Maldevta Farms — Privacy Policy (Global)

Effective date: 25-11-2025 | Last updated: 25-11-2025

Maldevta Farms, Dehradun (“Maldevta Farms”, “we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our property, interact with our website(s), booking engine, or social/communication channels (including phone/WhatsApp), or use any products and services that we offer (rooms, dining, events/banquets, day-outings, activities, etc.). We follow applicable privacy and data-protection laws, including India’s Digital Personal Data Protection Act, 2023 (DPDPA).

1) Definitions

• Personal Data / Personal Information: Any information about an identifiable individual (e.g., name, contact details, IDs), including sensitive personal data where defined by law.
• Data Protection Laws: Laws governing the processing of personal data (e.g., DPDPA, 2023).
• Processing: Any operation performed on personal data (collection, storage, use, disclosure, etc.).
• Service Providers: Vendors engaged by us to support services (payment gateways, booking/IT hosting, analytics, customer support, Wi-Fi/CCTV vendors, communication tools).
• Partners: Contracted third parties (e.g., OTAs, event/activity vendors, corporate/school organizers).
• User/you: The individual who uses our services or interacts with us.

2) Scope

This policy applies when you:

• stay with us or visit our premises;
• make/enquire about bookings (website, phone, WhatsApp, email, OTAs, walk-in);
• attend events/banquets/weddings/meetings or day-outings and activities;
• use our Wi-Fi, website, booking engine, or social pages;
• communicate with us for support, feedback, or marketing; or
• work with us as a vendor, partner, or job applicant.

3) What Personal Data We Collect

• A. Identity & Contact: Name, title, gender, date of birth/age, nationality, addresses, email, phone/WhatsApp, emergency contact, photographs (e.g., at events with consent).
• B. Government/Travel (as required by law/service): ID proofs (passport/Aadhaar/driving licence), visa details, vehicle number, travel itinerary.
• C. Booking/Stay: Reservation details, dates, room type, rate plans/inclusions, preferences (bed type/dietary), special requests, companions/guests, loyalty/referral info (if any).
• D. Payment/Billing: Payment method, transaction details, limited payment-instrument information processed via secure gateways (we do not store full card details on our servers), GSTIN, invoices/receipts.
• E. Property/Event Use: Banquet/wedding/meeting details (attendee counts, menus, décor/AV needs), activity participation (rides, rain dance, adventure zone)*, safety/incident reports (if any).

  *Certain activities may have age/height or health advisories.

• F. Communications & Media: Emails, call recordings (reservations/guest support), WhatsApp chats, feedback/reviews, survey responses, testimonials (with consent).
• G. Technical & Usage: IP address, device/browser type, pages visited, interactions on our website(s)/booking engine, Wi-Fi logs (MAC/IP, timestamps), cookies and similar tech (see Section 14).
• H. CCTV & Access Control: CCTV footage in common areas for security/safety (retained per Section 10).
• I. Special Categories (processed only where lawful/required or with consent): Health/dietary needs (allergies, Jain/vegan preferences), disability/access requirements, religious/ceremonial preferences for events, child guest details when part of school packages or family stays (with appropriate guardian permissions).

4) How We Collect Personal Data

• Directly from you: during booking/check-in, at events, via phone/WhatsApp/email/website forms, feedback/surveys.
• Automatically: via cookies, Wi-Fi logs, security systems (CCTV), website analytics.
• From third parties: OTAs/agents, payment gateways, event planners, corporate/school organizers, or lawful public sources.
• From companions/organizers: where a booking contact shares co-guest/attendee details (they should have authority to do so).

You may refuse to provide certain data, but this may limit our ability to deliver requested services or meet legal requirements (e.g., police/immigration registers).

5) Legal Bases for Processing

Where required by law, we rely on one or more of:

• Contract performance (fulfilling reservations/events).
• Legal obligation (e.g., police/immigration registers, tax).
• Legitimate interests (property security, service improvement, fraud prevention, basic marketing of similar services, business operations).
• Consent (e.g., optional marketing, testimonials, certain health/dietary data). You can withdraw consent at any time (Section 12).

6) How We Use Personal Data

• Provide/manage bookings, stays, events, day-outings, and activities (room assignment, amenities, dining, access/dietary needs, safety).
• Communicate about enquiries, confirmations, changes, support, and post-stay feedback.
• Process payments/invoices, manage chargebacks/disputes, prevent fraud.
• Operate, secure, and improve our website(s), booking engine, Wi-Fi, and premises (CCTV, IT security, analytics, debugging, quality).
• Personalize experiences and deliver customer support.
• Run marketing/promotions (with consent where required), including offers for similar services.
• Comply with laws/respond to lawful requests.
• Manage vendors/partners/corporate & school organizers (due diligence, billing).
• Protect safety and property, investigate incidents, enforce terms.
• Create aggregated, anonymized insights (e.g., occupancy trends).

7) Children & Students

Our services are primarily for adults. Minors (under 18) should be accompanied by a parent/guardian. For school day-outings and similar programs, we process children’s data through the school/organizer (the responsible party) and rely on the organizer’s confirmations of appropriate notices/permissions. Parents/guardians may contact the Grievance Officer (Section 18) for child-related privacy queries.

8) Sharing of Personal Data

We may share data with appropriate safeguards and contracts:

• Service Providers: payment gateways (e.g., card/UPI), IT/cloud hosting, booking engine/CRM, email/SMS/WhatsApp providers, call-center/telephony, analytics, Wi-Fi/CCTV vendors, event/operations vendors (décor/AV, photographers with consent), transport/activity vendors. They act on our instructions and must protect data.
• Partners/OTAs/Organizers: as needed to fulfil your reservation/event or contracted services.
• Affiliates/Successors: within our group/management entities and in business reorganizations (merger, acquisition, asset transfers) with safeguards.
• Legal/Compliance: where required by law/court/authority; to enforce rights, prevent harm/fraud, protect safety, or respond to lawful requests.

We do not sell personal data.

9) Security

We use technical and organizational measures (access controls, encryption in transit where applicable, network safeguards, staff training, vendor due diligence). No system is fully secure; if you suspect misuse or a breach, contact us immediately (Sections 17–18).

10) Retention

We retain Personal Data only as long as necessary for the purposes described and to comply with legal/tax/regulatory requirements. Typical guidelines (subject to law/need):

• Booking/billing records: up to 8 years (tax/audit).
• CCTV: 30–90 days unless required for investigation.
• Wi-Fi logs: 90–180 days (security compliance).
• Call recordings: 6–24 months (quality/training/dispute resolution).
• Event/banquet documentation: up to 8 years (contracts/invoices).
• Marketing consent & suppression records: as needed to honor preferences.

After expiry, we delete or anonymize data.

11) Cross-Border Transfers

If data is processed/stored outside India (e.g., with global cloud/email providers), we implement safeguards consistent with law (contractual protections, technical measures). Using our services implies understanding such transfers may occur to support service delivery.

12) Your Rights & Choices

Subject to law, you may have rights to:

• Access your data; Correct inaccuracies; Withdraw consent (for consent-based uses); Opt-out of direct marketing; Request deletion where legally permissible; Nominate an alternate contact (per DPDPA).

How to exercise: see Sections 17–18. We may verify identity and request details to process. Some rights may be limited by legal/contractual obligations.

13) Processing on Behalf of Others

For corporate/school events or organizer-booked stays, we may process data on the organizer’s instructions (they are the “data fiduciary/controller”). They are responsible for a lawful basis and notices/consents. We act as a processor under our agreement.

14) Cookies & Similar Technologies

We use cookies, pixels, and similar tech to run our site/booking engine, remember preferences, analyze usage, and improve performance. You can manage cookies via your browser; disabling some cookies may affect functionality. For Wi-Fi, device identifiers/session logs may be captured for security/operations.

15) Third-Party Links & Social Media

Our sites/communications may link to third-party sites (OTAs, payment gateways, social platforms). Their privacy practices are their own; please review their policies before sharing data.

16) Changes to This Policy

We may update this policy for legal, technological, or operational reasons. The “Last updated” date reflects the latest version. Material changes will be communicated appropriately (e.g., website notice).

17) Contact Us (Privacy & General Queries)

• Phone: +91 9997584321
• Email (privacy/grievances): maldevtafarms@gmail.com

When writing, please include your name, contact number, and (if applicable) booking/event reference and a description of your request.

18) Grievance Officer (India)

• Designation: Grievance Officer
• Email: maldevtafarms@gmail.com
• Postal Address: Maldevta Farms, Serki, Via Raipur Road Dehradun Dehradun - 248001, Uttarakhand, India
• Phone: +91 9997584321
• Working hours: Monday–Friday, 10:00–18:00 IST

We aim to acknowledge and resolve grievances within timelines required by applicable law.

19) Entity & Controller Details

This policy applies to Maldevta Farms, Dehradun. For bookings made via OTAs or organizers, those entities may also be data controllers for their processing—please consult their privacy policies.