Privacy Notice & Cookie Policy

1. Introduction

Welcome to Vaatalya. We are committed to protecting your digital privacy and ensuring the security of your personal information.

This Privacy Notice explains how Vaatalya (acting as the Data Fiduciary) collects, processes, and safeguards the personal data of our guests and website visitors (the Data Principals) in compliance with the Digital Personal Data Protection (DPDP) Act, 2023 and applicable Indian laws.

2. What Personal Data We Collect

We collect only the data necessary to provide you with our retreat services and ensure a seamless experience. This includes:

  • Identity Data: Name, gender, nationality, date of birth, and government-issued ID details (Passport/Driving License/Aadhar) as strictly required by local law for check-in.

  • Contact Data: Phone number, email address, and emergency contact details.

  • Financial Data: Credit/debit card details (processed securely via banking partners) and transaction history.

  • Stay Preferences: Dietary requirements, allergies, and special requests (including health conditions relevant to your stay).

  • Technical Data: IP address, browser type, and device details when you use our Wi-Fi or visit vaatalya.com.

  • Children’s Data: We process personal data of minors only with verifiable parental consent. If you are booking for a child, you confirm you are the parent or lawful guardian authorized to share their data.

3. Why We Process Your Data (Purpose)

We process your data for the following specific purposes:

  1. Service Delivery: To confirm bookings, manage check-ins, process payments, and provide meals/accommodation.

  2. Communication: To send booking confirmations, pre-arrival guides, and emergency updates.

  3. Legal Compliance: To maintain guest registers as required by local authorities and tax regulations.

  4. Safety: To manage on-site safety, including medical emergencies.

  5. Marketing (Optional): To send newsletters or offers only if you have explicitly opted in.

4. Cookie Policy

We use cookies to improve your digital experience. Cookies are small text files stored on your device.

  • Essential Cookies: Strictly necessary for the website to function (e.g., secure booking processing).

  • Performance Cookies: Help us analyze site traffic (e.g., via Google Analytics) to improve performance.

  • Third-Party Cookies: We may link to social media platforms (Instagram, LinkedIn) which may place their own cookies. We do not control these external parties.

Your Choice: You can manage or block cookies via your browser settings at any time. However, blocking essential cookies may affect your ability to complete a booking.

5. Data Sharing & Transfer

We do not sell your data. We share data only when necessary with:

  • Service Partners: Payment gateways, IT support, or booking engines strictly for fulfilling our contract with you.

  • Legal Authorities: If required by law, court order, or government regulation.

  • International Transfer: If we use software providers (e.g., email services or booking systems) located outside India, we ensure they adhere to strict data security standards comparable to Indian law.

6. Your Rights as a Data Principal

Under the DPDP Act, you have the following rights regarding your data:

  • Right to Access: Request a summary of the personal data we hold about you and how it is processed.

  • Right to Correction/Erasure: Ask us to update incorrect details or delete your data (unless retention is required by law).

  • Right to Withdraw Consent: You may withdraw consent for marketing or optional processing at any time.

  • Right to Nomination: You have the right to nominate an individual who will exercise your rights in the event of your death or incapacity.

  • Right to Grievance Redressal: File a complaint if you believe your data is misused.

7. Data Security & Retention

  • Security: We use encryption, password protection, and access controls to safeguard your data. Only authorized personnel have access to guest records.

  • Retention: We retain your data only as long as necessary to fulfill the booking or comply with tax/legal laws (typically 3-7 years for financial and tax records). Once the purpose is met, data is securely deleted or anonymized.

8. Grievance Redressal (Contact Us)

In accordance with the Digital Personal Data Protection Act, 2023, if you have any questions regarding this policy, wish to exercise your rights (including nomination), or have a grievance regarding your personal data, please contact our designated Grievance Officer:

  • Name: Aditya Sharma (Director)

  • Email: hello@vaatalya.com

  • Address: Vaatalya, Village Dharat, P.O. Saryanj, Tehsil Arki, District Solan, Himachal Pradesh, India - 173235

  • Response Timeline: We are committed to resolving all grievances within 30 days of receipt.

9. Changes to This Policy

Vaatalya reserves the right to update this Privacy Policy to reflect changes in legal requirements or our operations. Any changes will be posted on this page with an updated revision date.