This Policy outlines Holidayy Udaan (hereafter “Holidayy Udaan”, “we”, “us”, or “our”) practices in relation to the storage, use, processing, and disclosure of personal data that you have chosen to share with us when you access our online store and marketplace, value added services, educational platform and payment aggregation services ( hereafter “Services”) on or through our different technology tools, including but not limited to [insert details of website and mobile application] (collectively “Platform”).
At Holidayy Udaan, we are committed to protecting your personal data and respecting your privacy. Please read the following terms of the Policy carefully to understand our practices regarding your personal data and how we will treat it. This Policy sets out the basis on which any personal data we collect from or about you, or that you provide to us, will be processed by us.
By using our Services, you consent to the collection, storage, use, and disclosure of your personal data, in accordance with, and are agreeing to be bound by this Policy. This Policy, together with any terms of the arrangement we have with you, applies to your use of the Services.
1. THE DATA WE COLLECT ABOUT YOU
(a) Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (for example, anonymised data).
(b) We may, to the extent permitted by law, collect, use, store, and transfer different kinds of personal data about you to provide you with or in connection with the Services. Such personal data includes:
(i) Data pertaining to your identity and related data, such as your first and last name, username or similar identifiers, title, passwords, purchases, sales or orders of or through our Services, feedback, survey responses, etc.;
(ii) Contact details, including email addresses, phone numbers, delivery addresses, billing addresses, business addresses, social media information, etc.;
(iii) Data we collect in relation to our underwriting processes when you choose to access certain features of our Services. For example, this includes documents issued and accepted as proof of identity and/or proof of address by any governmental body and/or Authority including but not limited to passport, aadhaar card, election commission identification card, driving licence number, permanent account number, current bank account statement and ration card;
(iv) Transaction data, including details about payments to and from you and details of the services you have purchased and sold;‘
(v) Financial data, including the details of the financial products you have availed, bank account information, payment methods, cardholder information, UPI details, VPA details, etc.;
(vi) Device data, including but not limited to:
SMS – SMSs containing financial transaction data;
Location – location data recorded on your device;
Device Information – including hardware model, operating system and version, IMEI and serial numbers, user profile information, IP addresses, browser types and versions, time zone settings, Wi-Fi and mobile networks;
Camera access- to enable you to take photographs of (a) the products you wish to sell; (b) documents that you wish to submit to Holidayy Udaan; (c) any other photographs that you may be required to submit via the Platform. For example, photographs pertaining to complaints and dispute redressal process etc.
Contacts – contact information stored on your device; and
Accounts – list of accounts logged into from your device.
(vii) Usage data, including information about how you use our Services; and
(c) Marketing and communications data, including your preferences in receiving marketing from us and our third parties and your communication preferences.
(d) We collect, use, and share aggregated data such as statistical data, financial, or credit information for any purpose. Aggregated data could be derived from your personal data but is not considered personal data under Applicable Laws. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature of the Services. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
(e) Where we need to collect personal data by law, or on Authority or under the terms of the arrangement we have with you, and if you fail to provide that data as and when requested by us, we may not be able to perform our obligations under the arrangement we have with you or are trying to enter into with you (for example, to provide you with features of the Services). In this case, we may have to cancel or limit your access to the Services.
2. HOW DO WE COLLECT DATA ABOUT YOU?
(c) We use different methods to collect and process data about you.
(i) Information you give us: This is the information (including identity, contact, and marketing and communications data) you consent to giving us about you when you use our Services or by corresponding with us (for example, by email or chat). It includes information you provide when you register to use the Services, use an in-Platform feature, or share data through the Services, through other activities commonly carried out in connection with the Services, and when you report a problem with the Platform and our Services. If you contact us, we will keep a record of the information shared during the correspondence.
(ii) Information you give us: Information we collect about you and your device: Each time you visit our Platform or use our Services, we will automatically collect personal data including device and usage data. We identify you using cookies and other similar technologies.
(iii) Information we receive from other sources including third parties and publicly available sources: We will receive personal data about you from various third parties and public sources as set out below:
Search information providers;
Identity and contact data from data brokers, aggregators or social networks;
Data from publicly available sources; and
Credit registries, information bureaus, blacklists, sanctions lists, and other such registries/lists.
3. AUTHENTICITY OF INFORMATION
(a) You agree that the information and personal data you provide us with are true, correct, and accurate. You are solely liable for any incorrect or false information or personal data that you might provide.
(b) You may review the information and personal data that you have provided during your use of the Services and you may seek to correct or modify such information and data, where feasible. You may do so by writing to us or our Grievance Officer at the address provided in Section 12 of this Policy.
4. HOW DO WE USE AND DISCLOSE DATA WE COLLECT?
(a) We will not use your personal data in a manner that is prohibited by law. Most commonly, we will use your personal data to provide you with the Services, or where we need to comply with a legal or contractual obligation.
(b) You understand that when you consent to providing us with your personal data, you also consent to us sharing the same with third parties. You are aware that by using our Services, you authorise us, our associate partners, and affiliates to contact you via email, phone, or otherwise.
(c) You are aware that any and all information pertaining to you, whether or not you directly provide it to us (through the Services or otherwise), including but not limited to personal correspondence such as emails, instructions from you etc., may be collected, compiled, and shared by us in order to provide the Services to you and you expressly authorise us to do so. This may include but not be limited to storage providers, marketing partners, data analytics providers, consultants, lawyers, and auditors. We may also share this information with our parent company, subsidiaries, and affiliates.
(d) You agree and acknowledge that we may share data without your consent, when it is required by law, any court, government agencies or Authorities (including by police or regulatory bodies such as RBI or SEBI, banks, payment gateways, or schemes (such as Visa, Mastercard, NPCI etc.), to disclose such information. Such disclosures are made in good faith and belief that it is reasonably necessary to do so for enforcing this Policy or the Terms, or in order to comply with any Applicable Laws and regulations.
(e) In general, we will use your personal data in accordance with the following purposes:
(i) to register you as a user;
(ii) to deliver Services and prepare statements for account maintenance;
(iii) to manage our relationship with you including notifying you of changes to any Services;
(iv) to administer and protect our business and the Services including troubleshooting, data analytics, and system testing;
(v) to deliver content and advertisements to you;
(vi) to make recommendations to you about our products, services, rewards, discounts or other benefits which may interest you;
(vii) to measure and analyse the effectiveness of the advertising we serve you through means which include surveys, contests, and promotions;
(viii) to monitor trends so we can improve the Services;
(ix) to perform our obligations that arise out of the arrangement we are about to enter or have entered with you;
(x) to enforce the terms of the arrangements we have with you;
(xi) to raise valid tax invoices and submit GSTR filing or all taxable amounts in accordance with Applicable Laws.
(xii) for underwriting purposes, to monitor risks, frauds, and money laundering, for combatting the financing of terrorism, and such related purposes;
(xiii) where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
(xiv) to comply with a legal or regulatory obligation.
(f) You authorise us to send you electronic alerts and messages for details pertaining to registration on our Platform, requirements arising out of the provision of Services, and advertising.
(g) Further, you agree to receive promotional and other emails and other forms of communication from us. Through such communication you will receive information about the latest developments on the Services. You may unsubscribe from our mailing list at any time through the unsubscribe option we offer.
5.TRANSFER OF PERSONAL DATA
(a) We comply with Applicable Laws in relation to storage and transfer of data. Strictly subject to the RBI’s guidelines and regulations, we may, where the law permits, transfer and store the information and personal data you provide to us in countries other than India. This may happen if any of our servers are from time to time located in a country other than India, or any of our service providers is located in a country other than India. Subject to the other provisions in this Policy, we may also share information with entities in countries other than India. These entities may be subject to data laws of their respective countries.
(b) If you use the Services while you are outside India, your information may be transferred, subject to Applicable Laws, to a country other than India in order to provide you with the Services.
(c) By submitting your information and personal data to us, you agree to the transfer, storage, and processing of such information and personal data outside India in the manner described above.
6. THIRD PARTY SERVICES
(a) Our Services may, from time to time, contain services provided by or links to and from the websites of our partner networks, advertisers, and affiliates (“Third Party Services”). Please note that the Third Party Services that may be accessible through our Services have their own privacy policies. We do not accept any responsibility or liability for the policies or for any personal data that may be collected through the Third Party Services. Please check their policies before you submit any personal data to such websites or use their services.
(a) Cookies are small files that a site or its service provider transfers to your mobile phone or computer’s hard drive through your web browser (if you allow) that enables the site or service providers’ systems to recognise your browser and capture and remember certain information.
8. DATA SECURITY
(a) We comply with the RBI’s data security requirements, and implement standards and best practices like PCI-DSS, latest encryption standards, transport channel security, etc.
(b) We implement certain security measures including encryption and firewalls to protect your personal information from unauthorised access and such security measures are in compliance with the security practices and procedures as prescribed under the Information Technology Act, 2000 and the applicable rules (Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011). However, you agree and acknowledge that the abovementioned measures do not guarantee absolute protection to the personal information and by accessing the Services, you agree to assume all risks associated with disclosure of personal information arising due to breach of firewalls and secure server software.
(c) We will comply with the requirements under the RBI’s guidelines and the Information Technology Act, 2000 and the rules made thereunder in the event of a data or security risk.
9. DATA RETENTION
You are aware that your personal data will continue to be stored and retained by us for a reasonable period or for such period of time as permitted under Applicable Laws, after we accomplish the purpose for which it was collected.
10. BUSINESS TRANSITIONS
You are aware that in the event we go through a business transition, such as a merger, acquisition by another organisation, or sale of all or a portion of our assets, your personal data might be among the assets transferred.
(a) We keep our Policy under regular review and may amend this Policy from time to time, at our sole discretion.
(b) The terms of this Policy may change and if it does, these changes will be posted on this page and, where appropriate, notified to you by email. Please ensure that you review this Policy regularly.
12. GRIEVANCE OFFICER
You may contact us at [email protected]
. with any enquiry relating to this Policy or an enquiry relating to your personal information (including reviewing or updating). You can also do so by writing to our grievance officer at the address provided below:
Address: Holidayy Udaan,#C31 Mantra city 360 Talegaon Dabhade Pune - 410506.