Privacy Policy

  • Home
  • Privacy Policy

Privacy Policy

Information We Collect

A. Personal Information:

A. Personal Information:- Full name, date of birth, and gender.- Email address and mobile phone number.- Residential address, city, state, and PIN/postal code.- Government-issued identification details (where required for certain bookings).- Nationality and passport/visa information for international hotel bookings.

B. Payment Information:

B. Payment Information:- Credit/debit card numbers (tokenised and encrypted — full card numbers are never stored).- UPI IDs, net banking credentials (processed securely via payment gateway partners).- Transaction history and booking payment records.

C. Device and Technical Data:

C. Device and Technical Data:- IP address, browser type, and version.- Operating system and device identifiers.- Pages visited, time spent, and clickstream data within the Platform.- Geolocation data (with your consent) to personalise search results.- Cookie identifiers and session tokens.

D. User-Generated Content:

D. User-Generated Content:- Reviews, ratings, and photographs submitted to the Platform.- Customer support queries and communication records.- Feedback responses and survey data.

How We Use Your Information

We use the information collected for the following lawful purposes:

3.2 How We Use Your InformationWe use the information collected for the following lawful purposes:- To process, confirm, and manage hotel bookings and related transactions.- To verify user identity and prevent fraudulent or unauthorised activity.- To communicate booking confirmations, updates, and travel-related notifications via email, SMS, and push notifications.- To provide personalised hotel recommendations, promotional offers, and targeted content.- To improve Platform performance, user interface, and service quality through analytics.- To comply with legal, regulatory, and tax obligations under applicable Indian law.- To investigate and resolve customer complaints and disputes.- To conduct internal research, surveys, and market analysis (in anonymised form).

Cookies and Tracking Technologies

c7online.in uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your experience on the Platform. Types of cookies used include:

Essential Cookies: Required for core Platform functionality such as login session management and booking flow. Preference Cookies: Remember your settings, language preferences, and search history. Analytics Cookies: Collect anonymised data to help us understand Platform usage patterns (e.g., Google Analytics). Marketing Cookies: Used to serve relevant advertisements on third- party platforms based on your browsing behaviour (with your consent).

Upon first visit, users are informed via a cookie consent banner. Non- essential cookies (preference analytics, marketing) are activated only upon the user's affirmative consent. Essential cookies do not require separate consent as they are strictly necessary for Platform operation. Users may manage or withdraw cookie consent at any time through Platform settings or browser settings; disabling essential cookies may affect Platform functionality.

Data Sharing and Third-Party Services

We may share your data with the following categories of third parties:

Hotel Partners: Booking details (name, contact, stay dates) are shared with the relevant hotel to fulfil your reservation. Payment Processors: Financial data is transmitted securely to authorised payment gateway partners. Technology Service Providers: Cloud hosting, analytics, customer support, and marketing tool providers may access data under strict contractual data processing agreements. Legal and Regulatory Authorities: We may disclose data where required by law, court order, or regulatory directive. Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the business transaction.

We do not sell, rent, or trade your personal information to third parties for their independent marketing purposes.

Data Protection and Security Measures

All data transmissions between your device and our servers are encrypted using industry- standard TLS/SSL protocols. Payment data is handled in compliance with the Payment Card Industry Data Security Standard (PCI- DSS). Sensitive personal data is stored in encrypted form with access restricted to authorised personnel only. Regular security audits, vulnerability assessments, and penetration testing are conducted. An incident response plan is in place to address data breaches in accordance with applicable notification obligations under Indian law.

Your Rights (Access, Correction, Deletion)

As a data principal under the Digital Personal Data Protection Act, 2023, you have the following rights with respect to your personal data:

Right of Access: You may request a summary of personal data held by us about you. Right of Correction: You may request correction of inaccurate or outdated personal data. Right of Erasure: You may request deletion of your personal data, subject to legal retention obligations.

- Right to Withdraw Consent: You may withdraw consent for data processing at any time, without affecting the lawfulness of prior processing. - Right to Grievance Redressal: You may raise a complaint with our Data Protection Officer or the appropriate Data Protection Board of India.

To exercise any of these rights, please contact our Data Protection Officer at: customercare@c7online.in. Response time: within 30 days of receipt.

Data Retention Policy

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy, or as required by applicable law:

- Booking and transaction records: 7 years (as required under Indian tax and accounting laws).- Account information for active users: Duration of account + 2 years post-closure.- Customer support records: 3 years from resolution of the query.- Marketing and analytics data: 2 years or until consent is withdrawn.

Children's Privacy

c7online.in does not knowingly collect personal data from children under the age of 18. The Platform is not directed at minors. If you are a parent or guardian and believe that a child has provided personal data to us, please contact us at customercare@c7online.in for immediate deletion of such data.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal obligations, or Platform features. Any material changes will be communicated via email to registered users and/or a prominent notice on the Platform at least 15 days prior to the effective date of the revised policy. Continued use of the Platform after the effective date constitutes acceptance of the updated Policy.