Legal

Privacy Policy

Effective date: 25-11-2025  |  Last updated: 25-11-2025

Maldevta Farms, Dehradun ("Maldevta Farms", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you visit our property, interact with our website(s), booking engine, or social/communication channels (including phone/WhatsApp), or use any products and services that we offer. We follow applicable privacy and data-protection laws, including India's Digital Personal Data Protection Act, 2023 (DPDPA).

1) Definitions

  • Personal Data / Personal Information: Any information about an identifiable individual (e.g., name, contact details, IDs), including sensitive personal data where defined by law.
  • Data Protection Laws: Laws governing the processing of personal data (e.g., DPDPA, 2023).
  • Processing: Any operation performed on personal data (collection, storage, use, disclosure, etc.).
  • Service Providers: Vendors engaged by us to support services (payment gateways, booking/IT hosting, analytics, customer support, Wi-Fi/CCTV vendors, communication tools).
  • Partners: Contracted third parties (e.g., OTAs, event/activity vendors, corporate/school organizers).
  • User/you: The individual who uses our services or interacts with us.

2) Scope

This policy applies when you:

  • stay with us or visit our premises;
  • make/enquire about bookings (website, phone, WhatsApp, email, OTAs, walk-in);
  • attend events/banquets/weddings/meetings or day-outings and activities;
  • use our Wi-Fi, website, booking engine, or social pages;
  • communicate with us for support, feedback, or marketing; or
  • work with us as a vendor, partner, or job applicant.

3) What Personal Data We Collect

  • A. Identity & Contact: Name, title, gender, date of birth/age, nationality, addresses, email, phone/WhatsApp, emergency contact, photographs (e.g., at events with consent).
  • B. Government/Travel (as required by law/service): ID proofs (passport/Aadhaar/driving licence), visa details, vehicle number, travel itinerary.
  • C. Booking/Stay: Reservation details, dates, room type, rate plans/inclusions, preferences (bed type/dietary), special requests, companions/guests, loyalty/referral info (if any).
  • D. Payment/Billing: Payment method, transaction details, limited payment-instrument information processed via secure gateways (we do not store full card details on our servers), GSTIN, invoices/receipts.
  • E. Property/Event Use: Banquet/wedding/meeting details (attendee counts, menus, décor/AV needs), activity participation, safety/incident reports (if any).

    *Certain activities may have age/height or health advisories.

  • F. Communications & Media: Emails, call recordings (reservations/guest support), WhatsApp chats, feedback/reviews, survey responses, testimonials (with consent).
  • G. Technical & Usage: IP address, device/browser type, pages visited, interactions on our website(s)/booking engine, Wi-Fi logs (MAC/IP, timestamps), cookies and similar tech.
  • H. CCTV & Access Control: CCTV footage in common areas for security/safety.
  • I. Special Categories (processed only where lawful/required or with consent): Health/dietary needs, disability/access requirements, religious/ceremonial preferences for events, child guest details when part of school packages or family stays.

4) How We Collect Personal Data

  • Directly from you: during booking/check-in, at events, via phone/WhatsApp/email/website forms, feedback/surveys.
  • Automatically: via cookies, Wi-Fi logs, security systems (CCTV), website analytics.
  • From third parties: OTAs/agents, payment gateways, event planners, corporate/school organizers, or lawful public sources.
  • From companions/organizers: where a booking contact shares co-guest/attendee details.

You may refuse to provide certain data, but this may limit our ability to deliver requested services or meet legal requirements.

5) Legal Bases for Processing

Where required by law, we rely on one or more of:

  • Contract performance (fulfilling reservations/events).
  • Legal obligation (e.g., police/immigration registers, tax).
  • Legitimate interests (property security, service improvement, fraud prevention, basic marketing of similar services, business operations).
  • Consent (e.g., optional marketing, testimonials, certain health/dietary data). You can withdraw consent at any time.

6) How We Use Personal Data

  • Provide/manage bookings, stays, events, day-outings, and activities.
  • Communicate about enquiries, confirmations, changes, support, and post-stay feedback.
  • Process payments/invoices, manage chargebacks/disputes, prevent fraud.
  • Operate, secure, and improve our website(s), booking engine, Wi-Fi, and premises.
  • Personalize experiences and deliver customer support.
  • Run marketing/promotions (with consent where required).
  • Comply with laws/respond to lawful requests.
  • Manage vendors/partners/corporate & school organizers.
  • Protect safety and property, investigate incidents, enforce terms.
  • Create aggregated, anonymized insights (e.g., occupancy trends).

7) Children & Students

Our services are primarily for adults. Minors (under 18) should be accompanied by a parent/guardian. For school day-outings and similar programs, we process children's data through the school/organizer and rely on the organizer's confirmations of appropriate notices/permissions.

8) Sharing of Personal Data

We may share data with appropriate safeguards and contracts:

  • Service Providers: payment gateways, IT/cloud hosting, booking engine/CRM, email/SMS/WhatsApp providers, analytics, Wi-Fi/CCTV vendors, event/operations vendors.
  • Partners/OTAs/Organizers: as needed to fulfil your reservation/event or contracted services.
  • Affiliates/Successors: within our group/management entities and in business reorganizations with safeguards.
  • Legal/Compliance: where required by law/court/authority; to enforce rights, prevent harm/fraud, protect safety.

We do not sell personal data.

9) Security

We use technical and organizational measures (access controls, encryption in transit where applicable, network safeguards, staff training, vendor due diligence). No system is fully secure; if you suspect misuse or a breach, contact us immediately.

10) Retention

We retain Personal Data only as long as necessary for the purposes described and to comply with legal/tax/regulatory requirements. Typical guidelines:

  • Booking/billing records: up to 8 years (tax/audit).
  • CCTV: 30–90 days unless required for investigation.
  • Wi-Fi logs: 90–180 days (security compliance).
  • Call recordings: 6–24 months (quality/training/dispute resolution).
  • Event/banquet documentation: up to 8 years (contracts/invoices).
  • Marketing consent & suppression records: as needed to honor preferences.

After expiry, we delete or anonymize data.

11) Cross-Border Transfers

If data is processed/stored outside India (e.g., with global cloud/email providers), we implement safeguards consistent with law. Using our services implies understanding such transfers may occur to support service delivery.

12) Your Rights & Choices

Subject to law, you may have rights to:

  • Access your data; Correct inaccuracies; Withdraw consent (for consent-based uses); Opt-out of direct marketing; Request deletion where legally permissible; Nominate an alternate contact (per DPDPA).

We may verify identity and request details to process. Some rights may be limited by legal/contractual obligations.

13) Processing on Behalf of Others

For corporate/school events or organizer-booked stays, we may process data on the organizer's instructions (they are the "data fiduciary/controller"). We act as a processor under our agreement.

14) Cookies & Similar Technologies

We use cookies, pixels, and similar tech to run our site/booking engine, remember preferences, analyze usage, and improve performance. You can manage cookies via your browser; disabling some cookies may affect functionality.

15) Third-Party Links & Social Media

Our sites/communications may link to third-party sites. Their privacy practices are their own; please review their policies before sharing data.

16) Changes to This Policy

We may update this policy for legal, technological, or operational reasons. The "Last updated" date reflects the latest version. Material changes will be communicated appropriately.

17) Contact Us

  • Phone: +91 9997584321
  • Email: maldevtafarms@gmail.com

When writing, please include your name, contact number, and (if applicable) booking/event reference and a description of your request.

18) Grievance Officer (India)

  • Designation: Grievance Officer
  • Email: maldevtafarms@gmail.com
  • Postal Address: Maldevta Farms, Serki, Via Raipur Road Dehradun – 248001, Uttarakhand, India
  • Phone: +91 9997584321
  • Working hours: Monday–Friday, 10:00–18:00 IST

We aim to acknowledge and resolve grievances within timelines required by applicable law.

19) Entity & Controller Details

This policy applies to Maldevta Farms, Dehradun. For bookings made via OTAs or organizers, those entities may also be data controllers for their processing—please consult their privacy policies.