1. Introduction and Scope
1.1. Welcome to Namo Ayodhya Ji palace. This Privacy Policy explains how Namo Ayodhya Ji palace we collects, uses, stores, and protects your personal information when you visit our website, make a reservation, stay at our hotel, or interact with us in any way. We are committed to protecting your privacy and handling your data with transparency and care.
1.2. Scope of This Policy. This policy applies to all personal information collected by us, whether online (through our website, social media, or other digital platforms) or offline (via phone, in-person at our front desk, or through other traditional means).
1.3. Your Consent. By using our services, you consent to the collection, use, and disclosure of your information as described in this policy. If you do not agree with this policy, please do not use our services.
To expand this section: You would detail the company structure, list all associated brands, and provide a legal and a trading name. You would also provide a detailed explanation of the policy’s purpose and its compliance with major regulations like GDPR, CCPA, etc.
2. Information We Collect
This section would be the largest, breaking down every type of data collected and the reason for its collection.
2.1. Information You Provide Directly to Us.
Contact Information: Name, email address, phone number, mailing address.
Reservation and Stay Information: Dates of stay, room type, special requests, guest names, loyalty program numbers, payment card details.
Demographic and Preference Information: Birth date, nationality, language preference, dietary restrictions, mobility needs, and other personal preferences to enhance your stay.
Identity Verification: Passport or government-issued ID number, and a copy of the document, as required by law.
Communication Content: Emails, chat transcripts, social media messages, and feedback provided to us.
2.2. Information We Collect Automatically.
Website and Usage Data: IP address, browser type, operating system, pages visited, time spent on pages, and referring URLs. We use this to analyze website traffic and improve user experience.
Location Information: Geolocation data from your mobile device, if you have enabled location services.
Cookies and Tracking Technologies: We use cookies to remember your preferences, personalize your experience, and analyze our website’s performance. (This section would refer to a separate, detailed cookie policy).
2.3. Information from Third Parties.
Online Travel Agencies (OTAs): Data from booking platforms like Expedia or Booking.com, including your name, reservation details, and contact information.
Payment Processors: Confirmation of payment from our payment partners. We do not store full payment card numbers on our servers.
Social Media: Publicly available information from your social media profiles if you interact with us on those platforms.
Marketing and Analytics Partners: Data from partners that help us improve our marketing efforts.
To expand this section: You would create a detailed table for each category of data, specifying the exact data points collected, the purpose of collection, and the legal basis for processing (e.g., contract, consent, legitimate interest). For example, you would list every possible “special request” and explain why it’s collected (e.g., “pillow preference – to provide a comfortable stay”).
3. How We Use Your Information
This section would detail every purpose for which data is used.
3.1. To Fulfill Your Reservation and Provide Services.
Processing your reservation, confirming your stay, and providing you with the requested services.
Personalizing your stay by remembering your preferences.
Managing our loyalty programs.
Handling billing and payments.
3.2. To Communicate With You.
Sending pre-arrival information, confirmations, and post-stay surveys.
Responding to your inquiries and requests.
Sending marketing communications and promotional offers, with your consent.
3.3. For Internal Business Operations.
Improving our services and developing new offerings.
Conducting internal research, analytics, and business planning.
Managing and improving our website and IT infrastructure.
Ensuring the safety and security of our guests, staff, and property.
3.4. For Legal and Regulatory Compliance.
Complying with local laws regarding guest registration.
Preventing fraud and other illegal activities.
Responding to legal requests from law enforcement or government authorities.
To expand this section: You would create a comprehensive list of every possible use case. For example, under “Improving our services,” you might list “A/B testing of website layouts,” “analyzing guest feedback from post-stay surveys to train staff,” “predicting room demand to optimize pricing,” and so on, each with a detailed explanation.
4. Legal Basis for Processing (for GDPR compliance)
This is a critical section for hotels operating in or serving EU citizens.
4.1. Contractual Necessity: We process your data to fulfill our contract with you (e.g., processing your reservation).
4.2. Legitimate Interests: We process your data for our legitimate business interests, provided these interests do not override your fundamental rights and freedoms (e.g., using your data for fraud prevention or to improve our services).
4.3. Consent: We process your data when you have given us explicit consent (e.g., for marketing communications). You have the right to withdraw this consent at any time.
4.4. Legal Obligation: We process your data to comply with a legal obligation (e.g., sharing guest information with government authorities as required by law).
To expand this section: You would provide specific examples for each legal basis. For instance, under “Legitimate Interests,” you would list: “Fraud detection: Our legitimate interest is to protect our business and our customers from fraudulent transactions. This processing is necessary and proportionate.”
5. How We Share Your Information
5.1. With Our Service Providers: We share data with third-party vendors who perform services on our behalf, such as payment processors, IT support, marketing agencies, and analytics providers. We only share the minimum necessary information and require them to protect your data.
5.2. With Other Entities Within Our Corporate Family: We may share data with our parent company, subsidiaries, or affiliates to streamline operations and provide a consistent service.
5.3. For Legal Reasons: We may disclose your information if required by law, court order, or governmental request.
5.4. In Business Transfers: If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred as part of that transaction.
5.5. With Your Consent: We may share your information with other parties if you have given us explicit consent to do so.
To expand this section: You would name specific types of service providers (e.g., “Cloud hosting provider: AWS,” “Payment gateway: Stripe,” “CRM platform: Salesforce”), explain what data they receive, and link to their privacy policies.
6. Data Retention
We will retain your personal information for as long as is necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements. The specific retention periods vary depending on the type of data and the purpose of processing. For example, we will retain reservation data for [e.g., 7 years] to comply with tax laws. We will retain marketing consent until you withdraw it.
To expand this section: You would create a detailed data retention schedule with a table listing data types (e.g., booking records, email correspondence, CCTV footage), the purpose of retention, and the specific retention period with the legal or business justification.
7. Data Security
We implement robust technical and organizational measures to protect your personal information from unauthorized access, use, or disclosure. These measures include:
Encryption: Using SSL/TLS to encrypt data transmitted over our website.
Access Control: Limiting access to personal information to authorized employees on a need-to-know basis.
Physical Security: Securing our physical premises and data centers.
Regular Audits: Conducting regular security audits and vulnerability assessments.
To expand this section: You would provide a detailed description of the security measures, including specific technologies used, employee training procedures, and a clear explanation of how data is protected at every stage of its lifecycle.
8. International Data Transfers
If we transfer your personal information to countries outside of your home jurisdiction, we will ensure that appropriate safeguards are in place to protect your data in accordance with applicable laws. This may include using standard contractual clauses approved by the European Commission or relying on the recipient’s Privacy Shield certification.
To expand this section: You would list every country where data might be transferred and explain the specific legal mechanism used for each transfer, such as reliance on adequacy decisions, Standard Contractual Clauses, or Binding Corporate Rules.
9. Your Rights
Depending on your location and applicable law, you may have the following rights regarding your personal information:
Right of Access: To request a copy of the personal information we hold about you.
Right to Rectification: To correct any inaccurate or incomplete information.
Right to Erasure (“Right to be Forgotten”): To request the deletion of your personal information under certain circumstances.
Right to Restriction of Processing: To request that we limit the way we use your data.
Right to Data Portability: To receive your data in a structured, commonly used, and machine-readable format.
Right to Object: To object to the processing of your data for specific purposes, such as direct marketing.
Right to Withdraw Consent: To withdraw your consent at any time where our processing is based on consent.
To expand this section: You would dedicate a subsection to each right, providing a detailed explanation of what the right entails, the conditions under which it applies, and a step-by-step process for how a user can exercise that right. You would also provide a contact form or a specific email address for submitting requests.
10. Third-Party Links
Our website may contain links to third-party websites. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party sites you visit.
11. Children’s Privacy
Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children without parental consent. If we learn that we have collected information from a child without proper consent, we will take steps to delete it.
To expand this section: You would provide more detail on how the hotel verifies the age of guests and what happens if a reservation is made for a minor.
12. Cookies and Tracking Technologies
This section would be a high-level summary and would refer the user to a separate, detailed Cookie Policy. The policy would explain what cookies are, the different types used (e.g., essential, performance, targeting), and how users can manage their cookie preferences.
To expand this section: The standalone Cookie Policy would list every single cookie used on the website, its purpose, its provider, and its expiration date, along with detailed instructions on how to opt-out for each type.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the new policy on our website and updating the “Last Updated” date.