GDPR Compliance Policy

(General Data Protection Regulation – EU 2016/679)

Effective Date: 05 Sep 2024

Last Updated: 05 Sep 2024

1. Introduction

This GDPR Compliance Policy explains how Travel Into India collects, uses, stores, and protects personal data of individuals located in the European Union (EU) and European Economic Area (EEA) in accordance with the General Data Protection Regulation (GDPR).

We are committed to safeguarding your privacy and ensuring compliance with all applicable data protection laws.

2. Data Controller

Travel Into India
Registered Address: VPO Shalaghat, Tehsil Arki, District Solan, Himachal Pradesh, India
Email: bookings@travelintoindia.com
Phone: +91 8750-451-966

We act as the data controller for the personal data collected through our website and related services.

3. What Personal Data We Collect

We may collect the following categories of personal data:

Identity Data: Name, title, date of birth.
Contact Data: Email address, phone number, postal address.
Payment Data: Credit/debit card details (processed through secure gateways; not stored by us).
Travel Data: Passport details, travel itinerary, preferences.
Technical Data: IP address, browser type, cookies, device information.

We do not collect special category data such as race, religion, or political opinions unless required for compliance with local laws (e.g., visa processing).

4. Lawful Basis for Processing

We process your personal data based on:

Consent: When you agree to receive marketing or newsletters.
Performance of a Contract: To provide travel booking services.
Legal Obligation: To comply with applicable laws.
Legitimate Interests: To improve our services and user experience.

5. How We Use Your Data ?

To process bookings and provide requested services.
To communicate important information about your trip.
To comply with legal and regulatory requirements.
To send marketing updates (only with your consent).

6. Data Sharing

We may share your personal data with:

Service Providers: Hotels, airlines, transportation companies.
Payment Gateways: For secure transaction processing.
Authorities: When required by law or immigration authorities.

All third parties are bound by contractual obligations to protect your data.

7. International Transfers

Your data may be transferred outside the EU/EEA, including to India, where our operations are based. We ensure adequate safeguards through Standard Contractual Clauses or other mechanisms recognized by GDPR.

8. Data Retention

We retain personal data only as long as necessary for:

Providing services,
Complying with legal obligations,
Handling disputes and enforcing agreements.

After the retention period, data will be securely deleted or anonymized.

9. Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access: Request a copy of your data.
Right to Rectification: Correct inaccurate or incomplete data.
Right to Erasure: Request deletion of your data (subject to legal obligations).
Right to Restrict Processing: Limit how your data is processed.
Right to Data Portability: Receive your data in a structured, machine-readable format.
Right to Object: Stop processing for direct marketing purposes.

To exercise your rights, email bookings@travelintoindia.com. We respond within 30 days.

10. Data Security

We implement strict technical and organizational measures to protect your data against unauthorized access, loss, misuse, or alteration.

Payments are processed using PCI-DSS compliant gateways, and sensitive details (like card numbers) are never stored on our servers.

11. Cookies & Tracking

We use cookies to enhance your browsing experience. For details, refer to our Cookie Policy.

12. Complaints

If you believe your data rights have been violated, you may contact us at bookings@travelintoindia.com or lodge a complaint with your local Data Protection Authority (DPA).

13. Changes to This Policy

We may update this GDPR Policy from time to time. Any changes will be posted on this page with an updated Effective Date.