INTRODUCTION
This Privacy (“Policy”) applies to the securing and processing of personal data by Riya Travel & Tours Inc. (hereinafter “Riya Travel”) in connection with personal data provided by any person (“User”) who has purchased or intends to purchase or inquiries about any product(s) or service(s) made by Riya Travel through any of Riya Travel’s interface channels including website, mobile site and mobile app (collectively referred herein as “Sales Channels”).
For the purpose of Privacy Policy:
By accessing or using the website or any other sales channel, the User agrees with the term of the Privacy Policy and the contents herein. If you disagree with the Privacy Policy, please do not access or use our website or any other Sales Channels.
This privacy policy does not apply to any third party website(s), mobile site(s) and mobile app(s). Users are requested to take note that information and privacy practices of Riya Travel’s business partners, advertisers, sponsors or other sites to which Riya Travel provides hyperlink(s), may be different from this privacy policy, Hence, it is recommended that you review the privacy policy of any such third parties before you interact.
Your privacy is important to us and we recognize that the use and disclosure of personal data has important implications for us and for the users whose personal data we process.
PURPOSE OF THIS POLICY
We respect your need to understand how and why information is being collected, used, disclosed, transferred and stored. Thus we have developed this Policy to familiarize you with our practices. This policy sets out the way in which we process your information when you use our Website or other digital platforms in accordance with applicable data protection laws. It is important that you read this policy together with any other policies we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This policy supplements the other notices and is not intended to override them.
DEFINING CONTROLLER & PROCESSOR OF PERSONAL DATA
A “Controller” is a person or organization who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This notice is issued on behalf of Riya Travel as controller.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
As the circumstances warrant Riya Travel may be Controller or Processor of your personal data.
TYPE OF PERSONAL DATA WE COLLECT
Personal data includes any information about any user from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data).
You may be asked for personal data anytime you are in contact with Riya Travel directly or indirectly through a third party.
We collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this policy.
We do not collect any special categories of personal data about you through our Website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, data on or about children). Nor do we collect any information about criminal convictions and offences.
We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this Notice:
MODES OF COLLECTING PERSONAL DATA
The only way we will get any kind of personal data is if you choose to give it to us in the following circumstances:
Direct Interactions
Cookies & other technologies
Third parties or publicly available sources:
GROUNDS FOR PROCESSING OF DATA
When you use our Website we will use your personal data in the following circumstances:
(a) “performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;
(b) “legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
(c) “legitimate interests”: where necessary for our interests provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest, to monitor how you are using our Website or client portals to ensure that the security of our Website or client portals or systems is maintained. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and
(d) “consent”: We rely on consent as a legal basis for processing your personal data in relation to sending direct marketing communications to you via email or text message.
We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
USE OF PERSONAL DATA
We will only process (i.e. use) your personal data when the law allows us to, that is, when we have a legal basis for processing. We generally use the information to establish and enhance our relationship with our users for the following purposes:
While you make a booking:
We may also use your Personal Information for several reasons including but not limited to:
We may share your personal data to third parties for reasons cited below but not limited to:
We may use your personal information for Marketing Promotions, Research and other programs
COLLECTION AND USE OF NON-PERSONAL DATA
Non-personal data is data which can never be used to identify an individual. We may collect information regarding customer activities on our various portals. This aggregated information is used in research, analysis, to improve and monitor products and for various promotional schemes. It may be shared in aggregated, non-personal form with third party to enhance customer experience, products offering or services.
COOKIES AND OTHER TECHNOLOGIES
We use cookies and other technologies to enhance your experience when you use our Website. To that effect, we have developed a cookie policy to familiarize you with our practices. You can access the cookie policy.
LINKS
For your convenience, our Website provides links to other sites. When you click on one of these links, you are leaving our Website and entering another site. We are not responsible for such third party sites. You should carefully review the privacy statements of any other sites you visit, because those privacy statements will apply to your visit to such other sites.
WITH WHOM YOUR PERSONAL DATA IS SHARED
Group Companies (Companies in the same group):
In the interests of improving personalization and service efficiency, we may, under controlled and secure circumstances, share your Personal Information with our affiliate or associate entities. If the assets of Riya Travel are acquired, our customer information may also be transferred to the acquirer depending upon the nature of such acquisition. In addition, as part of business expansion/development/restructuring or for any other reason whatsoever, if we decide to sell/transfer/assign our business, any part thereof, any of our subsidiaries or any business units, then as part of such restructuring exercise customer information including the Personal Information collected herein shall be transferred accordingly.
Service Providers and suppliers:
Your information shall be shared with the end service providers like airlines, hotels, visa consulates, bus service providers, cab rental, railways or any other suppliers who are responsible for fulfilling your booking. You may note that while making a booking with Riya Travel you authorize us and consent to share your information with the said service providers and suppliers. It is pertinent to note that Riya Travel does not authorize the end service provider to use your information for any other purpose(s) except as for fulfilling their part of service.
Riya Travel does not sell or rent individual customer names or other Personal Information of Users to third parties except sharing of such information with our business/alliance partners or vendors who are engaged by us for providing various services and for sharing promotional and other benefits to our customers from time to time basis their booking history with us.
Third Party Vendors and Business Partners:
We may also share certain filtered Personal Information to our corporate affiliates or business partners who may contact the customers to offer certain products or services, which may include free or paid products / services, which will enable the customer to have better travel experience or to avail certain benefits specially made for Riya Travel customers. Examples of such partners are entities offering savings/EMI on travel, co-branded credit cards, travel insurance, insurance cover against loss of wallet, banking cards or similar sensitive information etc. If you choose to avail any such services offered by our business partners, the services so availed will be governed by the privacy policy of the respective service provider.
Riya Travel may share your Personal Information to third party that Riya Travel may engage to perform certain tasks on its behalf, including but not limited to payment processing, data hosting, and data processing platforms.
We may provide non personal data based on this data to suppliers, advertisers, affiliates and other current and potential business partners. We may also use such aggregate data to inform these third parties as to the number of people who have seen and clicked on links to their websites.
Occasionally, Riya Travel will hire a third party for market research, surveys etc. and will provide information to these third parties specifically for use in connection with these projects. The information (including aggregate cookie and tracking information) we provide to such third parties, alliance partners, or vendors are protected by confidentiality agreements and such information is to be used solely for completing the specific project, and in compliance with the applicable regulations.
DISCLOSURE OF INFORMATION
Where required, we will (subject to our professional obligations and any terms of business which we may enter into with you) disclose your personal data to:
INTERNATIONAL TRANSFER
Due to the multinational character of Riya Travel, some of the affiliated companies and other recipients may be located in countries (including the United States) that do not provide a level of data protection equivalent to that set forth by the law in your home country. Riya Travel will take steps to make sure that such recipients act in accordance with applicable law and provide an adequate level of protection for your personal data including appropriate technical and organizational security measures, also through implementation of appropriate contractual measures to secure such transfer, in compliance with the applicable law.
USER GENERATED CONTENT
Riya Travel provides an option to its users to post their experiences by way of reviews, blog articles, ratings and general poll questions. The customers also have an option to give their feedback or ask questions w.r.t a service offered by Riya Travel or post answers to questions raised by other users. Riya Travel may also engage a third party to contact you and gather your feedback about your recent booking with Riya Travel. Though the participation in the feedback process is purely optional, you may still receive emails, notifications (app, SMS, WhatsApp or any other messaging service) for you to share your review(s). These reviews may be written (with or without images) or in video format. The reviews written or posted will be visible on Riya Travel and may also be visible on other travel or travel related platforms. The User Generated Content that Riya Travel collects may be of the following kinds:
Each User who posts review or ratings, Q&A, photographs shall have a profile, which other Users will be able to access. Other Users may be able to view the number of trips, reviews written, questions asked and answered and photographs posted
Each User shall be diligent and take due care to ensure that the views expressed by you on the social media platform or Riya Travel website is not derogatory or oppose to law, public policy, morality, religion, caste, creed, color, sex, race, culture, ethics, customs, traditions, decency, good conscience, third party intellectual property etc. By uploading pictures, views, images, contents, visuals, audios, experiences etc. on the social media platform or Riya Travel website, you consent to Riya Travel to use, reproduce, copy, upload pictures, views, look and feel, images, contents, visuals, audios, experiences etc. in any manner, as may deem fit by Riya Travel, without any responsibility, liability, compensation or cost due to you or any third party, on the part of Riya Travel. Riya Travel hereby disclaims all or any disputes, responsibilities, liabilities, litigations, costs, expenses, compensations etc., arising with respect to or in connection with the use, reproduction, copying, uploading of pictures, views, look and feel, images, contents, visuals, audios, experiences etc. contributed, shared, expressed by you, or on your behalf and/or otherwise to any third party.
PERMISSIONS REQUIRED FOR USING OUR MOBILE APPLICATIONS
When the Riya Travel app is installed on your phone a list of permissions will appear and are needed for the smooth functioning of the application. The permissions that Riya Travel requires and the data that shall be accessed and its use are as below:
Android permissions:
Location: This permission enables us to give you the nearest branch details from your location in case you require any physical assistance with regards to any travel query.
SMS: If you allow us to access your SMS, we can send you SMS related to ‘OTP’ and send holiday package details to your mobile number.
Phone: The app requires access to make phone calls so that you can make phone calls to our customer contact centers directly through the app.
Contacts: If you allow us to access your contacts, it enables us to provide a lot of social features to you such as sharing holiday packages with your friends, etc.
Photo / Media / Files: The libraries in the app use these permissions to save and cache images and document data for your ease and faster use of the app while you browse with us the next time. By saving image and document data locally, your phone doesn't need to re-download the same every time you use the app.
IOS Permissions:
Notifications: If you opt in for notifications, it enables us to send across exclusive deals, promotional offers, travel related updates, etc.on your device.
INFORMATION PROTECTION AND SECURITY
Taking into account the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing, including:
We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities in when processing personal data.
To protect your personal data and prevent unauthorized access, we have put in place appropriate security measures and certifications. We have SSL site and user should use it to protect the information transmission while transacting online.
We require any third parties processing your information to do the implement the same levels of protection with respect to your data.
While no system is full-proof, including ours, we will continue using internet security procedures to ensure your data remains safe with us. By opening, browsing, using this site for transactions or storing any data/information, you agree to comply with the latest revised privacy notice in effect at such time. If you use some social networking or other service which maintains your information, it is governed by their terms of use and privacy notice.
DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes, for example, the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defense of legal claims.
We will retain your personal data in our databases in accordance with our document management, retention and destruction policy and applicable laws. This period may extend beyond the end of your relationship with us, but it will be only as long as it is necessary for us to have sufficient information to respond to any issues that may arise later. For example, we may need or be required to retain information to allow you to obtain credit for trip you purchased but had to cancel. We may also need the retain certain information to prevent fraudulent activity; to protect ourselves against liability, permit us to pursue available remedies or limit any damages that we may sustain; or if we believe in good faith that a law, regulation, rule or guideline requires it.
In some circumstances we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
CHANGES TO THE POLICY
We reserve the right to update or change this Policy at any time, and we will provide you with the updated policy when we make any substantial updates at the earliest either through email or by providing a prominent notice of change on our Website. You should check the policy periodically. Your continued use of our Website after we post any modifications to the policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified notice.
YOUR RIGHTS
Under certain circumstances, you have rights under applicable data protection laws in relation to your personal data. It is our policy to respect your rights and we will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights under General Data Protection Regulation (GDPR) are set out below:
You may exercise any of the above-mentioned rights by sending a request to support@riya.travel. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Additionally, in case you have any questions, comments or concerns about this Policy, you may contact infosec@riya.travel
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
COMPLAINTS
If you have any complaint about how we have handled a Subject Access Request, please let us know and we will try to fix it. You can email the Data Protection Officer (DPO) at infosec@riya.travel. If you are dissatisfied with handling of any privacy complaints, if you do not receive timely acknowledgement of your complaint, or your complaint is not satisfactorily addressed please contact our team at custrelations@riya.travelIf you have any complaint about how we have handled a Subject Access Request, please let us know and we will try to fix it. You can email the Data Protection Officer (DPO) at infosec@riya.travel. If you are dissatisfied with handling of any privacy complaints, if you do not receive timely acknowledgement of your complaint, or your complaint is not satisfactorily addressed please contact our team at custrelations@riya.travel
FURTHER INFORMATION
If you have any questions about this privacy notice or questions or complaints about the processing of your personal data by Riya Travels, please contact:
Data Protection Officer
Corporate Office
M/1, Leela Business Park, Andheri-Kurla Road, Andheri East, Mumbai, Maharashtra, India Pin Code - 400 059
Email: infosec@riya.travel