This Privacy ("Policy") applies to the securing and processing of personal data by TCIL (India). Ltd (hereinafter "TCIL" in connection with personal data provided by any person ("User") who has purchased or intends to purchase or inquiries about any product(s) or service(s) made by TCIL through any of TCIL's interface channels including website, mobile site and mobile app (collectively referred herein as "Sales Channels").
2. PURPOSE OF THIS POLICY
We respect your need to understand how and why information is being collected, used, disclosed, transferred and stored. Thus we have developed this Policy to familiarize you with our practices. This policy sets out the way in which we process your information when you use our Website or other digital platforms in accordance with applicable data protection laws. It is important that you read this policy together with any other policies we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This policy supplements the other notices and is not intended to override them.
3. DEFINING CONTROLLER OF PERSONAL DATA
A "Controller" is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This notice is issued on behalf of TCIL as controller. Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller. As the circumstances warrant TCIL may be Controller or Processor of your personal data.
4. TYPE OF PERSONAL DATA WE COLLECT
Personal data includes any information about any user from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data). You may be asked for personal data anytime you are in contact with TCIL directly or indirectly through a third party. We collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy. We do not collect any special categories of personal data about you through our Website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us.
5. MODES OF COLLECTING PERSONAL DATA
The only way we will get any kind of personal data is if you choose to give it to us in the following circumstances:
(a) Direct interaction:
- When you make an enquiry or quotation request or make a reservation or purchase from our ‘Website’ or through our customer service team - by email(s), letter(s), fax, on the phone or in physical store
- When you register with us, subscribe to our newsletter, enter in lucky draws/competitions/surveys/feedback, send us queries or register for promotions
- When you engage with us in any online or offline event, promotions, page hosted by us on a third party platform or location
- Through cookies on our Website (b) Cookies and other technologies:
(c) Third parties or publicly available sources:
We receive Technical Data from analytics providers such as Google
6. GROUNDS FOR PROCESSING OF DATA
When you use our Website we will use your personal data in the following circumstances:
a) “performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;
b) “legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
c) “legitimate interests”: where necessary for our interests provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest, to monitor how you are using our Website or client portals to ensure that the security of our Website or client portals or systems is maintained. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and
d) “consent”: We rely on consent as a legal basis for processing your personal data in relation to sending direct marketing communications to you via email or text message.
We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
7. USE OF PERSONAL DATA
While you make a booking:
- We may use your Personal Information available with us to ease your booking process. This information may include all the data provided by you earlier i.e. contact data. We may also use the information of travellers list as available in or linked with your account. This information is presented to the User at the time of making a booking to enable you to complete your bookings expeditiously.
We may also use your Personal Information for several reasons including but not limited to:
- keep you informed of the transaction status
- Newsletters to keep you updated on the travel sector. In the event that you don’t wish to receive such intimation, you may unsubscribe this facility in the email message you receive
- send booking confirmations either via SMS or WhatsApp or any other messaging service
- send any updates or changes to your booking(s) | allow our customer service to contact you, if necessary | confirm your reservations with respective service providers customize the content of our website, mobile site.
- request for reviews of products or services or any other improvements | send verification message(s) or email(s)
- validate/authenticate your account and to prevent any misuse or abuse | contact you on your birthday/anniversary to offer a special gift or offer | send you important notices and communications regarding our products and services availed or changes to the terms and conditions and/or policies
- send information about products and services offered by TCIL and its affiliates | send you payment reminders and/or travel vouchers
We may share your personal data to third parties for reasons cited below but not limited to:
Where it is necessary to process your booking, enquiry or participation. | To fulfil the service offering and/or to make booking, reservation, blocking and any such activity initiated by user. | We may share personal data with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information.
We may use your personal information for Marketing Promotions, Research and other programs
As a registered user, you will receive our latest product and service announcements, offers, promotions and event updates. If you wish to unsubscribe, you can choose to do so | We may also use the personal data to improve our product offering, develop and deliver products, services, content and advertising. | Personal data may also be used internally for research, analysis and auditing | TCIL may from time to time launch promotions to give its Users an opportunity to win great travel and travel related prizes. During such activity the personal information collected by us may include contact information and survey questions. We will use such information to notify contest winners and survey information to develop promotions and product improvements. | TCIL may launch travel referral or reward programs from time to time by way of which users would win travel related rewards or other rewards. We may use your personal information to enrol you in the rewards program. Depending on the reward program, each time you win a reward, TCIL may share your personal information with a third party that will be responsible from fulfilling the reward to you. You may however choose to opt out of such reward program if you choose to do so. Here too while rewarding any user we at times may verify information of customers on selective basis for various purposes such as fraud protection or any other purpose.
8. COLLECTION AND USE OF NON-PERSONAL DATA
Non-personal data is data which can never be used to identify an individual. We may collect information regarding customer activities on our various portals. This aggregated information is used in research, analysis, to improve and monitor products and for various promotional schemes. It may be shared in aggregated, non-personal form with third party to enhance customer experience, products offering or services.
9. INFORMATION PROTECTION AND SECURITY
Taking into account the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including:
(a) the pseudonymisation and encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities in when processing personal data.
To protect your personal data and prevent unauthorized access, we have put in place appropriate security measures and certifications. We have SSL site and user should use it to protect the information transmission while transacting online.
10. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes, for example, the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defence of legal claims.
We will retain your personal data in our databases in accordance with our document management, retention and destruction policy and applicable laws. This period may extend beyond the end of your relationship with us, but it will be only as long as it is necessary for us to have sufficient information to respond to any issues that may arise later. For example, we may need or be required to retain information to allow you to obtain credit for trip you purchased but had to cancel. We may also need the retain certain information to prevent fraudulent activity; to protect ourselves against liability, permit us to pursue available remedies or limit any damages that we may sustain; or if we believe in good faith that a law, regulation, rule or guideline requires it.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
11. YOUR RIGHTS
Under certain circumstances, you have rights under applicable data protection laws in relation to your personal data. It is our policy to respect your rights and we will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights under General Data Protection Regulation (GDPR) are set out below:
(a) right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
(b) right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
(c) right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
(d) right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
(e) right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data , if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim;
(f) right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a Website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
(g) right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and
(h) right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.