PRIVACY POLICY

Effective Date: January 1, 2026
Last Updated: March 31, 2027

Introduction and Scope

TravelWithLuv.in ("Company," "We," "Us," or "Our") operates the website travelwithluv.in ("Website," "Platform," or "Site"). This Privacy Policy ("Policy") governs the collection, use, disclosure, storage, and protection of personal information from users ("You," "User," "Customer," or "Traveler") who access or use Our services, including spiritual travel packages to destinations like Kailash Mansarovar Yatra, Nepal temples, and international holy sites and India.

By browsing, booking, or interacting with the Website, You unconditionally agree to this Policy, which forms a binding legal agreement. It complies with India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), Information Technology Act, 2000 ("IT Act"), and relevant global standards like GDPR for international users. If you disagree, cease use immediately. We reserve the right to amend this Policy without prior notice; continued use constitutes acceptance. Check periodically for updates.

Definitions

Personal Information ("PI"): Any data identifying you, e.g., name, email, phone, address, passport/ID details, health declarations, payment info.

  • Sensitive Personal Data ("SPD"): Subset of PI like health, financial, or biometric data.
  • Confirmed Traveler: User with fully paid, verified booking commencing travel.
  • Authorities: Government bodies (e.g., immigration, embassies for visas/permits).
  • Partners: Hotels, transport providers, guides bound by NDAs.
  • Cookies: Small files tracking usage.
  • Force Majeure: Events beyond control (e.g., weather, geopolitics).

This Policy excludes data from third-party sites.

Information We Collect

We collect only essential data for safe, spiritual journeys:

  1. Directly Provided PI:
    • Booking forms: Name, DOB, gender, nationality, contact details, emergency contacts.
    • Travel prefs: Destinations (e.g., Kailash), dates, group size, dietary/religious needs.
    • Documents: Passport, visa scans, medical certificates (high-altitude fitness).
    • Payments: Card/bank details (tokenized, not stored).
  2. Automatically Collected:
    • Device/IP: Browser type, OS, location (approx.), pages visited, session time.
    • Cookies: Session, persistent, analytics (Google Analytics-like).
    • Logs: Search queries, clicks on itineraries.
  3. Indirect/Voluntary:
    • Communications: Emails, chats, feedback.
    • Surveys: Demographics for service improvement.
    • Social logins: If enabled, profile basics.

For Kailash Yatra: Mandatory health disclosures (heart conditions, altitude sickness history) to ensure safety.

We seek explicit consent via checkboxes/forms. Minors (<18): Parental consent required. No PI from children knowingly collected.

Non-compliance (e.g., false health info) voids bookings, no liability.

How We Use Your Information

Your data powers trusted spiritual travel:

  1. Core Services:
    • Process bookings/payments.
    • Generate itineraries, visas, permits.
    • Coordinate logistics (hotels, flights, guides).
  2. Communications:
    • Pre-trip: Confirmations, prep guides (mantra chanting, packing).
    • During: Updates, emergencies.
    • Post: Feedback, photos (with consent).
  3. Analytics & Improvement:
    • Anonymized trends: Popular routes, peak seasons.
    • Personalization: Tailored Kailash packages.
  4. Legal/Compliance:
    • DPDP Act obligations.
    • Tax/invoicing.
  5. Marketing (Opt-In):
    • Newsletters, offers (unsubscribe anytime).

Uses are purpose-limited, proportionate. No profiling/AI decisions affecting You without consent.

TRAI-compliant: Queries authorize calls/SMS/WhatsApp for transactional/promotional info. Wrong details? You indemnify Us.

Information Sharing and Disclosure

Core Assurance: Your PI is never shared/sold/rented with external agencies, marketers, advertisers, or third parties for commercial gain. We prioritize pilgrim trust over profits.

Sole Exception – Confirmed Travelers Only:

  • With Authorities: Passport/health docs to embassies (China/Nepal for Kailash permits), immigration. Legally mandated; minimal data.
  • With Partners: Hotel bookings (name, dates, room prefs), transport (ID, pick-up details), guides (group health summary anonymized).
  • All under strict NDAs, data minimization, purpose-binding.

Examples:

  • Kailash: Chinese embassy receives passport scans.
  • Temple trips: Hotel gets check-in details.

No sharing pre-confirmation or post-trip unless consented.

Other Disclosures:

  • Legal: Court orders, govt requests (e.g., security for international yatras).
  • Merger/Acquisition: Transferred as asset (with notice).
  • Service Providers: Encrypted processors (payments via UPI, Bank Transfers and others. Bound by contracts > DPDP standards.
  • Aggregated/Anonymized: Stats shared publicly (e.g., "80% Kailash travelers fit").

No international transfers without safeguards (SCCs, adequacy decisions).

Data Security Measures

We deploy industry-leading protections:

  • Encryption: SSL/TLS (HTTPS), data at rest (AES-256).
  • Access Controls: Role-based, 2FA, audits.
  • Infrastructure: Firewalls, DDoS protection, backups (encrypted, geo-redundant).
  • High-Risk Trips: Offline records for remote areas (Tibet).
  • Breach Response: Notify within 72 hrs (DPDP); mitigate.

Policies: Employee NDAs, annual training, penetration testing.

No system infallible—You share risks voluntarily.

Cookies and Tracking Technologies

We use:

  • Essential: Login, cart.
  • Analytics: Usage patterns.
  • Functional: Language prefs.

Third-party: Google Analytics (IP anonymized).

Manage: Browser settings ("Do Not Track" honored). Opt-out: Cookie banner.

No targeted ads.

Your Rights and Choices

Under DPDP Act/IT Rules:

  1. Access: Confirm processing.
  2. Correction: Fix inaccuracies.
  3. Erasure: Delete (except legal retention).
  4. Withdrawal: Revoke consent.
  5. Portability: Receive data.
  6. Grievance: Data Protection Officer (DPO).

Request via Admin@travelwithluv.in. Processed 30 days (extendable). ID verification.

Opt-Out: Unsubscribe links. Cookies: Browser.

Children: Parents exercise rights.

No discrimination for exercising rights.

Retention and Deletion

  • Active bookings: Until trip + 3 years (disputes/tax).
  • Inquiries: 1 year.
  • Analytics: Anonymized indefinite.

Auto-delete post-retention. Manual via rights.

Children's Privacy

Services for 18+. No knowing collection from <18. Detect? Delete, notify parents.

Third-Party Links and Services

Links (payments, maps) governed by their policies. We disclaim liability.

International Data Transfers

For global yatras: To Nepal/China with SCCs, ensuring equivalent protection.

Changes to This Policy

Posted here. Major: Email notice. Continued use = acceptance.

We may periodically update this Privacy Policy. Whenever we make any changes to this Privacy Policy that are important for you to know about, we will notify the same to you.

Governing Law and Dispute Resolution

India law, Delhi courts. Arbitration if mutually agreed.

Contact Information

Data Protection Officer: admin@travelwithluv.in
Address: F-165 STREET NO.4, PANDAV NAGAR, 4th Floor,NEAR SAMASPUR ROAD, New Delhi 110091, India.
Grievances: 30-day resolution.

TravelWithLuv.in – Faith Protected, Privacy Sacred.

Chat With Us