OotyBookings

Last Updated: February 14, 2026

Your Privacy Matters to Us

At OotyBookings, we are committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our website or book our tour services.

We believe in transparency. This policy is written in clear, simple language so you understand exactly how your information is handled.

By using our website or services, you consent to the practices described in this Privacy Policy.

Quick Summary

Don’t have time to read everything? Here’s the essentials:

What We Collect	Why We Need It	How We Use It
Name, phone, email	To process your booking	Contact you about your tour
ID proof copies	Legal requirement for travel	Verify identity, hotel check-ins
Payment details	To complete transactions	Process payments securely
Travel preferences	To customize your experience	Tailor tours to your needs
Website usage data	To improve our website	Better user experience

We NEVER:

❌ Sell your personal information to third parties
❌ Share your data for marketing by others
❌ Send spam emails
❌ Store credit card details on our servers

Read the full policy below for complete details.

1. Who We Are

Data Controller:

Business Name: OotyBookings
Type: Travel Agency and Tour Operator
Location: Ooty, Tamil Nadu, India
Contact Email: ootybookings@gmail.com
Website: www.ootybookings.in

We are indigenous tour operators based in Ooty, specializing in eco-friendly and authentic travel experiences in the Nilgiris region of Tamil Nadu, India.

This Privacy Policy applies to:

Our website (www.ootybookings.in)
Mobile applications (if applicable)
Booking services
Email communications
Phone and WhatsApp communications
Social media interactions

2. Information We Collect

We collect different types of information to provide you with the best tour experience possible.

2.1 Personal Information You Provide

When you book a tour, we collect:

Contact Information:

Full name (as per ID)
Email address
Phone number (mobile and alternate)
Mailing address (if applicable)
Emergency contact details

Identification Information:

Government-issued ID proof (Aadhaar, PAN, Passport, Driver’s License)
Date of birth
Nationality
Age (for pricing and activity suitability)

Travel Information:

Travel dates and destinations
Number of travelers in your group
Accommodation preferences
Dietary restrictions and allergies
Medical conditions (if disclosed for safety)
Special requirements (accessibility, celebrations, etc.)
Travel history with us (past bookings)

Payment Information:

Billing name and address
Payment method used (bank transfer, card, UPI)
Transaction details and receipts
Note: We do NOT store complete credit/debit card numbers

Communication Records:

Emails exchanged with us
WhatsApp messages and call logs
Inquiry forms submitted
Feedback and reviews
Complaint correspondence

2.2 Information Collected Automatically

When you visit our website:

Technical Information:

IP address
Browser type and version
Device type (mobile, desktop, tablet)
Operating system
Screen resolution
Referring website (how you found us)
Pages visited and time spent
Click patterns and navigation paths

Location Information:

Approximate geographic location (based on IP address)
GPS location (only if you grant permission on mobile)

Cookies and Similar Technologies:

Session cookies (temporary)
Persistent cookies (remember your preferences)
Analytics cookies (Google Analytics)
Marketing cookies (Facebook Pixel, if applicable)

See Section 10 for detailed cookie information.

2.3 Information from Third Parties

We may receive information from:

Service Providers:

Hotels and resorts (booking confirmations)
Transport operators (vehicle booking details)
Payment gateways (transaction status)
Activity providers (availability and bookings)

Social Media:

If you connect via Facebook/Google login
Public profile information (name, profile picture)
Friends list (only if you grant permission)

References:

If referred by another customer or travel agent
Referrer’s name and relationship

2.4 Information You Make Public

If you share on social media:

Reviews on Google, TripAdvisor, Facebook
Photos and videos from your tour (tagged with us)
Comments on our social media posts
Testimonials provided to us

Note: Once posted publicly, this information is visible to others and governed by the respective platform’s privacy policy.

3. How We Collect Information

We collect information through various channels:

3.1 Direct Collection

You provide information directly when you:

Fill out booking forms on our website
Call, email, or WhatsApp us for inquiries
Submit contact forms or inquiry requests
Create an account (if applicable)
Subscribe to our newsletter
Participate in surveys or contests
Provide feedback or reviews
Visit our office in person

3.2 Automatic Collection

Technology automatically collects data when you:

Browse our website
Click on links in our emails
Interact with our online ads
Use our mobile app (if applicable)

Technologies used:

Cookies (see Section 10)
Web beacons and pixels
Google Analytics
Facebook Pixel (for remarketing)
Server logs

3.3 Third-Party Collection

We receive information from:

Payment processors (transaction confirmations)
Social media platforms (if you use social login)
Hotels and service providers (booking confirmations)
Google Maps API (location services)
Review platforms (TripAdvisor, Google Reviews)

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 To Provide Tour Services

Primary purposes:

Process and confirm your bookings
Arrange accommodation, transport, and activities
Assign tour guides and drivers
Communicate tour details and itineraries
Handle special requests and customizations
Provide customer support during your tour
Send booking confirmations and receipts
Issue invoices and payment reminders

4.2 To Improve Our Services

Service enhancement:

Analyze customer preferences and behavior
Improve our website and user experience
Develop new tour packages based on demand
Train our staff for better service
Monitor and improve service quality
Identify and fix technical issues

4.3 To Communicate with You

Communications include:

Booking confirmations and updates
Travel tips and preparation guides
Pre-tour reminders and checklists
Post-tour thank you messages and feedback requests
Special offers and promotions (with your consent)
Newsletter updates (if subscribed)
Important service announcements
Responses to your inquiries

You can opt-out of marketing communications anytime (but not transactional emails related to your booking).

4.4 For Marketing and Advertising

With your consent, we use your data for:

Sending promotional emails about new packages
Personalized offers based on your interests
Remarketing ads on Google and Facebook
Social media campaigns
Customer testimonials (with permission)
Case studies and success stories

You control your marketing preferences. Unsubscribe anytime.

4.5 For Legal and Safety Purposes

We may use your information to:

Comply with legal obligations (ID verification, tax reporting)
Prevent fraud and unauthorized transactions
Protect against security threats
Enforce our Terms and Conditions
Resolve disputes and handle complaints
Cooperate with law enforcement when required
Protect the safety of our customers and staff

4.6 For Business Operations

Internal purposes:

Accounting and financial reporting
Business analytics and performance tracking
Quality control and auditing
Insurance claims (if applicable)
Mergers, acquisitions, or business transfers (your data may transfer to new owners)

5. Legal Basis for Processing

We process your personal data based on the following legal grounds:

5.1 Contract Performance

Processing necessary to fulfill our contractual obligations when you book a tour.

Examples:

Confirming your booking
Arranging services
Processing payments

5.2 Consent

You have explicitly given permission for specific processing activities.

Examples:

Marketing emails
Newsletter subscription
Using your testimonials
Cookies (where required)

You can withdraw consent anytime.

5.3 Legitimate Interests

Processing necessary for our legitimate business interests (balanced against your rights).

Examples:

Fraud prevention
Website security
Business analytics
Customer service improvements

5.4 Legal Obligations

Processing required to comply with Indian laws and regulations.

Examples:

Tax reporting
ID verification for hotel check-ins
Responding to government authorities
Record-keeping requirements

6. How We Share Your Information

We share your information only when necessary. We NEVER sell your personal data.

6.1 Service Providers (Third Parties)

We share relevant information with:

Hotels and Accommodations:

Your name, check-in/out dates, ID proof
Special requests (dietary, accessibility)
Contact number for emergencies

Transport Providers:

Your name, pick-up location, phone number
Number of passengers
Luggage requirements

Activity Operators:

Name, age (for safety requirements)
Health information (if activity requires)
Emergency contact

Payment Processors:

Billing information
Transaction amount
Bank/payment gateway details

Technology Providers:

Google Analytics (anonymized data)
Email service providers (Mailchimp, etc.)
Website hosting providers
CRM software (customer management)

All third parties are contractually obligated to protect your data and use it only for the specified purpose.

6.2 Legal Requirements

We may disclose your information to:

Government authorities (tax, tourism departments)
Law enforcement (if legally required)
Courts (in response to legal proceedings)
Regulatory bodies

We will inform you unless legally prohibited.

6.3 Business Transfers

If OotyBookings is sold, merged, or acquired:

Your data may be transferred to the new owner
The new owner must honor this Privacy Policy
We will notify you before the transfer

6.4 With Your Consent

We may share your information with others if you explicitly agree:

Testimonials on our website (with your permission)
Case studies or marketing materials
Referral programs (sharing your experience with friends)

6.5 Aggregated or Anonymized Data

We may share non-personal, aggregated data publicly:

“90% of our customers are from Bangalore”
“Most popular tour month: April”

This data cannot identify you personally.

7. Data Security

We take data security seriously and implement multiple safeguards:

7.1 Technical Measures

Security measures include:

SSL/TLS Encryption: All data transmitted through our website is encrypted
Secure Servers: Data stored on password-protected servers
Firewall Protection: Network security to prevent unauthorized access
Regular Backups: Daily encrypted backups of all data
Secure Payment Gateways: We use trusted, PCI-DSS compliant processors
Access Controls: Only authorized personnel can access customer data
Two-Factor Authentication: For admin access to systems

7.2 Organizational Measures

Internal policies:

Staff training on data protection
Confidentiality agreements with all employees
Need-to-know access (staff only see data relevant to their role)
Regular security audits
Incident response procedures
Secure disposal of physical records (shredding)

7.3 Third-Party Security

Our service providers must:

Maintain adequate security measures
Sign data processing agreements
Comply with applicable data protection laws
Report any data breaches immediately

7.4 Your Role in Security

You can protect your data by:

Using strong passwords (if you have an account)
Not sharing login credentials
Logging out of shared devices
Verifying our email addresses (beware of phishing)
Reporting suspicious activity immediately

7.5 Data Breach Notification

If a data breach occurs:

We will notify affected customers within 72 hours
Provide details of the breach and data affected
Explain steps we’re taking to resolve it
Advise on protective measures you should take
Report to relevant authorities as required by law

No system is 100% secure. While we implement best practices, we cannot guarantee absolute security. Use our services at your own risk regarding security.

8. How Long We Keep Your Data

We retain your data only as long as necessary for the purposes described.

8.1 Retention Periods

Data Type: Retention Period

Data Type	Retention Period	Reason
Booking information	7 years	Tax and legal compliance
Payment records	7 years	Accounting and audit requirements
ID proof copies	3 years after tour	Legal record-keeping
Communication records	5 years	Customer service and dispute resolution
Marketing consents	Until you opt-out	Ongoing marketing
Website analytics	26 months (Google Analytics default)	Service improvement
Cookies	See cookie policy (Section 10)	Technical and analytics
Customer feedback	Indefinitely (anonymized)	Service improvement

8.2 Deletion After Retention Period

When the retention period expires:

Data is securely deleted or anonymized
Physical records are shredded
Digital records are permanently erased
Backups are overwritten within 90 days

8.3 Legal Holds

We may retain data longer if:

Required by law or court order
Needed for ongoing legal proceedings
Necessary to defend against claims

8.4 Your Right to Earlier Deletion

You can request deletion before the retention period ends (see Section 9: Your Rights), subject to legal and contractual obligations.

9. Your Rights

You have several rights regarding your personal data:

9.1 Right to Access

You can request:

Copy of all personal data we hold about you
Information about how we use your data
Details of third parties we share data with

How to exercise: Email ootybookings@gmail.com with “Data Access Request” in subject line. We’ll respond within 30 days.

9.2 Right to Rectification

You can request correction of:

Inaccurate personal information
Incomplete data

How to exercise: Contact us with correct information. We’ll update within 7 days.

9.3 Right to Erasure (“Right to be Forgotten”)

You can request deletion of your data if:

No longer needed for original purpose
You withdraw consent (for consent-based processing)
You object to processing (see below)
Data was unlawfully processed

Limitations: We may refuse if we have legal obligations to retain data (e.g., tax records, ongoing disputes).

How to exercise: Email deletion request. We’ll respond within 30 days.

9.4 Right to Restrict Processing

You can request we stop processing (but not delete) your data if:

You contest the accuracy (while we verify)
Processing is unlawful but you prefer restriction over deletion
We no longer need data but you need it for legal claims
You’ve objected to processing (pending our response)

9.5 Right to Data Portability

You can request:

Your data in a structured, machine-readable format
Transfer to another service provider (where technically feasible)

Applies to: Data you provided based on consent or contract, processed by automated means.

How to exercise: Request via email. We’ll provide in CSV or JSON format.

9.6 Right to Object

You can object to:

Marketing communications (anytime, no explanation needed)
Processing based on legitimate interests
Automated decision-making (if applicable)

How to exercise:

Marketing: Click “unsubscribe” in emails or contact us
Other objections: Email with explanation

9.7 Right to Withdraw Consent

If processing is based on consent:

You can withdraw consent anytime
Withdrawal doesn’t affect lawfulness of prior processing
May impact our ability to provide certain services

How to exercise: Email or update preferences in account settings.

9.8 Right to Lodge a Complaint

If you believe we’ve violated your privacy:

Contact us first: ootybookings@gmail.com
If unsatisfied, lodge complaint with relevant data protection authority

For India: Ministry of Electronics and Information Technology

9.9 How to Exercise Your Rights

Contact us:

Email: ootybookings.in@gmail.com
Mail: OotyBookings, Ooty, Tamil Nadu, India

Include:

Your full name
Booking reference (if applicable)
Description of your request
ID proof (to verify identity)

Response time: Within 30 days (may extend to 60 days for complex requests)

Cost: Generally free. We may charge reasonable fee for repetitive or excessive requests.

10. Cookies and Tracking Technologies

10.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us:

Remember your preferences
Understand how you use our site
Improve your experience

10.2 Types of Cookies We Use

Strictly Necessary Cookies (Always Active):

Essential for website functionality
Enable page navigation, secure areas
Cannot be disabled without impacting site

Examples: Session ID, security tokens

Performance/Analytics Cookies (Consent Required):

Help us understand site usage
Anonymous statistics on visits, pages, bounce rates
Used to improve website

Examples: Google Analytics

Functionality Cookies (Consent Required):

Remember your choices (language, location)
Provide enhanced features
May be set by us or third parties

Examples: Font size preferences, chat support

Targeting/Advertising Cookies (Consent Required):

Track browsing across websites
Show relevant ads
Measure ad campaign effectiveness

Examples: Facebook Pixel, Google Ads remarketing

10.3 Third-Party Cookies

We use cookies from:

Google Analytics: Website analytics
Facebook Pixel: Remarketing and ad tracking
Payment Gateways: Secure transaction processing
Social Media Plugins: Share buttons, embedded posts

Each has its own privacy policy.

10.4 Cookie Duration

Session Cookies: Deleted when you close browser
Persistent Cookies: Remain for set period (days to years)

Our cookie lifespans:

Session: End of browser session
Analytics: 26 months
Remarketing: 30-90 days

10.5 Managing Cookies

You control cookie settings:

In Your Browser:

Chrome: Settings → Privacy → Cookies
Firefox: Options → Privacy → Cookies
Safari: Preferences → Privacy → Cookies
Edge: Settings → Privacy → Cookies

On Our Website:

Cookie consent banner (first visit)
Cookie settings page [Link]

Note: Disabling cookies may affect website functionality.

Opt-out of specific cookies:

Google Analytics: https://tools.google.com/dlpage/gaoptout
Facebook Pixel: Facebook ad settings

10.6 Do Not Track (DNT)

Our website currently does not respond to DNT signals. This is industry standard as no universal DNT standard exists.

11. Third-Party Links

11.1 External Websites

Our website may contain links to:

Hotels and resorts
Tourist attractions
Activity providers
Social media platforms
Payment gateways
Review sites (TripAdvisor, Google Reviews)

We are NOT responsible for:

Privacy practices of third-party websites
Content on external sites
Security of third-party platforms

Before providing personal information to third parties, review their privacy policies.

11.2 Social Media Plugins

We use social media buttons/widgets (Facebook, Instagram, Twitter):

These may set cookies
Track your interactions
Are governed by the platform’s privacy policy

11.3 Embedded Content

We may embed content from:

YouTube videos
Google Maps
Instagram posts
Facebook posts

These platforms may collect data about your interaction.

12. Children’s Privacy

12.1 Age Restrictions

Our services are intended for adults (18+ years).

We do not knowingly collect personal information from children under 13 without parental consent.

12.2 Parental Consent

If a child is part of your booking:

Parents/guardians provide all information
Parents/guardians consent to data processing
Children’s data is protected with the same security measures

12.3 If We Learn of Unauthorized Collection

If we discover we’ve collected data from a child under 13 without parental consent:

We will delete it immediately
Will not use the data for any purpose
Will notify parents if we have contact information

Parents: If you believe your child’s data was collected without consent, contact us immediately at ootybookings@gmail.com.

13. International Data Transfers

13.1 Where We Store Data

Primary storage:

Servers located in India
Cloud services may use international data centers

13.2 Cross-Border Transfers

Your data may be transferred to:

Cloud service providers (AWS, Google Cloud) with global infrastructure
International payment processors
Global analytics services (Google Analytics)

All transfers comply with applicable data protection laws.

13.3 Safeguards for International Transfers

When data leaves India:

We ensure adequate level of protection
Use standard contractual clauses
Transfer only to countries with adequate data protection
Service providers must comply with Indian data protection laws

14. Changes to This Policy

14.1 Updates

We may update this Privacy Policy to:

Reflect changes in our practices
Comply with new legal requirements
Improve clarity

14.2 Notification of Changes

How we notify you:

Email to registered customers
Prominent notice on our website
Update “Last Updated” date at top of policy

14.3 Material Changes

For significant changes affecting your rights:

We’ll provide 30 days advance notice
Explain the changes clearly
May require your renewed consent

14.4 Your Acceptance

Continued use after changes means you accept the updated policy.

If you disagree with changes:

Stop using our services
Request data deletion (subject to retention requirements)

15. Contact Us

15.1 Privacy Questions or Concerns

Contact our Privacy Team:

📧 Email: ootybookings@gmail.com

For privacy matters, email is preferred for record-keeping.

15.2 General Inquiries

For booking and general questions:

📧 Email: ootybookings@gmail.com
🌐 Website: www.ootybookings.in
📍 Office: Ooty, Tamil Nadu, India

Office Hours: Monday-Sunday, 9:30 AM – 8:00 PM IST

15.3 Data Protection Officer (If Applicable)

For companies processing large volumes of data, a DPO may be required. Currently, our Privacy Team handles all data protection matters.

If a DPO is appointed in the future, contact details will be listed here.

15.4 Response Time

Privacy requests: Within 30 days
Urgent security issues: Within 24-48 hours
General inquiries: Within 48 hours

Additional Information

Governing Law

This Privacy Policy is governed by the Information Technology Act, 2000 and related rules including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Compliance

We comply with:

Indian data protection laws
Payment Card Industry Data Security Standard (PCI-DSS) for payment processing
General Data Protection Regulation (GDPR) principles where applicable to EU citizens

Disclaimer

While we strive to protect your personal information, no internet transmission is 100% secure. You use our services at your own risk regarding security.

Your Privacy Checklist

We promise to:

✅ Keep your data secure with industry-standard measures
✅ Use your data only for stated purposes
✅ Give you control over your data
✅ Respond promptly to your privacy requests
✅ Update this policy transparently
✅ Comply with all applicable laws
✅ Never sell your personal information

We expect you to:

✅ Provide accurate information
✅ Update us if your details change
✅ Protect your account credentials
✅ Read this policy and our Terms & Conditions
✅ Ask questions if anything is unclear

Glossary of Terms

Personal Data: Information that identifies you (name, email, phone, ID)

Processing: Any operation performed on data (collection, storage, use, deletion)

Data Controller: Entity that determines purposes and means of processing (OotyBookings)

Data Processor: Entity that processes data on behalf of controller (service providers)

Consent: Your freely given, specific, informed agreement to processing

Legitimate Interest: Processing necessary for our business interests, balanced against your rights

Anonymization: Removing all identifying information so data cannot be traced back to you

Encryption: Converting data into code to prevent unauthorized access

Third Party: Any entity other than you and OotyBookings

Version History

Date	Version	Changes
Feb 14, 2026	2.0	Comprehensive update with enhanced clarity on data rights, cookie policy, and security measures
Jan 10, 2024	1.5	Added GDPR-inspired provisions for international customers
Aug 05, 2023	1.0	Initial Privacy Policy published

Final Note

Your trust is important to us. We handle your personal information with care and respect. This Privacy Policy reflects our commitment to transparency and data protection.

If you have any concerns about how we handle your data, please don’t hesitate to contact us. We’re here to help and ensure your privacy is protected.

Thank you for choosing OotyBookings for your Nilgiris adventure!

This Privacy Policy was last updated on February 14, 2026 and is effective immediately.

OotyBookings – Ooty Eco and Wild Tours
Protecting Your Privacy Since 2015 🏔️

OotyBookings

Your Privacy Matters to Us

Quick Summary

Table of Contents

1. Who We Are

2. Information We Collect

2.1 Personal Information You Provide

2.2 Information Collected Automatically

2.3 Information from Third Parties

2.4 Information You Make Public

3. How We Collect Information

3.1 Direct Collection

3.2 Automatic Collection

3.3 Third-Party Collection

4. How We Use Your Information

4.1 To Provide Tour Services

4.2 To Improve Our Services

4.3 To Communicate with You

4.4 For Marketing and Advertising

4.5 For Legal and Safety Purposes

4.6 For Business Operations

5. Legal Basis for Processing

5.1 Contract Performance

5.2 Consent

5.3 Legitimate Interests

5.4 Legal Obligations

6. How We Share Your Information

6.1 Service Providers (Third Parties)

6.2 Legal Requirements

6.3 Business Transfers

6.4 With Your Consent

6.5 Aggregated or Anonymized Data

7. Data Security

7.1 Technical Measures

7.2 Organizational Measures

7.3 Third-Party Security

7.4 Your Role in Security

7.5 Data Breach Notification

8. How Long We Keep Your Data

8.1 Retention Periods

8.2 Deletion After Retention Period

8.3 Legal Holds

8.4 Your Right to Earlier Deletion

9. Your Rights

9.1 Right to Access

9.2 Right to Rectification

9.3 Right to Erasure (“Right to be Forgotten”)

9.4 Right to Restrict Processing

9.5 Right to Data Portability

9.6 Right to Object

9.7 Right to Withdraw Consent

9.8 Right to Lodge a Complaint

9.9 How to Exercise Your Rights

10. Cookies and Tracking Technologies

10.1 What Are Cookies?

10.2 Types of Cookies We Use

10.3 Third-Party Cookies

10.4 Cookie Duration

10.5 Managing Cookies

10.6 Do Not Track (DNT)

11. Third-Party Links

11.1 External Websites

11.2 Social Media Plugins

11.3 Embedded Content

12. Children’s Privacy

12.1 Age Restrictions

12.2 Parental Consent

12.3 If We Learn of Unauthorized Collection

13. International Data Transfers

13.1 Where We Store Data

13.2 Cross-Border Transfers

13.3 Safeguards for International Transfers

14. Changes to This Policy

14.1 Updates

14.2 Notification of Changes

14.3 Material Changes

14.4 Your Acceptance

15. Contact Us

15.1 Privacy Questions or Concerns

15.2 General Inquiries