This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.

Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Zutrula, 64/2, Chenniyavalasu, Perundurai - 638052, Erode district, Tamilnadu, India.

Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.

Country refers to: Erode district, Tamil Nadu, India

Data Controller means the Travel Agent or Travel Agency who determines the purposes and means of processing personal data of their customers (travelers).

Data Processor means Zutrula, which processes personal data on behalf of and under the instructions of the Data Controller (Travel Agent/Agency).

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Personal Data is any information that relates to an identified or identifiable individual.

Service refers to the Zutrula travel agent CRM platform accessible through the Website and mobile applications.

Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.

Travel Agent means individuals or businesses who use our Service to manage their travel booking operations and customer relationships.

Traveler Data means personal information about customers of Travel Agents that is processed through our Service. Travel Agents are the data controllers and owners of this data.

Travel Agency means a business entity that employs or contracts with multiple Travel Agents.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself.

Website refers to Zutrula, accessible from https://www.zutrula.com

You means the individual accessing or using the Service, or the Travel Agency or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Data Controller-Processor Relationship

Zutrula as Data Processor

Zutrula acts solely as a data processor, providing technology services to help Travel Agents manage and organize their customer data. We process traveler data only:

• On behalf of and under the instructions of Travel Agents
• For the specific purposes directed by Travel Agents
• In accordance with our contractual obligations to Travel Agents

Travel Agent Responsibilities and Data Ownership

Travel Agents are fully responsible for:

• Legal Basis: Ensuring they have proper legal grounds to collect and process their customers' personal data
• Consent Management: Obtaining necessary consents from travelers for data collection and processing
• Data Accuracy: Ensuring the personal data they input is accurate and up-to-date
• Customer Rights: Handling traveler requests regarding their personal data (access, correction, deletion, etc.)
• Data Use: How they use, share, or disclose their customer data outside of our Service
• Compliance: Meeting all applicable privacy laws and regulations for their data processing activities

Traveler Data Requests

If travelers contact us directly regarding their personal data, we will:

• Redirect them to contact their Travel Agent (the data controller)
• Not respond to data subject requests without instruction from the relevant Travel Agent
• Assist Travel Agents in responding to legitimate requests as technically feasible

Collecting and Using Your Personal Data

Types of Data Collected

Personal Data of Travel Agents and Agency Users

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. This may include, but is not limited to:

• Email address
• First name and last name
• Phone number
• Business name and address
• Professional credentials and certifications

Traveler Data Managed Through Our Service

As a data processor, our Service enables Travel Agents (data controllers) to manage information about their customers (travelers). Travel Agents own and control this data, which may include:

• Traveler names and contact information
• Passport details and numbers
• Visa information and documentation
• National identification numbers
• PAN card details
• Booking vouchers and confirmations
• Travel invoices and receipts
• Flight, hotel, and transportation tickets
• Tour itineraries and travel plans
• Payment details and transaction records
• Travel preferences and special requirements (dietary, accessibility, accommodation preferences)
• Personal interests and travel history for personalized service delivery
• Emergency contact information
• Travel insurance documentation
• Other travel-supporting documents

Usage Data

Usage Data is collected automatically when using the Service and may include:

• Your Device's Internet Protocol address (IP address)
• Browser type and version
• Pages of our Service that You visit
• Time and date of Your visit
• Time spent on pages
• Unique device identifiers
• Mobile device information (when accessing via mobile)
• Diagnostic data and system logs

Data Access and Segregation

Agency-Level Access: Travel Agents within the same Travel Agency can access shared customer data and bookings as configured by the agency administrator.

Inter-Agency Privacy: Data between different Travel Agencies is completely segregated. Travel Agents from one agency cannot access data belonging to another agency.

Individual Agent Access: Individual Travel Agents can only access data for their own customers and any shared agency data they have been granted permission to access.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to enhance our Service. The technologies We use include:

• Essential Cookies: Required for basic Service functionality, user authentication, and security.
• Functionality Cookies: Remember your preferences and settings to provide a personalized experience.
• Analytics Cookies: Help us understand how the Service is used to improve functionality and user experience.

You can control cookie preferences through your browser settings, though disabling certain cookies may limit Service functionality.

Use of Your Personal Data

For Travel Agents and Agencies

The Company uses Personal Data for the following purposes:

• Service Provision: To provide and maintain our CRM Service, including user authentication and account management
• Customer Support: To respond to inquiries, provide technical support, and resolve service issues
• Service Improvement: To analyze usage patterns and improve Service functionality
• Communication: To send service updates, security alerts, and administrative communications
• Legal Compliance: To comply with applicable laws and regulations

For Traveler Data (Processed on Behalf of Travel Agents)

We process Traveler Data only for purposes directed by Travel Agents:

• Data Processing: To enable Travel Agents to manage customer relationships and travel arrangements
• Data Storage: To securely store and organize travel-related information
• Reporting: To generate reports and analytics for Travel Agents about their business operations
• Service Delivery: To facilitate Travel Agents' delivery of personalized travel experiences to their customers

Data Sharing and Disclosure

Current Data Sharing Practices

We currently do not share Personal Data with third parties except in the following limited circumstances:

Service Providers: We may engage trusted third-party service providers (such as AWS for hosting) who assist in operating our Service. These providers are bound by confidentiality agreements and data protection requirements.

Travel Agent Directed Sharing: Travel Agents may use our Service to share traveler data with third parties (such as hotels, airlines, or other travel service providers) to deliver personalized travel experiences and fulfill booking requirements. Such sharing is controlled entirely by the Travel Agent as the data controller.

Legal Requirements: We may disclose Personal Data when required by law, court order, or government request, or to protect our legal rights and safety.

Business Transfers: In the event of a merger, acquisition, or sale of assets, Personal Data may be transferred as part of the transaction, subject to the same privacy protections.

Future Data Sharing

As our Service evolves, we may introduce additional features that enable Travel Agents to share data with various travel service providers and integrated platforms to enhance service delivery.

Data Storage and Security

Data Location

Your data is primarily stored on Amazon Web Services (AWS) servers located in the Mumbai region, India. Backup copies may be stored in other AWS regions for disaster recovery purposes.

Security Measures

We implement industry-standard security measures including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security audits and monitoring
• Secure backup and disaster recovery procedures
• Employee training on data protection

However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

Your Data Rights

Access and Control

You have the right to:

• Access your Personal Data that we hold
• Correct inaccurate or incomplete information
• Request deletion of your Personal Data (subject to legal and contractual obligations)
• Export your data in a portable format
• Restrict processing of your Personal Data in certain circumstances

Exercising Your Rights

To exercise your data rights, please contact us using the information provided in the "Contact Us" section. We will respond to your request within a reasonable timeframe as required by applicable law.

Data Retention

Travel Agent Data: We retain your account information and business data for as long as your account remains active, plus a reasonable period afterwards for legal and business purposes.

Traveler Data: Traveler data is retained as determined by Travel Agents who control their customer information. Travel Agents can manage, update, or delete traveler data at any time through the Service interface according to their business needs and legal obligations.

Usage Data: Technical and usage data is typically retained for shorter periods unless required for security, legal compliance, or service improvement purposes.

Compliance with Indian Privacy Laws

We are committed to complying with applicable Indian privacy and data protection laws, including:

• The Information Technology Act, 2000
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Any future data protection legislation enacted in India

We regularly review our practices to ensure ongoing compliance with evolving legal requirements.

Children's Privacy

Direct Use of Service by Minors

Our Service is not intended for direct use by individuals under the age of 18. However, since Travel Agencies control user account creation, we cannot independently verify the age of all CRM users. Travel Agencies are responsible for ensuring compliance with age restrictions and applicable laws regarding minor employees or contractors.

Children's Travel Data Processed on Behalf of Parents/Guardians

We recognize that in the travel industry, parents and legal guardians frequently need to provide personal information about their minor children for travel bookings and arrangements. We may process children's personal data in the following circumstances:

Legitimate Travel Purposes: When parents or guardians provide their children's information through Travel Agents for:

• Flight, hotel, and transportation bookings
• Passport and visa processing
• Travel insurance arrangements
• Emergency contact information
• Medical information relevant to travel
• Age verification for pricing and services

Parental Responsibility: When processing children's data:

• We rely on parents/guardians to provide accurate information
• We require Travel Agents to ensure they have appropriate parental consent
• Parents/guardians retain the right to access, correct, or request deletion of their children's data
• We process children's data only for the specific travel purposes provided

Data Protection for Minors: We apply enhanced protection measures for children's data:

• Limited data sharing (only as necessary for travel services)
• Restricted access within our system
• Data retention as controlled by Travel Agents (we do not automatically delete data)
• No marketing or promotional communications directed at minors

Parental Rights: Parents and guardians can:

• Request access to their child's travel data
• Correct inaccurate information about their child
• Request deletion of their child's data (subject to legal retention requirements)
• Withdraw consent for processing (where consent is the legal basis)

If you are a parent or guardian and have concerns about your child's personal information processed through our Service, please contact us immediately using the information in the "Contact Us" section.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. When we make significant changes, we will:

• Post the updated Privacy Policy on our Website
• Update the "Last updated" date
• Notify users via email or through the Service interface
• For material changes, we may require renewed consent

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

International Data Transfers

While we primarily operate within India, some of our service providers (such as AWS) may involve international data transfers for backup and disaster recovery purposes. When such transfers occur, we ensure appropriate safeguards are in place to protect your data.

---

This Privacy Policy is effective as of the date last updated above and applies to all users of the Zutrula Service.