Privacy policy
Last updated: Jun 7, 2026
This Privacy Policy (“Policy”) sets out how your personal data is processed as a result of the use of the RMS-related Services and of the filing of forms on our website. This document is an integral part of Climber's Terms and Conditions, which contain an overview of the Services. By using our Services, you agree to our Policy and authorize us to process your personal data as described herein in order to provide our Services correctly.
Who is Climber?
Climber is a Revenue Management Software for hotels. We are responsible for the collection and processing of hotel data related to operations and revenue management.
Climber cares about your privacy and is committed to processing your personal data in accordance with fair information practices and applicable data privacy laws.
To provide our Services, we do not process your personal data in accordance with the legitimate instructions of the website on which you purchased services or products using Climber RMS, in accordance with this Policy, or in accordance with applicable data protection legislation.
What type of personal data does Climber collect?
Some data that we use in order to be able to provide our Services to you may be considered personal data – meaning information relating to you that, individually or in combination, can identify you. We may use the personal data indicated here so that you can use and improve our Services:
- Identity data: includes information about your identity, such as your name, email, position, and telephone number.
- Financial Data: includes information about payment details, address data, CNPJ (Brazilian company tax ID) number.
- Usage data: includes information about how you use our Service, such as PMS, Channel Manager, or Rate Shopper. It may also include data about the access to and use of the product itself.
We may also collect Aggregated Data, such as statistical or demographic data. It may be derived from your personal data or usage data, but it is not legally considered personal data, since this data does not reveal your identity directly or indirectly.
How does Climber collect personal data?
You may provide us with identity data and financial data using our RMS. We may also collect personal data about you by your contacting us through our communication and customer service channels.
When interacting with our Services, we may automatically collect usage data via API with third parties.
In addition, for your security and to improve our Services, we may receive personal data about you from third parties and public sources, such as companies that introduce you to us, state agencies, and service providers.
Why does Climber collect personal data?
Your personal data is used in accordance with the purposes presented below, with their respective legal bases, which authorize its processing:
| Purpose | Data | Legal Basis |
|---|---|---|
| To provide our services | Identity, Financial, or Usage Data | Contractual performance and legitimate interest (developing and improving our Services) |
| To analyze the user's profile for the purpose of behavioral analysis, to monitor and improve our performance, and to improve our Services | Identity, Financial, or Usage Data | Legitimate interest (developing and improving our Services) |
| To manage our relationship with you, including through our communication and customer service channels | Identity Data, Financial Data, Usage Data | Legal obligation, performance of the contract, and legitimate interest (developing and improving our services) |
| To send direct marketing communications to you by email or text message | Identity data | Consent |
We generally do not rely on consent as a legal basis for processing your personal data, except to send direct marketing communications to you by email or text message. In that case, you have the right to withdraw your consent in your own received communications or by contacting us.
In other cases, if you refuse to provide personal data that we need by law or regulation, or because we have a contract with you, we may not be able to provide the Services correctly.
We will only use your personal data for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with its original purpose. In addition, if we need to process your personal data for a new purpose not originally related, we will notify you by providing explanations about it.
We may process your personal data without human intervention to analyze transactions and consumption profiles, for the purposes of behavioral analysis, and to prevent fraud and security threats. We may also do this to decide which marketing communications are suitable for you, to analyze statistics, and to assess risks. All of this is based on our legitimate interests: protecting our business and developing and improving our Services.
With whom may Climber share personal data?
Since we offer a Service that includes technical integrations with third parties, such as Channel Managers, we may share data with them, such as the availability of the hotel's rooms or hotel rates.
Your personal data may be shared with state agencies and regulatory agencies in order to comply with the legal and regulatory obligations with which we must comply in all territories where we provide our Services.
In addition, we may share your personal data in order to protect our rights, the rights of customers or of third parties, to protect your legitimate interests or those of third parties, to enforce our terms of use or other agreements, and to pursue or exercise a defense in legal claims. Finally, we may share your personal data with a third party that is Pipedrive, our CRM, where we manage our lead and customer accounts.
Climber may also collect and share data anonymously regarding the hotel's operation (such as room nights and revenue).
We may also use cookies that are set by third-party analytics providers to collect usage information that we use to improve the work of the Sites. For example, we use Google Analytics to collect information about the number of visitors to the Sites, where they come from, and how they use the Sites. The information generated by the Google Analytics cookies about the use of the Site is transmitted to Google. To learn more about how Google Analytics collects and processes data and the options that Google may offer to control these activities, you can visit: https://www.google.com/policies/privacy/partners/
May Climber transfer personal data internationally?
Climber is headquartered in Portugal, and your personal data is collected in accordance with Portuguese and EU legislation. However, we may transfer your personal data internationally in order to provide our Services.
Before transferring your personal data internationally, we will ensure that such transfer takes place in accordance with the high degree of protection required in this Policy. To that end, your personal data will only be transferred to parties located in countries or international organizations that legally have a data protection agreement or that comply with the standard contractual clauses required by us.
If you reside or are located in the European Economic Area (“EEA”), we provide the following additional information to notify you of certain rights you may have under the European Union's General Data Protection Regulation (“GDPR”) if and to the extent it applies.
How long will personal data be stored?
We keep your personal data only for the period necessary to fulfill the purposes for which we collected it, including for the purposes of complying with any legal, contractual, accountability, or law enforcement application, subject to a minimum period of 5 (five) years from the date of data collection.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm arising from the unauthorized use or disclosure of your personal data, the purpose of processing your personal data, and whether we can achieve such purposes through other means. If certain data is no longer necessary for the purpose, it will be deleted or subject to anonymization.
If you request the deletion of your personal data, we will delete it once the aforementioned legal retention period has elapsed, unless its retention is determined on the basis of legal obligations or at the request of a competent authority.
What are the security standards adopted by Climber regarding personal data?
We have established appropriate administrative and technical security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized manner, altered, or disclosed. In addition, we authorize access to your personal data by employees, agents, contractors, and other third parties within the limits necessary for carrying out their activities. They will process your personal data in accordance with our instructions and will be subject to a duty of confidentiality.
We have established procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of any breach, in the event that we are required to do so.
Although we adopt rigorous security standards, the transmission of information over the internet is not completely secure, and even if we do our best to protect your personal data, we cannot guarantee the security of your data transmitted online.
What are your rights as a data subject?
We summarize below all your rights as a data subject that may be exercised by contacting us:
- Right of access. You may request and receive a copy of your personal data that we hold. In addition, you may request clarification on how we obtain your personal data, what criteria we use, what our processing purposes are, and with whom we share your personal data.
- Right of rectification. You may request the rectification of incomplete, inaccurate, or outdated personal data, through verification of the validity of the data you provide to us.
- Right to anonymize, block, or delete. You may request the anonymization, blocking, or deletion of personal data that you believe is being processed contrary to this Policy or in violation of applicable personal data protection legislation.
- Right to object. You may object to the processing of your personal data that is not carried out on the basis of your consent, if you understand that such processing is violating your rights. In such cases, we may demonstrate that we have legitimate grounds to process your personal data in accordance with this policy and to provide our services correctly.
- Right to deletion. You may request the deletion of your personal data stored by Climber, processed with your consent, which is no longer necessary or relevant for the provision of the Services, provided that we have no other reason to keep it, such as to comply with a legal or regulatory data retention obligation or to safeguard rights.
- Right not to give consent. You may refuse the processing of personal data based on your consent at any time. However, if you withdraw your consent, we may not be able to provide our Services correctly, the consequences of which we will explain to you.
- Right of review. You may request the review of decisions made solely on the basis of automated processing if you believe they are affecting your interests.
- Right of portability. You may request the portability of your personal data in a structured and interoperable format.
To submit your requests, you must provide an express request, in your name or through your legal representative, to the contact addresses of Climber described in the topic below. This requirement will be free of charge for you. However, we may charge a fee if your request is clearly unfounded or repetitive, or we may refuse to respond to your request in such circumstances.
To exercise these rights, we may have to verify your identity and the validity of your personal data. This is a security measure to ensure that personal data is not disclosed to anyone who is not entitled to receive it. Climber may also contact you to obtain more information about your request.
Confirmation of the processing and access to your data will be provided immediately, in a simplified manner, or by means of a detailed statement within 15 days. For further responses to your requests, Climber will try to respond to you within 30 days.
Occasionally, we may take longer if your request is particularly complex or if you have made several requests. In this case, Climber will notify you and keep you updated on the progress of your request.
How to contact Climber?
If you wish to exercise any right under this Policy or applicable law, or if you have questions, comments, or suggestions about this Policy, you can contact us at the following contact addresses:
Email: sales@climberrms.com
Website: www.climberrms.com
What happens if this policy is changed?
All changes we make to this Policy will be posted on the Climber page and, where appropriate. Please check frequently to see any updates or changes.