Privacy Policy

Effective: May 27, 2026 · Last updated: May 27, 2026 · Versión en español →

ECOTURISMO NCB SAS ("El Nido Andino", "we") respects your privacy and processes your personal data in accordance with Colombia's Ley 1581 de 2012 (Habeas Data) and the EU General Data Protection Regulation (GDPR). This policy explains what data we collect, why, who we share it with, and what rights you have.

1. Data controller

ECOTURISMO NCB SAS
Campo Santo — La Esperanza, La Mesa, Cundinamarca, Colombia
Email: hola@elnidoandino.com
WhatsApp: +57 316 393 3455

2. Data we collect

3. What we use your data for

4. Who we share your data with

We share data only with the following processors, all bound by data processing agreements that require them to protect your information:

We do not sell your data to third parties.

5. International transfers

Some processors are located outside Colombia (United States, European Union, United Kingdom). All comply with adequate protection standards (standard contractual clauses, Privacy Shield certification or equivalent).

6. How long we keep your data

7. Your rights (Habeas Data Art. 8 + GDPR Art. 15-22)

You can exercise the following rights over your personal data at any time:

  1. Access the data we hold about you.
  2. Update incorrect or outdated information.
  3. Rectify partial, inaccurate, or incomplete data.
  4. Request proof of the consent you gave.
  5. Be informed about how we use your data.
  6. File complaints with Colombia's Superintendencia de Industria y Comercio (SIC) or your local DPA.
  7. Withdraw your consent at any time.
  8. Free access to your data.
  9. Request deletion ("right to be forgotten").
  10. Data portability — receive your data in a structured format.
  11. Object to use for marketing purposes.

8. How to exercise your rights

Write to hola@elnidoandino.com including:

We'll respond within 15 business days (Habeas Data Art. 15).

9. Cookie and advertising preferences

You can change your cookie consent at any time from the "Privacy preferences" button in the footer, or by clicking .

10. Minors

We do not knowingly collect data from minors under 18 without parental or guardian authorization. If a booking includes minors, their information is provided by the responsible adult.

11. Security

We implement reasonable technical and administrative measures: TLS encryption in transit, role-based access control, backups, multi-factor authentication on administrative systems. However, no system is 100% secure; in the event of an incident that risks your rights, we will notify you within 72 hours of detection.

12. Updates

This policy may be updated. Material changes will be communicated via the site banner and/or by email. The "Last updated" date above reflects the current version.

13. Supervisory authority

If you believe we are violating your rights, you can file a complaint with the Superintendencia de Industria y Comercio (SIC) — Carrera 13 No. 27-00, Bogotá, Colombia · www.sic.gov.co — or with your local data protection authority if you reside in the EU/UK.