Privacy Policy

1. Definitions and Interpretation

For the purpose of this Privacy Policy, the following definitions shall apply unless the context otherwise requires:

• “Personal Data” or “Personal Information” means any data or information that relates to a natural person (i.e., the Data Principal) and which, either directly or in combination with other available data, is capable of identifying that person. This includes name, date of birth, gender, contact details, identification numbers, financial data, travel preferences, and behavioral data.
• “Sensitive Personal Data or Information (SPDI)” means personal data that is deemed particularly sensitive under applicable Indian law, including financial information (bank account details, credit/debit card numbers, payment instrument details), passwords, biometric data, physical and mental health information, sexual orientation, and any other data notified as SPDI under applicable law.
• “Data Principal” means the individual to whom the personal data relates, i.e., the user of the Platform.
• “Data Fiduciary” means EasyFlyNStay, which determines the purpose and means of processing personal data.
• “Data Processor” means any third party engaged by EasyFlyNStay to process personal data on EasyFlyNStay's behalf, in accordance with EasyFlyNStay's instructions.
• “Processing” means any operation or set of operations performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, transmission, dissemination, erasure, or destruction.
• “Consent” means a freely given, specific, informed, and unambiguous indication of the Data Principal's wishes, either by a statement or by a clear affirmative action, signifying agreement to the processing of personal data relating to them.
• “Cookies” means small text files placed on your device by the Platform that enable us to recognize your browser, remember your preferences, and improve your experience.
• “Platform” means the EasyFlyNStay website (www.easyflynstay.com), mobile applications (iOS and Android), and all digital interfaces through which EasyFlyNStay provides its services.
• “Third-Party Service Providers” means airlines, hotels, payment gateways, insurance companies, analytics providers, marketing platforms, and other external vendors engaged by EasyFlyNStay in the course of providing its services.

2. Legal Framework and Regulatory Compliance

EasyFlyNStay processes personal data in strict compliance with the applicable data protection laws and regulations of India. Our data protection framework is grounded in the following legislative instruments:

• The Information Technology Act, 2000 (as amended), which governs the use of electronic data and information technology in India.
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which prescribe the standards for handling sensitive personal information.
• The Digital Personal Data Protection Act, 2023 (DPDPA), which, upon full enforcement, provides a comprehensive legal framework for the protection of digital personal data in India, including rights of Data Principals, obligations of Data Fiduciaries, and conditions for consent-based processing.
• Any other applicable sector-specific regulations, guidelines, or directives issued by the Reserve Bank of India (RBI), the Insurance Regulatory and Development Authority of India (IRDAI), or any other competent regulatory authority.

For users accessing the Platform from jurisdictions outside India, please note that your personal data will be primarily processed in India. By using the Platform, you acknowledge that data protection regulations applicable in India may differ from those of your country of residence, and you consent to your data being processed in India in accordance with Indian law.

EasyFlyNStay processes personal data on one or more of the following lawful bases:

• Consent: Where you have given clear, specific, informed, and unambiguous consent for the processing of your personal data for one or more specific purposes.
• Performance of Contract: Where processing is necessary to perform a contract to which you are a party, or to take steps at your request before entering into a contract — for example, processing your booking details to confirm a flight reservation.
• Compliance with Legal Obligations: Where processing is necessary for EasyFlyNStay to comply with a legal obligation, such as sharing passenger data with immigration authorities for international travel or complying with tax regulations.
• Legitimate Interests: Where processing is necessary for the purposes of EasyFlyNStay's legitimate business interests, provided that such interests are not overridden by your fundamental rights and freedoms. Examples include fraud prevention, network security, and service improvement analytics.

3. Categories of Personal Data We Collect

EasyFlyNStay collects various categories of personal data from users, both directly (data provided by you) and indirectly (data collected automatically through your use of the Platform). The following describes in detail the types of personal data we collect:

3.1 Identity and Contact Information

When you create an account, make a booking, or contact us for support, we collect personal identification and contact details, including but not limited to:

• Full legal name as it appears on your government-issued photo identification document (passport, Aadhaar card, PAN card, Voter ID, or Driving License).
• Date of birth and age for age verification, age-specific fare eligibility, and compliance purposes.
• Gender, which may be required by airlines for ticketing and check-in processing.
• Nationality and country of residence, particularly relevant for international flight bookings.
• Email address for sending booking confirmations, itinerary updates, account notifications, and promotional communications.
• Mobile phone number for sending booking confirmations via SMS, OTP-based authentication, WhatsApp notifications, and customer support communications.
• Residential or billing address for invoice generation, financial compliance, and identity verification purposes.

3.2 Travel Document Information

For the purpose of completing flight bookings, particularly international travel, we may collect and process travel document information, including:

• Passport number, country of issuance, date of issue, and date of expiry. This information is mandatory for international bookings and is shared with airlines and immigration authorities as required.
• Visa details, including visa type, visa number, country of issuance, and validity period, where required for the destination or transit country.
• Government-issued identification document numbers (Aadhaar, PAN, Voter ID, or Driving License number) for domestic bookings where the airline requires ID verification.
• For Liberalized Remittance Scheme (LRS) compliance related to international bookings, your PAN details may be required and collected as per Reserve Bank of India guidelines.

3.3 Financial and Payment Information

When you make a payment through the Platform, financial data is processed. EasyFlyNStay does not store full credit or debit card numbers on its servers. Payment processing is handled by certified, PCI-DSS compliant third-party payment gateway partners. The following limited financial information may be retained by EasyFlyNStay for record-keeping and compliance purposes:

• Last four digits of the credit or debit card used for the transaction (for transaction reference purposes only).
• Payment method type (e.g., credit card, debit card, UPI, net banking, wallet).
• Transaction reference numbers, payment gateway response codes, and transaction status records.
• Bank name and account type (for net banking or UPI transactions, as provided by the payment gateway).
• GST number and billing address where applicable for invoicing and tax compliance purposes.

EasyFlyNStay does not share your complete financial data with any third party other than the payment gateway required to process your transaction and financial institutions or authorities as required by law.

3.4 Booking and Travel Information

In connection with your travel bookings and service usage, we collect the following booking-related data:

• Origin and destination cities, airports, travel dates, and times.
• Flight preferences including cabin class, seat preferences, meal preferences, and special service requests.
• Co-passenger details including names, ages, nationality, and travel document information for fellow travelers included in your booking.
• Hotel, accommodation, and ancillary service booking details where applicable.
• Booking reference numbers, PNR numbers, e-ticket numbers, and itinerary details.
• Travel history, booking patterns, and past transaction records maintained for service improvement, fraud detection, and personalization.
• Frequent flyer numbers or airline loyalty program details where voluntarily provided.

If you are making a booking on behalf of other travelers, you represent and warrant that each co-traveler has consented to the collection and sharing of their personal data as described in this Policy, and that you have the authority to provide their information to EasyFlyNStay.

3.5 Account and Profile Information

When you register and maintain an account on the Platform, we collect and store the following profile data:

• Username, login credentials (passwords are stored in a securely hashed and encrypted format), and account creation date.
• Profile preferences such as preferred cabin class, preferred airlines, saved traveler profiles, and communication preferences.
• Saved payment methods (stored tokenized references only — actual card data is not stored).
• Search history, recently viewed flights, and wishlist items maintained for personalization and user convenience.
• Customer support interaction history, complaint records, and feedback submissions.

3.6 Device, Technical, and Usage Data

When you access the Platform, we automatically collect technical and usage data through cookies, web beacons, log files, and similar tracking technologies. This data includes:

• IP address and approximate geographic location derived from the IP address.
• Device type (mobile, tablet, desktop), operating system, and version.
• Browser type, version, and language settings.
• Unique device identifiers such as IMEI numbers or mobile advertising IDs (for app users).
• Pages visited, search queries entered, time spent on each page, and navigation paths within the Platform.
• Clickstream data, button interactions, and feature usage patterns.
• Referring URLs (the website from which you arrived at our Platform).
• Error logs, crash reports, and performance data collected for technical diagnostics and quality improvement.
• Session data including session duration, frequency of visits, and time of access.

3.7 Location Data

With your permission (and subject to your device and browser location-sharing settings), EasyFlyNStay may collect your precise or approximate geographic location data to:

• Provide location-relevant search results such as nearby departure airports.
• Personalize fare suggestions and travel recommendations based on your current location or frequently visited cities.
• Comply with geo-specific legal requirements or restrictions.

You may withdraw your consent to location data collection at any time by disabling location permissions in your device settings or browser. Disabling location access will not prevent you from using the core booking features of the Platform.

3.8 Communications Data

If you contact EasyFlyNStay for customer support via email, phone, live chat, WhatsApp, or any other channel, we may collect and retain:

• The content of your communications, including complaint descriptions, feedback, and queries.
• Call recordings (where calls are recorded for quality assurance and training purposes; you will be notified at the beginning of any recorded call).
• Chat transcripts from live chat or WhatsApp interactions with our support team.
• Email correspondence including the full content of emails and attachments.

3.9 Social Media and Third-Party Login Data

If you choose to register or log in to EasyFlyNStay using a third-party social media account (such as Google, Facebook, or Apple Sign-In), we may receive and store the following data from that platform, subject to your privacy settings on the respective platform:

• Social media user ID, name, and profile photograph.
• Email address linked to the social media account.
• Any other information you have made publicly available on that social media platform or have explicitly authorized us to access.

EasyFlyNStay does not post to your social media accounts without your express permission, and we do not access your social media account beyond what is necessary for authentication and profile creation.

4. How We Use Your Personal Data

EasyFlyNStay processes personal data for specific, explicitly stated, and legitimate purposes. We do not process personal data in a manner incompatible with the purpose for which it was originally collected. The following sets out a comprehensive description of how we use the personal data we collect:

4.1 Booking Processing and Service Delivery

The primary and most critical use of your personal data is to facilitate, process, and deliver the travel services you have requested. This includes:

• Searching available flights, fares, and travel options based on your search criteria and preferences.
• Processing and confirming flight bookings, generating e-tickets, and issuing PNR numbers.
• Transmitting passenger information to the relevant airline or service provider to secure your reservation.
• Sending booking confirmation emails, e-tickets, itineraries, and boarding pass information to your registered contact details.
• Processing payment transactions securely through our payment gateway partners.
• Managing booking amendments, cancellations, and refund requests in accordance with applicable policies.
• Facilitating ancillary service requests such as seat selection, meal preferences, and special assistance arrangements.

4.2 Account Management and User Experience

• Creating, maintaining, verifying, and managing your registered user account.
• Enabling secure login and authentication through password-based or OTP-based verification.
• Personalizing your Platform experience based on your search history, booking patterns, and stated preferences.
• Displaying relevant flight recommendations, fare alerts, and promotional offers tailored to your travel preferences and history.
• Maintaining saved traveler profiles, saved payment methods (in tokenized form), and saved searches for your convenience.
• Enabling itinerary tracking, booking status updates, and trip management through the Platform.

4.3 Customer Support and Communication

• Responding to your customer support inquiries, complaints, booking queries, and feedback in a timely and effective manner.
• Proactively communicating important booking updates, schedule changes, cancellation alerts, and travel advisories related to your active bookings.
• Sending transactional communications such as payment receipts, refund confirmation notices, and account activity alerts.
• Conducting follow-up communications to resolve open support tickets or pending refund cases.

4.4 Marketing and Promotional Communications

Subject to your marketing communication preferences, EasyFlyNStay may use your personal data to:

• Send you promotional emails, SMS messages, WhatsApp notifications, and push notifications containing travel deals, fare discounts, new service announcements, seasonal offers, and personalized travel recommendations.
• Conduct targeted advertising campaigns on third-party platforms (such as Google Ads, Meta/Facebook Ads, or programmatic ad networks) using anonymized or hashed versions of your contact data.
• Personalize marketing content and offers based on your travel history, stated preferences, and browsing behavior on the Platform.

You have the right to opt out of receiving marketing communications at any time by clicking the “Unsubscribe” link in any marketing email, by adjusting your notification preferences in your account settings, or by contacting support@easyflynstay.com. Opting out of marketing communications will not affect your receipt of transactional or booking-related messages, which are essential to the service.

4.5 Fraud Detection and Prevention

• Monitoring transactions and account activities for patterns indicative of fraud, identity theft, unauthorized access, or financial crime.
• Verifying the identity of users for high-risk transactions, particularly for bookings involving large sums, unusual itineraries, or multiple payment method changes.
• Complying with directives from payment gateways, banks, law enforcement agencies, or judicial authorities regarding suspected fraudulent transactions.
• Investigating and taking action in response to fraud alerts, chargeback claims, or reports of unauthorized account activity.

4.6 Legal Compliance and Regulatory Obligations

• Complying with applicable Indian laws, including tax obligations under the Goods and Services Tax (GST) framework, the Income Tax Act, and foreign exchange regulations under the Foreign Exchange Management Act (FEMA) and the Liberalized Remittance Scheme (LRS) of the Reserve Bank of India.
• Sharing passenger data with airlines, airport authorities, immigration departments, customs authorities, and other government agencies as required for domestic or international travel clearance.
• Responding to lawful requests from courts, law enforcement agencies, regulatory authorities, or government bodies as mandated by applicable law.
• Maintaining statutory records and audit trails as required under applicable laws and regulations.

4.7 Analytics, Research, and Service Improvement

• Conducting internal analytics on aggregated, anonymized user data to understand usage trends, identify popular routes, optimize the Platform's search and booking algorithms, and improve overall service quality.
• Using behavioral data to identify and fix bugs, technical issues, and performance bottlenecks in the Platform.
• Conducting user research, A/B testing, and usability studies to enhance the user interface and user experience.
• Generating business intelligence reports to inform strategic decisions, pricing strategies, and product development roadmaps.

5. Sharing, Disclosure, and Transfer of Personal Data

EasyFlyNStay does not sell, rent, or trade your personal data to any third party for their independent commercial use. However, in the course of providing our services and fulfilling our legal obligations, we may share your personal data with the following categories of recipients:

5.1 Airlines and Travel Service Providers

When you make a booking, your personal data including name, contact details, travel document information, and any special service requests is shared with the operating airline or relevant travel service provider. This sharing is strictly necessary for the purpose of:

• Issuing and confirming your flight ticket or PNR.
• Check-in processing and seat assignment.
• Baggage handling and special service arrangements.
• Compliance with airline check-in and security requirements.

EasyFlyNStay does not authorize airlines or service providers to use your information for any purpose other than fulfilling the booked service. However, airlines and service providers are independent data controllers once they receive your data, and their use of that data is subject to their own privacy policies, over which EasyFlyNStay has no control. Users are advised to review the privacy policies of the relevant airlines.

5.2 Payment Gateway and Financial Partners

Your payment transaction data is processed by our certified payment gateway partners who are PCI-DSS compliant. We share only the minimum payment information necessary to process your transaction. Payment gateway partners are contractually prohibited from using your financial data for any purpose other than processing the specific transaction. Relevant financial data may also be shared with:

• Banks, card networks (Visa, Mastercard, RuPay, Amex), and UPI service providers as required to complete payment processing.
• Financial intelligence units, banks, or payment gateway operators if a fraud alert or chargeback claim is raised in connection with your transaction.

5.3 Technology and Service Vendors

EasyFlyNStay engages various third-party technology vendors, cloud service providers, and service partners to operate, maintain, and improve the Platform. These include:

• Cloud hosting and data storage providers who host the Platform's infrastructure and databases.
• Analytics service providers (such as Google Analytics or similar platforms) that help us understand Platform usage patterns using aggregated and anonymized data.
• Email delivery and SMS communication service providers used to send transactional and marketing messages.
• Customer relationship management (CRM) software providers that help us manage user interactions and support cases.
• Cybersecurity and fraud detection service providers.

All third-party vendors engaged by EasyFlyNStay are required to sign Data Processing Agreements (DPAs) and are contractually bound to process personal data only in accordance with EasyFlyNStay's written instructions, to maintain appropriate technical and organizational security measures, and not to use or disclose the data for any purpose beyond what is specified in the agreement.

5.4 Government Authorities and Law Enforcement

EasyFlyNStay may be required to disclose personal data to government agencies, law enforcement authorities, tax authorities, courts, or other regulatory bodies under the following circumstances:

• To comply with a court order, subpoena, summons, or other legally binding directive.
• To respond to requests from law enforcement agencies investigating criminal activity, terrorism, or national security threats.
• To comply with reporting obligations under applicable tax laws, anti-money laundering regulations, or foreign exchange regulations.
• To share passenger information with immigration, customs, or aviation security authorities as required for international travel processing.

EasyFlyNStay will, to the extent permitted by law, attempt to notify affected users of such disclosures in advance unless prohibited by the applicable legal process. We will challenge legally excessive or disproportionate data requests to the fullest extent permitted by law.

5.5 Business Transfers and Corporate Transactions

In the event of a merger, acquisition, corporate restructuring, sale of all or substantially all of the Company's assets, or any other similar corporate transaction, your personal data may be transferred to the acquiring entity or successor organization as part of the transaction. In such cases, EasyFlyNStay will ensure that the receiving entity is bound by obligations at least as protective as those in this Privacy Policy. You will be notified of any such transfer and any material changes to how your data will be processed.

5.6 Marketing and Affiliate Partners (With Consent)

With your prior, explicit consent, EasyFlyNStay may share limited personal data (such as name, email address, and general travel preferences) with carefully selected affiliate partners, co-branding partners, or loyalty program operators who may offer complementary travel-related products and services. You will always be clearly informed and given the choice to opt in or opt out of such sharing. EasyFlyNStay does not share personal data with marketing partners without your consent.

6. Cookies, Tracking Technologies, and Analytics

6.1 What Are Cookies?

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites function efficiently, to provide a personalized experience, and to give website operators analytical information about user behavior. Cookies do not contain or transmit viruses and cannot access or read other information stored on your device.

6.2 Types of Cookies We Use

EasyFlyNStay uses the following categories of cookies on the Platform:

a) Strictly Necessary Cookies

These cookies are essential for the Platform to function correctly. They enable core functionalities such as user authentication, session management, shopping cart management, and security features. The Platform cannot function properly without these cookies, and they cannot be disabled.

b) Functional or Preference Cookies

These cookies allow the Platform to remember choices you have made (such as your preferred language, currency, cabin class preference, or login status) and to provide enhanced, personalized features. They may be set by EasyFlyNStay or by third-party providers whose services we have added to our pages. If you disable these cookies, some or all of these functionalities may not work as intended.

c) Performance and Analytics Cookies

These cookies collect information about how visitors use the Platform — for example, which pages are visited most often, how long users spend on certain pages, and whether users encounter any error messages. This information is used in aggregated and anonymized form to improve the Platform's performance and user experience. EasyFlyNStay uses tools such as Google Analytics for this purpose.

d) Marketing and Targeting Cookies

These cookies are set by EasyFlyNStay or our advertising partners to track your browsing activity across websites and to serve you relevant advertisements on third-party websites and social media platforms. They remember that you have visited our Platform and may be used to build a profile of your interests. We use platforms such as Google Ads, Meta Pixel, and other retargeting tools for this purpose. These cookies require your explicit consent before being activated.

e) Session Cookies vs. Persistent Cookies

Session cookies are temporary and expire once you close your browser. Persistent cookies remain on your device for a specified duration (or until you delete them). Most marketing and preference cookies are persistent, while authentication cookies are typically session-based.

6.3 Other Tracking Technologies

In addition to cookies, EasyFlyNStay may use the following tracking technologies:

• Web Beacons (also called “pixel tags” or “clear GIFs”): These are tiny invisible images embedded in web pages or emails that allow us to track whether a web page has been accessed or an email has been opened. We use web beacons to measure the effectiveness of our email campaigns and to gather aggregate statistics about Platform usage.
• Mobile Device Identifiers: For mobile app users, we may use mobile advertising IDs (such as Google's Advertising ID or Apple's IDFA) to measure ad effectiveness and provide personalized in-app experiences, subject to your device's advertising tracking settings.
• Log Files: Our servers automatically record log files when you access the Platform, which include IP addresses, browser types, referring URLs, and page visit timestamps. These are used for security monitoring, error debugging, and aggregate analytics.

6.4 Managing and Controlling Cookies

You have the right to control and manage cookies through the following mechanisms:

• Browser Settings: Most web browsers allow you to view, manage, delete, and block cookies through the browser's settings or preferences menu. Instructions vary by browser (Chrome, Firefox, Safari, Edge, etc.).
• Cookie Consent Banner: When you first visit the Platform, a cookie consent banner will appear, giving you the option to accept all cookies, customize your cookie preferences by category, or reject non-essential cookies.
• Third-Party Opt-Out Tools: You may opt out of targeted advertising cookies from Google through Google's Ad Settings or by visiting the Network Advertising Initiative (NAI) opt-out page. For Facebook/Meta ads, you can manage ad preferences in your Facebook account settings.

Please note that disabling certain cookies may affect the functionality of the Platform, and you may not be able to access some features or personalized services if all cookies are blocked.

7. Data Retention Policy

EasyFlyNStay retains personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable laws and regulations. The following principles govern our data retention practices:

7.1 Account Data

Personal data associated with your registered user account (including profile information, contact details, and account preferences) is retained for the duration of your active account and for a period of up to 3 years after your last interaction with the Platform or your account closure, whichever is later. This retention period allows us to handle any post-closure queries, legal claims, or compliance requirements that may arise.

7.2 Booking and Transaction Records

Booking records, e-ticket copies, transaction histories, payment records, and associated correspondence are retained for a minimum period of 7 years from the date of the transaction, in compliance with the requirements of the Income Tax Act, 1961 and the GST compliance framework. This retention is necessary for audit, financial reporting, and dispute resolution purposes.

7.3 Communication Records

Records of customer support interactions, email correspondence, and chat transcripts are retained for a period of 3 years from the date of the last interaction. Call recordings, where applicable, are retained for a period of 6 months unless a specific complaint or legal matter requires extended retention.

7.4 Consent Records

Records of your consent to specific data processing activities, including marketing opt-ins and cookie preferences, are retained for the duration of the consent's validity and for an additional period of 3 years after withdrawal of consent or account closure, to demonstrate compliance.

7.5 Legal Hold and Regulatory Obligations

In certain circumstances, EasyFlyNStay may be required to retain personal data beyond the standard retention periods described above, where such retention is mandated by:

• Ongoing legal proceedings, investigations, or disputes in which the data is relevant evidence.
• A court order, legal hold notice, or regulatory direction requiring preservation of specific data.
• Specific statutory requirements that mandate retention for defined periods beyond our standard retention schedule.

7.6 Deletion and Anonymization

Upon the expiry of the applicable retention period, personal data will be securely deleted, destroyed, or anonymized in a manner that prevents its reconstruction or re-identification. Data that has been anonymized (i.e., all identifying information has been irreversibly removed) may be retained indefinitely for analytical and business intelligence purposes, as it no longer constitutes personal data.

8. Data Security Measures

EasyFlyNStay implements a comprehensive set of technical, administrative, and physical security measures to protect your personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. Our security framework includes, but is not limited to:

8.1 Technical Security Measures

• SSL/TLS Encryption in Transit: All data transmitted between your browser or app and EasyFlyNStay's servers is encrypted using industry-standard Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols. This ensures that your personal data, login credentials, and payment information are protected during transmission.
• Data Encryption at Rest: Sensitive personal data and financial records stored in EasyFlyNStay's databases are encrypted at rest using strong encryption algorithms to prevent unauthorized access even in the event of a server or storage breach.
• PCI-DSS Compliant Payment Processing: All payment transactions are processed through payment gateways that are certified as compliant with the Payment Card Industry Data Security Standard (PCI-DSS), the highest security standard for payment processing.
• Password Hashing: User passwords are never stored in plaintext. They are hashed using strong, industry-standard cryptographic hashing algorithms (such as bcrypt) before being stored, making them practically impossible to reverse-engineer.
• Firewalls and Intrusion Detection Systems: EasyFlyNStay's infrastructure is protected by enterprise-grade firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) that continuously monitor and block malicious traffic and unauthorized access attempts.
• Vulnerability Assessments and Penetration Testing: EasyFlyNStay conducts regular security assessments, vulnerability scans, and penetration tests to proactively identify and remediate security weaknesses in the Platform.
• Multi-Factor Authentication (MFA): MFA is available for user accounts to provide an additional layer of security beyond username and password.

8.2 Administrative Security Measures

• Access controls and role-based permissions that restrict access to personal data to only those employees, contractors, or service providers who have a genuine need to access it for their job functions.
• Background verification and confidentiality agreements for employees and contractors who handle personal data.
• Regular security awareness training for employees on data protection best practices, phishing prevention, and incident response procedures.
• Internal data handling policies and procedures that govern the classification, processing, storage, and disposal of personal data.
• Periodic internal audits of data access logs and processing activities to detect and address any unauthorized or anomalous data access.

8.3 Organizational and Physical Security Measures

• EasyFlyNStay's data processing systems and server infrastructure are housed in secure facilities with controlled physical access, CCTV surveillance, and environmental controls.
• Secure workstation policies, including screen locking, device encryption, and clean desk practices, are enforced for all employees handling personal data.

8.4 Limitations of Security

Despite EasyFlyNStay's best efforts to implement robust security measures, no method of data transmission over the internet or electronic storage is 100% secure. EasyFlyNStay cannot guarantee absolute security of your personal data. In the event of a data security breach that is likely to result in a high risk to your rights and freedoms, EasyFlyNStay will notify you in accordance with the obligations prescribed under applicable Indian data protection laws and will take all reasonable steps to mitigate the impact of the breach.

If you become aware of or suspect any unauthorized access to your account or any breach of your personal data, please contact us immediately at support@easyflynstay.com or call +91 70 9000 5700.

9. Your Rights as a Data Principal

Under applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023, and other relevant legislation, you have the following rights with respect to your personal data processed by EasyFlyNStay. EasyFlyNStay is committed to facilitating the exercise of these rights in a timely, transparent, and accessible manner.

9.1 Right of Access and Confirmation

You have the right to obtain confirmation from EasyFlyNStay as to whether your personal data is being processed, and if so, to access a copy of the personal data we hold about you, along with information about the purposes of processing, the categories of data processed, the recipients with whom it has been shared, and the applicable retention period. You may submit a data access request by emailing support@easyflynstay.com with the subject line “Data Access Request” from your registered email address.

9.2 Right to Correction and Completion

You have the right to request the correction of inaccurate, incomplete, or outdated personal data we hold about you. For account-related data (name, contact details, preferences), you may update this information directly through your account settings on the Platform. For data that cannot be self-updated (such as booking records or transaction histories), please submit a correction request to support@easyflynstay.com.

9.3 Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data where:

• The personal data is no longer necessary for the purposes for which it was collected.
• You have withdrawn your consent and there is no other lawful basis for continued processing.
• The personal data has been unlawfully processed.
• Deletion is required to comply with a legal obligation applicable to EasyFlyNStay.

Please note that the right to erasure is subject to limitations. EasyFlyNStay may be unable to delete certain data where retention is necessary for compliance with legal obligations (such as tax record-keeping requirements), for the establishment, exercise, or defense of legal claims, or where the data is required to complete a service you have contracted for.

9.4 Right to Withdraw Consent

Where EasyFlyNStay processes your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing that occurred before the withdrawal. Please note that withdrawing consent for data that is essential for service delivery (such as booking data) may result in EasyFlyNStay's inability to provide those services to you. To withdraw consent for optional processing activities (such as marketing communications or analytics), please contact support@easyflynstay.com or use the unsubscribe mechanism in our marketing emails.

9.5 Right to Grievance Redressal

If you believe that your personal data has been processed in violation of applicable law or this Privacy Policy, or if you have any complaint related to data privacy, you have the right to raise a grievance with EasyFlyNStay's designated Grievance Officer. Details of the Grievance Officer are provided in Section 13 of this Policy. You also have the right to escalate unresolved complaints to the Data Protection Board of India, once it is formally constituted and operational under the Digital Personal Data Protection Act, 2023.

9.6 Right to Nominate

In the event of your death or incapacity, you may nominate a person who shall exercise your data protection rights on your behalf. This nomination may be submitted to EasyFlyNStay in writing to support@easyflynstay.com.

9.7 How to Exercise Your Rights

To exercise any of the rights listed above, please submit a written request to EasyFlyNStay's customer support team at support@easyflynstay.com with the subject line indicating the specific right you wish to exercise (e.g., “Data Access Request” or “Data Deletion Request”). Please include your full name, registered email address, and a brief description of your request. EasyFlyNStay will:

• Acknowledge receipt of your request within 48 hours.
• Verify your identity before processing the request to prevent unauthorized access to your data.
• Respond to your request within 30 days of receipt, or inform you of any extension as permitted by applicable law.

EasyFlyNStay will process all rights requests free of charge in most cases. However, for manifestly unfounded or excessive requests (particularly repetitive requests), a reasonable administrative fee may be charged, or the request may be declined with a written explanation.

10. Children's Privacy

The Platform is not designed for, directed at, or intended for use by children below the age of 18 years. EasyFlyNStay does not knowingly collect, solicit, or process personal data from minors without the verifiable consent of a parent or legal guardian. If EasyFlyNStay becomes aware that personal data of a minor below the age of 18 has been collected without appropriate parental or guardian consent, we will take immediate steps to delete such data from our systems.

If you are a parent or guardian and believe that your minor child has provided personal data to EasyFlyNStay without your consent, please contact us immediately at support@easyflynstay.com or call +91 70 9000 5700. We will investigate and take appropriate action, including data deletion, within 30 days of receiving your request.

Where a minor is included as a co-traveler in a booking made by an adult user, the adult user is responsible for ensuring that the minor's data has been provided with appropriate consent and authority, and that the minor (or their guardian, on the minor's behalf) has agreed to the data practices described in this Policy.

11. Third-Party Websites, Links, and Embedded Content

The Platform may contain hyperlinks, embedded content, widgets, or references to third-party websites, applications, or services that are not owned or operated by EasyFlyNStay. These may include airline websites, hotel booking engines, travel insurance portals, government visa and immigration portals, and social media platforms. The inclusion of a link to a third-party website does not constitute an endorsement of that website or its privacy practices by EasyFlyNStay.

EasyFlyNStay has no control over the privacy policies, data collection practices, content, or security standards of third-party websites. When you navigate away from the EasyFlyNStay Platform to a third-party website, your personal data becomes subject to the privacy policy of that third party. EasyFlyNStay strongly recommends that you carefully review the privacy policy of any third-party website before providing any personal data to that site.

Similarly, when you sign in to EasyFlyNStay using a third-party authentication service (such as Google Sign-In or Facebook Login), your use of that service is governed by the third party's own terms of service and privacy policy, in addition to this Policy. EasyFlyNStay is not responsible for the data practices of third-party authentication providers.

12. Cross-Border Data Transfers

EasyFlyNStay primarily processes and stores personal data in India. However, in connection with the delivery of our travel services, certain personal data may be transferred to and processed in countries outside India. Such cross-border transfers may occur in the following contexts:

• Sharing passenger data with international airlines for the purpose of confirming international flight reservations.
• Transferring data to cloud service providers or data centers that may be located in jurisdictions outside India.
• Engaging third-party vendors or service partners based outside India (such as international analytics platforms or CRM providers) to process data on our behalf.
• Complying with international travel regulations that require sharing passenger data with foreign immigration, customs, or aviation security authorities.

Where personal data is transferred outside India, EasyFlyNStay ensures that such transfers are conducted in compliance with applicable Indian law. Where required, EasyFlyNStay will implement appropriate safeguards such as contractual clauses, data processing agreements, or standard contractual terms approved by competent authorities to ensure that your personal data receives a standard of protection equivalent to that provided under Indian law.

By using the Platform and consenting to this Privacy Policy, you explicitly consent to the transfer of your personal data outside India where necessary for the provision of our services, subject to the safeguards described above.

13. Grievance Officer and Data Protection Contact

In accordance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023 (as applicable), EasyFlyNStay has designated a Grievance Officer responsible for addressing user complaints, grievances, and queries related to the processing of personal data. The Grievance Officer acts as the primary point of contact for all data-related concerns.

EasyFlyNStay's Grievance Officer will:

• Acknowledge receipt of all data-related grievances within 48 hours of submission.
• Investigate the grievance thoroughly and provide a substantive response or resolution within 30 calendar days from the date of receipt, unless an extension is required under applicable law, in which case the user will be informed accordingly.
• Escalate unresolved grievances to appropriate internal stakeholders or regulatory authorities where required.

Users who are not satisfied with the response or resolution provided by the Grievance Officer may escalate their complaint to the Data Protection Board of India (once formally constituted under the Digital Personal Data Protection Act, 2023) or any other competent authority having jurisdiction over data protection matters.

14. Changes and Updates to This Privacy Policy

EasyFlyNStay reserves the right to update, revise, supplement, or otherwise modify this Privacy Policy at any time, at its sole discretion, to reflect changes in our data processing practices, applicable laws and regulations, business operations, technology infrastructure, or to respond to evolving privacy standards and best practices.

Any changes to this Policy will be effective immediately upon being published on the Platform. The “Last Updated” date at the top of this Policy will be revised to reflect the date of the most recent modifications. EasyFlyNStay will endeavor to provide notice of material changes to this Policy through one or more of the following means:

• Publishing a prominent notice on the Platform's homepage or login page.
• Sending an email notification to your registered email address.
• Displaying an in-app notification to mobile app users at the time of their next login.

We strongly encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your personal data and to understand your rights. Your continued use of the Platform after the publication of any changes to this Policy constitutes your acknowledgment of the modified Policy and your consent to be bound by the revised terms.

If you do not agree with the changes to this Privacy Policy, you must immediately discontinue use of the Platform and, if you wish, request deletion of your account and associated personal data in accordance with Section 9 of this Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, the handling of your personal data, or the exercise of your data protection rights, please do not hesitate to contact EasyFlyNStay through the following channels. Our team is committed to responding to all privacy-related inquiries in a thorough and timely manner.

For data access requests, data deletion requests, or consent withdrawal requests, please email us at support@easyflynstay.com with the appropriate subject line (e.g., “Data Access Request”, “Data Deletion Request”, or “Consent Withdrawal”) from your registered email address, along with your full name and booking reference number where applicable.