Last Updated: June 16, 2025

1. Introduction

Welcome to Punyakar.com ("Portal"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, use our mobile application, or engage with our services.

This Privacy Policy is designed to comply with privacy laws in multiple jurisdictions, including but not limited to:

• The General Data Protection Regulation (GDPR) in the European Union and the UK GDPR
• The California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
• The Digital Personal Data Protection Act, 2023 (DPDP Act) in India
• Other applicable international data protection laws

2. Who We Are

Punyakar.com is a travel portal specializing in pilgrimage journeys, registered in India with operations serving customers globally, particularly in the United States, United Kingdom, and other international markets.

Data Controller/Data Fiduciary:

Punyakar.com 8/33 B, Kirti Nagar Industrial Area, New Delhi, Delhi-110015

Data Protection Officer/Grievance Officer:

Email: privacy@punyakar.com

Phone: [Phone Number]

3. Information We Collect

3.1 Personal Information You Provide

We collect information you voluntarily provide when using our Portal, including but not limited to:

• Identity Information: Full name, date of birth, gender, nationality, passport details, visa information
• Contact Information: Email address, phone number, mailing address, emergency contact details
• Account Information: Username, password, account preferences
• Financial Information: Payment card details, billing address, transaction history
• Travel Preferences: Accommodation preferences, dietary requirements, accessibility needs, religious preferences related to pilgrimage destinations
• Health Information: With your explicit consent, information about medical conditions, disabilities, or special assistance requirements relevant to your travel
• User Content: Reviews, ratings, photos, comments, and other content you submit
• Communication Records: Records of your interactions with our customer service

3.2 Information Collected Automatically

When you use our Portal, we may automatically collect:

• Device Information: IP address, device type, operating system, browser type, mobile network information
• Usage Data: Pages visited, time spent on pages, links clicked, search queries, referring website
• Location Data: With your consent, precise or approximate location information
• Cookies and Similar Technologies: Information collected through cookies, web beacons, and similar technologies as described in our Cookie Policy

3.3 Information from Third Parties

We may receive information about you from:

• Travel partners, airlines, hotels, and other service providers
• Payment processors and financial institutions
• Social media platforms (if you connect your account or interact with our social media presence)
• Public databases and identity verification services
• Marketing and analytics partners

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Providing Our Services

• Processing and confirming your travel bookings and reservations
• Managing your account and providing customer support
• Facilitating payments and refunds
• Arranging necessary travel documentation
• Coordinating with travel partners to fulfill your bookings
• Sending essential communications about your bookings or account

4.2 Personalization and Improvement

• Personalizing your experience and offering tailored recommendations
• Improving our Portal, services, and user experience
• Developing new features and services
• Conducting research and analysis to better understand our users

4.3 Marketing and Communications

• Sending promotional communications about special offers, packages, and services
• Providing newsletters and updates about pilgrimage destinations
• Conducting surveys and collecting feedback
• Notifying you about changes to our services

4.4 Legal and Security Purposes

• Complying with legal obligations and regulatory requirements
• Enforcing our terms of service and other policies
• Detecting and preventing fraud, security breaches, and other harmful activities
• Protecting our rights, property, or safety, and that of our users and others

5. Legal Basis For Processing (Gdpr And Uk Gdpr)

For users in the European Economic Area (EEA) and the United Kingdom, we process your personal information on the following legal bases:

• Contract Performance: Processing necessary to fulfill our contractual obligations to you, such as processing your booking or managing your account
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, preventing fraud, and ensuring the security of our Portal
• Legal Obligation: Processing necessary to comply with our legal obligations, such as maintaining tax records or responding to court orders
• Consent: Processing based on your specific consent, such as sending marketing communications or processing sensitive information

You can withdraw your consent at any time by contacting us or using the opt-out mechanisms provided.

6. Data Sharing And Disclosure

6.1 Service Providers and Business Partners

We may share your information with:

• Travel suppliers (airlines, hotels, transportation providers, tour operators)
• Payment processors and financial institutions
• Customer support services
• Marketing and advertising partners
• Analytics and data processing providers
• IT and cloud service providers
• Professional advisors (lawyers, accountants, auditors)

6.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, including:

• In response to a court order, subpoena, or similar legal process
• To comply with legal obligations
• To protect our rights, property, or safety, and that of our users or others
• In connection with an investigation of suspected or actual illegal activity

6.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

6.4 With Your Consent

We may share your information with third parties when you have given us your consent to do so.

7. International Data Transfers

As a global travel service, we may transfer your personal information to countries other than your country of residence, including to countries that may not provide the same level of data protection as your home country.

7.1 Data Transfer Mechanisms

When transferring data from the EEA, UK, or other jurisdictions with data transfer restrictions, we implement appropriate safeguards such as:

• Standard Contractual Clauses approved by the European Commission or UK authorities
• Binding Corporate Rules where applicable
• Adequacy decisions where the recipient country has been deemed to provide adequate protection
• Derogations for specific situations as permitted by applicable law

7.2 India-Specific Transfer Provisions

For users in India, we comply with the DPDP Act requirements for cross-border transfers of personal data. We only transfer your data to countries or territories notified by the Indian government or under conditions specified in the applicable regulations.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

• The duration of our relationship with you and provision of services to you
• Whether we have a legal obligation to retain the data
• Whether retention is advisable in light of our legal position (such as for statutes of limitations, litigation, or regulatory investigations)

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

9.1 For EEA and UK Residents (GDPR and UK GDPR)

• Right to Access: Request a copy of your personal information
• Right to Rectification: Correct inaccurate or incomplete information
• Right to Erasure: Request deletion of your personal information in certain circumstances
• Right to Restrict Processing: Request restriction of processing in certain circumstances
• Right to Data Portability: Receive your personal information in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing that produce legal effects
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

9.2 For California Residents (CCPA/CPRA)

• Right to Know: Request information about the personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information, subject to exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt-out of the sale or sharing of your personal information and limit the use of sensitive personal information
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights

9.3 For Indian Residents (DPDP Act)

• Right to Access: Request information about your personal data being processed
• Right to Correction and Erasure: Request correction or erasure of your personal data
• Right to Grievance Redressal: Lodge a complaint with our Grievance Officer
• Right to Nominate: Nominate another person to exercise your rights in the event of death or incapacity

9.4 How to Exercise Your Rights

To exercise your privacy rights, please contact us at:

Email: privacy@punyakar.com

Phone: [Phone Number]

Online: [Link to Privacy Rights Portal]

We will respond to your request within the timeframe required by applicable law (generally 30 days for GDPR/UK GDPR, 45 days for CCPA/CPRA, and 7 days for acknowledgment under the DPDP Act).

We may need to verify your identity before processing your request. In some cases, we may deny your request if permitted by applicable law, and we will explain the reasons for denial

10. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of sensitive personal information
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Staff training on data protection and security
• Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

11. Children's Privacy

Our Portal is not intended for children under the age of 16, and we do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us, and we will take steps to delete such information.

12. Cookies And Similar Technologies

We use cookies, web beacons, and similar technologies to enhance your experience, gather information about users and visits, and facilitate the use of our Portal. For detailed information about our use of these technologies, please see our Cookie Policy.

13. Third-Party Links And Services

Our Portal may contain links to third-party websites, services, or applications that are not operated by us. This Privacy Policy does not apply to such third-party services. We recommend reviewing the privacy policies of any third-party services you access through our Portal.

14. Changes To This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. The updated version will be indicated by an updated "Last Updated" date, and the updated version will be effective as soon as it is accessible.

We encourage you to review this Privacy Policy regularly to stay informed about our information practices. If we make material changes, we will notify you through a notice on our Portal or by email prior to the change becoming effective.

15. Jurisdiction-Specific Provisions

15.1 California Privacy Notice

For California residents, we provide additional information required by the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Categories of Personal Information Collected: In the past 12 months, we have collected the categories of personal information described in Section 3 of this Privacy Policy.
• Sources of Personal Information: We collect personal information directly from you, automatically through your use of the Portal, and from third parties as described in Section 3.
• Business or Commercial Purpose: We use and disclose the information as described in Section 4.
• Categories of Third Parties: We share personal information with the categories of third parties described in Section 6.
• Sale or Sharing of Personal Information: Under California law, certain data sharing may be considered a "sale" or "sharing." You have the right to opt-out of the sale or sharing of your personal information by clicking on the "Do Not Sell or Share My Personal Information" link on our homepage.
• Sensitive Personal Information: We only process sensitive personal information for purposes permitted by the CPRA.

To exercise your California privacy rights, please contact us using the methods described in Section 9.4.

15.2 India-Specific Provisions

For users in India, in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act):

• Data Fiduciary: We act as a data fiduciary as defined under the DPDP Act.
• Grievance Officer: Our designated Grievance Officer can be contacted at grievance@punyakar.com.
• Consent: We obtain your consent before processing your personal data, except where exempted under the DPDP Act.
• Data Breach Notification: We will notify the Data Protection Board of India and affected users in case of a personal data breach as required by law.
• Cross-Border Transfers: We transfer personal data outside India only in accordance with the provisions of the DPDP Act and applicable regulations.

15.3 UK and EU-Specific Provisions

For users in the UK and EU:

• Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.
• Representative: Our EU representative can be contacted at [EU Representative Contact Details].
• Automated Decision-Making: We do not make solely automated decisions that have legal or similarly significant effects on you without appropriate safeguards.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Punyakar.com 8/33 B, Kirti Nagar Industrial Area, New Delhi, Delhi-110015

Email: privacy@punyakar.com

Phone: [Phone Number]