Makhulu
HomeFeaturesFAQContact usPricing
Login

Privacy Policy

Last Updated: November 1, 2025

Table of Contents

  1. Introduction
  2. Name and Address of the Controller
  3. Data collected through the website Makhulu.com
  4. Purposes of the processing
  5. Data storage
  6. Legal basis for the processing
  7. Data disclosure
  8. Rights of the Data Subject
  9. Security
  10. Links
  11. Cookies
  12. Validity and modifications

1. Introduction

This privacy policy sets out how Makhulu uses and protects any information provided through www.Makhulu.com (hereinafter also referred as the “website”).

Makhulu is serious about protecting the privacy of our users. Therefore, Makhulu applies the General Data Protection Regulation (GDPR) (EU) 2016/679 to ensure that their privacy is protected.

Should Makhulu ask you (the user) to provide certain information by which you can be identified when using this website, be assured that it will only be used in accordance with this privacy statement.

Please, read the following carefully to understand our views and practices regarding personal data and how we process it.

2. Name and Address of the Controller

The Data Controller is:
– CODEBAY SOLUTIONS LIMITED (also referred as “Makhulu”)
– Registered at the Registrar of Companies for England and Wales under number 5903966
– Address: Magma House, 16 Davy Court Way, Castle Mound Way, Rugby, Warwickshire, CV23 0UZ, United Kingdom
– Phone: (+44) 20-3871-3305
– ICO Registration Number: ZA188069

3. Data Collected through the website Makhulu.com:

Makhulu may collect and process the following data:

  • Users may give us information about themselves by filling in forms on Makhulu.com or by corresponding with us by phone, e-mail address, or otherwise. This includes information you provide when you register for a Customer Account, such as name, email address, postal address, billing address, telephone number, username, and password.
  • Users may also provide information about properties they advertise using our Services, including the property address.
  • On each visit to Makhulu.com, we may collect technical information, such as IP address, login information, browser type and version, time zone, browser plug-in types, OS, and platform.
  • We may also collect details about visits, including URL clickstream, page response times, download errors, visit lengths, page interactions, and methods used to browse away from the page.
  • Payment card details are not collected by Makhulu; third-party processors handle payment details.
  • We may also receive information from third parties (such as business partners, sub-contractors, and analytics providers) related to your use of the Services.

    • 4. Purposes of the processing

    The purposes for which the personal data are processed are the following:

  • Providing users with Makhulu Services
  • Ensuring the integrity of Makhulu systems and providing appropriate protection for users accounts through multi-factor authentication (MFA).
  • Support and assistance in using the Services
  • Customizing the Services to individual user needs
  • Notifying users about changes to Services
  • Providing information requested through webforms
  • Providing users with information about other services we offer that are similar to those that users have already purchased or enquired about (only if users have consented to this).
  • Understanding and optimizing how Services are used and improving the Services.
  • Measuring or understanding the effectiveness of advertising we serve to users and others, and delivering relevant advertising to users.

    • 5. Data Storage

    The data shall only be stored for the time strictly required for each purpose of the processing and shall promptly be deleted straight afterward, without prejudice to the legal storage obligations provided for by the law.

    – In cases where users purchase Makhulu products or subscribe to Makhulu Services through the website, the personal data will be kept as long as the contractual relationship between the parties is maintained and until legal liabilities are extinguished.
    – In all other cases, the personal data provided will be kept as long as data deletion is not requested by the user.

    6. Legal basis for the processing

    The legal bases for processing are as follows:
    – In cases where users purchase Makhulu products or subscribe to Services, the basis is the performance of the contract.
    – For MFA security purposes, the basis is Makhulus’ legitimate interests in ensuring secure user accounts, balanced with user rights.
    – In other cases, the legal basis depends on the users’ consent or the users’ right to object, especially in commercial communications.

    7. Data Disclosure

    Users’ personal data may be disclosed to third parties that provide services to Makhulu, including:

  • Codebay Solutions S.L.U., a subsidiary of Codebay Solutions Ltd for trading and logistics services.
  • Service providers, such as channel managers, payment providers, and third-party applications (e.g., Airbnb, Booking.com, and Google LLC).
  • Advertisers and analytics providers for advertising and optimization purposes.
  • Communications providers assisting with MFA implementation, such as Twilio Spain SL.

    • Some personal data of our users may be stored in or transferred to a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for Makhulu or one of our business partners or service providers. By using the Services, users acknowledge and agree that we may be transferring, storing and processing their personal data outside of the country in which they reside. Makhulu will take all the reasonable and necessary steps to ensure that users’ data are treated securely.
    Makhulu also may disclose personal data of our users as required by law, or when we believe in good faith that disclosure is necessary to protect our rights, protect the safety of our users or the safety of others, investigate fraud, or respond to a government request.

    8. Rights of the Data Subject

    Users have the following rights regarding their personal data:


    a) Right of confirmation: to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may at any time contact our data protection manager or another employee of the controller.
    b) Right of access: to obtain from the controller free information about his or her personal data stored at any time and a copy of this information.
    c) Right to rectification: to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
    d) Right to erasure (Right to be forgotten): to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies and as long as the processing is not necessary: – The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. – The data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1) of the GDPR, or point (a) of Article 9 (2) of the GDPR, and where there is no other legal ground for the processing. – The data subject objects to the processing pursuant to Article 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) of the GDPR. – The personal data have been unlawfully processed. – The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. – The personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.
    e) Right of restriction of processing: to obtain from the controller restriction of processing where one of the following applies: – The accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data. – The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead of the restriction of their use instead. – The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims. – The data subject has objected to processing pursuant to Article 21 (1) of the GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.
    f) Right to data portability: to receive the personal data concerning the user, which was provided to a controller, in a structured, commonly used and machine-readable format. The user shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided as long as the processing is based on consent and the processing is carried out by automated means. Furthermore, in exercising his or her right to data portability pursuant to Article 20 (1) of the GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and does not adversely affect the rights and freedoms of others.
    g) Right to object: to object, on grounds relating to the user’s particular situation, at any time to processing of personal data concerning the user which is based on point (e) or (f) of Article 6 (1) of the GDPR. This also applies to profiling based on these provisions.
    i) Right to withdraw data protection consent: to withdraw consent to the processing of the user’s personal data at any time.
    If the data subject wishes to exercise any of the aforementioned rights, he or she may at any time directly contact Makhulu by sending the appropriate request at the following addresses: – Avenida de Josep Tarradellas, 20-30, P.5., Barcelona, Spain – privacy@Makhulu.com

    Finally, each data subject has the right to lodge a complaint before the appropriate Data Supervisory Authority.

    9. Security

    We are committed to ensuring that users’ information is secure. In order to prevent unauthorized access or disclosure, Makhulu has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

    When our users enter sensitive information on our site, we encrypt the transmission of that information using secure socket layer technology (SSL).

    Nevertheless, please note that no data transmission over the Internet or information storage technology can be guaranteed to be totally secure. As a result, whilst we strive to protect our users’ information, we cannot ensure or warrant the security of any information which users send to us, and the users do so at their own risk.

    10. Links

    www.Makhulu.com may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, Makhulu cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

    11. Cookies

    www.Makhulu.com uses cookies. The web user has the option to prevent the generation of cookies, by selecting the corresponding option in his browser program.

    For more information, visit our Cookies Policy.

    12. Validity and Modifications

    Makhulu will be able to modify, totally or partially, this Privacy Policy, publishing any change or alteration in the same manner in which these conditions appear or via any type of communication directed to the users, as Makhulu chooses.

    The temporary validity of this Privacy Policy coincides, therefore, with the time of exposure, until they are totally or partially modified, in which case these latter modified will become the valid ones.

    background-image

    Ready to Get Started?

    Start your project with a 14-day free trial

    Get Started