Privacy Policy
LUXEQ HOSPITALITY PRIVATE LIMITED is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and protect your personal information, in compliance with applicable laws and regulations. It applies to information collected through our website www.luxeq.co.in (the “Site”) as well as in the course of providing our travel planning and tour services (collectively, the “Services”). By using our Site or Services, you agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our Site or Services.
1. Information We Collect
We only collect personal information that is necessary for planning and arranging your travel experiences or that you choose to provide to us. This includes:
● Information You Provide Directly: When you fill out forms on our Site or contact us to inquire or book a tour, we collect information such as your name, email address, phone number, postal address, and travel preferences. If you proceed with a booking, we will also collect details necessary to arrange your travel, which may include passport details (for flight or visa arrangements), date of birth, nationality, emergency contact, and any special requests or health/dietary restrictions you choose to share. For example, when making a tour enquiry or booking, you may provide Personal Information including your full name, contact information, travel dates, group size, and specific requests. We will indicate which information is required and which is optional. If you communicate with us (via email, phone, or chat), we will collect the information you provide in those communications.
● Payment Information: When you make a payment for our Services, we (via our payment gateway partners) collect payment details. We use Razorpay as our secure payment processor to handle credit card and digital payments. You will provide your payment card number, expiration date, CVV, and billing information through Razorpay’s interface. We do not store your full credit/debit card numbers or UPI IDs on our servers.Razorpay processes your payment information in accordance with its own security standards and privacy policy. We receive a confirmation of payment and possibly limited information (such as the last four digits of your card or a transaction ID), but not your sensitive card details.
● Information from Third-Party Services: If you log in or register through a third-party platform (if we offer such an option in the future) or interact with us via social media (e.g., Instagram or Facebook links on our Site), we may receive information from those platforms according to their terms and your privacy settings. For example, if you use an authentication service, we might receive your name and email from that service. Similarly, if you tag us on social media or communicate via those platforms, we might collect publicly available information from your profile.
● Automatically Collected Data (Device and Usage Information): When you visit our Site, our system may automatically log certain technical information about your visit for analytics and security purposes.
● This data includes:
○ Device/Browser Information: e.g., your IP address, browser type and version, operating system, device type (mobile or desktop), and device identifiers.
○ Usage Data: e.g., the pages or content you view on our Site, the dates/times of access, the page you visited before coming to our Site, search terms entered, and interactions with our Site features.
○ Cookies and Similar Technologies: We use cookies and similar tracking technologies (such as web beacons or pixels) to collect some of the above information. Cookies are small text files that websites place on your device to recognize your browser and store information. For instance, we use analytics cookies to understand how users engage with our Site (e.g., which pages are most visited) so we can improve our content and user experience. Cookies also help to remember your preferences (such as language or currency selection) for future visits.
For more details, see Section 4: Cookies & Tracking below. These automatically collected data points generally do not identify you by name, but if they can be linked to you, we treat them as personal data.
We do not collect any sensitive personal data about you unless necessary. “Sensitive” data includes things like race, religion, health information, sexual orientation, etc. We only ask for information that is needed to provide our services (for example, we might ask about mobility limitations to arrange accessible travel accommodations). We do not intentionally collect data about your racial or ethnic origin, political opinions, biometric data, or health conditions, except any health info you voluntarily provide that's pertinent to your travel.
Children’s Data: Our Site and Services are not directed to children, and we do not knowingly collect personal information from individuals under the age of 16 without parental consent. If you are the parent or guardian of a child under 16 and believe they have provided us personal information without your consent, please contact us so we can delete the information. (See Section 9 below for more on children’s privacy.)
2. How We Use Your Information
We use the collected information for the following purposes, all in line with applicable legal bases under data protection law (such as performing a contract or with your consent):
● To Provide and Manage Services: We use personal information to plan and book your travel arrangements. This includes using your details to reserve hotels, flights, tours, transportation, or travel insurance as requested. For example, we will use your passport information to book flights or hotel check-ins as needed, and your contact information to send booking confirmations and travel documents. We also use data to process payments and ensure your bookings are secured (for instance, confirming payment through Razorpay and issuing receipts).
● Communication: We use your contact information (email, phone) to communicate with you about your trip. This includes responding to your inquiries, sending you itineraries and vouchers, providing updates or alerts (e.g., changes in flight times, safety advisories), and customer support. We may also send post-trip communications to solicit feedback or reviews, as part of our customer service improvement.
● Personalization and Tailored Itineraries: Details such as your preferences, past travel history with us, and special requirements help us personalize your experience. For instance, knowing your preferred travel style or interests allows us to suggest relevant destinations or activities.
● Marketing and Newsletters (with Consent): With your permission, we may use your email to send you our newsletters, promotional offers, or travel inspiration content. You have the choice to opt-in to such communications, and you can opt out at any time (see Your Choices in Section 6 below). We do not spam; typically, we may send newsletters monthly. If you have opted in, we may also use data about your past trips or website browsing to tailor the marketing content you receive (for example, highlighting tours similar to ones you showed interest in).
● Analytics and Improvements: We use aggregated usage data and cookies to analyze how our Site is used. This helps us troubleshoot performance issues, understand user demographics and preferences, and improve our website design and services. For example, we might track which blog posts are most read to decide on future content, or analyze where users drop off in the booking process to improve usability. These analytics are often conducted via third-party tools like Google Analytics (see Section 4).
● Security and Fraud Prevention: We may use personal information (like IP addresses or transaction info) to monitor and prevent fraud, spam, and other security risks. This includes verifying identity for large transactions (Know-Your-Customer checks), using tools to detect suspicious activities on our Site, and ensuring the integrity of our bookings. If required, we might use certain data to comply with legal obligations such as anti-money laundering rules or sanctions screening.
● Legal Compliance: Finally, we may process personal data as necessary to comply with legal obligations to which we are subject. For example, retaining records for tax and accounting purposes, or responding to lawful requests by public authorities.
We will not use your personal information for any purpose that is incompatible with the purposes outlined above without informing you and obtaining your consent if required.
3. Sharing of Information
We treat your personal information with care and confidentiality. However, in order to fulfill our services and operate our business, we do need to share information with certain third parties. We share personal data only in the following circumstances:
● Travel Service Providers (Third-Party Vendors): As a travel assistance company, we must share relevant personal details with the providers who actually deliver the travel services you book. For example, we will provide your name and check-in dates to hotels when reserving rooms, or your full name, gender, birthdate, and passport details to airlines to book flights. If you purchase travel insurance through us, we will share necessary info with the insurance provider (typically name, dates of travel, and contact info). Similarly, for guided tours or activity operators, we may share participants’ names and any pertinent details (e.g., dietary requirements for a cooking class, or height/weight for a hot-air balloon ride if required for safety). We share only the data needed for each service. These third-party vendors are independent controllers of your data and operate under their own privacy policies, but we contractually obligate them, when possible, to use your info solely for the purpose of your booking and to protect it.
● Payment Processors: We share payment-related information with Razorpay (our payment gateway) to process your transactions. This includes transmitting your payment details securely to the processor and receiving confirmation. Razorpay may also receive your contact information to send OTPs (one-time passwords) or payment confirmations. All such data exchanges are encrypted and Razorpay is PCI-DSS compliant in handling card data. Please refer to Razorpay’s privacy policy for details on their data handling. The Company does not store your sensitive payment details on our systems as noted above.
● Business Partners and Referrals: In some cases, we partner with local travel agencies or tour operators in specific destinations to execute portions of your itinerary. For example, if part of your tour in India is handled by a regional specialist operator, we will share your booking information with that operator to ensure seamless service. Similarly, if you were referred to us by a travel agent or partner, we might share booking updates with them as necessary (but only with your knowledge or as arranged). All such partners are expected to safeguard your data and use it only for servicing your trip.
● Analytics and Tech Providers: We use third-party service providers to perform certain business-related functions, such as website analytics, email newsletter distribution, or IT hosting. For instance, we may use Google Analytics to understand website traffic (Google may receive anonymized data or your IP address for this purpose). We might use an email marketing platform to send our newsletters (meaning that platform gets your email address). These providers act as “data processors” on our behalf and are contractually bound to protect your information and only use it as instructed by us. We do not allow these service providers to use your data for their own marketing or other purposes. (Examples of providers we may use include cloud hosting services, customer relationship management software, etc.
● Legal Obligations and Protection: We may disclose personal information if required by law, or if we believe in good faith that such action is necessary to (a) comply with a legal obligation or lawful request (for example, responding to subpoenas, court orders, or government regulations) (b) enforce our Terms and Conditions or other agreements; (c) detect, prevent, or address fraud, security, or technical issues; or (d) protect the rights, property, or safety of our Company, our customers, or others. This may include exchanging information with law enforcement or other companies and organizations for fraud protection and credit risk reduction.
● Corporate Transactions: If our Company undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or a portion of our assets, your personal information may be among the assets transferred. We would only transfer your data after ensuring the other party agrees to adhere to a privacy standard equivalent to this policy. Similarly, if we are involved in a joint venture or collaboration, data might be shared with that entity under similar restrictions. You would be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information in such an event.
● With Your Consent: Apart from the above, we will seek your consent before sharing your personal data with any third parties for purposes outside the scope of this Privacy Policy. For example, if you want us to share your contact info with a fellow traveller you met on a group tour, we’d only do so if you and the other person agree. Or if we ever plan to sell customer data (we have no such intention), we would do so only with explicit opt-in consent, especially where required by law.
No Selling of Personal Data: We do not sell your personal information to third parties for their marketing or other independent uses. We may share limited data with advertising platforms if we run targeted ads (for example, using Facebook Custom Audiences or Google’s remarketing, which would involve hashing your email or using cookies), but such usage is for our marketing to you and not a sale of data.
4. Cookies & Tracking Technologies
Cookies: Our Site uses cookies to enhance your browsing experience and gather analytics information. A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. Cookies enable the website to remember your actions and preferences (such as login, language, font size, and other display preferences) over a period of time, so you don’t have to re-enter them whenever you come back to the site or browse from one page to another.
We use the following categories of cookies on luxeq.co.in:
● Necessary Cookies: These cookies are essential for the operation of our Site and enable basic functionalities such as security, network management, and accessibility. For example, if our site has a login or a shopping cart, these cookies would ensure those features work. These cookies do not gather information for marketing purposes. Without these, certain services on the Site may not be available.
● Analytics Cookies: We use analytics or performance cookies (for example, Google Analytics) to collect information about how visitors use our Site – which pages are visited most often, how users navigate the site, what errors may occur, etc. The information collected is generally aggregated and anonymous. It does not directly identify you. We use this data to improve the Site’s performance and your experience. Google Analytics may set its own cookies to perform these functions. You can learn how Google Analytics processes data and how to opt out by visiting Google’s site (e.g., via the Google Analytics Opt-out Browser Add-on).
● Functionality Cookies: These cookies remember choices you make (such as your preferred language or region) to provide a more personalized experience. They may also be used to provide services you have asked for, such as watching a video or commenting on a blog.
● Advertising/Tracking Cookies: Currently, we do not host third-party ads on our Site that would collect your data for advertising. However, if we run promotional campaigns on platforms like Google or Facebook, those platforms may use cookies or pixels on our Site to track the effectiveness of our ads and possibly to show you related advertisements. For example, a Facebook pixel may record that you visited our Site and allow us to later reach you with ads on Facebook. These cookies typically collect device and browsing information (not personal details like name), and you can opt out via mechanisms provided by those platforms (like Facebook’s ad preferences or Google’s ad settings).
Cookie Consent: When you first visit our Site, you should see a notification about our use of cookies. By clicking “Accept” or continuing to use the Site, you agree to our use of cookies as described in this policy. You can withdraw or modify your cookie consent at any time. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. You may also clear cookies from your browser at any time. Please be aware that if you disable cookies, some features of our Site may not function properly (for example, you may have to re-enter preferences each time, or some interactive features might not work).
Do-Not-Track Signals: Some browsers have a “Do Not Track” (DNT) feature that tells websites you do not want to be tracked across different sites. Our Site does not currently respond to DNT signals, because there is not yet a common standard for how to interpret them. We will update this policy if that changes. However, you can exercise other choices over tracking, such as disabling cookies or using ad-blockers, as described above.
For more detailed information about cookies and how to manage or delete them, you can visit www.allaboutcookies.org or the help pages for your specific browser.
5. Data Security
We employ appropriate technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. We strive to follow best practices in the industry to secure our systems. Measures we take include:
● Encryption: Our Site is secured via SSL/TLS encryption. This means that when you provide personal information (including payment details) through our web forms, that data is encrypted in transit to our servers. You can verify this by looking for “https” and the padlock symbol in your browser address bar when submitting information. Additionally, our payment processor (Razorpay) uses encryption and tokenization to protect your card data.
● Access Controls: Internally, we limit access to personal data to only those employees, contractors, and agents who need to know that information to perform their roles (for example, our travel consultants who manage your booking). All such persons are bound by confidentiality obligations. We use password protection and, where possible, multi-factor authentication for our systems that contain personal data.
● Secure Storage: Personal data we hold is stored on secure servers. We (or our cloud service providers) employ firewalls and monitoring to protect against unauthorized network access. Regular backups are performed to prevent data loss. Physical security measures are also in place for any facilities where data is stored (e.g., controlled access to data centers).
● Payment Security: As noted, we do not store sensitive payment card details on our own. Razorpay or our acquiring bank handles the secure processing. Razorpay is PCI DSS compliant, which is a strict security standard for payment information. Any payment details that we do store (like a transaction reference or partial card number for record-keeping) are kept in an encrypted form.
● Training and Policies: Our team is trained on data protection best practices and we maintain internal policies to handle personal data properly. This includes how to safely share info with suppliers and how to respond to potential security incidents.
Despite all these precautions, no system can be 100% secure. Therefore, while we work very hard to protect your information, we cannot guarantee absolute security of your data. In the unlikely event of a data breach that affects your personal information, we will notify you and the relevant regulatory authorities as required by law, and we will take all reasonable steps to mitigate the impact.
6. Data Retention
We will retain your personal information only for as long as necessary to fulfill the purposes for which we collected it, including for the purpose of satisfying any legal, accounting, or reporting requirements. In general:
● For customers who have booked with us, we retain personal and booking information for at least the duration of the trip and a reasonable period thereafter. This is to ensure we can provide post-trip support (such as resolving any issues or facilitating rebookings) and to maintain records for legal and financial obligations. We retain booking records for up to 7 years after your trip, which aligns with our tax record keeping obligations.
● If you merely inquired but did not book, we may retain your contact information and inquiry details for a shorter period (for example, 1-2 years) in case you decide to proceed later or have follow-up questions. We may also retain communications to defend against potential disputes.
● If you have subscribed to marketing communications, we retain your contact details for that purpose until you opt out or unsubscribe. Once you unsubscribe, we will stop sending you emails, but may retain your contact info on an “opt-out” list to ensure we don’t accidentally re-add you.
● Automatically collected technical data (analytics) is typically retained in aggregate form. Raw logs may be kept for a short period (a few months) unless needed for security investigations.
● We periodically review the data we hold. When your personal data is no longer needed for the purposes described, or we no longer have a legal or business need to retain it, we will securely delete, anonymize, or isolate it (so that it is no longer associated with you).
Certain information may be retained longer if required by law. For instance, financial transaction records and invoices are generally kept for a minimum period (e.g., 7 years) as required by Indian tax law and regulations. We may also retain data in backup archives that are not immediately expunged when you delete information from our site, though we have processes to eventually purge or anonymize such data too.
If you wish to request deletion of your data sooner, you have the right to do so – see Section 8: Your Rights below – and we will accommodate such requests to the extent we are not legally required to keep the data.
7. International Data Transfers
We are based in India, and by using our Services, you acknowledge that your personal data may be transferred to and processed in India and other countries where our suppliers or service providers are located. This is necessary for the performance of our contract with you, as we have to share data with hotels, airlines, etc., in whichever country you are traveling to or through. It also may be necessary for our internal operations (for example, if we use a cloud service hosted outside India).
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy wherever it is processed. This includes assessing the legal environment of data imports and implementing additional security measures if needed.
If you have questions about international data transfers or need more details on the safeguards in place for a specific transfer, please contact us (see Section 10).
8. Your Rights and Choices
You have certain rights regarding your personal information, particularly if you are located in jurisdictions with robust data protection laws like the EU, UK, or California. We are committed to honouring these rights. Below is a summary of your rights and how to exercise them:
● Right to Access: You have the right to request confirmation of whether we are processing personal data about you, and if so, to request a copy of the data. We will provide you with a copy of the personal data undergoing processing, typically in electronic form. For additional copies, we may charge a reasonable fee based on administrative costs (as permitted by law).
● Right to Rectification: If you believe that any personal information, we hold about you is incorrect or incomplete, you have the right to request that we correct or update it. For example, you can ask us to update your contact details or fix a misspelled name.
● Right to Erasure: You have the right to request deletion of your personal data in certain circumstances. This is sometimes called the “right to be forgotten.” We will erase your data upon request if: the data is no longer necessary for the purposes collected, you have withdrawn consent (where consent was the basis), you have validly objected to the processing (see below), or the data was unlawfully processed, or erasure is required by law. Note that we may not be able to delete data that is required to fulfill a contract (e.g., we can’t delete data needed for an upcoming trip unless you cancel the trip) or data we are legally obliged to keep (e.g., transaction records). We will inform you if any such exceptions apply.
● Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain conditions. For example, if you contest the accuracy of your data, you can request we restrict use of it until the issue is resolved. Or if you object to processing (see next point) we may restrict processing while evaluating your request. When processing is restricted, we will still store your data but will not use it except in limited circumstances (such as with your consent or for legal claims).
● Right to Object to Processing: You have the right to object to our processing of your personal information when that processing is based on legitimate interests or public interest. You also have an unconditional right to object to your personal data being used for direct marketing purposes. This means, for example, you can ask us to stop sending you marketing emails at any time, and we must comply. If you object to processing based on legitimate interests, we will review whether our interests in processing the data are overridden by your personal rights and freedoms; if they are, we will cease processing that data for those purposes.
● Right to Data Portability: Where we are processing your personal data based on your consent or for performance of a contract, and the processing is carried out by automated means, you have the right to obtain the personal data you provided to us in a structured, commonly used, and machine-readable format. You also have the right to request that we transmit that data directly to another data controller, where technically feasible. This right facilitates moving your business elsewhere or obtaining copies for personal use. (In practice, this right may apply to information you provided us in an online account or form – we will provide it in a CSV or similar format upon valid request.)
● Right to Withdraw Consent: In situations where we process your data based on consent (e.g., sending marketing emails or processing optional sensitive data), you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing conducted prior to the withdrawal. If you withdraw consent for marketing emails, for instance, we will stop that use. (There is typically an “unsubscribe” link in any marketing email for your convenience.)
● Right Not to Be Subject to Automated Decision-Making: We do not currently make any decisions about you using purely automated means (without human involvement) that have legal or similarly significant effects.
● Right to Lodge a Complaint: If you believe we have infringed your privacy rights, you have the right to lodge a complaint with a supervisory authority. In India, you may contact the relevant authority under forthcoming data protection law (India’s law is evolving). We would, however, appreciate the chance to address your concerns directly before you approach an authority, so we encourage you to contact us first.
To exercise any of your rights, please contact us at info@luxeq.ai with your specific request. We may need to verify your identity before fulfilling certain requests (for example, by asking you to confirm details we already have on file, to ensure the request is legitimate). We will respond to your request within a reasonable timeframe and in accordance with applicable law. There is generally no fee for exercising your rights, but if requests are manifestly unfounded or excessive (e.g., repetitive), we may charge a reasonable fee or refuse to act on the request.
Your Choices (Marketing Opt-Out): As mentioned, you can opt out of marketing communications at any time by clicking the unsubscribe link in any email newsletter or by letting us know via email. Even if you opt out of marketing messages, we will still send you transactional or service-related communications when necessary (such as booking confirmations, invoices, or critical updates about a trip you have booked).
Do Not Call/Do Not Disturb: If you prefer not to be contacted by phone for marketing purposes, please inform us and we will mark your record accordingly. We primarily use email for marketing, and phone primarily for service reasons (e.g., to reach you about an active booking).
We respect your rights and will never retaliate against you for exercising them. Our aim is to be transparent and fair in how we handle your data.
9. Children’s Privacy
Our Services are intended for use by adults. We do not knowingly collect personal information from children under the age of 16. If you are under 16 (or a minor under applicable law), please do not submit any personal information through our website or Service. If we learn that we have inadvertently collected personal data from a child under 16 without appropriate consent, we will take steps to delete that information promptly.
For parents or guardians: if you believe that a child under your care has provided us with personal information without your consent, please contact us immediately. We will work to delete the data or (if deletion is not feasible for safety reasons, such as a child is traveling with us) ensure it is not used for any purpose other than safeguarding the child during the trip.
We do allow parents/guardians to provide information about minors when necessary for travel (for example, when a family books a tour, we will collect children’s names, ages, passport info, etc., from the parent). Such information is used solely for the purpose of arranging the travel services and complying with law (e.g., airline requirements). The parent or guardian must consent on behalf of the minor for us to use the minor’s data in that context.
10. Updates to this Privacy Policy
We may update or revise this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes to how we handle your personal information, we will provide prominent notice (for example, by placing a notice on our website or by emailing you if appropriate) prior to the change becoming effective. The “Effective Date” at the top of this Policy will also be updated to indicate when the latest changes were made.
We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of our Site or Services after any modifications to the Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the updated policy, to the extent permitted by law.
If you do not agree with any changes to the Privacy Policy, you should stop using our Services and can request that we delete your personal data (per Section 8 above).
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us. We are here to help and will respond as promptly as we can.
● Company Name: LUXEQ HOSPITALITY PRIVATE LIMITED
● Address: 2nd Floor, No. 235, 13th Cross Road, Binnamangala, 2nd Stage, Indiranagar (Bangalore), Bangalore, Karnataka, India, 560038
● Email: info@luxeq.ai
● Telephone: +918904472399
We reserve the right to make changes to this policy. Any changes to this policy will be posted
Thank you for trusting LUXEQ HOSPITALITY PRIVATE LIMITED with your travel plans and personal information. Your privacy is important to us, and we are dedicated to safeguarding it.