Data Protection & GDPR Policy
Effective Date: 01 - April - 2025
Hotel Murawah is committed to protecting your privacy in compliance with **Indian laws (IT Act 2000, Data Protection Bill 2021, Consumer Protection Act 2019)** and **General Data Protection Regulation (GDPR) for EU-based customers**.
1. Personal Data We Collect
- Guest **Name, Email, Phone Number, Address** (for reservations and check-in).
- Payment information (**credit/debit card details, UPI, net banking**) via secure third-party payment gateways.
- Government ID proofs (**Aadhaar, Passport, PAN**) for compliance with **Indian hospitality laws**.
- IP address, cookies, and browsing activity for website analytics.
2. Purpose of Data Collection
- To process **hotel bookings, payments, and customer inquiries**.
- To comply with **government-mandated KYC verification**.
- To send **promotional offers, loyalty programs, and newsletters** (only if consent is given).
- To enhance customer experience using **website analytics and security logs**.
3. Data Storage & Security
- All personal data is **encrypted and stored securely** on protected servers.
- We follow **RBI-mandated PCI DSS compliance** for payment security.
- We implement **firewall protection, SSL encryption, and multi-layered access control**.
4. Data Sharing & Third Parties
Hotel Murawah **does not sell or share your personal data** except:
- With **payment gateways and banks** for processing transactions securely.
- With **government authorities** for legal compliance (taxation, security, etc.).
- With **partner services** (travel operators, meal services) only with explicit guest consent.
5. Guest Rights Under GDPR & Indian Law
Guests (including EU residents) have the right to:
- **Access:** Request a copy of their stored personal data.
- **Rectification:** Update incorrect or incomplete data.
- **Erasure:** Request deletion of personal data (**subject to legal obligations**).
- **Objection:** Opt-out of marketing and data processing.
6. Cookie Policy
Our website uses **cookies** to improve user experience. Guests can manage cookie preferences in their browser settings.
7. Data Retention Policy
We retain guest data for:
- **Booking Records:** Minimum 2 years (as per Indian tax laws).
- **KYC & ID Verification:** As mandated by government regulations.
- **Marketing & Analytics Data:** Only if consent is given.
8. Complaints & Data Breach Reporting
In case of concerns, please contact us. If a data breach occurs, we will notify affected users and the **Indian Data Protection Authority** within 72 hours.