Privacy Policy

Welcome to our Privacy Policy. At Rahipath Holidays LLP(“Rahipath Holidays,” “we,” “us,” or “our”)we are committed to protecting your privacy and ensuring that your personal information is handled with care, transparency, and respect. This policy explains in clear, accessible language how we collect, use, share, and protect your information across all our travel services—including bookings, payments, insurance, visa assistance, health and safety, spiritual and adventure travel, and more. We want you to feel confident and informed every step of your journey with us.

This policy applies to all customers and visitors who interact with our website, mobile app, customer service, or any other channel. If you have any questions or concerns, our dedicated privacy team is here to help—contact details are provided at the end of this document.

1. Purpose and Scope

Our privacy policy is designed to:

  • Clearly explain what personal and sensitive data we collect and why.
  • Describe how we use, store, and protect your information.
  • Outline your rights and choices regarding your data.
  • Ensure compliance with Indian and international privacy laws, including the Digital Personal Data Protection Act (DPDP Act, 2023), GDPR, and others.
  • Cover all aspects of our travel business, from booking and payments to specialized services like adventure and spiritual travel.

This policy covers all interactions with us, whether you are booking a trip, seeking visa or insurance assistance, using our website/app, or contacting our support team.

2. What Data We Collect

We collect different types of information depending on the services you use. We only collect what is necessary to provide and improve our services, comply with legal requirements, and ensure your safety and satisfaction.

2.1 Personal Information

  • Identity details: Name, gender, date of birth, nationality, marital status, photo ID (passport, Aadhaar, PAN, driver’s license), and government-issued numbers.
  • Contact details: Email address, phone number, postal address, emergency contacts.
  • Travel documents: Passport details, visa information, travel history, and supporting documents for bookings or visa processing.
  • Booking details: Itinerary, travel dates, destinations, accommodation preferences, special requests (e.g., dietary, accessibility).
  • Payment information: Credit/debit card details (encrypted), UPI, wallet info, billing address, transaction history.
  • Health and safety data: Medical conditions, allergies, vaccination status, insurance details, and emergency information (only when required for your travel or as mandated by law).
  • Spiritual/religious preferences: Information about religious or spiritual requirements (e.g., pilgrimage preferences, dietary needs) when relevant to your booking.
  • Adventure travel data: Medical waivers, risk disclosures, emergency contacts, and insurance for adventure activities.
  • Family and minors: Details of accompanying family members, including children (with parental/guardian consent as required).
  • Device and technical data: IP address, device type, browser, location data (if you enable it), cookies, and analytics identifiers.

2.2 Sensitive Personal Data

We may collect sensitive data such as health information, biometric data (for identity verification), or religious beliefs only when necessary for your travel arrangements and with your explicit consent.

2.3 Data from Third Parties

We may receive information about you from:

  • Travel partners (airlines, hotels, insurance providers, visa agencies).
  • Payment processors and banks.
  • Social media platforms (if you connect your account or use social login).
  • Public sources or government agencies (for verification or compliance).

We do not knowingly collect data from children under 16 without parental consent.

3. How We Use Your Data

We use your information only for specific, legitimate purposes, including:

  • Booking and reservations: To process your travel bookings, confirm reservations, and manage your itinerary.
  • Payment processing: To securely process payments, refunds, and manage billing.
  • Travel insurance and assistance: To arrange insurance coverage, process claims, and provide emergency support.
  • Visa and document services: To assist with visa applications, document verification, and compliance with immigration requirements.
  • Health and safety: To ensure your well-being during travel, comply with destination requirements (e.g., vaccination status), and respond to emergencies.
  • Spiritual and adventure travel: To tailor services to your spiritual, religious, or adventure preferences, and manage risk disclosures.
  • Customer support: To answer your queries, resolve issues, and provide updates.
  • Marketing and communications: To send you relevant offers, newsletters, and updates (with your consent and opt-out options).
  • Analytics and improvements: To analyze usage, improve our services, and enhance your experience (using anonymized or aggregated data where possible).
  • Legal and regulatory compliance: To meet our obligations under Indian and international laws, respond to lawful requests, and prevent fraud or misuse.

We do not use your data for profiling or automated decision-making that significantly affects you without your knowledge or consent.

4. Legal Basis for Processing

Depending on your location and the applicable law, we process your data based on:

  • Your consent: For marketing, sensitive data, and optional services.
  • Performance of a contract: To fulfill your bookings and provide requested services.
  • Legal obligations: To comply with laws (e.g., immigration, tax, anti-money laundering).
  • Legitimate interests: To improve our services, prevent fraud, and ensure security (balanced with your rights and interests).

5. Data Sharing and Disclosure

We share your information only as necessary and with trusted parties, always ensuring appropriate safeguards.

5.1 With Service Providers

  • Travel partners: Airlines, hotels, transport providers, tour operators, insurance companies, and visa agencies—only as needed to fulfill your bookings.
  • Payment processors: Secure gateways and banks for payment processing (PCI-DSS compliant).
  • Third-party vendors: IT, analytics, marketing, and customer support providers (bound by strict data protection agreements).

5.2 With Authorities

  • Government and regulatory bodies: For visa processing, immigration, customs, law enforcement, or as required by law.
  • Health authorities: When required for public health or safety (e.g., COVID-19 status).

5.3 International Data Transfers

Your data may be transferred to and processed in countries outside your home country (e.g., for bookings with international partners). We ensure such transfers comply with applicable laws (e.g., DPDP Act, GDPR), use approved safeguards (such as contractual clauses), and only transfer to countries not on the Indian government’s “negative list”.

5.4 With Your Consent

We may share information with third parties for marketing or optional services only with your explicit consent.

5.5 Business Transfers

In the event of a merger, acquisition, or business transfer, your data may be transferred to the new entity, with continued protection under this policy.

We do not sell your personal data to third parties.

6. Data Security

We take your data security seriously and implement robust measures to protect your information from unauthorized access, loss, misuse, or alteration.

6.1 Technical Safeguards

  • Encryption: All sensitive data (including payment and identity information) is encrypted in transit (TLS/SSL) and at rest.
  • Access controls: Only authorized personnel can access your data, with strict role-based permissions.
  • Secure infrastructure: We use secure servers, firewalls, and intrusion detection systems. Our cloud providers are ISO 27001 certified.
  • Regular audits: We conduct security assessments, vulnerability scans, and penetration testing.
  • Data minimization: We collect and retain only what is necessary.

6.2 Organizational Measures

  • Employee training: All staff receive regular training on data privacy, security, and incident response.
  • Vendor management: We require all partners and vendors to meet our security standards and sign data processing agreements.
  • Incident response: We have a documented plan to detect, respond to, and notify you and authorities of any data breaches as required by law.

7. Cookies, Analytics, and Tracking

Our website and app use cookies and similar technologies to enhance your experience, analyze usage, and support marketing (with your consent).

7.1 Types of Cookies

  • Essential cookies: Required for site functionality (e.g., login, bookings).
  • Analytics cookies: Help us understand how you use our site (e.g., Google Analytics, with anonymization and consent banners as required by law).
  • Marketing cookies: Used for personalized offers and advertising (only with your consent).

7.2 Cookie Consent

  • You can manage your cookie preferences at any time via our cookie banner or browser settings.
  • We comply with global cookie laws (e.g., GDPR, CCPA) and do not run non-essential cookies without your consent.

7.3 Third-Party Tools

We use reputable analytics and marketing tools, ensuring they meet privacy standards and do not collect more data than necessary.

8. Marketing Communications and Consent

We want to keep you informed about exciting offers and updates, but only if you want to hear from us.

  • Opt-in: We send marketing emails, SMS, or push notifications only if you have opted in.
  • Opt-out: You can unsubscribe at any time via the link in our messages or by contacting us.
  • Preference center: Manage your communication preferences in your account settings.
  • No pre-ticked boxes: We never use pre-selected consent options; your choices are always clear and specific.

We do not use your data for automated profiling or targeted advertising without your knowledge and consent.

9. Data Retention and Deletion

We retain your personal data only as long as necessary for the purposes described in this policy or as required by law.

9.1 Retention Periods

  • Bookings and transactions: Retained for the duration of your travel and as required for accounting, legal, or regulatory purposes (typically 5–8 years, depending on applicable laws).
  • Insurance and visa data: Retained as long as needed for claims, compliance, or dispute resolution.
  • Health and safety data: Retained only as long as necessary for your travel or as required by law.
  • Marketing data: Retained until you withdraw consent or unsubscribe.
  • Children’s data: Retained only as long as needed for the specific booking, with parental/guardian consent.

9.2 Deletion and Your Rights

  • Right to erasure: You can request deletion of your data at any time (subject to legal or contractual obligations).
  • 48-hour notice: Before deleting your data, we will notify you at least 48 hours in advance, as required by Indian law.
  • Backups: Data is deleted from active systems promptly and from backups in accordance with our data destruction policy.

10. Your Rights and Choices

We respect your rights regarding your personal data. Depending on your location and applicable laws, you may have the following rights:

  • Access: Request a copy of your personal data.
  • Correction: Update or correct inaccurate or incomplete information.
  • Deletion: Request deletion of your data (subject to legal requirements).
  • Restriction: Ask us to limit processing of your data in certain circumstances.
  • Portability: Request your data in a portable format.
  • Objection: Object to processing for marketing or other purposes.
  • Withdraw consent: Withdraw your consent at any time (this does not affect prior processing).
  • Lodge a complaint: Contact us or your local data protection authority if you have concerns.

To exercise your rights, please contact us using the details at the end of this policy. We will respond promptly, typically within 15 days.

11. Special Categories and Situations

11.1 Children and Minors

  • We do not knowingly collect data from children under 16 without parental or guardian consent.
  • For family bookings, we require the adult making the booking to confirm consent for any minors included.
  • Parents/guardians can access, correct, or request deletion of their child’s data at any time.

11.2 Family and Group Bookings

  • If you provide information about other travelers (e.g., family, friends), you must have their consent to share their data with us.
  • We treat all travelers’ data with the same level of protection.

11.3 Government, Immigration, and Law Enforcement Requests

  • We may be required to share your data with government authorities for immigration, customs, security, or legal compliance.
  • Such disclosures are made only as required by law and with appropriate safeguards.

12. Health, Safety, Spiritual, and Adventure Travel Data

12.1 Health and Safety

  • We collect health information only when necessary for your travel (e.g., to meet destination requirements, arrange special assistance, or comply with public health laws).
  • Health data is handled with extra care and shared only with relevant partners (e.g., airlines, hotels, insurance providers) as needed.

12.2 Spiritual and Religious Travel

  • If you book spiritual or religious travel (e.g., pilgrimages), we may collect information about your preferences to tailor your experience.
  • Such data is considered sensitive and is used only for your requested services.

12.3 Adventure Travel

  • For adventure activities (e.g., trekking, rafting), we may require medical waivers, emergency contacts, and insurance details.
  • We follow industry best practices for risk management and legal compliance, including enforceable liability waivers and safety protocols.

13. Payment Processing and PCI-DSS Compliance

  • All online payments are processed through secure, PCI-DSS compliant gateways.
  • We do not store your full card details; only tokenized or masked data is retained for transaction records and refunds.
  • Payment data is encrypted and access is strictly controlled.

14. Third-Party Service Providers and Vendor Management

  • We carefully select partners and vendors who meet our data protection standards.
  • All third-party processors sign data processing agreements that require them to protect your data and use it only for specified purposes.
  • We regularly review and audit our vendors’ security and compliance.

15. International Data Transfers

  • Your data may be transferred to partners or servers in other countries to fulfill your bookings or provide services.
  • We ensure such transfers comply with Indian law (DPDP Act), GDPR, and other applicable regulations.
  • Transfers are made only to countries not on the Indian government’s “negative list” and with appropriate safeguards (e.g., contractual clauses, security certifications).

16. Data Security Controls and Technical Safeguards

  • Encryption: All sensitive data is encrypted in transit and at rest.
  • Access controls: Strict authentication, role-based access, and multi-factor authentication for staff.
  • Monitoring: Continuous security monitoring, intrusion detection, and regular audits.
  • Incident response: Documented procedures for detecting, containing, and reporting data breaches.
  • Certifications: Our systems and key vendors are ISO 27001 certified or equivalent.

17. Breach Notification and Incident Response

  • In the unlikely event of a data breach, we will notify affected users and the relevant authorities “without undue delay,” as required by law (e.g., within 72 hours under GDPR, promptly under DPDP Act).
  • Notifications will include details of the breach, affected data, potential consequences, and steps you can take to protect yourself.
  • We will take immediate action to contain and remedy any breach.

18. Privacy by Design and Governance

  • We embed privacy into all our systems and processes from the outset (“privacy by design”).
  • Regular Data Protection Impact Assessments (DPIAs) are conducted for new projects or high-risk processing.
  • Our Data Protection Officer oversees compliance, training, and governance.
  • Policies and procedures are reviewed and updated regularly.

19. Employee Training and Internal Policies

  • All employees receive regular training on data privacy, security, and ethical handling of customer information.
  • Access to personal data is limited to staff who need it to perform their duties.
  • Internal policies are enforced through audits, monitoring, and disciplinary measures for violations.

20. Readability and Accessibility

  • We strive to make this policy clear, concise, and easy to understand for all users, avoiding legal jargon and technical terms wherever possible.
  • If you need this policy in another language or accessible format, please contact us.

21. Updates to This Policy

  • We may update this policy from time to time to reflect changes in our practices, legal requirements, or services.
  • The latest version will always be available on our website, with the “last updated” date at the top.
  • For significant changes, we will notify you via email, website notice, or during your next interaction with us.

22. Contact Us

If you have any questions, concerns, or requests regarding your personal data or this privacy policy, please contact our Privacy Team:

  • Email:info@rahipathholidays.in
  • Phone: +91-9193559916
  • Address:Gaur City Center,  Greater Noida, India

We are committed to responding to your queries promptly and transparently.

25. Summary Table: Key Privacy Practices

AreaWhat We DoYour Choices/Controls
Booking & ReservationsCollect only necessary data; share with travel partners as neededReview and update your details
Payment ProcessingUse PCI-DSS compliant gateways; do not store full card detailsChoose payment method; request deletion of payment data (where possible)
Insurance & Visa AssistanceShare data with insurers/embassies only as requiredProvide only required documents
Health & SafetyCollect health data only when needed; handle with extra careConsent required; can withdraw consent (may affect services)
Spiritual/Adventure TravelCollect preferences/waivers as needed; follow safety protocolsProvide info as needed; can opt out
Third-Party SharingShare only with trusted, contracted partners; no data sellingOpt out of marketing sharing
International TransfersTransfer data only with safeguards; comply with lawsInformed of transfers; can object (may affect services)
Marketing CommunicationsSend only with opt-in; easy unsubscribeManage preferences; opt out anytime
Data RetentionKeep data only as long as needed or required by lawRequest deletion or correction
User RightsAccess, correct, delete, restrict, or port your dataContact us to exercise rights
Data SecurityEncryption, access controls, regular auditsReport concerns; request info
Breach NotificationNotify you and authorities promptly if a breach occursReceive timely updates
Children’s DataCollect only with parental consent; extra safeguardsParents can access/delete data

26. Frequently Asked Questions (FAQs)

Q: Do I have to provide all the information you ask for?
A: Only the information marked as required is necessary for your booking or service. Optional data helps us personalize your experience but is not mandatory.

Q: Can I book travel for someone else?
A: Yes, but you must have their consent to share their personal data with us.

Q: How do I opt out of marketing?
A: Click the “unsubscribe” link in any marketing email or update your preferences in your account.

Q: What happens if I withdraw consent?
A: We will stop processing your data for the purposes you withdraw consent for. Some services (like bookings or insurance) may not be possible without certain data.

Q: How do you protect my payment information?
A: All payments are processed through secure, PCI-DSS compliant gateways. We do not store your full card details.

Q: What if there is a data breach?
A: We will notify you and the relevant authorities promptly, provide details, and take steps to protect you.

Thank you for trusting Rahipath Holidays LLP with your travel plans and personal information. We are committed to making your journey safe, enjoyable, and privacy-respecting—every step of the way.

Call Us Now
WhatsApp