Privacy Policy

1 Introduction

Welcome to Varanasi Expedia Tour & Travels, a B2B Destination Management Company (DMC) specializing in spiritual and cultural tours across Purvanchal region. We are committed to protecting your privacy and ensuring transparency about how we handle your personal data.

Company Details
Legal Name: Varanasi Expedia Tour & Travels
GST: 09AAYFV2249J1ZB
Certifications: Tourism Board & NIDHI Certified
Address: S26/194 P-5-1S, Ghutam Vihar Colony, Meerapur, Bashi Lane No. 3, House No. 61, Varanasi-221002, UP, India
Contact: vnsexpedia@gmail.com | vnsexpedia@gmail.com | +91 87378 42004

Scope of This Policy

This Privacy Policy applies to:

Our website (www.varanasiexpedia.com) and its subdomains
Booking and reservation systems
B2B partnerships and agreements
Email communications and customer support
Mobile applications (if any)
Third-party platforms where we operate

Your Consent: By accessing our website, making a booking, or engaging with Varanasi Expedia, you consent to the collection and processing of your personal data as described in this policy. If you do not agree, please discontinue access.

2 Information We Collect

We collect various categories of information to provide our services effectively. Here's a detailed breakdown:

A. Personal Information (You Provide Directly)

Contact Information +

Full name, email address, phone number (mobile & landline), mailing address, preferred contact method. Used for tour confirmations, updates, and customer support.

Booking Details +

Travel dates, number of travelers, tour preferences, accommodations, special requests, dietary restrictions, physical limitations. Ensures personalized tour experiences.

Payment Information +

Credit/debit card details (processed via secure payment gateways), billing address, transaction history, invoice details. Never stored on our servers—handled by PCI-compliant processors.

Sensitive Personal Data +

Collected only with explicit consent: Religious affiliation (for pilgrimage tours), medical conditions (allergies, mobility issues), family status (children, elderly care needs), passport details (for international tours). Processed with utmost confidentiality.

B2B Partner Data +

Company information, contact persons, business registration details, tax ID, bank details, partnership contracts. Collected for B2B agreements, invoicing, and commission management.

B. Automatically Collected Information

Device & Browser

IP address, browser type, OS, device model, screen resolution, browser language

Usage Data

Pages visited, time spent, clicks, form submissions, search queries, scroll depth

Location Data

Approximate location via IP geolocation (with consent), GPS data if location services enabled

Communication Data

Email timestamps, message content, support chat logs, voice call records (with consent)

C. Cookie and Tracking Technologies

We use cookies and similar technologies (pixels, web beacons) to enhance user experience. See Section 9 for detailed cookie information.

3 How We Use Your Information

We use collected data for legitimate purposes aligned with providing excellent tour services and improving our operations:

Service Delivery

Process bookings, confirm reservations, arrange accommodations, transportation, guides, and deliver tour experiences

Communication

Send confirmations, updates, itineraries, pre-tour briefings, post-tour feedback requests, newsletters (opt-out available)

B2B Management

Manage partner accounts, process commissions, generate invoices, audit partnerships

Payment Processing

Process transactions, issue receipts, manage refunds, prevent fraud

Marketing & Offers

Personalized tour recommendations, seasonal offers, promotions (opt-out available via email footer)

Website Improvement

Analyze user behavior, optimize website performance, improve user experience

Legal Compliance

Comply with GST requirements, tax regulations, booking cancellation laws, dispute resolution

Personalization

Tailor recommendations based on past bookings, preferences, interests

Feedback & Reviews

Collect testimonials, ratings, suggestions for service improvement

Security & Fraud

Detect unauthorized access, prevent fraud, investigate security incidents

Marketing Opt-Out: You can unsubscribe from marketing emails anytime by clicking "Unsubscribe" at the bottom of any email or by contacting us directly.

4 Legal Basis for Processing (GDPR-Style)

Under GDPR principles, we process your data based on one or more of the following legal grounds:

Legal Basis	When Applied	Examples
Contract	Necessary to fulfill booking agreements	Processing booking details, sending confirmations, delivering tours
Legitimate Interests	Our business interests don't override your rights	Website analytics, fraud prevention, service improvements
Explicit Consent	You've clearly agreed	Marketing emails, sensitive data (medical, religious), cookies
Legal Obligation	Required by law or regulation	GST compliance, tax filings, legal disputes

You have the right to withdraw consent at any time. However, withdrawal doesn't affect the lawfulness of past processing.

5 How We Share Your Data

We share data only when necessary and with trusted partners bound by confidentiality agreements:

Service Providers +

Hotels, resorts, transportation companies, restaurant chains, tour guides, activity organizers. Share only necessary information (name, dates, preferences, contact) to deliver your tour.

B2B Agents & Partners +

Travel agencies, corporate clients, affiliated DMCs. Share commissions, booking references, aggregate data. Partners sign NDAs.

Government & Legal Authorities +

Only when legally required (subpoena, court order, GST audits, law enforcement). Never voluntarily disclosed.

Business Transfers +

If Varanasi Expedia merges, sells assets, or undergoes bankruptcy, data may transfer to acquirer under same privacy obligations.

Analytics & Aggregation +

Google Analytics, matomo, or similar tools receive anonymized/aggregated usage data. Cannot identify individuals.

With Your Consent +

Reviews/testimonials shared publicly (with permission), referral programs, third-party platforms only with explicit agreement.

Data Sale Policy: We NEVER sell your personal data to third parties. Period. Your privacy is not a commodity.

6 Security of Your Data

We implement comprehensive security measures to protect your data from unauthorized access, loss, or misuse:

SSL Encryption

256-bit encryption for all data in transit. Website URL starts with 'https://'.

Secure Servers

Hosted on protected servers with firewalls, intrusion detection, regular updates

Access Controls

Only authorized staff access personal data. Role-based permissions, need-to-know basis.

Multi-Factor Auth

MFA for staff accounts, optional for customer accounts

Regular Backups

Daily backups stored securely for disaster recovery

Breach Monitoring

Continuous monitoring for suspicious activity and unauthorized access attempts

Your Responsibility

Use strong, unique passwords for your account
Don't share login credentials with anyone
Log out after accessing your account
Report suspicious activity immediately
Keep your contact information updated
Use secure Wi-Fi when accessing your account

Breach Notification: In the unlikely event of a data breach, we will notify affected individuals within 72 hours and cooperate with authorities as required by law.

7 How Long We Keep Your Data

We retain data only as long as necessary for the purpose collected, or as required by law:

Data Category	Retention Period	Reason
Active Customer Bookings	6 years	GST compliance, tax filings, dispute resolution, repeat booking history
B2B Partner Records	7 years	Contract evidence, commission audits, regulatory compliance
Marketing Data (Opt-in)	Until unsubscribe	Newsletter engagement, promotional updates
Website Analytics	6-24 months	Trend analysis, performance insights (anonymized after 6 months)
Legal/Compliance Records	7-10 years	Tax audits, dispute evidence, regulatory requirements
Payment Records	6 years	Financial audits, refund processing, fraud investigation
Support Chat/Email	2 years	Customer service reference, dispute evidence

Timeline of Data Deletion

Upon Request

Submit a data deletion request. We'll initiate the process within 30 days where legally permissible.

After Retention Period

Once retention period expires, data is automatically deleted via secure shredding or anonymization.

Unsubscribe (Marketing)

Immediately removed from marketing lists. May retain basic contact info for booking history.

Note: Some data may be retained longer if required by Indian tax law, GST regulations, or if deletion conflicts with legal obligations.

8 Your Data Rights

You have several rights regarding your personal data. Here's how to exercise them:

Right to Access +

What: Obtain a copy of all personal data we hold about you.
How: Email vnsexpedia@gmail.com with subject "Data Access Request".
Timeline: We'll respond within 30 days with a detailed report.

Right to Rectify +

What: Correct inaccurate or incomplete personal data.
How: Update via your account portal or email vnsexpedia@gmail.com with corrections.
Timeline: Corrected within 7-10 business days.

Right to Delete (Right to Be Forgotten) +

What: Request deletion of your personal data.
Limitations: Deletion may be refused if data is needed for legal/tax compliance.
How: Email vnsexpedia@gmail.com with subject "Data Deletion Request".
Timeline: 30 days, with explanation if we cannot comply.

Right to Restrict Processing +

What: Ask us to limit how we use your data (e.g., no marketing).
How: Email vnsexpedia@gmail.com with specific restrictions.
Effect: We'll pause processing except where legally required.

Right to Object +

What: Object to certain types of processing (especially marketing, profiling).
How: Click "Unsubscribe" in emails, or email vnsexpedia@gmail.com.
Timeline: Honored immediately for marketing; 30 days for other processing.

Right to Data Portability +

What: Receive your data in machine-readable format (CSV, JSON) and transfer to another service.
How: Email vnsexpedia@gmail.com with subject "Data Portability Request".
Timeline: 30 days, provided in common format.

Right to Withdraw Consent +

What: Withdraw consent for specific processing (e.g., marketing emails, cookies).
How: Adjust settings, unsubscribe, or email vnsexpedia@gmail.com.
Effect: Immediate; past processing remains legal.

Right to File a Complaint +

What: Escalate privacy concerns to data protection authorities if unsatisfied with our response.
How: Contact the Data Protection Authority of India or your country's privacy regulator.
Timeline: Authorities will investigate independently.

How to Exercise Your Rights

Email Submission +

Send to: vnsexpedia@gmail.com

Include in Subject Line: Type of request (Data Access, Deletion, Rectification, etc.)

Provide: Your full name, email used for booking, specific details of your request, and proof of identity (government ID copy or booking confirmation)

Phone Request +

Call: +91 87378 42004 (Mon-Sun, 9 AM - 9 PM IST)

Request: "I'd like to submit a data rights request"

We'll: Record your request and send confirmation email within 24 hours

Mailed Request +

Address: Varanasi Expedia Tour & Travels, S26/194 P-5-1S, Ghutam Vihar Colony, Meerapur, Varanasi-221002, UP, India

Mark Envelope: "Data Protection Officer - Privacy Request"

Timeline: 45 days from receipt (accounting for postal delays)

Our Commitment: We aim to respond to all requests within 30 days. If your request is complex, we may extend by 60 days and keep you informed.

9 Cookies & Tracking Policy

What Are Cookies?

Cookies are small text files stored on your device that help websites remember your preferences and track your activity. They're essential for websites to function properly.

Types of Cookies We Use

Cookie Type	Purpose	Duration	Can Disable?
Essential/Necessary	Session login, security, site functionality, booking checkout	Session (deleted when you close browser)	No (site won't work)
Analytics	Google Analytics - track user behavior, page views, bounce rate, traffic sources	2 years	Yes (via Cookie Settings)
Functionality	Remember preferences (language, layout, theme), saved items	1 year	Yes
Marketing/Advertising	Retargeting ads, personalized recommendations, social media integration	1 year	Yes

Detailed Cookie List

Cookie Name	Type	Purpose	Duration	Provider
PHPSESSID	Essential	Maintains user session and login state	Session	Varanasi Expedia
booking_cart	Essential	Stores items in booking cart	Session	Varanasi Expedia
_ga	Analytics	Google Analytics - tracks unique visitors	2 years	Google Analytics
_gat	Analytics	Google Analytics - throttles request rate	1 minute	Google Analytics
user_preferences	Functionality	Saves language, theme, layout preferences	1 year	Varanasi Expedia
fb_pixel_id	Marketing	Facebook retargeting pixel	1 year	Facebook
Instagram_id	Marketing	Instagram integration and tracking	1 year	Instagram/Meta

Managing Your Cookies

Cookie Settings (Our Tool) +

Click the "Cookie Settings" button in our footer to customize which cookies you accept. Changes apply immediately.

Browser Settings +

Chrome: Settings > Privacy and Security > Cookies > Block All

Firefox: Preferences > Privacy > Cookies > Block All

Safari: Preferences > Privacy > Block All Cookies

Edge: Settings > Privacy > Cookies > Block All

Note: Blocking all cookies may break website functionality.

Third-Party Opt-Outs +

Google Analytics: Install Google Analytics Opt-Out Extension

Facebook: Visit your Ad Preferences to control targeting

Network Advertising Initiative: NAI Opt-Out Tool

Do Not Track (DNT) +

Most browsers offer a "Do Not Track" (DNT) setting that signals your preference to websites. While we respect this preference, there's no universal standard for compliance. We'll honor DNT signals where technically feasible, but tracking may still occur via third-party partners.

Consent Management: When you first visit our site, a cookie banner appears. Accepting "Accept All" enables all cookies. Choose "Customize" to select specific types. You can change your preferences anytime via the Cookie Settings button.

10 Third-Party Links & Integrations

Our website contains links to third-party partners and integrations. We are not responsible for their privacy practices.

External Site Disclaimer: When you leave our website via external links, you're no longer protected by our privacy policy. Read their privacy policies carefully before sharing your data.

Third-Party Partners & Integrations

Payment Gateways +

Razorpay: PCI-DSS Level 1 compliant processor. Privacy Policy

PayU: Secure online payments. Privacy Policy

Credit Card Networks: Visa, Mastercard, American Express (handled securely, never stored on our servers)

Analytics +

Google Analytics: Analyzes website traffic, user behavior. Google Privacy Policy

Matomo (optional): Open-source analytics alternative. Privacy-friendly, EU-hosted.

Social Media +

Facebook/Meta: Social login, pixel tracking, ads. Privacy Policy

Instagram: Photo sharing, feed integration. Privacy Policy

Twitter/X: Share buttons, follow integration. Privacy Policy

Email Marketing +

Mailchimp: Newsletter provider. Privacy Policy

SendGrid (optional): Transactional email service. Privacy Policy

Cloud Hosting +

AWS/Azure/DigitalOcean: Website and database hosting. Data centers may be located in multiple countries. See their privacy policies for details.

Note: We regularly audit third-party partners for security and compliance. We sign Data Protection Addendums (DPA) requiring them to handle data securely.

11 Children's Data Protection

Varanasi Expedia tours are designed for adults (18+). We take children's privacy seriously:

Age Requirement: Our website and services are not directed at children under 18. If you're booking travel for minors, you must be a parent or legal guardian.
Parental Consent: For minors traveling, we require explicit parental/guardian consent. Parents must authorize data processing via signed declaration or email confirmation.
Limited Data Collection: For children, we collect only essential information: name, age, dietary restrictions, emergency contact, health conditions (with parental consent).
No Profiling: We do not profile or target children with marketing or personalized ads.
Immediate Deletion: If we discover we've collected data from a child without parental consent, we'll delete it immediately. Contact us if this occurs.
Parental Rights: Parents can request access to their child's data or request deletion at any time.

If You're Under 18: Please do not submit personal information. Ask a parent or guardian to help with bookings and provide their contact details.

12 International Data Transfers

Varanasi Expedia is based in India. However, your data may be accessed or transferred internationally for tour services:

Where Your Data Goes

India (Primary): Website servers, booking systems, customer support
Nepal: Lumbini, Kathmandu tours involve Nepalese tour operators and hotels
Other Countries: International payment processors, cloud hosting providers (US-based), analytics servers

Safeguards for International Transfers

Standard Contractual Clauses (SCC)

EU-approved legal framework for data transfers outside EU/India, requiring adequate protection

Consent

You expressly consent to international transfers for tour delivery when making bookings

Data Minimization

We transfer only essential data necessary for tour delivery, nothing more

Confidentiality Agreements

All overseas partners sign NDAs and commit to data protection standards

Your Rights: You have the right to object to international transfers. However, this may prevent us from delivering tours in certain destinations.

13 Changes to This Privacy Policy

We may update this policy to reflect operational changes, legal updates, or improved practices. Here's how we handle changes:

Minor Changes

Clarifications, typo fixes, formatting improvements
Updated contact information, website links
Action: We update the "Last Updated" date. No notification required.

Major Changes

New data collection practices, expanded data sharing, changes to your rights
Significant security changes, retention period changes
Action: We notify you 30 days in advance via email, website banner, and in-app notification. Your continued use constitutes acceptance.

Version History

December 15, 2024

v2.1 - Current Version - Added Cookies Policy Section 9, expanded Kids Data section, international transfers clarified

November 1, 2024

v2.0 - Comprehensive policy overhaul; added GDPR-style legal basis, expanded rights section

January 2024

v1.0 - Policy initial publication

Stay Informed: Subscribe to policy updates by opting in to "Policy Update Notifications" in your account settings. Unsubscribe anytime.

14 Contact Us

Questions about our privacy practices? We're here to help. Reach out using any of these methods:

Email +

Privacy Officer: vnsexpedia@gmail.com

General Inquiries: vnsexpedia@gmail.com

B2B Partnerships: vnsexpedia@gmail.com

Response Time: 48 hours acknowledgment; detailed response within 30 days

Phone +

Main Line: +91 87378 42004

Toll-Free (optional): +91 91295 42004

Hours: 9 AM - 9 PM, Monday to Sunday (IST)

Say: "I have a privacy question" to be directed to the right department

Mailing Address +

Varanasi Expedia Tour & Travels
S26/194 P-5-1S, Ghutam Vihar Colony, Meerapur
Bashi Lane No. 3, House No. 61
Varanasi-221002, Uttar Pradesh, India

Mark Envelope: "Attention: Data Protection Officer"

Response Time: 45 days (accounting for postal delays)

Website Contact Form +

Use the contact form on our website homepage. Select "Privacy Inquiry" from the subject dropdown.

Response Time: We'll send a confirmation email within 24 hours and detailed response within 30 days.

Data Protection Authority Contacts (If Escalation Needed)

Authority	Country	Contact
Data Protection Authority (Draft)	India	https://meity.gov.in (under DPDP Act 2023)
Information Commissioner's Office (ICO)	UK	https://ico.org.uk/make-a-complaint/
Federal Data Protection Authority (FDPIC)	Switzerland	https://www.fedpol.admin.ch/
CNIL	France	https://www.cnil.fr/en/you-have-rights

Our Commitment: We take every privacy inquiry seriously and will actively work toward a resolution that respects your rights and our obligations.