Effective May 25, 2018
Cleartrip is fanatical about protecting your privacy.
1.1 This Policy explains how we may process your information. This Policy may be amended or updated from time to time, so please check it regularly for updates.
1.2 Cleartrip Private Limited with its affiliates and its subsidiary Cleartrip Packages and Tours Private Limited (collectively referred to as “Cleartrip”, “us”, “our” or “we”), provides travel related services and leisure activities (“Services”) through its websites www.cleartrip.com; www.agentbox.com; and www.cleartripforbuisiness.com (“Website”) and Mobile Application (hereinafter collectively referred to as “Booking Platform”).
2. What Categories of Information We May Process
2.1 On your accessing of the Booking Platform, we may process the following categories of information about you, such as:
- Personal details: your username or login details; e-mail id; contact number(s);
- Booking information: which includes information about your travel, PNR details, bookings, co-passengers, travel preferences etc.
- Demographic information: gender; age/date of birth; nationality;
- Location information: location data that describes the precise geographic location of your device (“Precise Location Data”).
- Purchase and payment details: records of travel services purchases and prices; invoice records; payment records; payment method; cardholder or account-holder name; payment amount; and payment date.
- Other information that may be requested or gathered while you visit, access or use the Booking Platform.
- We may also Process information about you from your use of our Services (e.g., the type of device you are using, I.P address, the internet service provider, etc)
2.2 We also collect other kinds of information from you or other sources, which we refer to as “Other Information” in this Policy, which may include but is not limited to:
- Information about your use of the Services, such as usage data and statistical information, which may be aggregated.
- Browsing history on the Booking Platform;
- Non-precise information about the approximate physical location (for example, at the city) of a user’s computer or device derived from the IP address of such computer or device (“GeoIP Data”).
- Device identification (“ID”), which is a distinctive number associated with a smartphone or similar handheld device, but is different than a hardware serial number.
- Internet Protocol (“IP”) address, which is a unique string of numbers automatically assigned to your device whenever you access the Internet.
- Internet connection means, such as internet service provider (“ISP”), mobile operator, WiFi connection, service set identifier (“SSID”), International Mobile Subscriber Identity (“IMSI”) and International Mobile Equipment Identity (“IMEI”).
- Device type, settings and software used.
- Log files, which may include IP addresses, browser type, ISP referring/exit pages, operating system,
- Web Beacons, which are electronic files that allow a website to count users who have visited that page or to access certain cookies.
- Pixel Tags, also known as clear GIFs, beacons, spotlight tags or web bugs, which are a method for passing information from the user’s computer to a third party website.
- Local Shared Objects, such as Flash cookies, and Local Storage, such as HTML5.
- Mobile analytics to understand the functionality of our mobile applications and software on your phone.
Under certain circumstances and depending on applicable law, some of this Other Information may constitute Personal Information. Personal Information together with Other Information is hereinafter referred to as “User Information”.
“Personal Information” means information that is about any individual, or from which any individual is directly or indirectly identifiable.
“Process”, “Processing” or “Processed” means anything that is done with any Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3. Sensitive Personal Information
3.1 We do not seek to collect or otherwise Process your Sensitive Personal Information. Where we need to Process your Sensitive Personal Information for legitimate purpose, we do so in accordance with applicable law. The Services are not intended for use by children.
3.2 We do not collect or otherwise Process Personal Information about race, religion, sexual orientation or health or any other information that may be deemed to be sensitive under GDPR (collectively, “Sensitive Personal Information”) in the ordinary course of our business.
3.3 Children: The Travel Services are not intended for the use by Children below the age of 18 years. For availing the services on Booking Platform by the children below 18 years, parental consent will be necessary.
4. How We Collect or Create Information
4.1 We may collect or obtain User Information about you: directly from you (e.g, when you visit our Booking Platform); in course of our relationship with you (e.ge, if you utilize travel services); when you make your Personal Information public (e.g., if you make a public post about us on social media); when you download, install or use any of our Services. We may also receive User Information about you from third parties (e.g., our travel affiliate partners.) We may also create User Information about you, such as records of your interactions with us. Cleartrip is not responsible for Personal Information you volunteer about yourself in public areas of the Services. This Policy does not cover the practices of third parties who many provide information about you to Cleartrip.
4.2 Creation of User Information. We may also create User Information about you, such as records of your interactions with us and details of your travel history, for internal administrative purposes and analysis. We may also combine data you have provided to us with data obtained from third parties such as social networks and other data collection entities.
5. Purposes for Which We May Process Your Information
We may process User Information for following purposes: providing the Services to you; communicating with you; providing advertising to you on the Services and Channels; Lead generation; analyzing your travel interest; observing user engagement and booking travel activities across Services and Channels; conducting surveys; managing our IT systems i.e. identification and mitigation of fraudulent activity; compliance with applicable law; and improving our Services
6. Direct Marketing
We may process your User Information to contact you via email, telephone, SMS or other methods of communication to provide you with information regarding our Services that may be of interest to you. We may send information to you regarding our Services, travel offers; upcoming promotions that may be of interest to you, using the contact details that you have provided to us and always in compliance with applicable law.
7. Cookies, Similar Technologies and Online Behavioral Advertising
8. What is the Lawful Basis for Processing Personal Information
8.1 We may process your User Information where: you have given your consent (this legal basis is only used in relation to Processing that is entirely voluntary – it is not used for Processing that is necessary or obligatory in any way) ; the Processing is necessary for a contract between you and us; the Processing is required by applicable law; the Processing is necessary to protect the vital interests of any individual; or where we have a valid legitimate interest in the Processing.
9. What Information We Disclose to Third Parties
9.1 We may disclose your User Information to other entities within the Company group, for legitimate business purposes (including operating the Services, and providing services to you), in accordance with applicable law.
In addition, we may disclose your User Information to:
- Any relevant third Party Service Providers such as an Airline, Hotel, Activity Service Provider/s who provide the end services;
- legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
- outside professional advisors (such as accountants, auditors, or lawyers), subject to binding contractual obligations of confidentiality;
- third party Processors (such as analytic providers; data centers; etc.), located anywhere in the world, subject to the requirements noted below in this Section 9;
- any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defence of legal rights;
- any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security;
- any relevant third party acquirer(s), in the event that we sell or transfer all or any relevant portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation);
9.2 When you use a co-branded service (a service operated with a partner of Cleartrip), or register or otherwise provide information on a co-branded site, you grant us permission to pass the collected information back to that partner, which may include third party service providers whose services are embedded into and/or appear within the Services;
9.3 Cleartrip may use third party advertising service companies for online behavioral advertising (“OBA”) or otherwise, and perform related services when you use our Services. Often, these third party advertising companies employ cookies and other technologies to measure the effectiveness of website, app and to understand the booking behavior of the User. We also engage third party providers to assist with the segmentation of this data.
9.4 We may engage third party providers to assist with the collection, storage and segmentation of Online Data and the providers are required to maintain the confidentiality of this information. These third party providers may collect User Information from our Services for their own purposes, including but not limited to monitoring fraud around the web.
9.5 We may share your User Information with our partners such as your name, email, or other identifier. Our partners may also: (i) collect information directly from your device, such as your IP address, device ID, advertising ID, and information about your browser or operating system; (ii) combine User Information about you received from Cleartrip with information about you from other sites or services; and (iii) place or recognise a unique cookie on your browser.
10. International Transfers of Information
10.1 Because of the international nature of our business, we may need to transfer your User Information with the Cleartrip Group of companies (Cleartrip Private Limited; Cleartrip Packages and Tours Private Limited; Cleartrip MEA FZ LLC), and to third parties as noted in Section 9 above, in connection with the purposes set out in this Policy. For this reason, we may transfer your User Information to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.
11. Data Security
11.1 We have implemented reasonable technical and organizational security measures to protect your User Information. Please ensure that any Personal Information that you send to us is send securely.
11.2 In certain instances we may use Secure Sockets Layer encryption and/or transfer certain User Information in a non-human readable format to provide protection. However, we cannot guarantee there will not be a breach, and we are not responsible for any breach of security or for the actions of any third parties.
11.3 Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement reasonable measures to protect your information, we cannot guarantee the security of your data transmitted to us using the internet. Any such transmission is at your own risk and you are responsible for ensuring that any Personal Information that you send to us are sent securely.
12. Data Accuracy
We take every reasonable step to ensure that your User Information that we Process is accurate and, where necessary, kept up to date, and any of your User Information that we Process that you inform us is inaccurate (having regard to the purposes for which they are Processed) is erased or rectified.
13. Data Minimisation
We take every reasonable step to ensure that your User Information that we Process is limited to the User Information reasonably necessary in connection with the purposes set out in this Policy or as required to provide you services or access to the Services.
14. Data Retention
14.1 We take every reasonable steps to ensure that your User Information is only retained as long as they are needed. Online Data related to online behavioural advertising (“OBA”) is kept by Cleartrip for not more than 365 days after which it will expire, subject to certain conditions. However, the 365 days period may commence again if the same user subsequently visits or interacts with an ad, email, the Services or a Channel.
14.2 The criteria for determining the duration for which we will keep your User Information are as follows: we will retain copies of your User Information in a form that permits identification only for as long as is necessary in connection with the purposes set out in this Policy, unless applicable law requires a longer retention period. Unless there is a specific legal requirement for us to keep the information, we plan to retain it for no longer than is necessary to fulfill a legitimate business need.
15. What Can I Do to Control My Information?
You can directly take steps to unsubscribe to the newsletters that you receive from us. Please allow fifteen to thirty business days for change to take effect. On some services, pertaining to transactional communication, you may continue to receive emails as a part of the travel booking Service availed on the Booking Platform.
If you are an EU resident, you may have certain rights including: the right not to provide your Personal Information to us; the right to access your Personal Information; the right to request erasure, or restricting of Processing of your Personal Information; the right to have your Personal Information transferred to another controller; the right to withdraw your consent; and the right to lodge complaints with supervisory authorities. We may require proof of or need to verify your identity before we can give effect to these rights.
17. Contact Details
If you have any comments, questions or concerns about any of the information in this Policy, or any other issues relating to the Processing of User Information carried out by us, or on our behalf, please contact:
Cleartrip Private Limited
Kind Attn: Legal Department
Unit No.1, Ground Floor, DTC Building
Sitaram Mill Compound, Delisle Road
Lower Parel (East), Mumbai 400011
If you are an EU resident, you may contact our Data Protection Officer at firstname.lastname@example.org