Privacy Policy | Your Data, Our Responsibility

Musafirbaba ("we," "us," "our," or "Company") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our website (https://musafirbaba.com/), book our travel services, or interact with us.

By using our website or services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy. If you do not agree with this policy, please do not use our services.

1. Information We Collect

We collect various types of personal information to provide and improve our travel services. The information we collect includes:

1.1 Personal Identification Information

Basic Information:

Full name (as per government-issued ID)
Date of birth
Gender
Age
Nationality
Marital status

Contact Information:

Email address
Phone number (mobile and alternate)
Residential address
City, state, and postal code
Emergency contact details

Government-Issued Identification:

Passport number and details (for international travel)
Passport expiry date and place of issue
Visa information
Aadhaar number (if required)
PAN card details (for tax purposes, if applicable)
Voter ID, driving license, or other ID proof
Photographs (for visa applications and documentation)

1.2 Travel-Related Information

Travel preferences and interests
Departure and destination details
Travel dates and itinerary
Accommodation preferences
Meal preferences and dietary restrictions
Special assistance requirements (wheelchair, medical needs)
Previous travel history with us
Booking and reservation details
Travel insurance information
Frequent flyer numbers and loyalty program details

1.3 Financial Information

Credit/debit card information (collected securely through payment gateways)
Bank account details (for refunds)
Billing address
Transaction history
Payment method preferences
GST details (for businesses)
Tax information (if applicable)

Note: We do not store complete credit card details on our servers. Payment information is processed through secure, PCI-DSS compliant payment gateways.

1.4 Health and Medical Information

Medical conditions that may affect travel
Disability or accessibility requirements
Vaccination records (when required for travel)
Travel insurance medical declarations
Dietary restrictions due to medical reasons
Emergency medical contact information

Note: We collect this information only when necessary for service delivery and with your explicit consent.

1.5 Technical and Usage Information

Device Information:

IP address
Browser type and version
Operating system
Device type (mobile, tablet, desktop)
Screen resolution
Time zone settings

Usage Data:

Pages visited on our website
Time spent on pages
Links clicked
Search queries
Booking patterns and behavior
Referral sources
Date and time of visits
Cookie data

1.6 Communication Data

Emails exchanged with us
Phone call recordings (for quality and training purposes)
Chat transcripts
Feedback and reviews
Survey responses
Social media interactions
Customer service correspondence

1.7 Location Information

GPS location (if you enable location services)
Location inferred from IP address
Travel destination preferences
Current city/country of residence

1.8 Social Media Information

If you connect or log in through social media accounts:

Profile information
Friends list (with your permission)
Email address
Profile picture
Any other information you permit the social media platform to share

1.9 Information About Other Travelers

When you make bookings on behalf of other travelers (family, friends, colleagues):

Their personal identification information
Travel documents
Contact details
Special requirements

Important: By providing information about other individuals, you confirm that you have their consent to share their personal data with us and that they understand how their information will be used.

2. How We Collect Your Information

2.1 Information You Provide Directly

Through Our Website:

Registration and account creation
Booking forms and reservations
Contact forms and inquiries
Newsletter subscriptions
Customer support requests
Feedback and review submissions

Through Other Channels:

Phone calls and WhatsApp conversations
Email correspondence
In-person visits to our office
Social media messages
Partner referrals
Travel documents submitted for visa processing

2.2 Automated Collection

Cookies and Similar Technologies:

Essential cookies for website functionality
Performance cookies for analytics
Functional cookies for preferences
Targeting cookies for advertising

Analytics Tools:

Google Analytics
Facebook Pixel
Other third-party analytics services

Web Beacons and Pixels:

Tracking email opens and clicks
Monitoring website behavior
Measuring advertising effectiveness

2.3 Information from Third Parties

Service Providers:

Airlines, hotels, and transport operators
Payment gateway providers
Visa processing agencies
Insurance companies
Background verification services (for employment)

Business Partners:

Marketing partners
Affiliate networks
Travel aggregators
Corporate clients

Public Sources:

Social media platforms
Public databases
Online reviews and ratings

Referrals:

Information provided by friends or family who refer you

3. Purpose of Data Collection

We collect your personal information for the following purposes:

3.1 Service Delivery

Processing and confirming bookings
Arranging travel services (flights, hotels, transport)
Providing customer support
Sending booking confirmations and travel documents
Managing itinerary changes and cancellations
Facilitating visa applications
Arranging travel insurance

3.2 Legal and Regulatory Compliance

Complying with Indian laws and regulations
Meeting government reporting requirements
Responding to legal processes and law enforcement requests
Preventing fraud and illegal activities
Verifying identity and preventing identity theft
Tax reporting and GST compliance

3.3 Communication

Sending booking confirmations and receipts
Providing travel updates and alerts
Responding to inquiries and support requests
Sending important service notifications
Emergency communications during travel

3.4 Marketing and Promotions

Sending promotional offers and deals
Newsletter distribution
Personalized marketing communications
Targeted advertising
Customer satisfaction surveys
Loyalty program benefits

3.5 Business Operations

Improving our services and website
Analyzing customer preferences and trends
Conducting market research
Training staff
Quality assurance
Business planning and forecasting

3.6 Security and Fraud Prevention

Detecting and preventing fraudulent transactions
Protecting against cyber attacks
Securing our systems and networks
Monitoring for suspicious activities
Verifying payment authenticity

4. How We Use Your Information

4.1 Booking and Service Fulfillment

We use your information to:

Process and confirm your travel bookings
Coordinate with airlines, hotels, transport operators, and other service providers
Issue tickets, vouchers, and travel documents
Arrange special requests (meals, accessibility, celebrations)
Provide 24/7 travel support
Handle modifications, cancellations, and refunds
Maintain booking records for future reference

4.2 Communication and Updates

We use your contact information to:

Send booking confirmations via email and SMS
Provide e-tickets and travel vouchers
Share pre-departure information and travel tips
Send travel alerts (flight delays, weather warnings, destination updates)
Notify about itinerary changes
Provide emergency assistance information
Follow up on your travel experience
Request feedback and reviews

4.3 Personalization

We use your data to:

Recommend destinations based on your preferences
Suggest relevant tour packages
Customize your browsing experience
Remember your preferences for future bookings
Provide personalized offers and discounts
Create customized itineraries

4.4 Marketing and Promotional Activities

With your consent, we use your information to:

Send promotional emails about special offers
Share seasonal deals and discounts
Notify about new tour packages and destinations
Send birthday and anniversary greetings with special offers
Invite to exclusive events and webinars
Display targeted advertisements on social media and other platforms
Conduct customer surveys and feedback requests

You can opt out of marketing communications at any time (see Section 11).

4.5 Analytics and Improvement

We analyze your data to:

Understand customer behavior and preferences
Improve website functionality and user experience
Optimize our tour packages and services
Identify popular destinations and trends
Measure marketing campaign effectiveness
Enhance customer service quality
Develop new products and services

4.6 Legal and Compliance

We use your information to:

Comply with legal obligations under Indian law
Respond to government and regulatory requests
Cooperate with law enforcement agencies
Enforce our terms and conditions
Protect our legal rights and interests
Prevent, detect, and investigate fraud
Resolve disputes and conflicts

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

5.1 Contractual Necessity

Processing is necessary to fulfill our contract with you (booking agreement). This includes:

Providing travel services you've booked
Processing payments
Delivering travel documents
Providing customer support

5.2 Legal Obligation

Processing is required to comply with legal obligations under:

Indian Information Technology Act, 2000
Income Tax Act (for financial records)
Foreign Exchange Management Act (for international travel)
Anti-Money Laundering laws
Consumer Protection Act
Other applicable Indian laws and regulations

5.3 Legitimate Interest

Processing is necessary for our legitimate business interests:

Fraud prevention and security
Improving our services
Direct marketing (where permitted)
Business analytics and planning
Protecting our legal rights

5.4 Consent

For certain processing activities, we rely on your explicit consent:

Marketing communications
Use of cookies (non-essential)
Sharing data with third parties for marketing
Processing sensitive personal information (health data)
Social media integrations

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6. Information Sharing and Disclosure

6.1 Third-Party Service Providers

We share your information with trusted third-party service providers who assist us in delivering our services:

Travel Service Providers:

Airlines (domestic and international)
Hotels, resorts, and accommodation providers
Bus, train, and car rental companies
Tour operators and local guides
Activity and sightseeing providers
Cruise lines
Travel insurance companies

Business Service Providers:

Payment gateway providers (Razorpay, PayU, CCAvenue, etc.)
Visa processing agencies and embassies/consulates
Background verification agencies
Customer relationship management (CRM) platforms
Email marketing services
SMS gateway providers
Cloud storage providers
IT infrastructure and security providers
Call center and customer support services

Marketing Partners:

Digital advertising platforms (Google Ads, Facebook Ads)
Analytics providers (Google Analytics)
Affiliate marketing networks
Social media platforms

Professional Advisors:

Legal counsel
Accountants and auditors
Business consultants
Insurance advisors

These service providers are contractually obligated to:

Use your information only for specified purposes
Maintain confidentiality and security
Comply with applicable data protection laws
Not use data for their own marketing purposes (unless explicitly permitted)

6.2 Legal and Regulatory Authorities

We may disclose your information to:

Law enforcement agencies
Courts and tribunals
Government departments and regulators
Tax authorities
Immigration and customs authorities
Consumer protection authorities

Disclosure occurs when:

Required by law or legal process
Necessary to protect our legal rights
Needed to prevent fraud or illegal activities
Required for public safety or national security
Mandated by court orders or subpoenas

6.3 Corporate Transactions

In the event of:

Merger, acquisition, or sale of business assets
Corporate restructuring or reorganization
Bankruptcy or insolvency proceedings

Your information may be transferred to the successor entity, subject to confidentiality obligations and continuation of privacy protections.

6.4 With Your Consent

We may share your information with other parties when you provide explicit consent, such as:

Sharing travel experiences on social media
Testimonials and reviews (with attribution)
Referral programs
Co-branded marketing initiatives

6.5 Aggregated and Anonymized Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you:

Industry reports and statistics
Market research
Business intelligence
Academic research
Public presentations

This data does not constitute personal information and is not subject to this Privacy Policy.

6.6 Important Safeguards

We do NOT:

Sell your personal information to third parties
Share your data with unrelated third parties for their marketing purposes without consent
Disclose sensitive information unnecessarily
Transfer data to parties who don't provide adequate protection

7. Data Storage and Security

7.1 Where We Store Your Data

Data Location:

Primary servers located in India
Cloud storage providers with data centers in India and other jurisdictions
Backup systems in secure, geographically distributed locations

7.2 Security Measures

We implement industry-standard security measures to protect your personal information:

Technical Safeguards:

256-bit SSL/TLS encryption for data transmission
Encrypted storage for sensitive data
Secure, PCI-DSS compliant payment processing
Firewalls and intrusion detection systems
Regular security audits and vulnerability assessments
Multi-factor authentication for internal access
Secure API integrations
Regular software updates and patches

Organizational Safeguards:

Access controls and role-based permissions
Employee training on data protection
Confidentiality agreements with staff and vendors
Background verification for employees handling sensitive data
Incident response and data breach protocols
Regular security awareness programs

Physical Safeguards:

Secure office premises with access controls
CCTV surveillance
Restricted access to server rooms
Secure disposal of physical documents

7.3 Payment Security

We do NOT store complete credit card information. Payment processing is handled by:

PCI-DSS Level 1 certified payment gateways
Tokenization for recurring payments
3D Secure authentication (OTP verification)
Fraud detection and monitoring systems

7.4 Data Breach Protocol

In the unlikely event of a data breach:

We will investigate and contain the breach immediately
Affected individuals will be notified within 72 hours (as required by law)
Regulatory authorities will be informed as required
We will take corrective measures to prevent future breaches
Support will be provided to affected individuals

7.5 Limitations

While we implement robust security measures, please note:

No system is 100% secure
Internet transmission carries inherent risks
You are responsible for maintaining the confidentiality of your login credentials
We cannot guarantee absolute security of information transmitted over the internet

You should:

Use strong, unique passwords
Not share login credentials
Log out after using shared devices
Be cautious of phishing attempts
Keep your contact information updated

8. Data Retention

8.1 Retention Periods

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Typical Retention Periods:

Data Type Retention Period Reason Booking and transaction records 7-10 years Legal and tax compliance Financial records 7 years Income Tax Act requirements Communication records 3-5 years Customer service and dispute resolution Marketing data Until consent withdrawn + 2 years Marketing purposes Website analytics 26 months Google Analytics default CCTV footage 30-90 days Security purposes Account information Account lifetime + 2 years Service provision Employment records 7 years after separation Legal compliance

8.2 Deletion and Anonymization

After the retention period:

Personal data is securely deleted or anonymized
Deletion is performed using industry-standard methods
Backup copies are deleted according to backup retention policies
Anonymized data may be retained indefinitely for statistical purposes

8.3 Legal Holds

Data retention periods may be extended when:

Required by ongoing legal proceedings
Subject to regulatory investigation
Necessary for dispute resolution
Required by court order

9. Cookies and Tracking Technologies

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us:

Remember your preferences
Understand how you use our website
Improve your browsing experience
Provide relevant content and advertisements

9.2 Types of Cookies We Use

Essential Cookies (Required):

Session management
Security and authentication
Load balancing
Shopping cart functionality

Performance Cookies (Optional):

Google Analytics
Website usage statistics
Error tracking
Performance monitoring

Functional Cookies (Optional):

Language preferences
Region selection
Remembering login details
Customized content

Targeting/Advertising Cookies (Optional):

Facebook Pixel
Google Ads remarketing
Affiliate tracking
Personalized advertisements

9.3 Third-Party Cookies

We use cookies from trusted third-party services:

Google Analytics: Website traffic and behavior analysis
Facebook Pixel: Ad targeting and conversion tracking
Google Ads: Advertising and remarketing
YouTube: Embedded video content
Social Media Widgets: Sharing and engagement features

9.4 Cookie Management

You can control cookies through:

Browser Settings:

Block all cookies
Block third-party cookies only
Delete existing cookies
Get notified when cookies are set

Our Cookie Consent Tool:

Accept or reject non-essential cookies
Customize cookie preferences by category
Withdraw consent at any time

Important: Disabling cookies may affect website functionality and your user experience.

9.5 Other Tracking Technologies

Web Beacons (Pixel Tags):

Embedded in emails to track opens and clicks
Used on websites to track page visits
Help measure marketing campaign effectiveness

Local Storage:

HTML5 local storage for enhanced functionality
Stores larger amounts of data than cookies
Can be cleared through browser settings

Do Not Track (DNT) Signals: Currently, there is no industry standard for responding to DNT signals. We do not respond to DNT browser settings but provide cookie management tools.

10. Third-Party Links and Services

10.1 External Websites

Our website may contain links to third-party websites:

Partner hotel booking sites
Airline websites
Tourist attraction websites
Social media platforms
Payment gateway sites
Review platforms

Important: We are not responsible for:

Privacy practices of external websites
Content on third-party sites
Security of third-party platforms
Data handling by external services

We recommend: Review the privacy policies of any third-party websites you visit.

10.2 Social Media Integration

Social Media Plugins:

Facebook Like and Share buttons
Instagram feeds
Twitter embeds
YouTube videos
WhatsApp sharing

When you interact with these features:

The social media platform may collect information about you
Your activity may be visible to your social media connections
Platform privacy policies and terms apply

Third-party social media platforms may:

Set cookies on your device
Track your browsing behavior across websites
Use your data for their own purposes

10.3 Third-Party Services

We integrate various third-party services:

Google Maps: Location services and directions
Payment Gateways: Secure payment processing
Chatbots: Customer support automation
Review Platforms: Customer feedback collection

Each service has its own privacy policy and terms of use.

11. Your Rights and Choices

11.1 Access and Portability

Right to Access: You can request:

Confirmation of whether we process your personal data
Access to your personal information we hold
Copies of your data in a commonly used format

Data Portability:

Receive your data in a structured, machine-readable format
Transmit your data to another service provider (where technically feasible)

How to Request: Email us at care@musafirbaba.com with your request

11.2 Correction and Update

Right to Rectification:

Correct inaccurate or incomplete personal information
Update your contact details
Modify preferences

How to Update:

Log in to your account and edit your profile
Contact our customer support
Email us with updated information

11.3 Deletion (Right to be Forgotten)

Right to Erasure: You can request deletion of your personal data when:

Data is no longer necessary for the original purpose
You withdraw consent (where consent was the legal basis)
You object to processing and there are no overriding legitimate grounds
Data has been unlawfully processed
Deletion is required by law

Limitations: We may retain data when:

Required by law (tax, legal proceedings)
Necessary for exercising legal claims
For public interest or scientific research purposes
Contractual obligations are still active

How to Request: Submit a deletion request to care@musafirbaba.com

11.4 Restriction and Objection

Right to Restrict Processing: Request limitation of processing when:

Accuracy of data is contested
Processing is unlawful but you don't want deletion
We no longer need the data but you need it for legal claims
You've objected to processing pending verification

Right to Object: Object to processing based on:

Legitimate interests
Direct marketing purposes
Profiling
Scientific or historical research

How to Object: Email us at care@musafirbaba.com with your objection

11.5 Withdraw Consent

Where processing is based on consent:

You can withdraw consent at any time
Withdrawal doesn't affect lawfulness of previous processing
We may not be able to provide certain services without consent

How to Withdraw:

Click "unsubscribe" in marketing emails
Adjust cookie preferences on our website
Contact us to withdraw specific consents

11.6 Lodge a Complaint

If you're unhappy with how we handle your data:

Contact Us First: Email: care@musafirbaba.com
Phone: +91 928 960 2447
Address: 1st Floor, Khaira More, Metro Station, Plot no. 2 & 3, near Main Gopal Nagar Road, Prem Nagar, Najafgarh, New Delhi, Delhi, 110043

Regulatory Authority: You have the right to lodge a complaint with:

Ministry of Electronics and Information Technology (MeitY)
Data Protection Authority (once established under Digital Personal Data Protection Act)
Consumer Courts for consumer grievances

11.7 Automated Decision-Making

Right to Human Review:

We may use automated systems for fraud detection and risk assessment
You have the right to request human review of automated decisions
You can contest decisions made solely by automated processing

11.8 Response Timeline

We will respond to your requests:

Within 30 days of receipt
Within 45 days for complex requests
We'll inform you if we need additional time

Verification Required: To protect your privacy, we may need to verify your identity before processing requests. Please provide:

Booking reference number
Email address used for booking
Photo ID proof
Other information to confirm identity

12. Children's Privacy

12.1 Age Restrictions

Our services are not directed to children under 18 years of age. We do not knowingly collect personal information from minors without parental consent.

12.2 Parental Consent

For travelers under 18:

Bookings must be made by parents or legal guardians
Parents/guardians are responsible for providing minor's information
Parents/guardians consent to processing of minor's data
Minors must be accompanied by adults during travel (unless specific solo teen programs)

12.3 Information We Collect About Minors

When traveling with minors, we may collect:

Name, age, and date of birth
Passport and visa information
Parental/guardian contact information
Special requirements or medical needs
School information (for student tours)

This information is used solely for:

Booking and travel arrangements
Safety and emergency purposes
Compliance with travel regulations
Providing age-appropriate services

12.4 Parental Rights

Parents and guardians can:

Access their child's personal information
Request correction or deletion
Withdraw consent for processing
Restrict how we use their child's data

12.5 Reporting

If you believe we have inadvertently collected information from a child without proper consent, please contact us immediately at care@musafirbaba.com, and we will take prompt action to delete such information.

13. International Data Transfers

13.1 Cross-Border Transfers

Your personal information may be transferred to and processed in countries outside India:

Service providers with international operations
Airlines and hotels in foreign countries
Cloud storage providers with global data centers
International payment processors

13.2 Data Protection Standards

When transferring data internationally, we ensure:

Adequate level of protection as per Indian law
Contractual safeguards (Standard Contractual Clauses)
Compliance with destination country's data protection laws
Recipient's commitment to data security

13.3 International Bookings

For international travel bookings:

Your data must be shared with service providers in destination countries
Immigration and customs authorities will have access to your information
Airlines and hotels process data according to their country's laws
Some countries may have lower data protection standards than India

By booking international travel, you acknowledge and consent to these international data transfers.

13.4 European Economic Area (EEA)

If you are located in the EEA:

GDPR protections apply to you
Your data may be transferred outside the EEA with appropriate safeguards
You have additional rights under GDPR
We comply with GDPR requirements for data transfers

14. Marketing Communications

14.1 Types of Marketing Communications

With your consent, we may send:

Email Newsletters: Tour package updates, travel tips, destination guides
Promotional Emails: Special offers, discounts, seasonal deals
SMS/WhatsApp Messages: Flash sales, limited-time offers, booking reminders
Push Notifications: Mobile app notifications (if applicable)
Postal Mail: Brochures, catalogs (rare)
Phone Calls: Personalized offers, follow-ups

14.2 Consent

We obtain consent through:

Opt-in checkboxes during registration
Explicit consent for marketing subscriptions
Soft opt-in for existing customers (you can opt out anytime)

You control your preferences:

Frequency of communications
Types of content you receive
Channels of communication

14.3 Opt-Out Options

You can unsubscribe at any time:

Email:

Click "Unsubscribe" link at the bottom of any marketing email
Update preferences in your account settings
Email us at care@musafirbaba.com with "UNSUBSCRIBE" in subject

SMS/WhatsApp:

Reply "STOP" to any marketing SMS
Send "UNSUBSCRIBE" to our WhatsApp number
Contact customer support

Phone Calls:

Request to be added to Do Not Call list
Register on National Do Not Call Registry
Inform our representative during calls

All Marketing Channels:

14.4 Transactional Communications

Important: You cannot opt out of essential service communications:

Booking confirmations
Payment receipts
Travel document delivery
Itinerary changes
Emergency alerts
Account security notifications

These are necessary for service delivery and your safety.

14.5 Third-Party Marketing

We do not share your information with third parties for their direct marketing purposes without your explicit consent.

If you consent to third-party marketing:

You can withdraw consent anytime
Contact the third party directly to opt out of their communications
Contact us to withdraw consent for future sharing

15. Changes to Privacy Policy

15.1 Policy Updates

We reserve the right to modify, update, or revise this Privacy Policy at any time to reflect:

Changes in our business practices
New legal or regulatory requirements
Technological advancements
User feedback and concerns
Industry best practices

15.2 Notification of Changes

When we make changes:

We will update the "Last Updated" date at the top of this page
Material changes will be communicated through:
- Email notification to registered users
- Prominent notice on our website
- Pop-up notification upon login
- SMS (for significant changes)

15.3 Your Continued Use

By continuing to use our services after changes are posted:

You acknowledge that you have read the updated policy
You accept and consent to the revised terms
The new policy becomes effective for your future interactions

If you do not agree with the changes:

You may discontinue using our services
Contact us to delete your account and data (subject to legal retention requirements)

15.4 Historical Versions

Previous versions of our Privacy Policy may be available upon request for your reference.

16. Contact Information

16.1 Privacy Questions and Concerns

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices:

Musafirbaba - Privacy Team

📧 Email: care@musafirbaba.com
📞 Phone: +91 928 960 2447
📱 WhatsApp: +91 928 960 2447
🌐 Website: https://musafirbaba.com

📍 Registered Office:
1st Floor, Khaira More, Metro Station, Plot no. 2 & 3, near Main Gopal Nagar Road, Prem Nagar, Najafgarh, New Delhi, Delhi, 110043, India

Business Hours:
Monday to Saturday: 9:00 AM - 6:00 PM IST
Sunday: Closed

16.2 Data Protection Officer (DPO)

For data protection matters, you can contact our Data Protection Officer:

Name: [Insert DPO Name]
Email: [Insert DPO Email]
Phone: [Insert DPO Phone]

16.3 Response Commitment

We are committed to addressing your privacy concerns promptly:

Acknowledgment within 48 hours
Resolution within 30 days
Complex matters within 45 days (with notification)

16.4 Complaints and Escalation

Internal Escalation:

First contact: Customer support team
Second level: Privacy team
Final level: Data Protection Officer

External Complaints: If not satisfied with our response, you may contact:

Ministry of Electronics and Information Technology (MeitY)
Consumer Protection Authorities
Relevant Data Protection Authority

Important Notices

Consent Statement

BY USING MUSAFIRBABA'S SERVICES, YOU:

Acknowledge that you have read and understood this Privacy Policy
Consent to the collection, use, storage, and disclosure of your personal information as described
Agree to receive service-related communications
Understand your rights and how to exercise them
Accept the terms of cross-border data transfers for international bookings

Contact Before Sharing Sensitive Information

Before sharing sensitive personal information (health data, financial details, biometric data), please review this policy carefully or contact us with any questions.

Your Responsibility

Please ensure:

Information provided is accurate and current
You have authorization to provide others' information
You update us promptly of any changes
You maintain the security of your account credentials
You review privacy settings regularly

Definitions

Personal Information: Any information that can be used to identify you directly or indirectly.

Sensitive Personal Information: Passwords, financial information, health data, biometric information, sexual orientation, and other highly personal data.

Processing: Any operation performed on personal data including collection, storage, use, disclosure, and deletion.

Data Controller: The entity that determines the purposes and means of processing personal data (Musafirbaba).

Data Processor: Third parties who process data on our behalf under our instructions.

Consent: Freely given, specific, informed, and unambiguous indication of your agreement to processing.

Applicable Laws and Compliance

This Privacy Policy is designed to comply with:

Indian Laws

Information Technology Act, 2000
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
Digital Personal Data Protection Act, 2023 (as applicable)
Consumer Protection Act, 2019
Indian Telegraph Act, 1885 (for telecommunications)
Prevention of Money Laundering Act, 2002
Foreign Exchange Management Act, 1999

International Standards

General Data Protection Regulation (GDPR) - for EEA residents
California Consumer Privacy Act (CCPA) - for California residents (if applicable)
ISO 27001 - Information Security Management
PCI-DSS - Payment Card Industry Data Security Standard

Industry-Specific Compliance

Travel Industry Standards

IATA (International Air Transport Association) guidelines
Ministry of Tourism, Government of India regulations
Travel Agents Association of India (TAAI) code of conduct
Indian Association of Tour Operators (IATO) standards

Payment Security

Reserve Bank of India (RBI) payment security guidelines
Payment and Settlement Systems Act, 2007
PCI-DSS Level 1 compliance (through payment gateway partners)

Specific Data Processing Activities

17. Profiling and Automated Decision-Making

17.1 What is Profiling?

We may use automated systems to analyze your data and create profiles based on:

Travel preferences and history
Booking patterns
Budget ranges
Destination interests
Seasonal travel trends
Response to marketing campaigns

17.2 How We Use Profiling

Personalization:

Recommend destinations you might enjoy
Suggest tour packages matching your interests
Customize website content
Show relevant offers

Business Intelligence:

Improve service offerings
Optimize pricing strategies
Forecast demand
Resource planning

Risk Assessment:

Fraud detection
Payment verification
Account security monitoring

17.3 Your Rights Regarding Profiling

You have the right to:

Request information about profiling logic
Object to profiling for marketing purposes
Request human review of automated decisions
Opt out of certain profiling activities

To exercise these rights: Contact us at [Insert Privacy Email]

17.4 Significant Automated Decisions

We do NOT make decisions that significantly affect you based solely on automated processing, except:

Fraud detection systems (for your protection)
Spam filtering (for security)

For any such decisions, you can:

Request human intervention
Express your point of view
Contest the decision

18. Special Categories of Personal Data

18.1 Sensitive Data We May Collect

With your explicit consent, we may process:

Health Information: Medical conditions, disabilities, dietary restrictions
Biometric Data: Photographs for visa applications, facial recognition at airports
Religious Beliefs: For pilgrimage tours or dietary requirements
Ethnic Origin: For cultural tours or visa requirements

18.2 Enhanced Protections

For sensitive data, we implement:

Explicit consent requirements
Stricter access controls
Enhanced encryption
Limited retention periods
Minimal disclosure to third parties

18.3 Right to Object

You can object to processing of sensitive data, but this may prevent us from:

Providing certain services
Completing visa applications
Arranging special accommodations
Fulfilling dietary requirements

19. Business Transfers and Succession

19.1 Merger, Acquisition, or Sale

In the event that Musafirbaba:

Merges with another company
Is acquired by another entity
Sells all or part of its business
Undergoes corporate restructuring
Files for bankruptcy

Your personal information may be transferred to the successor entity as a business asset.

19.2 Your Rights During Transfer

In such circumstances:

You will be notified via email about the transfer
Privacy protections will continue to apply
You will be informed of any material changes
You can exercise your rights (deletion, objection) before transfer
The successor entity will be bound by this Privacy Policy (or provide equivalent protection)

19.3 Due Diligence

During business transactions:

Potential buyers may review aggregated customer data
Individual personal data access is restricted
All parties sign confidentiality agreements
Data is protected throughout the process

20. Data Accuracy and Quality

20.1 Our Commitment

We strive to maintain accurate, complete, and up-to-date personal information.

20.2 Your Responsibility

You are responsible for:

Providing accurate information during booking
Updating your profile when details change
Verifying information before travel
Notifying us of any errors or inaccuracies

20.3 Consequences of Inaccurate Data

Inaccurate information may result in:

Booking errors and delays
Denied boarding or entry
Visa rejections
Additional costs
Service disruptions
Safety concerns

We are not liable for consequences arising from inaccurate information you provide.

20.4 How to Update Information

Log in to your account and edit your profile
Contact customer support
Email us at [Insert Email]
Call us at [Insert Phone Number]
Visit our office

21. Employee Data Protection

21.1 Employee Privacy

For individuals applying for employment or working with Musafirbaba:

Information We Collect:

Resume and application materials
Educational qualifications
Employment history
References and background checks
Identity and address proof
Bank account details (for payroll)
PAN card, Aadhaar (for tax compliance)
Performance evaluations
Attendance records
Health information (for insurance)
Emergency contact details

How We Use It:

Recruitment and hiring decisions
Payroll and benefits administration
Performance management
Training and development
Legal and tax compliance
Workplace safety
Emergency response

Employee Rights:

Access your personnel file
Request corrections to your data
Understand how your data is used
Data is deleted/archived after employment ends (subject to legal retention)

21.2 Background Verification

We may conduct background checks including:

Employment verification
Educational verification
Criminal record checks (where legally permitted)
Reference checks
Credit checks (for financial roles)

Consent is obtained before conducting background checks.

22. Contractor and Vendor Data

22.1 Business Contact Information

For contractors, vendors, and business partners, we collect:

Business name and registration details
Contact person information
Business address and phone
Bank account details (for payments)
GST and tax identification numbers
Contract and agreement details
Performance and compliance records

22.2 Purpose

This information is used for:

Contract management
Payment processing
Performance evaluation
Legal compliance
Dispute resolution
Future business considerations

22.3 Data Sharing

Vendor information may be shared with:

Payment processors
Legal and financial advisors
Auditors
Regulatory authorities (when required)

23. Social Media and User-Generated Content

23.1 Public Content

When you post content on our social media pages or share reviews:

Your content becomes publicly visible
We may use your content for marketing purposes
Your social media profile information may be visible
Content may be shared across our platforms

23.2 Testimonials and Reviews

If you provide testimonials or reviews:

We may publish them on our website
Your name and location may be displayed (with permission)
You can request removal at any time
We may edit for length or clarity (maintaining original meaning)

23.3 Photo Sharing

During tours, if you share photos:

Photos may be used for marketing with your consent
You retain copyright to your images
We obtain explicit permission before using identifiable images
You can request removal at any time

23.4 Competitions and Contests

When participating in social media contests:

Additional terms and conditions apply
Your information may be used for contest administration
Winners' names may be publicly announced
Privacy protections continue to apply

24. Research and Analytics

24.1 Customer Insights

We analyze data to understand:

Travel trends and preferences
Popular destinations
Booking behaviors
Customer satisfaction levels
Service improvement opportunities

24.2 Anonymization

For research purposes:

Personal identifiers are removed
Data is aggregated
Insights are used for business decisions
Individual customers cannot be identified

24.3 Third-Party Research

We may engage third-party research firms:

Bound by confidentiality agreements
Access only anonymized or aggregated data
Subject to data protection requirements
Used for market research and industry reports

25. Accessibility

25.1 Accessible Privacy Information

We are committed to making our privacy information accessible to all users:

Large print versions available upon request
Screen reader compatible website
Alternative formats available (audio, braille)
Simplified language summaries

25.2 Requesting Accessible Formats

Large print
Audio format
Simplified language
Regional languages (Hindi, etc.)

26. Privacy by Design

26.1 Our Approach

We implement privacy by design principles:

Privacy considerations in all new projects
Data minimization (collect only what's necessary)
Purpose limitation (use data only for stated purposes)
Storage limitation (retain only as long as needed)
Security by default
Transparency in data practices

26.2 Regular Reviews

We regularly review and update:

Data collection practices
Security measures
Third-party vendor compliance
Privacy impact assessments
User rights and access procedures

Privacy Policy Summary

This is a high-level summary. Please read the full policy above for complete details.

We Collect:

✓ Personal and contact information
✓ Travel preferences and booking details
✓ Payment information (securely processed)
✓ Usage data and cookies
✓ Communications with us

We Use Your Data To:

✓ Provide travel services you've booked
✓ Send booking confirmations and travel updates
✓ Improve our services
✓ Send marketing (with your consent)
✓ Comply with legal requirements

We Share Data With:

✓ Airlines, hotels, and service providers (for bookings)
✓ Payment processors (for transactions)
✓ Legal authorities (when required)
✓ Third-party service providers (under strict confidentiality)

Your Rights:

✓ Access your data
✓ Correct inaccurate information
✓ Request deletion
✓ Opt out of marketing
✓ Lodge complaints
✓ Data portability

Security:

✓ SSL encryption
✓ Secure payment processing
✓ Access controls
✓ Regular security audits
✓ Staff training

Contact Us:

📧 care@musafirbaba.com
📞 +91 928 960 2447
🌐 https://musafirbaba.com

Thank you for trusting Musafirbaba with your personal information. Your privacy is our priority, and we are committed to protecting your data while delivering exceptional travel experiences.

We recommend bookmarking this page and reviewing it periodically for updates.