Data Protection

Privacy Policy

Your privacy matters to us. Learn how we collect, use, and protect your data.

Last Updated: 12 March 2026  |  Effective Date: 01 January 2024

Jump to: Collection Usage Storage Sharing Cookies Your Rights Children Changes Contact

Our Commitment to Your Privacy

Danma Retreat Pvt. Ltd. ("Company" / "We" / "Us"), incorporated under the Companies Act, 2013, is committed to protecting your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, CRM, customer portal, or on-premise services.

1

Information We Collect

1.1   Personal Information (provided by you):

CategoryData Collected
Identity DataFull name, date of birth, gender, nationality, photograph
Contact DataEmail address, phone number, postal address
ID VerificationAadhaar number (last 4 digits only), passport number, driving licence number, voter ID — as mandated by local police regulations
Financial DataPayment method, transaction history, GSTIN (if provided for business invoicing)
Booking DataBooking preferences, check-in/out dates, room type, number of guests, special requests, co-traveller details
Health DataMedical conditions disclosed voluntarily for adventure activity participation (collected with explicit consent)

1.2   Automatically Collected Data:

  • IP address, browser type, device information, operating system
  • Pages visited, time spent, referral URLs, click-stream data
  • Cookies and similar tracking technologies (see Section 5)
  • CCTV footage in common areas for security purposes (as permitted under applicable law)

1.3   Sensitive Personal Data or Information (SPDI): As defined under the IT Rules 2011, SPDI includes financial data and health-related information. We collect SPDI only with your explicit consent and process it strictly for the stated purpose.

2

How We Use Your Information

We process your personal data for the following lawful purposes:

Booking & Service Delivery

Processing reservations, check-in/out, room assignment, restaurant orders

Payment Processing

Invoice generation, payment verification, GST compliance, refund processing

Communication

Booking confirmations, check-in notifications, service updates, customer support

Legal Compliance

Mandatory police reporting, FRRO for foreign nationals, tax compliance under GST Act

Safety & Security

Activity waivers, medical disclosures, CCTV monitoring in common areas, fraud prevention

Marketing (with consent)

Promotional offers, newsletters, feedback surveys — only with your opt-in consent

3

Data Storage & Security

3.1   All personal data is stored on secure servers located within India, in compliance with data localization requirements under the DPDP Act, 2023.

3.2   We implement reasonable security practices and procedures as prescribed under the IT (Reasonable Security Practices) Rules, 2011, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Password hashing using industry-standard algorithms (bcrypt)
  • Role-based access control (RBAC) for CRM access — only authorized staff can access customer data
  • Regular security audits and vulnerability assessments
  • Automatic session expiry and secure cookie handling
  • Payment data processed via PCI-DSS compliant gateways — card details are never stored on our servers

3.3   Data Retention: Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law:

Data TypeRetention Period
Booking & transaction records8 years (as per GST and Income Tax Act requirements)
Guest identity records5 years (as mandated by local police regulations)
Customer portal accountsUntil account deletion is requested
CCTV footage90 days (unless required for investigation)
Marketing preferencesUntil consent is withdrawn
4

Data Sharing & Third Parties

4.1   We do not sell, rent, or trade your personal data to any third party for marketing purposes.

4.2   We may share your data with the following categories of recipients, strictly on a need-to-know basis:

  • Payment Processors: For processing card, UPI, and net banking transactions (e.g., Razorpay, PayU, CCAvenue)
  • Government Authorities: Guest registration details shared with local police and district administration as mandated by Uttarakhand police regulations; foreigner details reported to FRRO under the Foreigners Registration Act, 1939
  • Tax Authorities: GST-related transaction details as required under the CGST Act, 2017
  • Legal Obligations: When required by court order, subpoena, or any legal process under Indian law
  • Service Providers: Email/SMS delivery services, cloud hosting providers — bound by strict data processing agreements

4.3   All third-party service providers processing personal data on our behalf are contractually obligated to maintain confidentiality and implement adequate security measures.

5

Cookies & Tracking Technologies

5.1   Our website uses cookies and similar technologies to enhance your browsing experience. Types of cookies used:

Cookie TypePurposeDuration
EssentialSession management, CSRF protection, authenticationSession
FunctionalLanguage preference, theme settings1 year
AnalyticsWebsite usage analytics, page views, user flow2 years

5.2   You can manage cookie preferences through your browser settings. Disabling essential cookies may affect website functionality.

6

Your Rights (Under DPDP Act, 2023)

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

📋 Right to Access

Request a summary of personal data we hold about you and how it is being processed.

✏️ Right to Correction

Request correction of inaccurate or incomplete personal data.

🗑️ Right to Erasure

Request deletion of your personal data, subject to legal retention obligations.

🚫 Right to Withdraw Consent

Withdraw consent for data processing at any time. Withdrawal does not affect prior lawful processing.

⚖️ Right to Grievance Redressal

Lodge a complaint with our Data Protection Officer or the Data Protection Board of India.

👤 Right to Nominate

Nominate a person to exercise your rights in case of your death or incapacity.

To exercise any of these rights, please email info@danmaretreat.com. We will respond within 30 days of receiving your verifiable request.

7

Children's Privacy

7.1   As per the DPDP Act, 2023, we do not knowingly collect personal data from children below 18 years of age without verifiable consent from a parent or legal guardian.

7.2   Children's data collected as part of family bookings (co-traveller details) is processed only for the purpose of service delivery and with the parent's/guardian's consent.

7.3   If we become aware that personal data of a child has been collected without appropriate consent, we shall take immediate steps to delete such data.

8

Changes to This Policy

8.1   We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or operational needs.

8.2   Material changes will be communicated via email notification (to registered users) or a prominent notice on our website. The "Last Updated" date at the top of this policy will be revised accordingly.

8.3   Your continued use of our services after any modifications constitutes acceptance of the updated policy.

9

Data Protection Officer & Contact

For any privacy-related queries, concerns, or to exercise your data rights, please contact:

Data Protection Officer

Name: The Manager, Danma Retreat Pvt. Ltd.

Email: contact@danmaretreat.com

Phone: +91 99104 90877

Address: Village Pangot, Near Naini Lake, Nainital, Uttarakhand 263001, India

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India as constituted under Section 18 of the DPDP Act, 2023.

© 2026 Danma Retreat Pvt. Ltd. All Rights Reserved.

This policy is drafted in English. In case of any translation, the English version shall prevail.

Terms & Conditions | Refund Policy