Version 1.0
Last Updated: [14th July 2026]
This Privacy Policy (“Policy”), owned and operated by Chomps Innovation Labs LLP (hereinafter
referred to as the “Company”, “We”, “Us”, or “Our”) govern the processing of Personal Data and
information. The Platform acts as a technology based intermediary marketplace that enables
independent third-party hosts to list, promote and offer travel related services including but not limited
to tours, transportation, accommodations and experiences.
This Policy applies to all persons who access, browse, register on, transact through, or otherwise use
our website, mobile application, products, services, or any associated platforms, features, content, or
whether existing now or introduced in the future by the Company (collectively referred to as the
“Platform”). Such individuals shall be referred to as “User”, “You”, or “Your”.
User privacy is of utmost importance to Us. We follow systematic and stringent procedures to protect
the security of the Personal Data stored by Us. The information that Users share is stored in secure
servers with encryption and can be accessed only for authorized purposes. All Personal Data is
shared on a need-to-know basis only. By undertaking User initiated actions such as checking boxes,
submitting forms, registering for an account-based relationship, or using any feature of the Platform,
You shall be providing consent to the use of Your Personal Data in terms of this Policy.
Your use or access of the Platform shall confirm Your understanding, acknowledgement and
acceptance of this Policy. By using Our Platform, You expressly consent to the Platform’s use of Your
Personal Data in accordance with this Policy. If You do not agree with this Policy, You must
discontinue using the Platform.
DEFINITIONS AND INTERPRETATIONS :
In this Policy, unless the context otherwise requires, words importing the singular shall include the
plural and vice versa, references to any gender shall include all genders, headings are for
convenience only and shall not affect interpretation, references to clauses shall mean clauses of
these Policy unless otherwise specified and any reference to Applicable Laws shall include any
amendment, modification or re-enactment thereof and the following expressions shall have the
meanings assigned to them below:
“Applicable Law(s)” means all laws, rules, regulations, notifications, circulars, orders, judgments and
other binding instruments issued by any governmental, statutory or regulatory authority in India, as
may be in force and amended from time to time, that apply to the Company, the Platform, the hosts or
the Users;
“Personal Data” as per Applicable Laws, means any data about an individual who is identifiable by
or in relation to such data and generally includes information such as name, contact information,
financial identifiers, online identifiers, device information, and any other data classified as Personal
Data as per Applicable Laws.
The data collected or received could include Your name, address, signatures, date of birth, copies of
identity cards (ID), contact details including electronic mail ID and phone number, address, previous
names, maiden names, domicile, origin, citizenship, nationality, residence, passport, any legal or
other identifiers like Permanent Account Number (PAN) )/ Aadhaar/ National ID/ Social Security
Number/ or its equivalent, photograph and gender, data that identifies (whether directly or indirectly) a
particular individual, such as information You provide on any forms, surveys, online applications or
similar online fields, demographic information in aggregated or de-identified form, bank account
details, card details, UPI handles, medical health and fitness reports, and any other information to
provide Our services to you, information collected when you make or receive payments, data that is
collected when You make financial transactions such as amount sent or requested, amount paid for
services availed by you, including information about any funding instruments used to complete the
transaction, information about visits to the Platform website, website traffic data, location data,
weblogs, internet browser, IP address, information collected through tracking technologies,
communications with the Platform or any of its representative, any data derived from User data or
other sourced data such as behavioural projections, profiling, analytical results, reports (prepared by
Us or others) including through any algorithms, analytics, software, automations, log-in IDs, password
or PINs in encrypted form, information related to data access, correction, restriction, deletion, porting
requests and complaints, CCTV images at Our offices, conversations during meetings / calls/
correspondences with Our staff, behavioural details, browsing actions, patterns and online activity,
records of Our communication with You, including electronic mail, telephone conversations, live chat,
instant messages and social media communications containing information concerning your
grievances, complaints and dispute, any other information or Personal Data that You consent to
share.
If you provide Personal Data about someone else (for example, information or data about a spouse or
client), or someone provides Personal Data about You, such Personal Data may be used by Us in the
manner specified in this Policy. In order to provide Our services securely, enhance customer
experience and for purposes of marketing our services, Personal Data about You may be obtained
from other sources, who are also bound by confidentiality obligations with Us.
“Traveller” means any natural or legal person who accesses, browses, registers on or otherwise
uses GDT Marketplace to discover or book paid experiences, whether or not they complete a
booking.
“User” means any natural or legal person including any Traveller, who accesses, browses, registers
on or otherwise uses the Platform, whether or not such person completes a booking or transaction;
APPLICABILITY
This Policy applies to all Users of the Platform, visitors to our website, and customers, service
providers, hostss, and other service providers. It also extends to all persons whose data is collected
by us, whether directly or indirectly.
This Policy also applies where the Company distributes, refers, integrates, or acts as an agent,
reseller or implementation partner in relation to any products or services not directly offered by the
Company but made available to You through or in connection with the Platform.
In the event You are using the Platform or Services as an authorised signatory, authorised
representative, employee, consultant, director, or other authorised person of a body corporate or non-
individual entity, this Policy shall apply to Your Personal Data as well.
Terms and conditions, non-disclosure agreements and any other consents that You may give to or for
the benefit of the Company may contain additional privacy-related provisions. This Policy does not
limit or supersede any such specific terms or consents
DATA WE COLLECT
We receive Your data through multiple sources, such as when You submit the data to us, make
enquiries, or opt for Our services, use the services, transact, engage, use Our Platform, email or call,
raise a complaint / grievance, through third parties, from information publicly available and through
cookies. The platform collects data for the provision of the services and uses such data to provide the
services and in terms of this policy.
We assume that all information provided by You is true, accurate, current, non-misleading, consistent
and relevant on the date when it is provided. If any person other than You, submits Your Data to Us,
we shall reasonably assume that such person or persons have been authorised by You to submit
such Data to Us, and till further validation or rejection from You, such Data shall be processed in
terms of this Policy.
USAGE OF DATA
The Company processes Personal Data for purposes reasonably necessary to operate, administer,
and improve the services and to manage its relationship with its Users. Such purposes include
creating and maintaining User accounts, authenticating identity, providing access to features and
functionality, processing payments, communicating service-related information, and providing
customer support. Where permitted by Applicable Laws, Personal Data may also be used to
communicate information about services, or updates relevant to the User’s engagement with the
Company.
We use Personal Data for activities such as the following: (i) to carry out Users instructions (ii) to
enable You to use Our website, Platform and online services (iii) to provide additional features of the
Platform (iv) to notify changes / additions to Our services, terms and conditions, fees, policies or other
information (v) for customer services, including answering questions and responding to feedback and
complaints, (vi) to establish contact and manage relationship with You (vii) to improve features and
services (viii) to liaise with Our service providers to provide services to Our Users that the User
selects to avail (ix) to send offers based on previous services and interests, (x) for surveys and
market research of additional services (xi) enabling service delivery (xii) matters incidental, related or
necessary to the above. You may control or withdraw access for sharing location through your device
settings or application permissions. Disabling such access may however limit or prevent certain
features or services from functioning properly. We may share Personal Data with Our subsidiaries /
group companies and service providers for the purpose of providing services.
The Platform may share Data with selected service providers only to the extent reasonably necessary
for them to perform services specifically chosen by Users, while urging such providers to process
Data in compliance with Applicable Laws. For efficient operations and service delivery, Personal Data
may also be shared with trusted third parties, affiliates, and service providers, including subsidiaries,
payment gateways/processors, delivery partners, cloud hosting providers, analytics providers, hosts,
experience providers, business collaborators, sponsors, and other third parties, solely for the
purposes for which the data was collected and in accordance with this policy. Additionally, certain
third-party service providers may collect non-personally identifiable information regarding Your
interactions with the Platform, its features, and services through cookies and similar technologies to
deliver tailored advertisements related to products and services. No personally identifiable
information, such as Your name, email address, phone number, physical address, or other personal
details, is collected or shared for this purpose. You may prevent such anonymous data sharing at any
time by disabling or blocking cookies through Your browser settings, although any information
previously collected through existing cookies may continue to be stored by the Platform.
The Platform may also share Your Data with third-party selected hosts, for the purpose of arranging
and facilitating the services requested by You. By agreeing to this Policy, the User expressly consents
to such disclosure of Data to the extent necessary for the performance of the requested services and
acknowledges that such third parties may process the Data to complete the provision of services
selected by the User. We do not sell, distribute or lease Personal Data to any third parties. We do not
use or disclose Personal Data other than in terms of this Policy.
Personal Data may be transferred to, stored, and processed in jurisdictions outside India by third-
party service providers engaged by the Company, including cloud hosting and infrastructure
providers; analytics and technology service providers; and payment processors and financial service
providers. Such transfers shall be carried out in compliance with the Applicable Laws. By using the
Platform and providing Your Personal Data, You consent to such cross-border transfers, subject to
Applicable Laws.
Additionally, the Platform may, without Your further consent, disclose Data to third parties when We,
in good faith, believe that such disclosure is reasonably required (i) by law, (ii) by any statutory,
regulatory or judicial body (iii) for any other reason that the User consents to (iv) for complying with
the Applicable Laws.
The Company may use automated processing, including algorithms and analytics tools, to
personalise user experience, improve recommendations, and optimise Platform functionality. The
Company ensures that such processing is conducted in a fair, transparent, and lawful manner in
accordance with Applicable Laws. Users may opt out of personalised recommendations through
account settings or manage such processing through cookie preferences and consent mechanisms.
Such processing may include:
(a) analysis of browsing behaviour, search queries, and interaction patterns;
(b) evaluation of past bookings, preferences, and engagement history;
(c) ranking or displaying content, hosts, or experiences based on relevance.
DATA RETENTION
We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected,
or as required under Applicable Law. Data may be retained for a minimum period of one (1) year from
the date of processing unless required for a longer period as per the Applicable Laws. The Personal
Data we collect will be securely stored with us or with our service providers for the purposes
mentioned above beyond the expiry of transactional or account based relationship with You only if
required: (a) to comply with any contractual, legal or regulatory obligations to which we are subject (b)
for establishment, exercise or defense of legal claims and dispute resolutions (c) audit, compliance,
fraud detection norms, legal or regulatory inquiries, security incident investigation or law enforcement
requirements (d) as specified in this Policy (e) in accordance with specific consents.
Notwithstanding the generality of the foregoing, Your Personal Data shall be retained or deleted by
the Platform in strict compliance with the Applicable Laws from time to time, with appropriate notice to
You in case deletion is statutorily mandated.
DATA SECURITY
The Company has stringent security measures to protect the loss, misuse, unauthorized use and
alteration of the information provided by Users to the Platform through physical, technological and
organizational safeguards.
If You have questions regarding the security of Your Personal Data, You can contact us at
[info@greatdtour.com].
Unless otherwise necessitated by any specific law or regulation, Your Personal Data is stored in India
by the Company in secure servers with encryption. We undertake appropriate measures to control
access to our computer resources and periodically review the logs to detect any unauthorized access.
The Company also has security measures in place to prevent and report, if necessary, any loss of
Personal Data and remediation to prevent recurrence.
While the Company endeavours to maintain robust security standards and continuously review and
improve its data protection practices, You acknowledge and agree that no method of electronic
transmission, storage, or processing of data over the internet or through digital systems can be
guaranteed to be completely secure or error-free.
Accordingly, the Company does not promise absolute security of Personal Data, and Users
acknowledge that transmission of information to or through the Platform is undertaken at their own
risk, to the extent permitted under Applicable Laws.
In the event of any security breach of Personal Data, the Platform shall intimate the occurrence of
such breach individually to each of its affected Users and relevant bodies, without delay, as may be
required under Applicable Laws.
Do note that You are responsible for maintaining the confidentiality of Your account’s password and
for any access to or use of Your account by any other person who has obtained Your password,
whether or not such access or use has been authorized by You. You should immediately notify us of
any unauthorized use of Your password or account.
USER RIGHTS
In the event You wish to withdraw Your consent to further processing of Your Personal Data, or raise
any grievances pertaining to Your Personal Data, You may do so by following the procedure
mentioned in this segment. We may continue to retain certain Personal Data in accordance with the
segment on Retention of Information in this Policy. The withdrawal of consent may also impact the
provision of all or certain services being provided to You at the time of such request. You may also
nominate another individual to exercise Your User rights as per Applicable Laws from time to time.
To access, correct, update or erase Your Personal Data, You may send an e-mail to
[info@greatdtour.com] from your registered e-mail ID or write via post to our registered office address
through a signed letter. After successful verification of Your request, the Company shall promptly, but
in no later than 30 business days, give effect to Your request. If You are not satisfied with the result of
Your communication with Us even after 90 (ninety) days from the date of Your request, You may write
to the Data Protection Board of India (“DPB”) through their dedicated online portal or mobile app, as
may be made available by the DPB. Please note that once You have requested for deletion of the
data associated with Your account, we will not be able to restore Your account or any of its
associated data to You.
If the User is a Foreign National (“Foreign National”), it shall be deemed that the Policy has been
read and understood by the User prior to provision of Personal Data to the Platform. If any User
provides Personal Data pertaining to a Foreign National, it shall be the responsibility of the User to
keep such Foreign National informed of the contents of the Policy and take consent for the processing
of such Personal Data in terms of this Policy. By providing Personal Data of such Foreign National to
the Platform, it shall be deemed that the User has obtained consent of the Foreign National for their
Personal Data to be collected, processed and stored in India in terms of this Policy.
COOKIES
Information about your web-based activity is collected using technology known as cookies, which can
often be controlled through internet browsers. The Platform uses cookies to uniquely recognize your
device and web browser, as well as to improve the performance and quality of our platform and
services. In this Policy, the term ‘cookies’ means small data files that a website transfers to your
device when you visit it. We may use both session-based cookies (which are deleted automatically
when you close your browser) and certain persistent cookies (which stay on your device until you
manually remove them or they expire). You can delete persistent cookies by following the directions
provided in your browser’s “Help” section. Please note that if you block or disable cookies, certain
features of the Platform might not function correctly or may become unavailable.
THIRD-PARTY LINKS
The Platform may contain links, integrations, references, or access to third-party websites,
applications, services, advertisements, or external resources that are owned, operated, or controlled
by independent third parties.
Please note that once You access or interact with any such third-party website or service, You will be
subject to the privacy policies, terms of use, and data handling practices of those third parties. This
Policy does not apply to collection of any data directly by the third-party servers or networks and the
Platform does not accept any responsibility or liability of data privacy that these third-party servers or
networks may have.
DATA PERTAINING TO MINORS
The Platform is not designed for use by minors, nor does it offer any services to minors. We do not
knowingly collect, process or store Personal Data of children as defined under Applicable Laws.
Users are advised to ensure that no data relating to minors is submitted to the Platform. We do not
take any liability or responsibility for inadvertent submission of data pertaining to minors by Our Users.
GRIEVANCE REDRESSAL & DATA RIGHTS REQUESTS
Any complaint, query or grievance arising in connection with this Policy may be raised through the
Platform’s grievance redressal mechanism. The grievance officer appointed shall acknowledge and
address such complaints in accordance with the timelines and procedures specified in the Terms and
Conditions or as maybe published/communicated by the Platform.
DATA BREACH NOTIFICATION AND INCIDENT RESPONSE
In the event of any Personal Data breach or cyber security incident affecting Personal Data:
(a) The Company shall notify the Indian Computer Emergency Response Team (CERT-In) of such
incident within 6 hours of becoming aware of the same, in accordance with applicable directions
issued by CERT-In.
(b) The Company shall notify affected Users without undue delay, typically within seventy two hours
of becoming aware of the breach.
(c) The Company may communicate such notifications via email, SMS, in-app notification, or public
notice, depending on the nature and severity of the incident.
(d) The Company shall take immediate remedial measures to contain, investigate, and mitigate the
impact of the breach, and to prevent recurrence.
INDEMNITY
You agree to indemnify, defend, and hold harmless the Company from and against any claims,
losses, damages, liabilities, and expenses arising out of or in connection with Your breach of this
Policy, misuse of the Platform, or violation of any Applicable Laws.
GOVERNING LAW & JURISDICTION
This Policy, including its interpretation, validity, enforcement, and any matters arising out of or in
connection with processing of Personal Data under this Policy, shall be governed by and construed in
accordance with the laws of India.
Nothing contained herein shall limit the right of the Company to seek injunctive relief, interim relief, or
other appropriate remedies where such action may be necessary to protect its rights, interests,
intellectual property, confidential information, or compliance obligations.
MISCELLENOUS
In the event of a merger, acquisition, restructuring, or sale of assets, Personal Data may be
transferred as part of such transaction. Such transfers shall be undertaken in accordance with
Applicable Laws and subject to appropriate safeguards to ensure continued protection of Personal
Data. The Company may assign, transfer, novate, or otherwise delegate its rights and obligations
under Policy in accordance with Applicable Laws. Users may not assign any of their rights or
obligations under this Policy without prior written consent of the Company.
The Company shall not be held liable for any unauthorized access, data breach, loss, or misuse of
information that occurs due to factors beyond its reasonable control, including but not limited to cyber-
attacks, system vulnerabilities, force majeure events, actions of third parties, or User negligence,
provided that the Company has implemented reasonable security measures as required under
Applicable Laws.
You acknowledge that that the Policy shall supersede any and all prior or bilateral arrangements,
understandings, or non-disclosure agreements between You and the Company to the extent they
relate to the handling, usage, or protection of Your data.
If any provision of this Policy is held to be invalid, unlawful, unenforceable, or contrary to Applicable
Laws by any competent authority or court of law, such provision shall be severed from this Policy and
the remaining provisions shall continue to remain valid and enforceable to the fullest extent permitted
under Applicable Laws.
Any provisions of this Policy which by their nature are intended to survive termination of the User’s
relationship with the Company, including provisions relating to retention, liability, indemnity, dispute
resolution, and compliance obligations, shall survive such termination as per the Applicable Laws.
Except as expressly provided under Applicable Laws, nothing contained in this Policy shall be
construed to confer any rights or remedies upon any person or entity other than the User and the
Company.
You represent and warrant that the information and Personal Data provided by You is accurate,
lawful, and submitted with all necessary rights and consents. You further agree to use the Platform
only in compliance with Applicable Laws and not to upload or transmit any unlawful or harmful
content. The Company will handle Your Personal Data as per this Policy and Applicable Laws.
However, the Platform and services are provided without any warranties.
No failure or delay by the Us in exercising any right, power, or remedy under this Policy shall operate
as a waiver thereof, nor shall any single or partial exercise of any such right preclude any further
exercise of that or any other right.
This Policy may be made available in multiple languages for User convenience. In the event of any
inconsistency or conflict between the English version and any translated version, the English version
shall prevail to the extent permitted under Applicable Laws.
UPDATES TO THE POLICY
Our Policy may contain relevant updates from time to time, including necessary version changes.
Users are advised to read the Policy periodically. By continuing to use Our services, You shall be
accepting changes to the Policy, if any.
If we make any material changes to this Policy, we will post the changes here and may notify You
whenever required, by law. Your continued use of the services following the posting of changes to this
Policy will constitute Your consent and acceptance of those changes.