Privacy Policy

1. Introduction

Sara Thailand Travel ("Sara", "we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, share, and protect your information when you use our website and services.

We comply with applicable data protection laws including the Information Technology Act, 2000 of India, the General Data Protection Regulation (GDPR) for EU residents, and other relevant privacy regulations.

By using our services, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide:

• Personal Details: Name, email address, phone number, date of birth, gender
• Travel Documents: Passport details, visa information, emergency contacts
• Booking Information: Travel preferences, special requirements, dietary restrictions
• Payment Information: Card details (processed securely via Razorpay), billing address
• Communication: Inquiries, feedback, support requests, reviews
• Account Information: Username, password (encrypted), booking history

2.2 Information Collected Automatically

When you use our website, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, click patterns, search queries
• Location Data: Approximate location based on IP address
• Cookies: Session cookies, preference cookies, analytics cookies

2.3 Information from Third Parties

We may receive information from:

• Social media platforms (if you connect your accounts)
• Payment processors for transaction verification
• Travel partners for booking confirmations
• Marketing partners for campaign effectiveness

3. How We Use Your Information

3.1 Primary Purposes

• Process and manage your travel bookings
• Communicate booking confirmations and updates
• Provide customer support and assistance
• Process payments and refunds
• Send important travel information and alerts
• Fulfill legal and regulatory requirements

3.2 Service Improvement

• Personalize your experience and recommendations
• Analyze usage patterns to improve our services
• Conduct market research and customer surveys
• Develop new features and services
• Prevent fraud and enhance security

3.3 Marketing Communications

With your consent, we may use your information to send promotional emails about special offers, new packages, and travel tips. You can opt-out of marketing communications at any time using the unsubscribe link in our emails or by contacting us.

4. Legal Basis for Processing (GDPR)

For EU residents, we process your personal data based on the following legal grounds:

• Contract Performance: To fulfill our travel service agreement with you
• Legal Obligations: To comply with legal requirements and regulations
• Legitimate Interests: For business operations, fraud prevention, and service improvement
• Consent: For marketing communications and optional services
• Vital Interests: In emergency situations affecting health or safety

5. Information Sharing and Disclosure

5.1 Service Providers

We share your information with trusted partners to provide services:

• Airlines for flight bookings and check-in
• Hotels for accommodation reservations
• Local tour operators for activities and transfers
• Payment processors for secure transactions
• Insurance providers for travel coverage
• SMS and email service providers for communications

5.2 Legal Requirements

We may disclose your information when required by law, court order, or government request, or to protect our rights, property, safety, or that of our users and the public.

5.3 Business Transfers

In case of merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

5.4 What We Don't Do

• We do not sell your personal information to third parties
• We do not share your information for third-party marketing without consent
• We do not store complete payment card details on our servers

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• SSL/TLS encryption for data transmission
• Secure servers with firewall protection
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• Employee training on data protection
• PCI DSS compliance for payment processing
• Regular data backups and disaster recovery procedures

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you of any breaches as required by law.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy and to comply with legal obligations:

• Booking Data: 7 years for financial and legal compliance
• Account Information: Until account deletion request
• Marketing Data: Until consent withdrawal
• Communication Records: 3 years for customer service quality
• Payment Records: As required by financial regulations
• Website Analytics: 26 months

8. Your Rights

Depending on your location, you have the following rights regarding your personal data:

8.1 General Rights

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Portability: Receive your data in a structured format
• Objection: Object to certain processing activities
• Restriction: Limit how we use your information
• Consent Withdrawal: Withdraw consent for marketing

8.2 GDPR Rights (EU Residents)

• Right to lodge a complaint with supervisory authorities
• Right to object to automated decision-making
• Right to be informed about data breaches

8.3 Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] with your request. We will respond within 30 days and may request identity verification for security.

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files placed on your device to enhance your experience, remember preferences, and analyze website usage.

9.2 Types of Cookies We Use

• Essential Cookies: Required for website functionality
• Performance Cookies: Help us understand website usage
• Functionality Cookies: Remember your preferences
• Marketing Cookies: Deliver relevant advertisements (with consent)

9.3 Managing Cookies

You can control cookies through your browser settings. Disabling cookies may affect website functionality. We also honor "Do Not Track" signals where legally required.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your residence, including India where our primary servers are located. These countries may have different data protection laws.

We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses, adequacy decisions, or your explicit consent where required.

11. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information immediately. Parents or guardians who believe we have collected information from their child should contact us immediately.

12. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies before providing personal information.

13. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes via email or website notice. The "Last Updated" date indicates the latest revision. Continued use after changes constitutes acceptance of the updated policy.

14. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data: