected when you submit the form on /book-now/ or the homepage):
– Full name (or the name you wish on the driver’s name-board)
– WhatsApp / phone number
– Email address
– Inbound flight number and arrival date/time
– Destination hotel or address
– Number of passengers and ages of any children (only to determine child-seat requirement)
– Vehicle preference (Innova, Hiace, or Alphard)
– Any free-text booking notes you provide

1.2 WhatsApp conversation data:
When you message our dispatch number (+62 811 3810 8110), the conversation thread is stored on Meta’s WhatsApp servers under their privacy policy. We retrieve and read the messages to operate your booking, but we do not export or store the conversation outside WhatsApp’s encrypted infrastructure.

1.3 Payment information:
We do not collect or store credit card numbers. Payment is taken at pickup (cash or card via portable terminal) or by Indonesian bank transfer to our PT account. If you transfer, we record the transaction reference number and your bank-statement name only.

1.4 Cookies and analytics:
This website uses essential session cookies, plus Google Analytics 4 in aggregated, IP-anonymised mode (no individual user identifiers). We do not use advertising cookies, retargeting pixels, or tracking on third-party sites. See section 6 below.

1.5 Communications data:
If you email us at sales@komodoluxury.com, the email and your reply chain are stored on Google Workspace (the underlying email server). Standard Google Workspace data-handling applies.

2. Why we collect each category (lawful basis)

Data type	Purpose	Lawful basis (GDPR Art. 6)
Booking form data	Operate the transfer you booked	Contract performance
WhatsApp data	Confirm and coordinate your booking	Contract performance
Payment information	Settle payment for the transfer	Contract performance
Cookies (essential)	Operate the website	Legitimate interest
Cookies (analytics)	Improve website performance	Consent (cookie banner)
Email correspondence	Respond to your enquiry	Contract / legitimate interest
Marketing email (optional)	Send you booking-related offers, only if you opt in	Consent

We will never sell, rent, or share your data with third-party advertisers. We will never use your booking data to send you marketing communications without explicit consent at the time of booking.

3. How long we keep your data

Booking records: retained for 24 months from the date of your transfer, after which the booking record (including name, contact, and trip detail) is automatically purged from our database. Aggregated and anonymised statistics (e.g. monthly transfer counts, average distances) are retained indefinitely for operational analysis but contain no personal data.

WhatsApp conversations: retained on Meta’s servers under WhatsApp’s policy. We periodically archive and delete dispatch-side conversations older than 12 months from our internal access.

Email correspondence: retained for 36 months for accounting and dispute-resolution purposes, then auto-deleted.

Payment records: retained for 7 years as required by Indonesian tax and accounting law (Undang-Undang Perpajakan).

4. Who we share data with — and who we do not

We share data only with the parties strictly required to deliver your transfer:

The driver assigned to your booking: receives your name, flight number, arrival time, destination, passenger count, and any free-text notes. Drivers do not receive your email or full WhatsApp number — only a callback channel routed via dispatch.
Our dispatch team and reservations staff: all internal employees signed under non-disclosure agreement.
Our payment processor (if card payment via portable terminal): Mandiri Bank’s EDC service, governed by Indonesian banking-data law.
Asuransi Allianz Utama Indonesia: receives only the booking metadata (vehicle, route, passenger count) for insurance documentation. Personal identifiers are shared only in the event of an actual incident requiring claim processing.

We do not share data with: third-party advertisers, OTAs (Viator, GetYourGuide, etc.), social-media platforms (beyond WhatsApp infrastructure), data brokers, or any commercial party for the purposes of marketing or profiling. We do not transfer data outside Indonesia for storage; all primary databases are hosted on servers physically located in Jakarta.

5. Your rights

Under both UU PDP No.27/2022 and GDPR, you have the following rights:

Right to access: request a copy of all personal data we hold about you
Right to rectification: correct any inaccurate data
Right to erasure (“right to be forgotten”): request deletion of your data, subject to mandatory retention (e.g. tax records)
Right to data portability: receive your data in a structured, machine-readable format
Right to object: object to specific processing activities (e.g. analytics)
Right to withdraw consent: for any consent-based processing (e.g. marketing email)

To exercise any of these rights, email sales@komodoluxury.com with the subject line “Privacy request — [right name]”. We respond within 30 days as required by GDPR, faster in most cases.

6. Cookies

Our cookie usage is minimal:

Essential session cookies: used to operate the booking form. Cannot be disabled.
Google Analytics 4 (GA4): used in IP-anonymised mode for aggregated traffic statistics. You may opt out via the cookie banner shown on first visit, or via the Google Analytics opt-out browser extension.
No advertising cookies, retargeting pixels, or third-party tracking.

7. Children

We do not knowingly collect data from anyone under the age of 13. Bookings are made by adults; child passenger data (age, child-seat requirement) is collected from the booking adult, not the child directly. If you believe we have inadvertently collected data from a child under 13, contact us and we will delete it immediately.

8. Security

We use industry-standard security: TLS 1.3 encryption for all web traffic, encrypted MariaDB database, multi-factor authentication on staff accounts, restricted access on a need-to-know basis, and physical server security at our Jakarta data centre.

In the unlikely event of a data breach affecting your personal data, we will notify you within 72 hours as required by GDPR, and we will inform the Indonesian Personal Data Protection Authority within the same timeframe.

9. Changes to this policy

We may update this policy from time to time to reflect operational, legal, or regulatory changes. The “Last updated” date at the top of this page indicates the version. Material changes will be notified by a banner on the website for 30 days following the change.

10. Contact

For any privacy question, request, or complaint:

Email: sales@komodoluxury.com (subject: “Privacy”)
Postal: PT Juara Holding Indonesia, Jl. Soekarno-Hatta No. 12, Labuan Bajo, Manggarai Barat, NTT 86711, Indonesia

If you are not satisfied with our response, you may complain to the Indonesian Personal Data Protection Authority (Otoritas Perlindungan Data Pribadi) once it is operational under UU PDP No.27/2022, or to your EU national data-protection authority if you are resident in the EU.