Privacy Policy

PRIVACY POLICY
[Homestyle Guesthouse]

1. INTRODUCTION

[Homestyle Guesthouse] (“Hotel”, “we”, “us”, or “our”) is an independent hospitality
establishment operating in India. We are committed to safeguarding the privacy and personal
data of our guests, website visitors, and other individuals whose personal information we
process.
This Privacy Policy explains:
• What personal data we collect
• How and why we collect and use it
• How we protect it
• The rights available to individuals under applicable Indian law
This Policy is published in compliance with:
• The Information Technology Act, 2000
• The Information Technology (Reasonable Security Practices and Procedures and
Sensitive Personal Data or Information) Rules, 2011
• The Digital Personal Data Protection Act, 2023 (DPDP Act)

2. SCOPE OF THIS POLICY

This Privacy Policy applies to:
• Visitors to our website
• Guests making online reservations
• Individuals contacting us digitally
• Any person whose data is collected through our online platforms
This Policy applies only to online data collection and does not govern offline or walk-in
data unless expressly stated.

3. DEFINITIONS & INTERPRETATION

For the purpose of this Policy:
• “Personal Data” means any data about an individual who is identifiable by or in
relation to such data.
• “Data Principal” means the individual to whom the personal data relates.
• “Data Fiduciary” means [Homestyle Guesthouse], which determines the purpose and
means of processing personal data.
• “Processing” includes collection, storage, use, disclosure, transfer, or deletion.
• “Consent” means freely given, specific, informed, unconditional, and unambiguous
indication of the Data Principal’s agreement.
Words importing the singular include the plural and vice versa.

4. APPLICABLE LAWS & REGULATORY
FRAMEWORK

This Policy is governed by the laws of India, including but not limited to:
• Information Technology Act, 2000
• SPDI Rules, 2011
• Digital Personal Data Protection Act, 2023
Where any conflict arises between this Policy and applicable law, the provisions of law shall
prevail.

5. TYPES OF PERSONAL DATA COLLECTED

We may collect the following categories of personal data:
5.1 Identification Data
• Full name
• Gender
• Nationality
5.2 Contact Data
• Email address
• Mobile number
• Residential address (if provided)
5.3 Reservation Data
• Check-in and check-out dates
• Room preferences
• Special requests
5.4 Technical Data
• IP address
• Browser type
• Device identifiers
• Operating system

6. SENSITIVE PERSONAL DATA

Where required, we may process sensitive personal data, including:
• Payment card details (processed via secure gateways)
• Government-issued identification numbers, where legally mandated
Sensitive personal data is handled with enhanced security controls in accordance with Indian
law.

7. SOURCES OF DATA COLLECTION

Personal data is collected directly from:
• Website reservation forms
• Online enquiry forms
• Email communications
• Cookie and analytics tools
We do not knowingly collect data from unauthorized third-party sources.

8. ONLINE DATA COLLECTION MECHANISMS

Our website may collect data through:
• Online booking engine
• Contact forms
• Newsletter subscriptions
• Live chat or enquiry widgets
All such data collection is voluntary unless required to complete a reservation.

9. COOKIES & TRACKING TECHNOLOGIES

We use cookies and similar technologies to:
• Enable website functionality
• Analyze traffic patterns
• Improve user experience
Users may disable cookies through browser settings; however, some features may be
affected.
A detailed cookie table is provided in Annexure C.

10. PURPOSE OF PROCESSING

Personal data is processed strictly for:
• Managing reservations
• Communicating with guests
• Processing payments
• Legal and regulatory compliance
• Website analytics and improvement
We do not process personal data for purposes incompatible with those stated above.

11. CONSENT MECHANISM

11.1 Personal data is collected and processed only after obtaining valid consent from the
Data Principal, unless processing is permitted under applicable law without consent.
11.2 Consent is obtained through:
• Website checkboxes
• Online booking confirmations
• Explicit opt-ins for marketing communications
11.3 By submitting personal data on the website, the Data Principal:
• Confirms that the information provided is accurate
• Agrees to the processing of personal data in accordance with this Policy
11.4 Consent may be withdrawn at any time by contacting the Grievance Officer. Withdrawal
of consent shall not affect the lawfulness of processing prior to such withdrawal.

12. CHILDREN’S AND MINOR DATA

12.1 Our website and services are not directed toward individuals under the age of 18.
12.2 We do not knowingly collect personal data of children without verifiable parental or
legal guardian consent.
12.3 If we become aware that personal data of a minor has been collected inadvertently, such
data shall be deleted within a reasonable period.

13. DATA ACCURACY AND QUALITY

13.1 We take reasonable steps to ensure that personal data:
• Is accurate
• Is complete
• Is kept up to date
13.2 Data Principals are encouraged to review and update their information by contacting the
Hotel or accessing available online tools.

14. GUEST COMMUNICATIONS

14.1 We may communicate with guests for:
• Reservation confirmations
• Stay-related updates
• Service-related notifications
14.2 Transactional communications are considered essential and cannot be opted out of while
a reservation is active.

15. MARKETING AND PROMOTIONAL
COMMUNICATIONS

15.1 Marketing communications are sent only where:
• Explicit consent has been provided, or
• Permitted under applicable law
15.2 Guests may opt out of promotional communications at any time by:
• Clicking the unsubscribe link
• Contacting the Grievance Officer
15.3 We do not engage in unsolicited commercial communications.

16. AUTOMATED PROCESSING AND PROFILING

16.1 We do not engage in automated decision-making that produces legal or similarly
significant effects on guests.
16.2 Basic profiling may be used for:
• Preference recognition
• Service personalization
Such profiling does not adversely affect the rights of the Data Principal.

17. PAYMENT DATA AND FINANCIAL
INFORMATION

17.1 Payment transactions are processed through secure third-party payment gateways
compliant with applicable security standards.
17.2 The Hotel does not store complete credit or debit card information on its servers.
17.3 Payment data is processed solely for transaction completion and fraud prevention.

18. THIRD-PARTY BOOKING PLATFORMS (OTAs)

18.1 Reservations made through third-party platforms (e.g., OTAs) are governed by:
• This Privacy Policy, and
• The respective platform’s privacy policy
18.2 The Hotel receives limited personal data necessary to honor reservations.
18.3 The Hotel is not responsible for data practices of third-party booking platforms.

19. DATA SHARING WITH SERVICE PROVIDERS

19.1 Personal data may be shared with trusted service providers, including:
• Website hosting providers
• Booking engine operators
• IT and security vendors
19.2 All service providers are contractually obligated to:
• Maintain confidentiality
• Implement reasonable security safeguards
• Use data solely for authorized purposes

20. DISCLOSURE TO GOVERNMENT AND LEGAL
AUTHORITIES

20.1 Personal data may be disclosed where required by:
• Law
• Court orders
• Government authorities
20.2 Such disclosures are limited to the minimum data necessary and made in accordance
with Indian law.

21. DATA STORAGE AND RETENTION

21.1 Personal data is stored in secure electronic systems located in India or in jurisdictions
that ensure an adequate level of data protection.
21.2 Personal data is retained only for as long as:
• Required to fulfill the purposes stated in this Policy
• Required under applicable laws
• Necessary to resolve disputes or enforce agreements
21.3 Upon expiration of the retention period, personal data is securely deleted or anonymized.

22. CROSS-BORDER TRANSFER OF PERSONAL
DATA

22.1 Personal data may be transferred outside India only where:
• Permitted under applicable Indian law, and
• Adequate safeguards are implemented
22.2 Such safeguards may include contractual obligations, data protection agreements, or
other legally recognized mechanisms.

23. DATA LOCALIZATION AND STORAGE IN INDIA

23.1 Wherever feasible, personal data is stored on servers located within India.
23.2 Where localization is required by law, the Hotel ensures strict compliance with
applicable data localization mandates.

24. INFORMATION SECURITY MEASURES

24.1 The Hotel implements reasonable security practices and procedures, including:
• Secure servers and firewalls
• Access controls and authentication mechanisms
• Encryption of sensitive data
• Regular system monitoring
24.2 Access to personal data is restricted to authorized personnel only.

25. DATA BREACH AND INCIDENT MANAGEMENT

25.1 In the event of a data breach, the Hotel shall:
• Take immediate steps to contain and mitigate the incident
• Assess the impact on affected individuals
• Notify authorities or individuals where required by law
25.2 Incident response procedures are periodically reviewed and updated.

26. CCTV AND ELECTRONIC SURVEILLANCE

26.1 The Hotel may operate CCTV cameras in common areas for:
• Safety and security
• Crime prevention
26.2 CCTV footage is not used for marketing purposes and is retained only for a limited
period unless required for legal proceedings.
26.3 Clear signage is displayed informing guests of surveillance.

27. EMPLOYEE ACCESS AND CONFIDENTIALITY


27.1 Employees and contractors with access to personal data are bound by confidentiality
obligations.
27.2 Access rights are granted strictly on a need-to-know basis.

28. CONFIDENTIALITY AND NON-DISCLOSURE

28.1 Personal data is treated as confidential information.
28.2 Unauthorized disclosure, access, or use of personal data is strictly prohibited and may
result in disciplinary action.

29. RIGHTS OF DATA PRINCIPALS

29.1 Subject to applicable law, Data Principals have the right to:
• Access their personal data
• Request correction or updating
• Request erasure, where applicable
• Withdraw consent
29.2 Requests may be made through the contact details provided in this Policy.
30. PROCEDURE FOR EXERCISING RIGHTS
30.1 Requests must be submitted in writing or electronically.
30.2 The Hotel may verify the identity of the requester before processing the request.
30.3 Requests shall be addressed within a reasonable timeframe as prescribed by law.

31. GRIEVANCE REDRESSAL MECHANISM

31.1 The Hotel has established a grievance redressal mechanism in accordance with
applicable Indian laws.
31.2 Data Principals may raise complaints or concerns regarding the processing of their
personal data.
31.3 All grievances shall be acknowledged and addressed in a timely and lawful manner.

32. GRIEVANCE OFFICER

32.1 In compliance with the Information Technology Act, 2000 and applicable rules, the
Hotel has designated a Grievance Officer.
32.2 The Grievance Officer shall be responsible for:
• Receiving complaints
• Coordinating resolutions
• Ensuring compliance with applicable data protection laws

33. COMPLAINT HANDLING PROCEDURE

33.1 Complaints must include sufficient details to identify the complainant and the nature of
the issue.
33.2 The Hotel shall respond to grievances within the timeframe prescribed under applicable
law.
33.3 Where a complaint cannot be resolved immediately, interim updates may be provided.

34. RECORD KEEPING AND AUDITS

34.1 The Hotel maintains internal records of data processing activities.
34.2 Periodic audits may be conducted to ensure compliance with:
• This Privacy Policy
• Applicable data protection laws

35. TRAINING AND AWARENESS

35.1 Employees handling personal data receive appropriate training on:
• Data protection principles
• Confidentiality obligations
• Security practices
35.2 Training programs are reviewed periodically.

36. INTEGRATION WITH WEBSITE TERMS

36.1 This Privacy Policy forms an integral part of the Hotel’s website terms and conditions.
36.2 In the event of any inconsistency, the Privacy Policy shall prevail in matters relating to
personal data.

37. THIRD-PARTY LINKS DISCLAIMER

37.1 The website may contain links to third-party websites.
37.2 The Hotel is not responsible for the privacy practices or content of such third-party
websites.

38. LIMITATION OF LIABILITY

38.1 To the maximum extent permitted by law, the Hotel shall not be liable for:
• Indirect or consequential damages
• Loss arising from unauthorized access beyond reasonable control
38.2 Nothing in this clause limits liability where prohibited by law.

39. INDEMNITY

39.1 Users agree to indemnify and hold harmless the Hotel from claims arising due to:
• False information provided
• Misuse of the website
• Violation of applicable laws

40. FORCE MAJEURE AND EXCEPTIONS

40.1 The Hotel shall not be liable for failure to perform obligations due to events beyond
reasonable control, including:
• Natural disasters
• Government actions
• Technical failures

41. POLICY UPDATES AND MODIFICATIONS

41.1 The Hotel reserves the right to modify or update this Privacy Policy at any time to
reflect:
• Changes in legal or regulatory requirements
• Changes in business practices
• Technological advancements
41.2 Updated versions shall be published on the website with a revised effective date.

42. VERSION CONTROL

42.1 This Privacy Policy supersedes all previous versions relating to personal data protection.
42.2 Continued use of the website after updates constitutes acceptance of the revised Policy.

43. GOVERNING LAW AND JURISDICTION

43.1 This Privacy Policy shall be governed by and construed in accordance with the laws of
India.
43.2 Courts located in the jurisdiction where the Hotel operates shall have exclusive
jurisdiction.

44. LANGUAGE AND INTERPRETATION

44.1 This Privacy Policy is published in English.
44.2 In case of interpretation issues, the English version shall prevail.

45. SEVERABILITY

45.1 If any provision of this Policy is held to be invalid or unenforceable, the remaining
provisions shall remain in full force and effect.

46. WAIVER

46.1 Failure by the Hotel to enforce any provision of this Policy shall not constitute a waiver
of such provision.

47. NOTICES AND COMMUNICATIONS

47.1 All communications relating to this Privacy Policy shall be made electronically or in
writing.
47.2 Notices may be sent via:
• Email
• Website notifications
• Physical address, where required

48. ANNEXURE A – CATEGORIES OF PERSONAL
DATA

Category
Examples
Identification Data Name, nationality
Contact Data
Email, phone number
Reservation Data Booking details
Technical Data
IP address, browser type
Payment Data
Processed via secure gateways

49. ANNEXURE B – DATA RETENTION SCHEDULE

Data Type
Retention Period
Reservation Records As required by law
Payment Records
As per statutory requirements
Website Logs
CCTV Footage
Limited duration
Short-term unless required

50. ANNEXURE C – COOKIE DISCLOSURE TABLE

Cookie Type
Purpose
Essential Cookies Website functionality
Analytics Cookies Traffic analysis