Data Protection & Privacy Policy

Who We Are

Marelo Group S.A.S. (NIT 902.054.061-3) is a private maritime experiences company registered in Cartagena de Indias, Colombia, operating as a licensed travel agency (RNT No. 285052). We design and coordinate curated experiences aboard private catamarans and yachts on the waters of Cartagena and the Rosario Islands.

This Policy explains how Marelo collects, uses, stores, and protects personal data — and what rights you have over your information.

Legal name: Marelo Group S.A.S.

NIT: 902.054.061-3

Domicile: Cartagena de Indias, Bolívar, Colombia

Privacy contact: hello@marelo.co

Legal representative: Juan Sebastián López Orejuela

Legal Framework

This Policy is governed by Colombian Law 1581 of 2012 (Personal Data Protection), Regulatory Decree 1074 of 2015, Decree 090 of 2018, and Article 15 of the Colombian Constitution. Marelo is both the data controller and data processor for all personal information collected in the course of its operations.

What We Collect

We collect only the information necessary to design and deliver your experience. This may include:

  • Name, nationality, and contact details (WhatsApp, email)
  • Travel dates, group size, and relevant preferences
  • Dietary requirements or health considerations relevant to the experience
  • Payment information — processed securely through payment platforms; Marelo does not store card data
  • Communication history via WhatsApp or email
  • Photos or video content shared with us or captured during the experience, with your consent
  • Passport or government-issued identification — required for invoicing, VAT exemption purposes, and compliance with Colombian tourism regulations. This information is stored securely, used solely for the purposes stated, and retained for the period required by Colombian tax law (5 years), after which it is permanently deleted.

We do not collect sensitive personal data (as defined by Law 1581) unless strictly necessary and with your explicit consent.

How We Use Your Information

Your information is used solely for the following purposes:

  • Planning, coordinating, and delivering your Marelo experience
  • Communicating with you before, during, and after your experience
  • Processing payments and issuing confirmations
  • Meeting legal, accounting, and tax obligations under Colombian law
  • Processing invoices and applying VAT exemptions in compliance with Colombian tax regulations (Article 481(d) of the Tax Code)
  • Sending updates or new experience announcements — only if you have opted in
  • Sharing relevant details with trusted partners (vessel operators, chefs, guides) strictly as needed to execute your experience

We never sell your data. We never share it with third parties for marketing purposes.

Sharing With Third Parties

Marelo may share limited personal data with operational partners — such as the vessel captain, private chef, or dive guide assigned to your experience — only to the extent necessary to deliver the service. These parties are required to treat your data with the same confidentiality standards applied by Marelo.

If your booking originated through a hotel concierge or travel advisor, Marelo may share confirmation details with that partner. No additional data is shared without your knowledge.

Your Rights

Under Colombian Law 1581 of 2012, you have the right to:

  • Access the personal data Marelo holds about you
  • Request corrections to inaccurate or incomplete information
  • Request deletion of your data, subject to legal retention requirements
  • Revoke your consent for any specific use of your data
  • File a complaint with Colombia’s Superintendence of Industry and Commerce (SIC) if you believe your rights have been violated

To exercise any of these rights, contact us at hello@marelo.co. We will respond within ten (10) business days. If more time is needed, we will notify you before the deadline and respond within five (5) additional business days.

How We Protect Your Data

Marelo applies reasonable technical and organizational measures to safeguard your personal information — including restricted access controls, secure communication channels, and confidentiality obligations for all collaborators and contractors. Anyone with access to personal data is bound by confidentiality, including after their relationship with Marelo ends.

In the event of a security incident affecting your data, Marelo will notify the relevant authorities and affected individuals in accordance with applicable law.

How Long We Keep It

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, or as required by Colombian tax, commercial, or legal regulations. Communication and booking records are generally retained for five (5) years following your experience. You may request deletion at any time — we will confirm what can be removed and what must be retained by law.

International Data Transfers

Because Marelo serves international travelers, some communication and payment data may be processed through platforms operating outside Colombia (such as Stripe, PayU, Wompi, WhatsApp Business, or Meta). These transfers occur only to countries or platforms that provide adequate levels of data protection, or with your implicit consent as part of using those services to book your experience.

Updates to This Policy

Marelo may update this Policy as our operations evolve or as Colombian data protection regulations change. The current version will always be available at marelo.co. Material changes will be communicated directly to active clients.

Contact

For any questions about this Policy, or to exercise your data rights:

 

Email: hello@marelo.co

WhatsApp: +57 321 376 6905

Domicile: Cartagena de Indias, Bolívar, Colombia

 

This Policy is effective as of April 2026 and applies to all personal data collected by Marelo Group S.A.S. in the course of its operations.