At Zeko, we are committed to protecting your personal data and respecting your privacy. Please read the following terms of the Policy carefully to understand our practices regarding your personal data and how we will treat it. This policy sets out the basis on which any personal data we collect from you or about you, or that you provide to us, will be processed by us.
As per the IT Rules-
- Personal Information: means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person;
- Sensitive personal data or information: Sensitive personal data or information of a person means such personal information which consists of information relating to -
- financial information such as Bank account or credit card or debit card or other payment instrument details;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- Biometric information;
- any detail relating to the above clauses as provided to body corporate for providing service; and
- any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise.
Please note that any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force will not be regarded as sensitive personal data.
- Information we collect - We collect various types of personal information from you when you use our Services or access our Platform. This includes:
- Contact information such as name, email address, phone number and address;
- Valid Government ID card details;
- User preferences and requests;
- Device information such as IP address; and
- Login ID and password;
We collect this information when you use our Services, make a reservation, or sign up for an account. We may also collect information from third-party sources such as hotels or travel agencies.
Transactional data - This includes payment details and other information regarding payments you make available to us and other details of products and Services you have accessed or used through the Platform. We do not store card details on our servers. Credit and debit card payments are processed by Third Party Service Providers engaged by us, including payment aggregators or gateways on their secure payment server and all card details are fully encrypted and stored by them.
- How we use your information – We use your personal information for the following purposes:
- Provide and improve our Services;
- Process hotel reservations and payments;
- Communicate our services with you;
- Customize your experience based on your personal information by providing personalised recommendation and offers;
- Monitor and analyse usage of our Services;
- Conduct data analysis and research to improve our Platform;
- Verification of users’ identity and to perform checks to prevent frauds;
- Comply with our legal obligations.
We may also use your information to send you promotional or marketing materials, but you can opt-out of receiving these communications at any time.
- How do we protect your information - We take reasonable measures to protect your personal data against unauthorized access, disclosure, use, loss, or alteration. This includes:
- Using industry-standard security measures such as encryption, firewalls, and secure servers to protect your data;
- Conducting regular security audits and risk assessments;
- Ensuring authorized personnel access only to personal information of users;
- Ensuring our employees and contractors are trained on data protection and security protocols.
- Do we share your information - We may share your personal information with third parties in the following circumstances:
- With hotels or other service providers to fulfil your reservations or requests;
- With payment processors to process payments;
- With our affiliates and subsidiaries for business purposes;
- With law enforcement or government agencies if required by law or to protect our rights or the rights of others;
- With third parties to defend and protect the rights and property of the Company;
We may also share anonymous or aggregated data with third parties for research or marketing purposes.
- Data Retention - The information that you provide to us would be stored until you have an account with us or until such time as we are required to provide Services to you or till it is necessary in relation to the purposes for which such data was collected or to store the information to resolve disputes, enforce our agreements, and as required under applicable law. We may also store your data indefinitely until you exercise your right of erasure as provided in Clause 7 below.
- Right to Erasure - This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your Personal Information where there’s no compelling reason for us to keep it. Such right of erasure can be exercised by writing to us at [*]. This is not a general right to erasure; there are exceptions, such as when the law requires us to retain certain Personal Information about you or where such retention is required for providing our Services to you, etc.
- Users Rights – The users of our Platform and Services will have rights such as:
- Access and obtain copy of your personal data that we hold;
- Request correction of any incorrect or incomplete personal data;
- Object to the processing of your personal data for certain purposes;
- Request erasure of your personal data in certain circumstances;
- Request restriction of processing of your personal data;
- Withdraw your consent for processing your personal data at any time.
Please contact us if you wish to exercise any of these rights.
- Legal Basis for Processing Data- We rely upon a number of legal bases to enable our processing of your personal data.
- Contractual and Pre-Contractual Business Relationships. We process Personal Data for the purpose of entering into business relationships with prospective users and to perform the respective contractual obligations that we have with these users. Activities include:
- Creation and management of Zeko accounts and Zeko account credentials, including the evaluation of applications to commence or expand the use of our Services;
- Accounting, auditing, and billing activities; and
- Processing of payments, including fraud detection and prevention, optimizing valid transactions, communications regarding such payments, and related customer service.
- Legal Compliance. We process Personal Data to verify the identity of our users in order to comply with fraud monitoring, prevention and detection obligations, laws associated with the identification and reporting of illegal and illicit activity, such as "Anti-Money Laundering ("AML") and Know-Your-Customer ("KYC")" obligations, and financial reporting obligations. For example, we may be required to record and verify a user’s identity for the purpose of compliance with legislation intended to prevent money laundering and financial crimes. These obligations are imposed on us by the operation of law, industry standards, and by our financial partners, and may require us to report our compliance to third parties, and to submit to third party verification audits.
- Legitimate Business Interests. Where allowed under applicable law, we rely on our legitimate business interests to process Personal Data about you. The following list sets out the business purposes for which we have a legitimate interest in processing your data:
- Detect, monitor and prevent fraud and unauthorized payment transactions;
- Mitigate financial loss, claims, liabilities or other harm to customers, users;
- Determine eligibility for and offer new Zeko products and services;
- Respond to enquiries, send Service notices and provide customer support;
- Promote, analyze, modify and improve our Services, systems, and tools, and develop new products and services, including reliability of the Services;
- Manage, operate and improve the performance of our Sites and Services by understanding their effectiveness and optimizing our digital assets;
- Analyze and advertise our Services;
- Conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business;
- Share Personal Data with third party service providers that provide services on our behalf and business partners which help us operate and improve our business;
- Enable network and information security throughout Zeko and our Services; and
- Share Personal Data among our affiliates.
- Consent - In certain scenarios, Zeko will process personal data from you only after you have provided your consent for that specific purpose. For example, before sending direct marketing materials to customers and/or potential customers. Such consent can be withdrawn, anytime by you.
- Definition and usage of cookies
- A "cookie" is a small piece of information that is stored on your device (such as your computer) and which records the way that you use a website so that, when you revisit that website, it allows Company to provide tailored options based on the information that has been collected from your last visit. Cookies can also be used to analyse traffic and, in some cases, for providing you with tailored advertising and marketing.
- Users of Company websites accept cookies, when visiting Company website for the first time. However, they are not required to turn on cookies in order to have a functioning website. Only after accepting to turn on the cookies, personal data will be processed. A different option is that the user sets his/her browser to warn him/her with a message for each cookie, only the cookies that have been accepted will be processing personal data. Whilst essential cookies are necessary to run Company websites, the rest are not compulsory and require your consent.
- Following are the broad categories of cookies used on our website:
- Essential cookies: These cookies make Company website operation work and therefore they cannot be turned off or rejected. These cookies do not gather any information about you and do not have the ability to remember how you have used our website;
- Performance cookies: Company use these cookies to help in the analysis on how its website is used and to improve its performance. For example, Company use them to understand where visitors to Company site are based, how many people visit the website and which sections of the website are the most used;
- Functionality cookies: These cookies allow Company website to remember if you have previously visited Company site or the choices you made to provide a more personalised online experience.
- Third-Party cookies: These are only installed if the user accept the cookies. They collect information from their device and perform tasks that analyse behaviour and collect other information, such as demographics. These cookies may be used to provide you with personalised advertising.
- Third Party Marketing Cookies and Social Advertising
- How to manage cookies- Our performance, functionality and third-Party cookies are not strictly necessary for our website to work but will provide you with a better browsing experience. You can delete or block these cookies, but if you do this, you may have to manually adjust some preferences every time you visit our website and some features of the site may not work as intended. Most internet browsers are initially set up to automatically accept cookies, however you can decide at any time what type of cookies you want to accept. You can change the settings on your browser to block cookies or to alert you when cookies are being sent to your device.
- Complaints and Grievance Redressal – Any discrepancies or grievances of the user will be address and resolved by a Grievance officer. The name and contact details of the Grievance officer is as follows –
Manit Deep Prashar