India privacy notice
Privacy Policy
Effective date: 28 June 2026. This Privacy Policy is prepared with reference to Indian privacy and information technology requirements, including the Digital Personal Data Protection Act, 2023, Digital Personal Data Protection Rules, 2025 and applicable IT security rules. It explains how The Holidays Group collects, uses, shares, stores and protects customer and traveller personal data in connection with our website, booking desk, live search, assisted confirmations, support channels and travel services.
1. Who controls the information
The Holidays Group is responsible for personal data collected through this website and our support channels, except where a travel supplier, airline, hotel, visa partner, insurer, payment gateway or other third-party provider independently processes data under its own policy and legal obligations.
2. Information we collect
- Contact details: name, mobile number, email, address, city, booking ID, support messages and communication preferences.
- Traveller details: passenger names, date of birth, age, gender, nationality, route, destination, check-in and checkout dates, room occupancy, passenger type, meal choice, baggage choice and special requests.
- Travel documents: passport details, visa documents, government ID, photographs, ticket copies, invoices, GST details for B2B/corporate requests and information required by suppliers or authorities.
- Payment and transaction data: payment status, transaction reference, amount, refund status, invoice details and payment gateway response. We do not store full card numbers, CVV, UPI PIN, net banking password or OTP.
- Website and device data: browser, device, approximate location, IP address, cookies, search activity, pages visited, referral source and technical logs for security, analytics and service improvement.
3. Purpose of processing
- To search, quote, reserve, confirm, manage and support flights, hotels, villas, cabs, transfers, trains, buses, holidays, tours, visa, cruise, forex and travel insurance.
- To verify customer identity, traveller eligibility, document requirements, payment status, supplier rules, cancellations and refunds.
- To send booking updates, payment links, support responses, itinerary information, travel alerts, invoices, service reminders and policy notices.
- To detect fraud, prevent misuse, maintain security, comply with law, resolve disputes, improve website performance and maintain business records.
- To send offers or service updates where permitted by law and customer preference. Customers may opt out of promotional messages, while essential booking messages may still be sent.
4. Consent, lawful use and withdrawal
By submitting personal data for a booking or enquiry, the customer consents to the processing needed for the requested travel service. Consent can be withdrawn by contacting our support desk, but withdrawal may affect pending booking, visa, refund, insurance, supplier confirmation or legal-record requirements. We may also process data where required for legal compliance, fraud prevention, accounting, tax, dispute resolution or legitimate travel service operations permitted by applicable Indian law.
5. Children and minors
Bookings for minors must be created by a parent, guardian or authorised adult. We collect minor traveller data only where required for the travel service, such as ticketing, hotel occupancy, visa, insurance or destination rules. Parents or guardians are responsible for providing valid consent and correct minor details.
6. Sharing with suppliers, partners and authorities
- We share necessary data with airlines, hotels, cab operators, transport providers, tour operators, visa partners, insurance companies, forex partners, payment gateways, technology providers, customer support vendors and business partners where required for the requested service.
- We may share information with government authorities, immigration, law enforcement, tax authorities, courts, consumer forums or regulators where required by law, lawful order or dispute resolution.
- For international bookings, information may be transferred or accessed outside India where suppliers, airlines, hotels, visa partners, payment providers or destination authorities require it for service delivery.
7. Security practices
- We use reasonable security practices to protect booking records, documents, customer communication and website data against unauthorised access, misuse, loss or alteration.
- Access to customer data is restricted to staff, support teams, service providers and suppliers who need the information for booking, support, finance, compliance or dispute resolution.
- No online system is fully risk-free. Customers must not share OTP, CVV, UPI PIN, net banking password or account passwords with anyone claiming to represent The Holidays Group.
8. Cookies, analytics and chat tools
Our website may use cookies, analytics, chat support, performance tools and advertising pixels to operate the site, remember preferences, measure traffic, improve search flow, support live chat and understand customer interest. Customers can manage cookies through browser settings, but some login, booking or support features may not work correctly if cookies are disabled.
9. Data retention
We retain personal data for as long as necessary for booking support, supplier follow-up, refunds, invoices, tax records, legal compliance, fraud prevention, dispute resolution, audit and business record purposes. Document copies and support records may be retained where required by supplier, tax, visa, insurance, legal or accounting obligations.
10. Customer rights and duties
- Customers may request access to eligible personal data, correction of inaccurate data, deletion of eligible data, withdrawal of consent and grievance redressal, subject to booking, supplier, tax, legal and retention requirements.
- Customers may nominate another person to exercise rights in case of death or incapacity where applicable under the Digital Personal Data Protection Act, 2023.
- Customers must provide authentic information, not impersonate another person, not suppress material travel details and not submit false documents or fraudulent payment information.
11. Grievance officer and privacy contact
For privacy questions, correction requests, consent withdrawal, data access, deletion requests or complaints, contact our customer grievance desk.
Grievance Officer / Customer Support Desk: The Holidays Group, Third Floor, Gulshan Park, H-30, Plot No 6&7, Vijay Chowk Area, Laxmi Nagar, Delhi, 110092. We aim to acknowledge and resolve grievances within timelines required by applicable Indian law.
12. Updates to this policy
We may update this Privacy Policy to reflect changes in law, supplier requirements, website features, payment flows or business processes. The latest version published on this website will apply from the stated effective date.
