Privacy Policy

1. Definitions

• Personal Data: Any information that relates to an identified or identifiable individual.
• Data Principal/Data Subject: The individual to whom the personal data relates.
• Processing: Any operation performed on personal data, such as collection, storage, use, or sharing.
• DMC Services: Destination Management Company services, including local ground handling and logistics.

2. Information We Collect

To provide comprehensive travel and OTA services, we collect the following categories of data:

• 2.1 Personal Identifiers: Full name, gender, date of birth, and nationality.
• 2.2 Contact Information: Email address, telephone number, and physical billing address.
• 2.3 Travel Documentation: Passport details (number, expiry date, place of issue) and visa information as required by international travel regulations and government authorities.
• 2.4 Financial & Billing Data: Credit/debit card masked digits, billing preferences, and transaction history. Note: Full payment card processing is handled by PCI-DSS compliant third-party gateways.
• 2.5 Technical & Usage Data: IP address, browser type, device information, operating system, and interaction data via cookies and analytics.
• 2.6 Booking Preferences: Dietary requirements, medical needs (if relevant to travel safety), and specific accommodation or transport preferences.

3. How We Collect Data

We collect data through the following channels:

• Direct Interaction: Information provided when you fill out inquiry forms, register a B2B account, or complete a booking on https://www.yonodmc.com.
• Automated Technologies: Cookies, server logs, and tracking pixels used during your website visit.
• Third Parties: Data received from travel agents, corporate partners, or GDS (Global Distribution Systems).

4. Purpose of Data Processing

We process your data for the following legitimate business purposes:

• Fulfillment of Contract: To process bookings, issue tickets, and confirm hotel reservations.
• Customer Support: To communicate updates, itinerary changes, and respond to queries.
• Safety and Security: For identity verification and fraud prevention.
• Marketing: To send newsletters and promotional offers (subject to your opt-in/opt-out preferences).
• Legal Obligations: To comply with tax laws, immigration requirements, and anti-money laundering regulations.

5. Legal Basis for Processing (GDPR & DPDP Act)

We rely on the following legal grounds:

1. Consent: Explicit permission granted by you for specific purposes (e.g., marketing).
2. Contractual Necessity: Processing required to perform the services you have purchased.
3. Legal Obligation: Processing required by law (e.g., reporting to the Bureau of Immigration in India).
4. Legitimate Interests: For business improvements and website security, provided these do not override your fundamental rights.

6. Data Sharing & Third Parties

Yono DMC shares data with selected third parties only to the extent necessary to facilitate your travel:

• Service Providers: Airlines, hotels, transport operators, and local tour guides.
• Financial Facilitators: Secure payment gateways for transaction processing.
• Corporate Tools: Cloud storage providers (AWS/Google Cloud) and CRM systems.
• Legal Authorities: Government or regulatory bodies when mandated by law for national security or border control.

7. International Data Transfers

As an OTA, your data may be transferred to and stored in countries outside your residence (for example, a hotel reservation in a foreign destination). We ensure such transfers are protected by:

• Standard Contractual Clauses (SCCs) for EU residents.
• Compliance with the cross-border transfer rules outlined in the India DPDP Act 2023.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements. Typically, booking records are retained for 7 years to comply with Indian tax and corporate laws.

9. Data Security

We implement robust technical and organizational measures, including SSL encryption, firewalls, and restricted access protocols, to protect your data against unauthorized access, loss, or alteration.

10. Your Legal Rights

Under applicable laws, you possess the following rights:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Correction: Update inaccurate or incomplete information.
• Right to Erasure: Request deletion of data (subject to legal retention requirements).
• Right to Withdraw Consent: Revoke your consent for processing at any time.
• Right to Portability: Request the transfer of your data to another service provider.

11. Childrens Privacy

We do not knowingly collect data from individuals under the age of 18 without parental or guardian consent. If we discover we have inadvertently collected such data, it will be deleted immediately.

12. Cookies Policy Summary

Our website uses cookies to enhance user experience and analyze traffic. You can manage your cookie preferences through your browser settings. For a detailed breakdown, please visit our separate Cookie Policy page.

13. Updates to This Policy

We reserve the right to modify this Policy at any time. Significant changes will be notified via a prominent notice on our homepage or via email.

14. Contact Information

For grievances, data access requests, or privacy inquiries, please contact our Data Protection Officer:

Yono DMC
Email: sysadmin@yonodmc.com
Registered Office: Unit No. 259, 2nd Floor, Tower No. B1, SPAZE ITECH PARK, Badshahpur Sohna Rd, Sector 49, Gurugram, Haryana 122018
Grievance Officer (DPDP Act Compliance): To be updated

Effective Date: 22-07-2022