GDPR Policy

This GDPR Policy explains how Tadoba Safaris and Stays (“we”, “us”, “our”) handles the personal data of visitors and guests who are residents of the European Economic Area (EEA) and the United Kingdom, in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR. It sits alongside our general Privacy Policy and should be read together with it.

Data controller

For the purposes of the GDPR, the data controller is:

• Tadoba Safaris and Stays
• Address: 4-19, High NIT Colony, Pratap Nagar, Nagpur — 440 022
• Email: info@tadobasafarisandstays.com
• Phone: +91 77198 06444

What personal data we process

• Name, email address, and phone number submitted via our enquiry form, WhatsApp, or email.
• Travel preferences — dates, group size, dietary needs, accessibility requirements, and resort preferences.
• Government-issued identity details (passport / national ID) required by the Maharashtra Forest Department for safari permits.
• Payment information when you place a deposit (processed by our payment gateway; we do not store full card numbers).
• Marketing preferences and consent records.
• Cookies, device information, and anonymous analytics data when you browse our website.

Legal basis for processing (Article 6 GDPR)

We only process your personal data where we have a lawful basis to do so. We rely on the following bases:

• Contract (Art. 6(1)(b)) — to process your booking, arrange safaris, coordinate transfers, and deliver the services you have asked us to provide.
• Legal obligation (Art. 6(1)(c)) — to meet our obligations under Indian law, including Maharashtra Forest Department permit requirements, hospitality registration rules, and Indian tax and accounting law.
• Legitimate interest (Art. 6(1)(f)) — for website analytics, fraud prevention, securing our systems, and sending marketing communications to existing guests about similar services. We balance this against your rights and freedoms in each case.
• Consent (Art. 6(1)(a)) — for newsletter subscriptions, non-essential cookies, and any marketing to people who are not existing guests. You can withdraw consent at any time without affecting prior lawful processing.

Your rights under the GDPR

If you are based in the EEA or the UK, you have the following rights in relation to your personal data:

• Right of access (Art. 15) — to obtain confirmation that we hold your data and receive a copy of it.
• Right to rectification (Art. 16) — to have inaccurate or incomplete data corrected.
• Right to erasure (Art. 17) — also known as the “right to be forgotten”, to have your data deleted where one of the conditions in Article 17 applies.
• Right to restrict processing (Art. 18) — to ask us to pause processing of your data in certain circumstances.
• Right to data portability (Art. 20) — to receive the data you have given us in a structured, commonly-used, machine-readable format, or to have it transmitted to another controller where technically feasible.
• Right to object (Art. 21) — to object to processing carried out on the basis of legitimate interest, including direct marketing.
• Rights related to automated decision-making (Art. 22) — not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently make such decisions.
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time by emailing us; this will not affect the lawfulness of processing already carried out.

International data transfers

Tadoba Safaris and Stays is based in India, so personal data you provide will be transferred to and processed in India, which is outside the EEA and the UK. Where required, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and the UK’s International Data Transfer Addendum with our service providers and partners as the safeguard for such transfers. We also apply contractual and technical measures to protect transferred data.

Data retention

We keep your personal data only for as long as we need it for the purpose it was collected, or as required by law:

• Booking and transaction records — up to 7 years, to comply with Indian tax and accounting law.
• Forest Department permit records — for the period the Forest Department requires us to retain them.
• Website analytics — up to 26 months.
• Marketing contacts — until you unsubscribe or otherwise withdraw consent.
• Enquiry-only contacts (no booking) — up to 24 months from your last contact with us.

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority in the EEA member state or the UK where you live, work, or believe an infringement has taken place. For example:

• United Kingdom — Information Commissioner’s Office (ICO), ico.org.uk.
• France — Commission Nationale de l’Informatique et des Libertés (CNIL), cnil.fr.
• Germany — your relevant Landesdatenschutzbeauftragter (state DPA).
• Other EEA countries — your national supervisory authority. The European Data Protection Board maintains a list at edpb.europa.eu.

We would, of course, appreciate the chance to address your concerns first — please contact us before approaching the regulator.

How to exercise your rights

To exercise any of the rights described above, please write to us at info@tadobasafarisandstays.com with the subject line “GDPR Request”. To protect your data, we may ask you to verify your identity before we act. We will respond within 30 days of receipt of a valid request, as required by Article 12(3). Where a request is complex or where you have made several requests, we may extend this period by a further two months and will inform you of the extension.

Updates to this policy

We may revise this GDPR Policy from time to time to reflect changes in our practices or in applicable law. The “Last updated” date at the top of the page will always reflect the current version. For any GDPR-related question, write to us at info@tadobasafarisandstays.com or call +91 77198 06444.