Privacy Policy

Trivilio is a travel agency registered and operating in Srinagar, Jammu & Kashmir, India. We specialise in organising tour packages, transportation, hotel bookings and travel experiences in Kashmir and Ladakh.

Registered office: Poloview, Srinagar, Jammu & Kashmir — 190001, India. Phone: +91 88991 33899. Email: support@trivilio.com.

For the purposes of the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), Trivilio is the data controller for personal data collected through this website.

2.1 Information You Provide Directly

• Full name, date of birth, nationality and gender (required for booking and permit applications)
• Contact details — email address, phone number and postal address
• Passport / Aadhaar / Government ID number (where required for Inner Line Permits or Protected Area Permits)
• Payment information — billing name and address (we do not store full card numbers)
• Travel preferences, dietary requirements, accessibility needs and special requests
• Enquiry and lead form submissions — name, phone, email, travel dates and group size
• Communications with our team via email, WhatsApp and phone

2.2 Information Collected Automatically

• IP address and approximate geographic location
• Browser type, operating system and device type
• Pages visited, time spent on pages, referring URL and exit pages
• Cookie identifiers and analytics data (see Section 5)
• Google Analytics 4 event data and Google Tag Manager triggers

2.3 Information from Third Parties

• Review and rating data from Google, TripAdvisor or similar platforms (publicly available)
• Social media profile data if you contact us via Facebook or Instagram DMs

We share your personal data only where necessary to deliver your tour or comply with legal requirements:

• Hotels, houseboats and resorts — to confirm accommodation bookings
• Local transport operators and cab drivers — to arrange airport transfers and sightseeing vehicles
• Licensed tour guides — for guided excursions
• Government bodies — Department of Tourism J&K, Inner Line Permit authorities, Amarnath Shrine Board (for permits and registrations)
• Payment processors — for secure transaction processing (they are bound by their own privacy obligations)
• IT service providers — website hosting, email delivery, CRM software (Firebase/Google Cloud) under data processing agreements
• Insurance providers — if travel insurance is arranged through us

All third parties with whom we share your data are required to handle it with appropriate security measures and use it only for the specific purpose disclosed.

4.1 Legal Disclosures

We may disclose your information if required by law, court order, or government authority; to enforce our Terms and Conditions; or to protect the rights, safety or property of Trivilio, our customers or others.

Our website uses cookies and similar tracking technologies to improve your browsing experience and understand how visitors use our site.

You can control cookies through your browser settings. Disabling non-essential cookies will not affect your ability to use the website. Note that some features may be limited if cookies are turned off.

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal obligations:

• Booking and financial records: 7 years (as required under the Income Tax Act and GST rules)
• Government permit applications: as required by the issuing authority
• Marketing consent records: until you withdraw consent
• Enquiry / lead form data (non-converting): up to 2 years
• Website analytics data: 26 months (Google Analytics default)

After the applicable retention period, your data is securely deleted or anonymised.

We implement reasonable technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These include:

• SSL/TLS encryption for all data transmitted through our website
• Secure, access-controlled storage on Google Firebase (Google Cloud infrastructure)
• Role-based access controls — only authorised staff can access customer data
• Regular review of data handling practices

While we take every reasonable precaution, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

Under the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA), you have the following rights regarding your personal data:

• Right to Access — request a copy of the personal data we hold about you
• Right to Correction — request that inaccurate or incomplete data be corrected
• Right to Erasure — request deletion of your data where we no longer have a lawful basis to retain it
• Right to Withdraw Consent — withdraw marketing consent at any time without affecting prior processing
• Right to Grievance Redressal — raise a complaint with us regarding how your data is handled
• Right to Nominate — nominate another individual to exercise rights on your behalf in the event of death or incapacity

To exercise any of these rights, please email support@trivilio.com with "Privacy Request" in the subject line. We will respond within 30 days. We may need to verify your identity before processing your request.

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal data from children. If a booking includes minors, personal data is collected from the parent or legal guardian on their behalf.

If you believe we have inadvertently collected data from a child without parental consent, please contact us at support@trivilio.com and we will delete it promptly.

Our website may contain links to third-party websites such as hotel websites, adventure activity operators, airline booking platforms, and government tourism portals. These sites have their own privacy policies and we have no control over, and accept no responsibility for, their content or privacy practices.

We encourage you to review the privacy policy of any third-party site you visit through our website.

Our primary servers are located in India (Google Cloud / Firebase). Some third-party tools (such as Google Analytics and Meta Pixel) may transfer data to servers outside India. We ensure that such transfers comply with applicable data protection requirements.

If you are a visitor from the European Union, please note that your data may be transferred to and processed in India, which may not provide the same level of data protection as the EU. By using our website, you consent to such transfers.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website after any changes constitutes your acceptance of the updated policy.

For any questions, concerns or requests related to this Privacy Policy or your personal data, please contact our Grievance Officer:

• Name: Trivilio Privacy Team
• Email: support@trivilio.com
• Phone: +91 88991 33899
• Address: Trivilio, Poloview, Srinagar, Jammu & Kashmir — 190001, India
• Office Hours: Monday to Saturday, 9:00 AM – 6:00 PM IST

We will acknowledge your request within 72 hours and aim to resolve it within 30 days. If you are not satisfied with our response, you may approach the Data Protection Board of India once constituted under the Digital Personal Data Protection Act, 2023.