PRIVACY POLICY

In order to purchase or enquire about the various products and services of AURA VOYAGES PRIVATE LTD (henceforth referred to as “AURA VOYAGES”), interested travelers or persons (“User”) share their personal data through the different interface channels of AURA VOYAGES PRIVATE LTD that includes the website, the mobile site and App (henceforth referred to as “Sales Channels”). This Privacy (“Policy”) is relevant and related to securing the personal data from a User and processing of the same.

Applicable references used in this Privacy Policy:

• “You” or “Your” refers to the ‘User’
• “We”, “Us” or “our” refers to ‘AURA VOYAGES’
• “Website” refers to ‘website(s)’, mobile site(s)’ and mobile app(s) of AURA VOYAGES.

This policy has been laid down to ensure that you understand the need behind gathering, using, releasing, transferring and storing your information. The Policy is meant to acquaint our users with our practices. The policy is meant to inform you about the methodology of processing your personal information that you provide us with when you use our Website. At all times the data is processed as per relevant data protection laws. Users are requested to read this policy carefully along with other applicable policies that are provided by us from time to time when we gather or process your personal information. This is to ensure that you have complete knowledge of the purpose behind using your private data and how we are doing so. This policy complements all other relevant notices and does not override other such notices.

This is an individual or a business entity that has the sole responsibility of deciding why and how personal or private data will be used or processed. For the sake of this Policy AURA VOYAGES is the controller of all private information.

On the other hand, a processor is defined as an ordinary or authorized person, civic authority, organization or any other legal body that is authorized for processing private information by the Controller. As per the terms of this Policy, AURA VOYAGES is the Controller or Processor of your private data.

Any data or information that can be used to identify the User is termed as Personal Data. In cases where the identifications have been removed, such data cannot be termed as Personal Data.

While using the Website of AURA VOYAGES, Users can be asked for personal data at any point in time by us or a third party.

For different purposes, collective or aggregated data like statistical or demographic data can be gathered, used or distributed by us. Data is aggregated from your personal information but in the collective form it does not remain personal data as all possible signs of your identification are removed. Example, when we sum up the Usage Date of users to derive percentage of users using a feature of our Website. In certain cases, we may also unite and use aggregated data with your personal information wherein you can be identified directly or indirectly. This combined form of data is treated as personal data, the terms of use of which will be as per this policy.

This Website does not gather personal data that is relevant to exclusive categories (categories like ethnic background, religion, philosophical convictions, sexual life and orientation, trade union membership, political views, data related to health, genes and biometry). The Website also does not ask for details pertaining to act of misconduct and criminal records.

Your personal data collected from you is used, saved and distributed by us. The different categorization of data and their analogy have been explained here for better user understanding and will mean the same throughout this Policy:

• “Contact Data”: that includes your mobile phone numbers, landline phone numbers, email id, address of residence, and office address.
• “Identity Data”: Your title, first name, middle name, surname, and/or analogous identifier.
• “Website-specific User Data”: User id, Password and any other secure data that is required to be used by you for availing our services.
• “Transaction Data”: pertains to your purchasing behavior on our Website. All transactions conducted by you on your behalf as well as that of any other traveler(s) where you have booked and availed our services through the registered account of AURA VOYAGES. In the latter case you are required to validate that you are authorized to share their personal information with us and in turn we can share the same with the third party service provider(s).
• “Marketing Data”: pertains to information regarding your marketing specific preferences. We keep sending you regular marketing communications and track the same when you receive and read them. We use this information to enhance our services, enhance the quality of our marketing content and facilitate you with more suitable information. Supplementary personal data that is processed for improving our marketing services are mentioned in the communication materials that we keep sending you.
• “Third Party Data”: this data pertains to all kinds of data that is accessible in the public domain or that are available from third party channels like social media, and that which could include but may not be limited to personal and non-personal data obtained from your social media profiles and account information (including name, email id, profile pictures, friends list and any other details that is available in the public domain as per your account settings).
• “Profile Data”: this data pertains to information that is collected at the backend as you keep visiting our Website. It includes information about referral links, the pages you visit on our Website, actions taken, your visit pattern and other information collected from online forms filled by you.
• “Technical Data”: this data pertains to your IP (Internet Protocol) address, information about the browser, version, time zone, location, login data, plug-in details, operating system on your computer and other relevant technology being used by you on the device; and
• “Usage Data”: pertains to your use of our Website.
• “All other types of Personal Data”: For Visa related services that are availed through AURA VOYAGES; we would require your passport and bank statement copies, original application forms, your photographs and all other relevant information about you that the Embassy would ask for to process the Visa application. In case of FOREX services through AURA VOYAGES, your passport copies, air tickets, travel documents for verification of travel dates, A2 Form and other relevant information that is required to process foreign exchange would be required.

All types of personal information can be collected by us only when you provide us the information in the following ways:

BASIS OF HANDLING THE DATA

Your data provided to us by you is processed subject to following circumstances:

1. • “a contract”: this is when a contract with you as a party has been signed or is about to be signed or when necessary steps are being taken to enter into a contract with you;
   • “legal and mandatory duties”: this is when we need to fulfill certain legal duties and mandatory obligations;
   • “Lawful concerns”: this is when our legitimate concerns need to be fulfilled without overruling your fundamental rights. For example, we need to supervise your usage of our Website or third-party portals from security perspective – in such cases we ensure that the probable impact on you (negative and positive) and your fundamental rights are safeguarded before your data is processed for our lawful concerns; and
   • “Acceptance and assent”: when emailing you our marketing and promotional communications or sending you text messages, we do so based on your assent for processing your data.

Under no circumstances is your personal data used for activities where our concerns and interests take precedence over the impact on you, until you have agreed for so or is legally authorized.

Your data is processed by us under legal permissions and guidelines. Our objective is to enhance and sustain our relationship with our users; hence we use your personal data for undertaking following tasks:

When making a booking on your behalf:

• Your personal data is used while we make a booking for you. In order to facilitate faster and easier transaction, we may use your information already available with us. At such times, in case your account with us has information of other travelers, we may prompt you with the same at the time the booking is being made to expedite the booking process.

Other cases where your personal information can be used include, but are not limited to:

• Informing you of the status of the transaction
• Informing booking confirmation via SMS, WhatsApp or other messaging services
• Informing you of amendments to the booking(s)
• For our customer service team to touch-base with you
• Confirming your booking with the said service provider
• For providing personalized service to you through our Website, mobile site or App
• For testifying to our products and services for improvements
• For emailing or messaging confirmations and verifications
• For authentication of your account
• Sending your birthday/anniversary greetings or gifts
• Communicate important notification pertaining to our products and services and/or changes to Terms and Conditions and/or Policy amendments
• Informing and updating you on various products, services and offerings of AURA VOYAGES and associated service providers
• Sending you payment reminders/confirmations/travel vouchers
• Emailing Newsletters for which you have subscribed with us. You are requested to unsubscribe in case you do not want us to send such notifications and newsletters.

Your personal information may be shared with our service providers under following circumstances (but not limited to):

• To book a service on your behalf. Reply to an enquiry or confirm your participation.
• To make bookings and reservations of services being offered by the provider when initiated by you.
• Your personal data may also be shared with third parties who process such information, provide credit facilities, execute customer orders, carry out services and deliver products, provide customer support service, control and improve data, research about your interest in AURA VOYAGES’s product and services, conduct surveys and researches to assess customer satisfaction. Such companies are obliged to safeguard your personal information.

Your personal data may be used for promotional, marketing, research related and carrying out other activities:

• For subscribed users, we send out regular updates on latest launches, announcements, promotions, offers and events. Users who do not wish to receive such updates can unsubscribe.
• Your data may be used to enhance and/or develop our products, services, advertisements and other offerings.
• Your data may be used for the purpose of carrying our internal researches and audit purposes.
• In order to provide our Users with the opportunity to win travel and related prizes, we carry out promotional activities occasionally. During such promotions, we may ask Users to provide us with their contact information. This information is used for informing Users when they win prizes. For surveys, the information collected is used to improvise offerings and develop newer promotions.
• We may introduce travel referral or loyalty program once-in-a-while so that our users can win awards pertaining to travel or related to travel. Information collected during this time may be used to sign you up for our rewards program. For winners, their personal information may be shared by AURA VOYAGES with a third party that will fulfill the reward. Users have the choice to be part of such programs or be excluded from such programs. We generally verify the personal information of the user during awarding the prize to prevent fraudulent activities or other related activities.

• This form of data does not contain any individual identifier. This information is gathered basis customer activities on our Website, mobile website and App. This kind of information is generally used to carry out researches, for analysis purpose to improvise and supervise our product offerings and different marketing campaigns. This information may be distributed amongst third parties in a cumulative non-personal form to improve user experience, our product and service offerings.

• Cookies and related technologies are used with the objective of improving customer experience on our W Users are requested to read through our cookie policy in order to understand our practices better in this context.

• You will find plenty of links to third party websites on our Website. On clicking such links, you move out of our Website and enter the third-party website. AURA VOYAGES is not responsible for any other site other than its own Website. Users are requested to read the Privacy Policy of the other websites they visit as each site will have their own Privacy Policy.

Your personal data can be shared with the following entities:

With Same Group Companies

AURA VOYAGES may share your personal data with its affiliates or associate business entities with the sole objective of improving and providing customized services with enhanced efficiency. This is done under controlled environment. In the event AURA VOYAGES is acquired by another company, all customer related information will be handed over to the acquirer based on the nature of the acquisition. In case AURA VOYAGES decides to restructure/expand/develop or for any other applicable business activity, if the business in whole or partially or a subsidiary or a business unit is sold/transferred/allocated then customer related information that has been gathered by us shall be handed over as per relevant laws.

With our suppliers and service providers:

Personal data pertaining to our Users shall be shared with service providers who are responsible for fulfilling the service booking. Such providers include hotels, airlines, bus and car rental companies, railways and other suppliers. You are required to agree and authorize us to share your personal information with suppliers who would need the information to fulfill the required service obligation. AURA VOYAGES permit such suppliers to use your personal data only for fulfilling the required service and for no other purpose. We are not in business of selling outright or renting data related to our customer names or their personal information to third parties and suppliers. We share your information with our partners, vendors or suppliers who are contracted with us for providing services to our customers. This information may also be used by such parties to make promotional offers and benefits to our customers on and off based on your booking history with us.

With Third-party Vendors and Business Associates:

In certain situations, we may be required to share partial personal data of our users with our business associates, partners and affiliates. In such cases, concerned parties might contact you to offer products and services that could be complimentary or paid with the purpose that the customers of AURA VOYAGES have superior experiences or avail benefits related to their travel. These could include but is not limited to EMI/discounts on travel, travel insurance, insurance coverage against losses, credit cards that are co-branded etc. It is to be noted that when users decide to use such services from our business associates, they will be governed by the privacy policy of the third-party service provider.

It is also possible that AURA VOYAGES may distribute your personal data with third party vendors who are contracted with us to provide certain services to our customers. This may include but is not limited to processing of payments, hosting data, data processing platforms and others. As is suitable we may provide non-personal data to these suppliers, affiliates, associates, partners and advertisers or provide them with consolidated data to communicate with them on the usage of their links from our Website.

It may also so happen that we outsource the task of market research and conducting of surveys on our behalf to a third party and provide them with personal data specific for such use. Such information that is passed onto third parties, partners, alliances and vendors are governed by confidentially agreements wherein it is clearly mentioned that such data will be used by the concerned parties for the specific project and in complete accordance with mentioned rules and regulations.

As may be suitable and as per our professional commitments and other applicable terms of business that we contract with you, reveal your personal information:

• As per instruction from any court of relevant jurisdiction or on the orders of government bodies, taxation authorities or other regulatory body, law enforcement agencies or bodies of similar nature, when we are required or requested to reveal such information;
• To our consultants and advisers that include our lawyers, bankers, auditors, accountants and insurers while they provide us with the respective services; and
• To AURA VOYAGES service providers who support us with IT and hardware/software system administration services.

AURA VOYAGES is a multinational company with it being present in many other countries (including United States) directly or through affiliate/recipient companies. It may so happen that the kind of data security provided in the other countries where we are present may not match with that of your resident country. It is our responsibility to ensure that such affiliates/recipients work as per applicable regulations and offer required security to your personal data that include technical security, organizational protection aspects, ensure suitable contractual measures so that the transfer or sharing of data is in accordance with the relevant laws.

As per our company policy, we provide our users to upload their feedback in the form of reviews, blogs, articles, experience ratings and even answers to poll questions. Such users who have used our services also can ask questions pertaining to our services and even answer to questions asked by our other users. We may also hire a third-party vendor to act on our behalf and communicate with you to gather your responses in context of your experience with AURA VOYAGES services.  Participation of users in such process is completely optional. Still users may still receive notifications in the form of SMS, WhatsApp or through other messaging services and emails encouraging them to share their feedback with us. Such reviews from users will be in textual format accompanied with or without pictures and could also be in the form of videos. Such reviews will be made available of the Website of AURA VOYAGES for others to read and see and can also be visible on other travel related platforms.

AURA VOYAGES is authorized to collect the following kinds of User generated content:

• Feedback, reviews and ratings
• Blogs or articles for Website
• Question and Answers
• Poll questions as part of Crowd Source Data collection

All users who post such reviews and Q&A and pictures will have their profiles with AURA VOYAGES that other users can see and view. Other details related to users like their trips, their reviews of other trips, questions that they have asked and answers that they have provided, pictures that they have posed will be visible to other users. Each user is required to use their conscientiousness and thoroughness to ensure that their opinions and views expressed on the AURA VOYAGES Website or their social media profiles is not offensive or in anyways against law, integrity, religious sentiments, class, credo, colour, gender, race, ethnicity, ethics, traditions, customs, decency, public policy, principles, third party intellectual property rights etc. When users post photographs, views, images, pictures, contents, videos and visuals, audios etc. on AURA VOYAGES Website or their social media profile they agree to give AURA VOYAGES the rights to use, copy, distribute, share, upload such pictures, views, images, videos and visuals, contents, audios etc. in whatever manner AURA VOYAGES deems fit. In such case, AURA VOYAGES is not liable or responsible to reimburse or pay fees to the user or any involved third party. We hereby repudiate all kinds of disagreement, accountability, responsibility, lawsuits, costs, expenditures, payments etc. that can crop up in context to using, copying, distributing, reproducing, posting pictures, images, views, contents, videos and visuals, audios etc. that are shared or contributed by our users, on their behalf by a third party.

When you download or install AURA VOYAGES App on your smart phone, there would be a list of permissions that you would be required to accept for proper working of the App. Details of different permissions that would be required and the personal data that the App would access and use have been mentioned below:

Permissions for Android App:

Use of Location: this permission permits us to inform you of the nearest AURA VOYAGES branch office. This is helpful when you are looking for answers to travel enquiries in person.

SMS: This permission enables us to send you details of different holiday packages from time to time to your mobile number. This also allows us to send you ‘OTP’ through SMS especially during specific transactions.

Access Phone: This permission enables us to contact you via phone calls by our customer support executives using the App direct.

Contacts: this permission enables us to access your contact list on your phone so that we can inform you of holiday packages that can be enjoyed with your friends and social circles.

Access pictures/ Media and Files: this permission enables the App to save and cache images and data locally so that you can use the App easily and with greater speed every time. This also means that your handset is not required to download repetitive images and data every time you use our App.

Permissions for iOS App:

Notices: if you sign for our notifications, we would be able to inform you of special deals, marketing and promotional offers, updates of travel related information, latest launches, etc. on your handset direct.

AURA VOYAGES ensure that we employ and execute suitable technical and organizational factors so that highest level of security is undertaken in the following context (this is done so that the rights and freedom of natural person is free from risks associated with processing of user information):

1. Encryption and pseudonymization of user’s personal data;
2. Ensure that the processing system is robust, tough, integrated, available and maintains confidentiality of data throughout;
3. Ensure that personal data is presented and accessible promptly during incidents related to physical and technical systems; and
4. Set up processes for frequent assessments, evaluations and testing of the efficiency of suitable technical and organizational factors to maintain high levels of security during the processing process.

AURA VOYAGES wishes to inform its users that all its personnel who are required to access personal data of users’ on a customary and lasting basis or they need to process such data on a regular basis or are involved in the development of technology that are used for processing such data, are amply trained and aware of their rights and accountabilities in this context.

In order to ensure maximum security of users’ personal data AURA VOYAGES has the required measures and certifications in place so that personal data is never accessed in an unauthorized manner. Our Website is SSL protected that ensures protection of data while users carry out transactions online.

We also ensure that third parties and vendors who process personal information also maintain the required levels of data protection and security. In modern times, even if no system can be completely perfect, it is our endeavor to continue bettering our security measures for compete protection of your personal data. When you use our Website for browsing or for carrying out transactions or for the purpose of storing your personal data, it is assumed that you agree to the revised terms and conditions of the Privacy Policy, applicable at that period. However, your personal data on other social networking sites or other similar sites is administered as per their privacy policy.

User’s personal data is preserved with us till the time it is required for fulfilling the services that it was originally collected for. This also includes using the data for any legal work or regulatory, for secretarial, reporting purposes and creating or defending legal claims.

User personal data that is maintained in our database is as per the document management, retention and destructive policies and appropriate laws in this regard. It may at times go beyond the period of establishing and ending user relationship with AURA VOYAGES. However, in all cases, it will be retained if it is deemed necessary by us to be able to revert to your queries and issues in the future. In certain cases, the information may be required to be retained to avert fraud, to cover our liabilities, track remedies, prevent or limit damage to us, or in case where a certain rule or law requires retention of such data.

For research and statistical surveys, we might remove individual identifiers from your personal data (so that it can never be used for identifying you) and use it for an indefinite period without any official information to you about the same.

This policy came into effect as of September 24, 2018. AURA VOYAGES have the exclusive right to amend or update the Policy at any point in time, as deemed fit by the company. The changed policy will be made available to our users at the earliest possible either by email or through a notice to the effect on our Website. This will be the case only when considerable changes are made to the policy. We advise our users to keep checking the Website regularly for any such amendments or updates. When users use our Website post amendments to the Privacy Policy, it is automatically assumed that users concede and accept the modifications and that users abide to follow the amended policy and the amendments apply to users completely.

The user has certain rights in context of his personal data, governed by the relevant data protection laws. It is our company policy to respect the rights of the user at all costs. In context of use and processing of your personal data, we are bound to operate with promptness and fairness, as per laid down rules, regulations and law.

Here is a brief of your rights as mentioned in the General Data Protection Regulation (GDPR):

1. Users have the right to know about how their personal data will be used and shared by us. It is our responsibility to provide you with this information in a clear and precise language, with transparency and comprehensiveness and presented in a format that is easily understandable and accessible;
2. Users have the right to access their personal information, know how the information is being used by us and ask us for confirmation of whether their data is being processed by us or not;
3. Users have the right to get their incomplete and inaccurate personal information amended and corrected. It is our responsibility to ensure that such revised data is passed onto the third parties, if such information was disclosed to any other party prior to the amendments;
4. Users have the right to inform and ask us to delete certain personal data. This right is called the right to be forgotten. However, it does not imply that all personal data need to be erased. Each of such request will be evaluated by us carefully to check if they are as per the required laws pertaining to personal data processing and usage;
5. Users have the right to stop or obstruct the processing of their personal data in certain situations. This right is usually applicable in case the truthfulness of the data is under dispute, if you have objected to processing the data in the past, conditions where personal data usage is illegal and the user does not wish to erase his data and has requested for restricted use instead. Users can also block processing where their personal data is no more required for our services, but they request us to maintain it for sorting, launching or defending a legal suit;
6. Users have the right to ask us for a copy of their data in an easily accessible digital format. This request can be made only for data provided by the user to us. This is called the right to data portability. Information that we have collected about our users based on their usage and behavior also falls under the purview of this right but is subject to user consent or if the data is processed electronically for fulfilling a contract;
7. Users have the right to object to the use of their personal data in specific situations like when such data is used for marketing and promotion purposes. Such objections are valid if (i) the user personal data is being used for justifiable interest or in public interest; (ii) if we are using such data for our direct marketing campaigns; (iii) such data is being used for a scientific or historical research or for statistical surveys. The user’s right will be informed to him when we collect data from him. The right will be brought to the notice of the user openly. The right will be clearly and separately presented to the user; and
8. Users have the right of not being subjected to decisions that are based on automated processing, especially if such decisions have a legal implication or similar effect of significance on the user.

All the above rights can be implemented by the users by writing an email to [email protected]. In order to exercise any of the rights above or to access their personal data, users will not be required to pay any fee. In case, however, the request is found to be recurring, unwarranted or without base, we may charge a reasonable fee. We may also decline such requests, as may be deemed fit.

In case of any query, apprehension or comments about this Privacy Policy, users can write to us at [email protected].

As situation demands, we may ask for exclusive information from the User to confirm his identity and provide him with the access to his personal data or use any of his rights mentioned here. This is done with security of data in mind so that the user personal data is not disclosed to unwarranted person(s) or parties. In case deemed fit, we may contact the user to verify further in context of processing his request for immediate response and revert.

As per our company policy, we take about a months’ time to revert to all legitimate requests. However, at times it may take more time especially if the user request is complicated in nature or there are number of such requests from the said user. Under all circumstances, we keep the user informed and updated on the same.