Privacy Policy

1. Introduction and Scope

1.1 About This Policy

This Privacy Policy explains how BlockTech Services LLP ("we," "our," or "us") collects, uses, discloses, and safeguards your personal information when you visit our website, use our services, or interact with us in any way.

1.2 Legal Framework

This policy is designed to comply with:

• Information Technology Act, 2000
• Reserve Bank of India (RBI) guidelines for digital payments
• IATA (International Air Transport Association) requirements
• Secure third-party payment gateway standards
• Applicable data protection and privacy laws

1.3 Digital-First Operations

Ryoko World operates as a fully digital travel concierge with:

• IATA Recognition: Official IATA-accredited travel agency with digital payment capabilities.
• Secure Payment Processing: All payments are processed through secure third-party payment gateways.
• Real-time Operations: 24/7 digital booking and payment processing capabilities.
• Compliance Focus: Adherence to RBI, IATA, and international digital payment standards.

1.4 Data Controller

2. Information We Collect

2.1 Personal Information (Direct Collection)

We collect the following personal information directly from you:

2.2 Automatically Collected Information

When you visit our website, we automatically collect:

• Technical Data: IP address, browser type, device information, operating system
• Usage Data: Pages visited, time spent, click patterns
• Location Data: General location (city/country level) for service optimization
• Cookies: Session cookies, analytics cookies, preference cookies

2.3 Information from Third Parties

We may receive information from:

• Airlines, hotels, and travel service providers
• Travel insurance providers
• Government authorities (visa/immigration)

2.4 Special Categories of Data

In certain circumstances, we may process special categories of personal data:

• Health Information: For travel insurance and medical assistance
• Biometric Data: Passport photos and visa documentation
• Religious Information: For dietary preferences and accommodation
• Special Assistance Requirements: For accessibility and support needs

Processing of special categories requires explicit consent or legal basis with enhanced security measures.

3. How We Use Your Information

3.1 Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To fulfill our travel service obligations
• Legitimate Interests: To improve services and prevent fraud
• Legal Obligations: To comply with regulatory requirements
• Consent: For marketing communications and optional services
• Vital Interests: In emergency situations for your safety

3.2 Primary Uses

• Service Provision: Process bookings, arrange travel, provide customer support
• Communication: Send confirmations, updates, travel information
• Payment Processing: Process digital payments, handle refunds, maintain financial records
• Legal Compliance: Meet regulatory requirements, maintain records

3.3 Data Minimization and Purpose Limitation

• We collect only the minimum data necessary for service provision
• Data is used only for the purposes for which it was collected
• Additional processing requires explicit consent or legal basis
• Regular review of data collection practices
• Data retention periods are clearly defined and enforced

3.4 Secondary Uses

• Service Improvement: Analyze usage patterns, enhance user experience
• Marketing: Send promotional offers (with consent)
• Security: Prevent fraud, ensure system security

4. Information Sharing and Disclosure

4.1 Service Providers

We share information with trusted service providers:

• Travel Partners: Airlines, hotels, tour operators, transportation providers
• Technology Providers: Cloud services, analytics tools, customer support platforms
• Insurance Providers: Travel insurance companies

4.2 Vendor Management and Due Diligence

• Comprehensive vendor assessment before data sharing
• Regular security and compliance reviews of vendors
• Contractual data protection obligations for all vendors
• Right to audit vendor data handling practices
• Immediate termination for non-compliance with data protection standards
• Vendor risk assessment and monitoring procedures

4.3 Legal and Regulatory Disclosure

We may disclose information when required by:

• Government authorities and regulatory bodies
• Law enforcement agencies
• Court orders and legal proceedings
• Immigration and customs authorities

4.4 Business Transfers

In case of merger, acquisition, or business transfer, your information may be transferred to the new entity under the same privacy protections.

5. Data Security and Protection

5.1 Security Measures

We implement appropriate security measures:

• Physical Security: Secure office premises, locked filing cabinets
• Digital Security: Password protection, limited access to systems
• Employee Training: Regular security awareness training
• Data Backup: Regular backup of important information

5.2 Payment Data Protection

• No Sensitive Data Storage: We do not store sensitive payment credentials such as card numbers, CVV, or UPI PINs.
• Secure Payment Processing: All payments are processed through secure third-party payment gateways.
• Transaction Logs Only: We retain transaction logs for accounting and compliance purposes, but never payment credentials.
• Encrypted Communication: All payment data is transmitted using industry-standard encryption protocols.
• Third-Party Compliance: Our payment partners maintain the highest security standards and certifications.

5.3 Digital Payment Security

• Payment Gateway Integration: All payments are processed through secure, third-party payment gateways.
• Secure Payment Methods: We accept UPI, credit/debit cards, net banking, and digital wallets.
• Real-time Processing: All payments are processed in real-time with immediate confirmation.
• Fraud Protection: Our payment partners provide advanced fraud detection and protection.
• Compliance Standards: We adhere to RBI guidelines and IATA requirements for digital payments.

5.4 Data Breach Notification

• Immediate notification to affected users within 72 hours
• Reporting to relevant authorities as required by law
• Implementation of immediate security measures
• Regular security audits and vulnerability assessments
• Employee background checks and security training
• Incident response plan with defined escalation procedures

5.5 Privacy Risk Assessment

• Regular review of data processing activities for privacy risks
• Implementation of appropriate security measures
• Documentation of privacy controls and measures
• Regular updates to maintain compliance with applicable laws

5.6 Data Processing Records

• Maintenance of records for all data processing activities
• Documentation of legal basis for processing
• Records of data sharing with third-party providers

6. Data Retention and Deletion

6.1 Retention Periods

6.2 Data Deletion

• Automatic deletion after retention period
• Right to erasure upon request (subject to legal requirements)
• Secure deletion methods for all data
• Confirmation of deletion provided to users

7. Your Rights and Choices

7.1 Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (subject to legal requirements)
• Withdrawal: Withdraw consent for processing
• Complaint: Lodge complaints with relevant authorities
• Portability: Request data in a structured, machine-readable format
• Restriction: Request restriction of processing under certain conditions
• Objection: Object to processing based on legitimate interests

7.2 Marketing Preferences

• Opt-out of marketing communications at any time
• Choose preferred communication channels
• Control frequency of marketing messages
• Unsubscribe links in all marketing emails

7.3 Cookie Preferences

• Control cookie settings through browser preferences
• Opt-out of analytics and tracking cookies
• Clear cookies and browsing data

7.4 Automated Decision-Making

• We do not use automated decision-making for travel bookings
• All booking decisions involve human review and approval
• No profiling or automated decision-making systems are used

7.5 Exercising Your Rights

• Submit requests via email to hq@blocktech.services
• Include your full name and contact information
• Specify the right you wish to exercise
• We will respond within 30 days of receipt
• No fees for reasonable requests (excessive requests may incur charges)
• Right to lodge complaints with supervisory authorities

8. International Data Transfers

8.1 Cross-Border Transfers

Your data may be transferred to and processed in other countries:

• Travel Arrangements: Airlines, hotels, tour operators worldwide
• Legal Requirements: Immigration authorities, government agencies

8.2 Safeguards for International Transfers

• Data is shared only with trusted travel partners
• Minimum necessary data is shared
• Confidentiality agreements with partners
• Data Processing Agreements (DPAs) with all third-party providers
• Regular compliance audits of third-party data handling
• Immediate termination of agreements for non-compliance

8.3 Third-Party Compliance

• Contractual obligations for data protection standards
• Immediate notification of any data security incidents
• Regular review of third-party compliance

8.4 Data Processing Agreements

• Data processing agreements with third-party providers
• Clear definition of data processing scope and limitations
• Security requirements and incident notification procedures
• Data return and deletion obligations upon contract termination

8.5 Digital Payment Compliance

• Third-Party Payment Security: All payment processing is handled by secure, certified payment gateways.
• RBI Guidelines: Compliance with Reserve Bank of India digital payment regulations.
• IATA Standards: Adherence to International Air Transport Association digital payment requirements.
• Encryption Standards: Industry-standard encryption for all payment data transmission.
• Transaction Logging: Proper logging of payment transactions for compliance and security.

9. Cookies and Tracking Technologies

9.1 Types of Cookies We Use

9.2 Third-Party Cookies

• Google Analytics for website analytics
• Social media cookies for sharing features

9.3 Cookie Management and Control

• Browser-based cookie control and management
• Granular control over different cookie categories
• Cookie consent management system
• Regular review and updates of cookie policies
• Transparency about all third-party cookie usage
• Easy opt-out mechanisms for all non-essential cookies

10. Children's Privacy

10.1 Age Restrictions

• Our services are not intended for children under 13 years
• We do not knowingly collect personal data from children under 13
• Parental consent required for users under 18
• Immediate deletion of data if underage users are identified

10.2 Family Travel

• Children's data collected only with parental consent
• Limited data collection for travel arrangements
• Special protection for children's personal information
• Parental rights to access and control children's data

10.3 Educational and Awareness Programs

• Privacy education for families traveling with children
• Clear guidelines on children's data protection
• Special procedures for handling minors' information
• Parental consent verification procedures
• Age verification mechanisms for online services

11. Changes to This Privacy Policy

11.1 Policy Updates

• Regular review and updates of this policy
• Notification of material changes via email and website
• Clear indication of changes and effective dates
• Continued use constitutes acceptance of updated policy

11.2 Version Control

• Version numbering for all policy updates
• Archive of previous policy versions
• Effective date clearly indicated

11.3 Notification of Changes

• Email notification for material policy changes
• Website banner notifications for significant updates
• Clear summary of changes in each version
• 30-day advance notice for major policy changes

12. Contact Information and Complaints

12.1 General Contact

12.2 Complaints and Grievances

• Internal complaint resolution process
• Escalation procedures available for unresolved issues
• Right to lodge complaints with relevant authorities
• Complaints can be submitted via email to hq@blocktech.services
• Response time: Within 24 hours for privacy-related complaints

13. Governing Law and Jurisdiction

13.1 Applicable Law

This Privacy Policy is governed by the laws of India, particularly:

• Information Technology Act, 2000
• Relevant rules and regulations

13.2 Jurisdiction

Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of courts in Pune, Maharashtra, India.

13.3 Cross-Border Compliance

• Compliance with applicable international data protection laws
• Recognition of data protection rights across jurisdictions
• Cross-border data transfer compliance procedures

13.4 Digital Travel Agency Compliance

• IATA Digital Standards: Compliance with IATA digital travel agency requirements.
• Digital Payment Security: Secure third-party payment gateway processing for all transactions.
• RBI Digital Guidelines: Adherence to RBI digital payment and travel agency regulations.
• International Standards: Compliance with global digital travel and payment standards.
• Real-time Processing: 24/7 digital operations with immediate payment confirmations.