Privacy Policy
1. Who we are and how to contact us
- Data Protection Officer/Grievance Officer: Prakash Chandra Sahoo, email: GM@snecoresort.com postal: Dhirapatana, Dhenkanal, Odisha – 759015.
- We provide this notice in clear and plain language and, on request, in English or any language listed in the Eighth Schedule to the Constitution.
2. What personal data we collect
- Identity data (name, date of birth/age, gender, ID details as required by law).
- Contact data (mobile, email, postal address).
- Booking and transaction data (tickets, rooms, purchases, payment references; we do not store full card details).
- Preference data (room/meal preferences, ride choices, activities).
- Device/network data when you use our websites/apps/Wi‑Fi (IP address, device identifiers, logs, cookies/SDK data).
- CCTV images in public/common areas; event/marketing photos/videos.
- Health/safety information you voluntarily provide for first aid/incidents or to assess ride eligibility.
- Children’s data when relevant (age/guardian details for tickets or activities restricted to minors).
3. Sources of data
- Directly from you (online forms, check‑in, at counters, calls/emails).
- Generated by our systems (booking IDs, access control, logs).
- From authorised third parties (travel agents, corporate bookings, payment service providers), as permitted by law.
4. Purposes and lawful bases
- Booking and service fulfilment: to issue tickets, manage stays, provide rides and amenities.
- Safety and security: access control, CCTV, incident response and legal compliance.
- Payments and fraud prevention.
- Customer support and grievance redressal.
- Marketing with consent: offers, newsletters, and surveys; you may withdraw consent at any time.
- Legal obligations: tax invoicing, record‑keeping, responding to lawful requests, and cybersecurity incident reporting.
- Network security: maintaining ICT logs as required by applicable directions.
5. Consent management
- Where we rely on consent (e.g., optional marketing, certain cookies, processing children’s data), we will present clear requests and provide easy withdrawal mechanisms.
- If you withdraw consent, this will not affect prior lawful processing; we may continue processing where required by law or for service fulfilment.
6. Children’s data
- For persons under 18 years, we seek verifiable consent of the parent/guardian for non‑essential processing. Certain online tracking may be disabled for child accounts.
- Please do not provide children’s data unless you are the parent/guardian or are authorised.
7. Cookies and similar technologies
- We use essential cookies for site operation and optional analytics/advertising cookies with consent.
8. Disclosures and processors
- We share data with service providers under written contracts (cloud hosting, payment gateways, marketing platforms, security, support).
- We may disclose data when required by law or to respond to lawful requests from government, courts, or regulators.
- Third parties must implement appropriate technical and organisational measures and process data only on our documented instructions.
9. Cross‑border data transfers
- We may store/process data on servers located in India or abroad. Cross‑border transfers will be made in compliance with applicable law and any government‑notified restrictions. We maintain contractual safeguards with processors located outside India.
10. Security measures
- We implement reasonable security practices, including access controls, encryption in transit where applicable, employee training, and periodic risk assessments.
- Our information security programme aligns with recognised standards (e.g., ISO/IEC 27001 or equivalent).
- We maintain ICT system logs and incident response procedures as required by applicable directions.
11. Data retention
- We retain personal data only as long as necessary for the purposes stated or as required by law (e.g., tax, accounting, incident reports).
- Network/security logs may be retained for at least 180 days or longer if legally required.
- On request or when no longer needed, we will delete or anonymise personal data subject to legal retention obligations and backup limitations.
12. Your rights and choices
- Access your personal data we hold.
- Correct or update inaccurate data.
- Withdraw consent for optional processing (e.g., marketing).
- Request erasure where data is no longer necessary or where required by law.
- Nominate another person to exercise rights on your behalf in the event of death/incapacity, where permitted.
- File a grievance with our Data Protection/Grievance Officer; if unresolved, you may escalate to the competent authority/board or approach courts/consumer fora as applicable.
- To exercise these rights, contact: [email/portal link]. We will acknowledge and respond within timelines prescribed by law or within [30] days, whichever is sooner.
13. Data breach and cybersecurity incidents
- We assess and respond to suspected personal data breaches promptly. Where required, we will notify the relevant authority and affected individuals.
- Certain cybersecurity incidents must be reported to the Indian Computer Emergency Response Team (CERT‑In) within prescribed timelines. We cooperate with lawful investigations.
14. Automated decision‑making and profiling
- We do not make decisions with legal or similarly significant effects solely by automated means without appropriate safeguards.
- Marketing segmentation may be used to personalise offers; you can opt out of marketing at any time.
15. Third‑party links and platforms
- Our websites/apps may contain links to third‑party sites. Their privacy practices are governed by their own policies; please review them before use.
16. Changes to this Privacy Policy
- We may update this policy to reflect changes in law or our practices. Material changes will be notified on our website/app and, where appropriate, via email/SMS.
17. Contact
- Privacy & Data Protection: Prakash Chandra Sahoo, General Manager, GM@snecoresort.com.
- General Guest Relations: GM@snecoresort.com.