Privacy Policy | Triplogy – Volantix Flights Private Limited

This Privacy Policy explains how Volantix Flights Private Limited ("Triplogy", "we", "us") collects, uses, stores, and protects your personal data when you use triplogy.com or engage our travel services. This policy complies with the Information Technology Act, 2000 (India), the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and is aligned with global best practices including GDPR principles.

1 Data Controller

The data controller responsible for your personal information is:

Company: Volantix Flights Private Limited
Brand: Triplogy
Address: 429 D, D-21 Corporate Park, Sector 8 Dwarka, New Delhi – 110077, India
Privacy Contact: privacy@triplogy.com
CIN: U79120DL2023PTC419718

2 Data We Collect

We collect the following categories of personal data:

Category	Examples	When Collected
Identity Data	Full name, date of birth, passport number, nationality	At booking or enquiry
Contact Data	Email address, phone number, postal address	At enquiry, booking, or contact form
Payment Data	Card type, last 4 digits, UPI ID, billing address	At payment (via secure gateway)
Travel Preferences	Preferred destinations, dietary needs, special assistance, room preferences	At booking or on request
Usage Data	IP address, browser type, pages visited, time spent, referring URL	Automatically via cookies/analytics
Communication Data	Emails, chat transcripts, call recordings (with notice)	When you contact us
Marketing Data	Email preferences, subscription status, offer redemptions	When you subscribe or book

Sensitive Data: We do not store full card numbers, CVV codes, or bank account numbers on our servers. Payment processing is handled by PCI-DSS Level 1 certified payment gateways. Passport details are stored only as long as necessary for your booking.

3 Why We Collect Your Data

We use your personal data for the following purposes:

Booking fulfilment: To process and confirm your travel bookings, issue vouchers, and coordinate with suppliers (hotels, airlines, ground handlers)
Customer communication: To send booking confirmations, itineraries, pre-departure information, and important travel updates
Customer support: To respond to your enquiries, complaints, and requests
Payment processing: To process payments securely via our payment gateway partners
Legal compliance: To comply with applicable laws including tax regulations, anti-money laundering requirements, and government reporting obligations
Marketing (with consent): To send promotional offers, travel inspiration, and newsletters — only where you have given explicit consent
Website improvement: To analyse usage patterns, improve user experience, and personalise content
Fraud prevention: To detect and prevent fraudulent transactions and protect both parties

4 Legal Basis for Processing

We process your data on the following legal bases:

Contractual necessity: Processing required to fulfil your booking contract (identity, contact, travel, payment data)
Legal obligation: Processing required to comply with Indian tax laws, company law, and financial regulations
Legitimate interests: Fraud prevention, website security, improving our services, and business analytics
Consent: Marketing communications, newsletters, and non-essential cookies — you may withdraw consent at any time

5 Third-Party Sharing

We share your personal data only where necessary with the following categories of recipients:

Airlines: Passenger names and passport details required for ticketing
Hotels and accommodation providers: Guest names, contact details, and special requirements for reservation fulfilment
Ground handlers and transfer operators: Name, arrival details, and contact information for pickup coordination
Payment gateway providers: Billing information required for secure transaction processing
Visa processing agencies: Required documentation where we assist with visa applications
Travel insurance providers: Where you purchase insurance through us
IT and technology providers: Cloud hosting, CRM, and analytics tools operating under data processing agreements
Government / regulatory bodies: Where required by law, court order, or regulatory authority

We never sell your data. We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. All third-party processors are bound by data processing agreements requiring them to maintain appropriate security and use data only for specified purposes.

6 Data Storage & Security

Your data is stored on secure servers hosted in India and/or within the European Economic Area (EEA) by reputed cloud service providers. We implement the following security measures:

SSL/TLS encryption for all data transmitted between your browser and our servers
AES-256 encryption for sensitive data at rest
Role-based access controls — staff access data only on a need-to-know basis
Regular security audits, vulnerability assessments, and penetration testing
Two-factor authentication for internal systems
Incident response procedures for data breaches, including notification within 72 hours where required

While we take all reasonable precautions, no system is completely immune to breaches. In the event of a data breach that affects your rights, we will notify you promptly in accordance with applicable law.

7 Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your experience. Cookies are small text files stored on your device.

Types of Cookies We Use

Essential cookies: Required for the website to function (session management, security). Cannot be disabled
Performance cookies: Google Analytics and similar tools to understand how visitors use our site. Anonymised data only
Functionality cookies: Remember your preferences (currency, language, recently viewed packages)
Marketing cookies: Used to show relevant travel ads on partner websites. Requires your consent

You can manage cookie preferences through our cookie consent banner or your browser settings. Note that disabling certain cookies may affect website functionality. For full details, please refer to our Cookie Consent settings accessible from the footer of every page.

8 Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

Booking records: 7 years from date of travel (required for tax and legal compliance under Indian law)
Payment records: 7 years (as required by financial regulations)
Customer enquiries and support communications: 2 years from date of last interaction
Marketing consent records: Until consent is withdrawn, plus 1 year for compliance evidence
Website usage data (analytics): 26 months (Google Analytics default)
Passport and identity documents: Deleted within 90 days of travel completion unless required for ongoing dispute

Upon expiry of the retention period, data is securely deleted or anonymised so it can no longer identify you.

9 Your Privacy Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your data ("right to be forgotten") where no legal obligation requires retention.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Restriction

Request restriction of processing in certain circumstances.

Right to Portability

Receive your data in a structured, machine-readable format.

To exercise any of these rights, email privacy@triplogy.com with the subject "Privacy Rights Request" and your name and booking ID. We will respond within 30 days. Identity verification may be required before we process your request.

Withdrawing Marketing Consent: You can unsubscribe from marketing emails at any time using the "Unsubscribe" link in any email, or by emailing privacy@triplogy.com. Withdrawal of marketing consent does not affect the lawfulness of processing carried out before withdrawal.

10 Children's Privacy

Our services are not directed to children under 18. We do not knowingly collect personal data from children. Bookings on behalf of minors must be made by a parent or legal guardian who accepts responsibility for the minor's data.

If we become aware that we have collected data from a child under 18 without verified parental consent, we will delete that data promptly. Please contact privacy@triplogy.com if you believe we have inadvertently collected a child's data.

11 International Data Transfers

When you book international travel, your data must necessarily be transferred to service providers in destination countries (hotels, airlines, ground handlers). These transfers are necessary for the performance of your contract and are protected by:

Contractual data protection clauses with all international suppliers
Use of suppliers who maintain their own privacy standards aligned with applicable regulations
Transferring only the minimum data necessary for service fulfilment

For transfers to countries outside India, we ensure appropriate safeguards are in place as required by the IT Act and applicable international standards.

12 Contact & Privacy Queries

For all privacy-related queries, requests, or concerns, please contact our Privacy team:

Email: privacy@triplogy.com
Post: Privacy Officer, Volantix Flights Private Limited, 429 D, D-21 Corporate Park, Sector 8 Dwarka, New Delhi – 110077
Response time: We aim to respond to all privacy queries within 30 days

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority. In India, this is the Ministry of Electronics and Information Technology (MeitY). EU/EEA residents may contact their national Data Protection Authority.

Privacy questions?
Email us at privacy@triplogy.com — we respond within 30 days.