This Privacy Policy ("Policy") explains in general terms how DigiSurface Consulting Private Limited, trading as DIGISURFACE, related bodies corporate and franchisees, and all their brands (collectively referred to as "DigiSurface Pvt Ltd", "DIGISURFACE", "we", "our" or "us") protects the privacy of your personal information.

If you do not agree with any part of this Policy, you must not provide your personal information to us — this may affect the services we can provide to you. Where we say "disclose", this includes transferring, sharing, sending, or otherwise making available or accessible your personal information to another person or entity.

Personal information is information which relates to a living individual who can be identified from that information, or from that information and other information in a person's possession — including any expression of opinion (whether true or not, whether recorded in material form or not) about an identified or reasonably identifiable individual, and any indication of intention in respect of an individual.

Your company may have subscribed to DigiSurface Services either directly or via an authorised reseller. Your company is regarded as a data controller within the meaning of applicable data protection laws, and DigiSurface's processing of such data is under the direction of your company.

"Personal Data" means any information relating to you that is entered by or on behalf of your company into or derived from their use of the DigiSurface Services, including personal data supplied to or accessed by DigiSurface to provide support services. Personal Data in the DigiSurface Services typically includes:

• Personal profile data — name, contact information, travel preferences, financial information, and account numbers for related connected services
• Organisational information — employee identification, payroll, cost centre, and associated approver information
• Expense and travel-related data — expense information including receipt images and travel itineraries
• Mobile data — device information and, when enabled, location data
• Connected services data — account, loyalty programme or rewards numbers for taxis, car rentals, airlines, or hotels

DigiSurface Services may also obtain Personal Data from back-office financial or HR systems, from travel agents, or from third-party partners (airlines, hotels, ride-sharing services). Some information — such as IP addresses, browser information, and click-stream data — is automatically collected via tracking technologies when you use the services.

Generally, we collect information needed to facilitate your queries about our products, travel arrangements and bookings, and to arrange travel-related services on your behalf. This may include: your name, address, telephone number, email address, passport details, frequent flyer details, dietary requirements, and health information (where relevant to travel arrangements).

We also collect information for business activities — including financial details necessary to process transactions, and any other personal information you elect to provide.

When we book products and services for you, we usually act as agent for travel service providers. In these cases, the consent you provide under this Policy to the collection and use of your personal information applies equally to the parties whose products and services we sell (e.g. airlines, hotels, car rental companies).

The primary purpose for which we collect your personal information is to provide travel advice and/or to assist you with booking travel and related services. By providing your personal information, you consent to us using and disclosing it for:

• Identification of fraud or error
• Regulatory reporting and compliance
• Developing, improving and marketing our products and services
• Servicing our relationship with you, including updates on promotions and services
• Market research and customer satisfaction surveys
• Facilitating participation in loyalty programmes
• Analysing trends in sales and travel destinations
• Marketing activities — mail-outs, emails, e-newsletters, SMS notifications, and telephone calls
• Internal accounting and administration
• Other purposes as permitted or required by law

We will only send e-newsletters or promotional materials if you have opted in to receive them. We store your personal information only for as long as necessary for the purpose for which it was collected.

Yes. You consent to your personal information being processed, transferred, and/or disclosed in the following circumstances:

• As set out in the "How do we use personal information?" section
• As permitted or required by law
• To regulatory bodies and law enforcement officials for fraud prevention and security
• To third-party IT solution providers that assist us in delivering products and services
• To our related entities and brands (including overseas companies)
• To travel service providers — wholesalers, tour operators, airlines, hotels, car rental companies — for the purpose of processing your travel arrangements
• To comply with legal obligations and customs/immigration requirements
• To qualified government departments where required by law
• Where we suspect unlawful activity requiring investigation or reporting
• To third parties for market research to improve our services
• To third parties for analysing trends in sales and travel destinations

Other than the above, we will not disclose your personal information without your consent, unless necessary to prevent a threat to life, health or safety, or where required or authorised by law.

When you provide your personal information, you consent to it being disclosed to overseas recipients where necessary to facilitate your travel arrangements. Recipients may be located in countries with different privacy laws to India.

We will use reasonable efforts to ensure overseas recipients' compliance with Indian privacy laws; however, we cannot control the privacy practices of overseas recipients and will not be liable for how they handle your personal information. We encourage you to review the privacy policies of any third-party service providers whose services we arrange on your behalf.

We may also disclose personal information to our overseas related entities and to third parties who perform administrative and technical services for us overseas. If you have specific questions about where your information will be sent, please contact us via the details in the "Contact" section.

DigiSurface Pvt Ltd has implemented various physical, electronic, and managerial security procedures to protect personal information from loss, misuse, and unauthorised access, modification, disclosure, and interference.

We regularly review security and encryption technologies and strive to protect your personal information as fully as we protect our own confidential information. DigiSurface uses industry-standard security technology and organisational measures to protect Personal Data from unauthorised disclosure, and retains data in active databases for varying lengths of time depending on service type, data classification, and applicable law.

Subject to exceptions in applicable privacy laws, you may request access to any personal information we hold about you. Where information is not accurate, complete, or up-to-date, you may ask us to correct it — we will respond within a reasonable time.

We reserve the right to confirm the identity of the person seeking access or correction before complying. If we deny access or correction, we will provide the reason for such denial. You must always provide accurate information and agree to update it whenever necessary.

To access or correct your personal information, please contact us via the details in the "Contact" section below.

Should you no longer wish to receive e-newsletters, promotional material, participate in market research, or receive other communications from us, please refer to the Contact section below and leave a message. We will action your request promptly.

A cookie is a small text file stored on a user's computer for record-keeping purposes. We use cookies to identify a visitor's browser, to anonymously track visits, or to enhance the website experience. We use both session ID cookies (expire when you close your browser) and persistent cookies (remain on your device for an extended period). You can remove persistent cookies via your browser's "Help" settings. Rejecting cookies may limit access to some areas of our website.

We use Google Analytics to compile statistical reports on website usage. Information generated by cookies is transmitted to Google. We will not use Google Analytics to track or collect personal data of visitors, nor associate cookie data with personal data. You may opt out via the Google Analytics Opt-out Browser Add-on .

The use of cookies by our partners, affiliates, or third-party service providers is not covered by this Privacy Policy. We do not have access or control over these cookies, nor do we tie information gathered to customers' personally identifiable information.

We partner with third-party ad networks to manage advertising. Our ad network partners may use cookies to collect non-personally identifiable information about your activities on this and other websites to provide targeted advertising based on your interests.

Our website and mobile app may contain links to third-party sites over which we have no control. We are not responsible for the privacy practices or content of such sites. We encourage you to read the privacy policies of any linked sites you visit.

If you have any enquiries, comments, or complaints about this Policy or our handling of your personal information, please contact your consultant or email us at:

We will respond to any complaints received as soon as practicable.

From time to time it may be necessary for us to review and revise this Policy. We reserve the right to change our Policy at any time and for any reason. If we make a change, the revised version will be posted on our website. We encourage you to review this page periodically.