Privacy policy


JTB India Private Limited. is strongly committed to protecting your privacy. Below is the company’s policy on personal information which may be provided by people using this website. It covers what kind of information we may gather about you, how we use that information, whether we disclose it to anyone, the choices you have regarding our use of it, and your ability to correct this information.

  1. We institute a compliance program on protection of personal information and all our directors and employees strictly observe it.
  2. We collect, use, provide, and handle personal information in accordance with the above compliance program. We will legally and fairly collect such information within the range necessary to conduct our business.
  3. We will take organizationally and technologically reasonable measures to prevent and correct loss, destruction, falsification, leakage, and other risks of all the personal information handled in our company, as well as illegal access to it.
  4. We will observe laws and ordinances on protection of personal information, guidelines, social norms, and public order and morals.
  5. We will constantly improve the compliance program and the personal information protection system through regular auditing and checking.


JTB India Private Limited. may set and access JTB India Private Limited. cookies on your computer. “Cookies” are small pieces of information that are stored by your browser on your computer’s hard drive. Cookies allow us to serve you better and more efficiently, and to personalize your experience at our site. No personal information about you is gathered through the use of these types of cookies. By changing the options on your web browser or using certain software programs, you can control how and whether cookies will be accepted by your browser.

Third party websites

Third party websites which are accessible via the JTB India Private Limited. website, and the data they collect through sales promotion activities have separate rules for privacy. JTB India Private Limited. does not accept any liability or responsibility for these independent third party rules or activities of their websites.

Checking information held

You have certain rights to access and request the correction of information (or to request that a statement requesting such correction be attached to any personal information that we hold about you). We are happy to advise you of the personal information we hold about you on request. If your request is particularly complex or requires detailed searching of our records, there may be a cost to you in order for us to provide this information. If you believe there are errors in our records about you, please let us know and we will be happy to investigate and correct any inaccuracies.

Further information

If you would like further information on this policy or have any concerns over the protection of the information you have provided to JTB Hawaii, Inc., please contact us (being the organization which collects and holds your personal information) at:

  • Privacy Officer
    JTB India Private Limited.
    107A, Unitech Business Park, South City 1, Sector – 41, Gurgaon – 122001
  • Administrator of this website

Exclusion of Warranties and Liability

Care has been taken by JTB India Private preparing and maintaining this website, the information contained in the site (the information) and the services offered or provided through the site (the services). However, to the extent permitted by law, JTB India Private Limited. gives no warranties and makes no representations whatsoever that the site, the information or the services:

  • will be operational or available for use at all times;
  • are accurate or free from error;
  • are fit for any particular purpose, or
  • will meet any requirements that you may have.

To the extent of the law, JTB India Private Limited. excluded all warranties, representations or conditions that may otherwise have applied to, or be implied in respect of the site, the information or the services and accepts no responsibilities or liability whatsoever for any damage, loss or expense resulting from your use of the site, or the services or from any reliance that you may place on the information (which reliance you place entirely at your own risk).

Intellectual Property

All rights attaching to all forms of intellectual property contained or represented on the site (including without limitation, copyrighted material, designs, layouts, information, graphics, illustrations, trademarks and other things to which intellectual property rights can attach) are, and shall at all times remain, the property of JTB India Private Limited.(unless they belong to a third party, in which case JTB India Private Limited. alone may administer these rights as authorized by the relevant third parties). No part of the Site may be reproduced, transmitted, sold or dealt with in any way whatsoever without the prior written consent of JTB India Private Limited.

Privacy Policy

Welcome to our website!

At JTB INDIA PRIVATE LIMITED, we are committed to protecting your privacy and ensuring the security of your personal data. This privacy policy outlines how we collect, use, and safeguard your information in accordance with the Digital Personal Data Protection DPDP Act, 2023 (“DPDP Act”).

Data Collection

We collect both personal data and non-personal data:

  1. Personal Data: This includes information that can identify you, such as your name, contact number, financial details, health data, and biometric information.
  2. Non-Personal Data: This type of data cannot be used to identify an individual and includes weather data, website analytics, and scientific research data.

Purpose of Data Processing

We process your data for the following purposes:

  1. Providing our services to you.
  2. Improving our website and user experience.
  3. Complying with legal obligations.
  4. Marketing and communication.


By using our website, you consent to the collection, processing, and storage of your personal data as described in this policy. You have the right to withdraw your consent at any time.

Consent and Notice

The DPDP Act requires Data Fiduciaries to provide notice and obtain consent from Data Principals on or before processing personal data. At the time of collecting the consent, a notice is required to be given to the Data Principal, conveying the following information:

  • the personal data intended for processing and the purpose for such processing;
  • the manner in which Data Principals can exercise their rights under the DPDP Act;
  • the manner for filing a complaint with the Board; and
  • the contact details of the Data Protection Officer or any other person responsible for responding to a Data Principal’s requests to exercise their rights under the DPDP Act.

Data Security

We take appropriate measures to protect your data from unauthorized access, alteration, or disclosure. Our security protocols comply with the DPDP Act requirements.

Data Retention

We retain your data only for as long as necessary to fulfill the purposes of processing, outlined in this policy or as required by law.

Your Rights

As an individual, you have the:

  1. Right to access your personal data
  2. Right to request erasure
  3. Right to correct information
  4. Right to receive notice before consent is sought
  5. Right of grievance redressal, which requires data fiduciaries to provide a tiered redressal process to establish relationships with aggrieved individuals.

Contact Us

If you have any questions or concerns regarding your privacy, please contact our Data Protection Officer at

Privacy Policy for EEA Residents



The protection of your personal data is of great importance to JTB India Private Limited (“Company”), and its affiliates & group companies (together, the “JTB Group”). This privacy policy (the “Privacy Policy”) therefore intends to inform you about how the Company, an Indian company active in the provision of travel services, acting as data fiduciary, and the JTB Group, collect and processes your personal data that you submit or disclose to us. We also act as data processor when we process your personal data received or obtained through third-parties. We process this personal data in accordance with DPDPA.

We encourage you to read this Privacy Policy carefully. If you do not wish your personal data to be used by us as set out in this Privacy Policy, please do not provide us with your personal data. Please note that in such a case, we may not be able to provide you with our services, you may not have access to and/or be able to use some features of the Website, and your customer experience may be impacted.

If you have any queries or comments relating to this Privacy Policy, please contact


We will always process your personal data based on one of the legal bases provided for in the DPDPA. In addition, we will always process your sensitive personal data, for example, concerning your trade union membership, religious views, or health condition, in accordance with the special rules provided.

We may collect and process your personal data for the purposes set out below and disclose your personal data to the JTB Group affiliates for business purposes and also to companies and our service providers who act as ‘data processor’ on our behalf. These purposes include:

Fulfilling the contract with you and legal obligations In order for you to travel abroad, it may be mandatory as required by government authorities at the point of departure and/or destination to disclose and process your personal data for immigration, border control and/or any other purposes. Also, we need to provide airlines/accommodation providers with your name, passport number, contact details, and other related information in accordance with their terms and conditions. If you do not provide us with this personal data, we might not be able to offer our services to you.

Fulfilling your and our legitimate interests Where it is in both your and our benefit that we further process your personal data as part of our business administration, maintaining service quality, customer care, business management, risk assessment/management, security, and operation purposes.

Consent: For marketing purposes and other similar data processes that may require your authorization for their processing We will usually inform you before collecting your data if we intend to use your data for such purposes or if we intend to disclose your personal data to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we used to collect your data.

This personal data might include information necessary to arrange bookings and travel plans, including your allergies, disabilities, and other relevant health information. We collect it to provide you with our services, cater to your needs or act in your interest, and we are only prepared to accept sensitive personal data on the condition that we have your positive consent.

We will process your data for these specified, explicit and legitimate purposes, and will not further process the data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this. We will keep your personal data for as long as it is necessary for us to comply with our legal obligations, to ensure that we provide an adequate service, and to support our business activities).


For the purposes specified under this Privacy Policy, we will process the personal data specified above and other personal data as specified to you in our specific information notices.

We can obtain such personal data either directly from you when you decide to communicate such data to us (i.e., when you fill in forms or provide it to us by e-mail) or indirectly (when you provide us the information via a third party, like a travel agent). We ensure that the personal data processed is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.


We may share your personal data with JTB Group entities and with third parties in accordance with the DPDPA section 8(2), where a data fiduciary may engage, appoint, use or otherwise involve a data processor to process personal data on its behalf for any activity related to the offering of gods or services to data principals only under a valid contract. Furthermore, where we share your data with any entity outside the EEA, we will put appropriate legal frameworks in place, notably controller-to-controller, controller-to-processor and processor-to-processor Standard Contract Clauses approved by the European Commission, in order to cover such transfers.

Strategic Partners

Your personal data may be transferred to, stored, and further processed by strategic partners that work with us to provide our products and services or help us market to customers. Your personal data will only be shared by us with these companies in order to provide or improve our products, services and advertising, as appropriate. If necessary, consent will be requested from you.

Service Providers

We share your personal data with companies which provide services on our behalf, such as hosting, maintenance, support services, email services, marketing, auditing, fulfilling your orders, processing payments, data analytics, providing customer service, and conducting customer research and satisfaction surveys.

Corporate Affiliates and Corporate Business Transactions

We may share your personal data with all Company’s affiliates. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.

Legal Compliance and Security

It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.

We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.

Data Transfers

Such disclosures may involve transferring your personal data out of the European Union, such as the United States, Japan, Singapore and India. Such transfer may take place for the purposes of providing you customer services, executing your reservation with suppliers (e.g., airlines, hotels), and providing you with services at your place of destination. For each of these transfers, we make sure that we provide an adequate level of protection to the data transferred, in particular by entering into standard contract clauses as defined by the DPDPA.

We will not use your personal data for online marketing purposes unless you are our customer, or you have expressly consented to such use of your personal data. You can change your marketing preferences at any time by contacting us as detailed below.


We handle records of all processing of personal data in accordance with the obligations established by the DPDPA, both where we might act as a fiduciary or as a processor. In these records, we reflect all the information necessary in order to comply with the DPDPA and cooperate with the supervisory authorities as required.


We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organisational measures to achieve this level of protection.

We will retain your personal data for as long as it is necessary to fulfil the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law.


In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. The DPDP Act prescribes certain obligations on Data Fiduciaries in collecting and processing personal data:

  • in the event of a personal data breach, notifying the Board and each affected Data Principal


We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedomsIf any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organisational safeguards are in place in order to proceed with it.

In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations.


You have the following rights regarding personal data collected and processed by us.

Information regarding your data processing: You have the right to obtain from us all the requisite information regarding our data processing activities that concern you.

・Right to access information about personal data:

A Data Principal has the right to request a Data Fiduciary for a summary of their personal data being processed and the processing activities being undertaken by the Data Fiduciary. A Data Principal also has the right to request the Data Fiduciary for the identities of other Data Fiduciaries and Data Processors with whom their personal data is being shared and a description of the personal data being shared. The Government of India may prescribe any other information which a Data Principal has the right to request from a Data Fiduciary in subsequent legislations.

・Right to correction of personal data:

A Data Principal has the right to request for correction of personal data that may be inaccurate or misleading, completion of personal data that is incomplete and updating of their personal data.

・Right to erasure:

A Data Principal has the right to request for erasure of their personal data, the processing of which was previously consented to, unless retention is necessary for compliance with any laws.

・Right of grievance redressal:

A Data Principal has the right to grievance redressal provided by a Data Fiduciary or a Consent Manager, which is exercisable in respect to a Data Fiduciary’s obligations and a Data Principal’s rights under the DPDP Act. The time period within which a Data Fiduciary or Consent Manager is required to respond to the grievances will be prescribed in subsequent legislations.

・Right to withdraw consent:

A Data Principal has the right to withdraw consent from processing of their personal data at any time after they have provided their consent to a Data Fiduciary. 

If you intend to exercise such rights, please refer to the contact section below.

If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with a Data Protection Supervisory Authority.


Our products and services are primarily directed at adult customers. However, we may knowingly collect and process personal data on children under sixteen (16). On these occasions, we will take account of this event when processing the personal data of children and implementing the legal basis for such processing. For example, where the processing of personal data of children is based on their consent, we will seek the consent of parents, tutors, or other adults holding parental responsibility over children.

The DPDP Act imposes additional obligations and responsibilities on Data Fiduciaries when they are processing the personal data of children and individuals with guardians. Data Fiduciaries, before processing the personal data of children or persons with disabilities, are required to obtain verifiable consent from a parent or legal guardian, as may be applicable. However, the procedure for obtaining such verifiable consent is yet to be prescribed.


We may propose hypertext links from the Website to third-party websites or Internet sources. We do not control and cannot be held liable for third parties’ privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.


We may revise or update this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective upon issuing of the revised Privacy Policy. If we make changes which we believe are significant, we will inform you through the Website to the extent possible and seek your consent where applicable.


For any questions or requests relating to this Privacy Policy, you can contact us by email

Scroll to Top