This document is an electronic record in terms of (i) Information Technology Act, 2000; (ii) the rules framed there under as applicable; and (iii) the amended provisions pertaining to electronic records in various statutes as amended by the Information Technology Act, 2000. This electronic record is generated by a computer system and does not require any physical or digital signatures.
1. WHAT DATA FABHOTELS COLLECTS FROM YOU
FabHotels may collect two (2) types of data about you: Personal and Non-Personal.
1.1. Personal Data
Personal Data refers to data that lets FabHotels know the specifics of who you are and which may be used to identify, contact or locate you (e.g. name, age, gender, mailing address, telephone number and e-mail address). FabHotels may collect Personal Data when you use the FabHotels including, without limitation, setting up account data, making bookings of hotels, filling out surveys, corresponding with FabHotels, or otherwise volunteering data about yourself.
1.2. Non-personal Data
Non-Personal Data refers to data that, by itself, does not identify you as a specific individual (e.g. demographic data or website visitations). FabHotels may collect Non-Personal Data through any of the methods discussed above as well as automatically through use of industry standard technologies described further below.
2. HOW FABHOTELS COLLECTS YOUR DATA
Subject to clause 7, which provides additional rights to European Residents, The Personal Data practices set forth apply to all FabHotels’ customers worldwide.
Prior to using one or more of the FabHotels, FabHotels may require certain Personal Data and Non-Personal Data to create an individual account (“Account”) or to enable features or functionality of the FabHotels. Failure to provide all required data required by FabHotels may prevent access to any or all FabHotels, and failure to maintain accurate data may result in suspension or termination of access to any or all FabHotels services.
2.2 Data Collected Through Technology
While you are able to visit the FabHotels and remain anonymous, FabHotels or its third party service providers may still collect Non-Personal Data about your use of the FabHotels (e.g. your Internet browser, operating system, IP address, connection speed, and the domain name of your Internet service provider). Such data may be gathered by the following methods:
a) Cookies. Cookies, including local shared objects, are small pieces of data that are stored by your browser on your computer’s hard drive which work by assigning to your system a unique number that has no meaning outside of the FabHotels. Cookies do not generally contain any Personal Data. Most web browsers automatically accept cookies, but you can usually configure your browser to prevent this. Not accepting cookies may make certain features of the FabHotels unavailable to you.
b) IP Address. You may visit many areas of the FabHotels Site anonymously without the need to become a registered User. Even in such cases, FabHotels may collect IP addresses automatically. An IP address is a number that is automatically assigned to your computer whenever you begin Services with an Internet services provider. Each time you access the FabHotels Site and each time you request one of FabHotels’s pages, the server logs your IP address.
c) Web Beacons. Web beacons are small pieces of data that are embedded in web pages and e-mails. FabHotels may use these technical methods in HTML e-mails that FabHotels sends to Users to determine whether they have opened those e-mails and/or clicked on links in those e-mails. The data from use of these technical methods may be collected in a form that is Personal Data.
d) Tracking Content Usage. If you use the FabHotels Services and you post audio visual materials including, without limitation, text, logos, artwork, graphics, pictures, advertisements, sound and other related intellectual property contained in such materials (collectively, “Content”) to your website or to a third party website, FabHotels tracks and captures Non-Personal Data associated with User accounts and the use of Content.
3. HOW FABHOTELS USES YOUR INFORMATION
If you are an EU resident, we are required to disclose the legal basis for processing your data under the GDPR.
FabHotels uses the data that you provide or that we collect to operate, maintain, enhance, and provide all of the features and services found on FabHotels as well as to track user-generated content and Users to the extent necessary to comply as a service provider.
If you are an EU resident, you can object to profiling and opt-out of receiving any targeted marketing. For more information on this right, please refer the para with the heading “Objection” under Section 7 below.
3.1. System Administration
FabHotels may use Non-Personal Data for the purposes of system administration, assisting in diagnosing problems with FabHotels servers, monitoring FabHotels’s system performance and traffic on the FabHotels and to gather broad demographic data about FabHotels customers.
3.3 Notices to Registered Users
If you have registered for an Account, FabHotels may use your Personal Data to send e-mails regarding your registration, including confirmation to verify the accuracy of any data you have provided, and instructions on how to post Content. FabHotels may also send you e-mails to verify your identity or to notify you if FabHotels believes your use of FabHotels violates any applicable agreement for the use of the FabHotels.
3.4 Promotional E-mails
FabHotels may use your Personal Data to send you e-mails periodically listing promotions or events relating to the FabHotels or from FabHotels’ marketing partners or sponsors. You have the choice to opt-out of receiving such promotional e-mails by sending an e-mail to firstname.lastname@example.org and/or following the instructions in such correspondence. Once FabHotels’ has processed your opt-out request, FabHotels will not send you promotional e-mails unless you opt back in to receiving such communications.
3.5 Contact Data
If you contact FabHotels by telephone, e-mail or letter, FabHotels may keep a record of your contact data and correspondence. If you report a problem with FabHotels, FabHotels may collect this data in a file specific to you. You may contact FabHotels at email@example.com to request the removal of this data from FabHotels’ database.
4. HOW TO ACCESS AND CHANGE YOUR PERSONAL DATA
Upon request, FabHotels shall allow Users to update or correct Personal Data previously submitted, but only to the extent such activities will not compromise privacy or security interests. Additionally, upon request, FabHotels shall delete Personal Data from the database where such data is stored; however, it may be impossible to entirely delete a User’s entry without some residual data being retained due to the manner in which data backups are maintained. Requests to delete Personal Data shall be submitted to firstname.lastname@example.org.
To protect your privacy and security, we take reasonable steps to verify your identity before granting you account access or making corrections to your data. You are responsible for maintaining the secrecy of your unique password and account data at all times.
5. DISCLOSURE OF DATA TO THIRD PARTIES
FabHotels does not sell, trade or rent Personal Data collected through the FabHotels to any third party. Notwithstanding the foregoing, FabHotels shall: (1) fully cooperate with law enforcement agencies; and (2) may be required to disclose Personal Data upon receipt of a court order, subpoena, or to cooperate with a law enforcement investigation.
6. SAFEGUARDING YOUR PERSONAL DATA
6.1 Security Measures
FabHotels takes appropriate security measures to protect against unauthorized access, alteration, disclosure or destruction of Personal Data. These include, but are not limited to, internal reviews of: (a) FabHotels’s data collection & encryption; (b) storage and processing practices; (c) electronic security measures; and (d) physical security measures to guard against unauthorized access to systems where FabHotels stores Personal Data. All FabHotels employees, contractors and agents who access Personal Data are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution or unauthorized use or disclosure of Personal Data.
Our Corporate Office is based in Gurgaon, Haryana, India. FabHotels infrastructure is primarily based on Cloud and its Core Systems are Software as Service (SaaS) in nature where its Customer Data is stored and accessed. Your data will be accessible to our offices and appointed agents, including agents, sales agents and contact Centre agents, in India and around the world in connection with our performance of the contract with you.
This means that Customer Data will be transferred to, and stored at, a destination outside of your country and outside the European Economic Area ("EEA"). If you are an EU resident, where we transfer Customer Data outside the EEA, this is done on the basis that it is necessary for the performance of the contract between you and Fab Hotels.
6.2 Third Party Links
The FabHotels may contain links to third parties who may collect Personal Data and Non-Personal Data directly from you. Additionally, FabHotels may use third parties to provide components of the FabHotels. In either case, such third parties may have separate privacy policies and data collection practices, independent of FabHotels. FabHotels: (a) has no responsibility or liability for these independent policies or actions; (b) is not responsible for the privacy practices or the content of such websites; and (c) does not make any warranties or representations about the contents, products or services offered on such websites or the security of any data you provide to them.
7. EU DATA Subject Rights
If you are a resident in the EU, you may have certain rights in relation to the data we hold about you, which we detail below. Some of these only apply in certain circumstances where we are holding authority of the data and legally/contractually allowed as per the local laws as set out in more detail below. We also set out how to exercise those rights.
These rights include:
(a) The right of access.
(b) The right of data portability.
(c) The right of rectification.
(d) The right of erasure.
(e) The right to restrict processing.
(f) The right to object.
Please note that we will require you to provide us with proof of identity and address before responding to any requests to exercise your rights. We must respond to a request by you to exercise those rights without undue delay and at least within one month (although this may be extended by a further two months in certain circumstances). To exercise any of your rights, please contact us at email@example.com.
In the event that you wish to make a complaint about how we process your data, please contact us and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority.
You have the right to know whether we process data about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with.
If you require more than one copy of the data we hold about you, we may charge an administration fee.
We may not provide you with certain data if providing it would interfere with another’s rights (e.g. where providing the data we hold about you would reveal information about another person) or where another exemption applies.
You have the right to receive a subset of the data we collect from you in a structured, commonly used and machine-readable format and a right to request that we transfer such data to another party.
The relevant subset of data is data that you provide us with your consent or for the purposes of performing our contract with you.
If you wish for us to transfer the data to another party, please ensure you detail that party and note that we can only do so where it is legally, contractually and technically feasible. We are not responsible for the security of the data, its transmission or its processing once received by the third party. We also may not provide you with certain data if providing it would interfere with another’s rights (e.g. where providing the data we hold about you would reveal information about another person).
You have the right to correct any data held about you that is inaccurate. We reserve the right to charge a reasonable administrative fee for this service. Please note that whilst we assess whether the data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
To exercise any of your rights, please contact us at firstname.lastname@example.org.
You may request that we erase the data we hold about you in the following circumstances:
(a) you believe that it is no longer necessary for us to hold the data we hold about you;
(b) we are processing the data we hold about you on the basis of your consent and you wish to withdraw your consent and there is no other ground under which we can process the data;
(c) we are processing the data we hold about you on the basis of our legitimate interest and you object to such processing. Please provide us with detail as to your reasoning so that we can assess whether there is an overriding interest for us to retain such data;
(d) you no longer wish us to use the data we hold about you in order to send you promotions, special offers, marketing and lucky draws; or
(e) you believe the data we hold about you is being unlawfully processed by us.
Also note that you may exercise your right to restrict our processing of the data whilst we consider your request as described below.
Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. However, we may retain the data if there are valid grounds under law for us to do so (e.g., for the defense of legal claims or freedom of expression) but we will let you know if that is the case. Please note that after deleting the data, we may not be able to provide the same level of servicing to you as we will not be aware of your preferences.
Where you have requested that we erase data that we have made public and there are grounds for erasure, we will use reasonable steps try to tell others that are displaying the data or providing links to the data to erase the data too.
To exercise any of your rights, please contact us at email@example.com.
Restriction of Processing to Storage Only
You have a right to require us to stop processing the data we hold about you other than for storage purposes in certain circumstances. Please note, however, that if we stop processing the data, we may use it again if there are valid grounds under data protection law for us to do so (e.g. for the defence of legal claims or for another’s protection).
You may request we stop processing and just store the data we hold about you where:
(a) you believe the data is not accurate, for the period it takes for us to verify whether the data is accurate;
(b) we wish to erase the data as the processing we are doing is unlawful but you want us to just store it instead;
(c) we wish to erase the data as it is no longer necessary for our purposes but you require it to be stored for the establishment, exercise or defence of legal claims; or
(d) you have objected to us processing data we hold about you on the basis of our legitimate interest and you wish us to stop processing the data whilst we determine whether there is an overriding interest in us retaining such data.
At any time you have the right to object to our processing of data about you in order to send you promotions, special offers, marketing messages, including where we build profiles for such purposes and we will stop processing the data for that purpose.
You also have the right to object to our processing of data about you and we will consider your request in other circumstances as detailed below by contacting firstname.lastname@example.org referencing: Data Subject Rights.
You may object where we are processing the data we hold about you (including where the processing is profiling) on the basis of our legitimate interest and you object to such processing.
Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it in relation to legal claims. Also note that you may exercise your right to request that we stop processing the data whilst we make the assessment on an overriding interest.
9. SPECIAL NOTE REGARDING CHILDREN UNDER 12 YEARS OF AGE
Use of the FabHotels is not intended for minors under the age of 18 (“Minors”). Minors are not authorized to use the FabHotels, even if Minors set up an Account or accept the terms of any agreement for FabHotels. Parents or guardians may authorize Minors between the ages of 12 and 17 to use the FabHotels, provided they assume all responsibility and legal liability for the conduct of such Minor including, without limitation, monitoring the Minor’s access and use of the FabHotels. FabHotels does not intentionally collect nor maintain any personally identifiable data from Minors. If you discover your Minor child has submitted his/her data to FabHotels, you may request to have such data deleted from FabHotels’s database by sending an e-mail request to email@example.com together with the e-mail address that was submitted by the Minor. Upon receiving the request, FabHotels shall delete such information within 7 business days.