Your Privacy,
Our Commitment

This Privacy Policy ("Policy") is issued by Bhramanvisa (India) Private Limited ("Bhramanvisa", "FlairMyTrip", "FMT", "we", "us", or "our") and applies to the collection, processing, storage, sharing, and protection of personal data provided by or relating to any person ("Data Principal", "User", "you", "your") who has purchased, intends to purchase, or inquires about any product or service offered by FMT through any of its sales channels, including the website www.flairmytrip.com, mobile site, partner login portal, email communications, telephone, and physical office (collectively, "Sales Channels").

This Policy applies to both individual users and registered B2B Trade Partners. Where different obligations apply, this Policy specifies them separately.

This Policy does not apply to third-party websites, mobile applications, or services linked from our platform. FMT shall not be liable for the privacy practices of any third-party platform to which a hyperlink is provided. Users are strongly encouraged to review the privacy policies of such third parties independently.

This Policy is framed in compliance with the following Indian laws, rules, and regulations:

Where any provision of this Policy conflicts with applicable law, the law shall prevail and the Policy shall be deemed amended accordingly.

Under the Digital Personal Data Protection Act, 2023 ("DPDPA"), Bhramanvisa (India) Private Limited (CIN: U63090MH2022PTC378XXX), trading as FlairMyTrip, is the Data Fiduciary in respect of personal data collected through our Sales Channels. As a Data Fiduciary, we determine the purpose and means of processing your personal data and are responsible for ensuring its lawful, fair, and transparent processing.

Where FMT engages third-party service providers (airlines, hotels, visa authorities, courier companies, technology vendors) to process data on our behalf, such entities act as Data Processors and are contractually bound to process data only as directed by FMT and in compliance with applicable law.

FMT may also act as a Data Processor where we process personal data on behalf of B2B Trade Partners in connection with their clients' travel arrangements.

FMT does not intentionally collect the following categories of personal data through its Sales Channels:

• Racial or ethnic origin;
• Political opinions or party affiliations;
• Religious or philosophical beliefs;
• Trade union membership;
• Genetic or biometric data (other than passport photographs required for visa applications);
• Information about sexual orientation or sex life;
• Information about criminal convictions or offences (unless mandated by a government authority as part of a visa or immigration background check);
• Aadhaar number, unless provided voluntarily and required by a specific regulatory process.

If any such data is inadvertently received, it will be deleted promptly. FMT shall not be liable for data submitted that falls outside the scope of the service requested.

Under the IT (SPDI) Rules, 2011, the following categories of data collected by FMT qualify as Sensitive Personal Data or Information (SPDI) and are subject to enhanced protection:

• Passwords and security credentials;
• Financial information including bank account details, card details, and transaction records;
• Physical, physiological, and mental health conditions (as applicable to visa medical requirements);
• Biometric data (passport photographs for visa purposes);
• Any other information received in the performance of a lawful contract and considered sensitive in the context of that service.

FMT collects SPDI only with your prior, written, and explicit consent. Such consent may be given through your signed Service Agreement, electronic acceptance, or by voluntarily submitting documents through our platform. You may withdraw consent at any time; however, withdrawal may affect our ability to provide the requested services.

We collect personal data directly from you when you:

• Register or create an account on our platform or partner portal;
• Make an enquiry, request a quotation, or place a booking through our website, email, phone, WhatsApp, or physical office;
• Upload documents through the platform or send them via email;
• Subscribe to our newsletter, participate in surveys, promotions, or competitions;
• Contact our customer service team by any channel;
• Sign a Service Agreement or KYC documentation as a Trade Partner.

We automatically collect technical and usage data when you visit our website, including IP address, browser type, device information, pages visited, and referral sources. This is done through cookies and similar technologies — see § 10 for details.

We may receive data from: social media platforms (where you interact with our pages); our B2B Trade Partners (who share client data for booking and visa purposes); public records; and credit/identity verification services used for KYC compliance.

We will always tell you which legal basis applies when we collect your data. You can ask us to reconsider any processing you believe lacks a valid legal basis.

• Processing and confirming travel bookings, visa applications, and forex transactions;
• Sharing necessary data with airlines, hotels, embassies, consulates, immigration authorities, courier services, and other Suppliers required to fulfil your service;
• Sending booking confirmations, updates, and itinerary changes via email, SMS, WhatsApp, or platform notifications;
• Providing customer support and responding to your queries or complaints;
• Processing payments, issuing GST-compliant tax invoices, and managing credit facilities.

• Creating and managing your user account or partner portal access;
• Authenticating your identity and preventing unauthorised access;
• Maintaining your traveller profile for faster future bookings;
• Sending verification OTPs and security alerts.

• Fulfilling KYC and anti-money laundering (AML) obligations under PMLA 2002;
• Responding to requests from courts, government agencies, law enforcement, tax authorities, or regulatory bodies;
• Maintaining financial records as required under the Companies Act 2013 and GST Act 2017;
• Retaining records of Gulf country visa facilitation for overstay compliance under § 18 of our Terms and Conditions.

• Sending promotional offers, travel deals, and product announcements — only with your explicit consent;
• Conducting market research, surveys, and customer satisfaction studies;
• Personalising the content and offers displayed on our platform based on your usage history.

• Analysing website traffic and usage patterns to improve functionality and user experience;
• Monitoring and detecting fraudulent activity, suspicious behaviour, and security threats;
• Conducting internal audits and business analytics.

FMT uses the following categories of cookies and tracking technologies on its platform:

You may disable non-essential cookies through your browser settings or our cookie preference centre. Disabling certain cookies may affect the functionality of our platform. FMT shall not be liable for any degradation in service quality resulting from the disabling of cookies by the user.

Third-party analytics and advertising tools (such as Google Analytics) used on our platform are governed by their own privacy policies. FMT does not control and shall not be liable for data collected by such third-party tools.

Your data is shared with Suppliers (airlines, hotels, ground operators, embassies, consulates, immigration authorities, courier services, insurance providers, and other travel service providers) only to the extent necessary to fulfil your booking or visa application. By placing a booking with FMT, you explicitly consent to such sharing. FMT authorises Suppliers to use your data only for service fulfilment and not for any independent purpose. FMT shall not be liable for any misuse of data by Suppliers beyond FMT's instructions.

Where a booking is placed by a Trade Partner on behalf of a client, FMT may share booking status, visa progress, and document details with that Trade Partner. FMT shall not be liable for any further sharing of such information by the Trade Partner with their own clients or third parties.

FMT engages trusted third-party technology providers for functions including cloud hosting, payment processing, SMS/email communications, CRM systems, and data analytics. Such providers act as Data Processors under contractual data processing agreements and are prohibited from using your data for any purpose beyond the specified function.

We may disclose personal data to courts, law enforcement agencies, government bodies, taxation authorities, or regulators where required by law, court order, or legal process. FMT shall cooperate with all lawful government requests and shall not be liable for any disclosure made in good faith compliance with such requirements.

Lawyers, auditors, accountants, bankers, and insurers engaged by FMT may receive access to personal data to the extent necessary for the provision of their professional services and are bound by professional confidentiality obligations.

In the event of a merger, acquisition, sale of assets, or business restructuring, customer personal data may be transferred to the acquiring or successor entity. Notice will be provided to users prior to any such transfer where practicable.

The international nature of travel and visa services requires FMT to transfer personal data to countries outside India, including but not limited to the UAE, Bahrain, Oman, UK, Schengen countries, Canada, Australia, and other visa destination countries. Such transfers occur to:

• Submit visa applications to the relevant embassy, consulate, high commission, or immigration authority;
• Confirm hotel, airline, or ground transport bookings with international Suppliers;
• Process insurance claims or travel assistance services;
• Comply with foreign immigration or law enforcement requirements.

All such cross-border transfers are made in compliance with applicable Central Government notifications under the DPDPA 2023 and subject to the receiving country providing an adequate level of data protection equivalent to Indian standards. Where adequate protection cannot be assured, FMT will implement appropriate contractual safeguards.

After the applicable retention period, personal data will be securely deleted or anonymised so that it can no longer be associated with any identifiable individual. We may retain anonymised, aggregated data indefinitely for statistical and research purposes.

Retention periods may be extended where a legal dispute is pending, an investigation is ongoing, or we are required to retain data by a court order or regulatory authority.

FMT's platform and services are not directed at individuals under the age of 18 ("Children"). In accordance with the Digital Personal Data Protection Act, 2023, FMT shall not process personal data of Children without the verifiable consent of a parent or legal guardian.

B2B Trade Partners warrant that they will not submit personal data of any minor without first obtaining verifiable parental consent. FMT shall not be liable for the submission of children's data without proper parental consent by the Trade Partner or user.

Where a booking involves minor travellers (e.g., visa applications for children), the parent or guardian placing the booking is deemed to have provided consent on behalf of the child. All data relating to minor travellers is handled with enhanced security measures and will not be used for any purpose other than service fulfilment.

In accordance with Rule 8 of the IT (Reasonable Security Practices and Procedures and SPDI) Rules, 2011, FMT implements the following security measures:

• SSL/TLS encryption for all data transmitted through our website and platform;
• Encryption at rest for sensitive personal data stored on our servers;
• Role-based access controls — limiting data access to authorised personnel who require it for their specific function;
• Regular security audits, vulnerability assessments, and penetration testing;
• Multi-factor authentication for privileged system access;
• Data breach detection and incident response procedures;
• Regular training for employees and contractors on data protection obligations;
• Contractual data processing agreements with all third-party service providers.

To exercise any of these rights, please contact our Grievance Officer (§ 18) or email privacy@bhramanvisa.com with the subject line "Data Rights Request". We will acknowledge your request within 72 hours and resolve it within 30 days. We may need to verify your identity before processing the request. FMT shall not be liable for consequences arising from requests to delete data that is still subject to a legal retention obligation.

FMT obtains consent for processing your personal data in the following ways:

• Express consent: By checking an opt-in box, signing an agreement, or submitting a form that clearly states the purpose of data collection;
• Electronic acceptance: By clicking "I Agree" or similar affirmation on our platform;
• Conduct-based consent: By using our platform after viewing and acknowledging this Privacy Policy.

You may withdraw your consent for marketing communications at any time by:

• Clicking "Unsubscribe" in any marketing email we send;
• Contacting us at privacy@bhramanvisa.com with the subject "Withdraw Marketing Consent";
• Calling or WhatsApp-ing our support team at +91 99302 09399.

You may lodge a grievance regarding: any violation of your data rights; any inaccuracy in how your data is being processed; unauthorised access or sharing of your data; failure to respond to your data access or deletion request; or any other privacy concern.

The Data Protection Board of India ("Board") is the statutory body established under the Digital Personal Data Protection Act, 2023, with the authority to adjudicate complaints relating to violations of the DPDPA by Data Fiduciaries.

If you have raised a grievance with FMT's Grievance Officer and are not satisfied with the response within 30 days, you have the right to file a complaint with the Board. The Board has the authority to investigate complaints, impose penalties on Data Fiduciaries, and award compensation to affected Data Principals.

Information on how to file a complaint with the Data Protection Board will be available on the Ministry of Electronics and Information Technology (MeitY) website once the Board is fully constituted and operational. FMT will cooperate with any investigation conducted by the Board.

FMT may use your contact information to send you the following types of communications, subject to your consent:

• Travel offers, promotional rates, and limited-time deals;
• Newsletter updates on visa rule changes, travel advisories, and destination guides;
• Birthday and anniversary special offers (where you have shared such information);
• Invitations to participate in surveys, referral programmes, or loyalty schemes;
• Information about new products or services offered by FMT or its authorised partners.

You may opt out of marketing communications at any time without affecting your account or the services you receive. Transactional communications (booking confirmations, payment receipts, status updates) are not subject to marketing opt-out.

FMT may share filtered contact information with carefully selected business partners for co-branded offers. Any such sharing will be subject to an opt-in by you, and the partner's own privacy policy will apply to their handling of your data. FMT shall not be liable for the marketing practices of third-party partners once you have engaged with their service.

FMT's platform may contain hyperlinks to third-party websites, social media platforms, airline booking portals, hotel websites, government visa portals, and insurance provider platforms. The inclusion of any such link does not constitute an endorsement, sponsorship, or recommendation of the linked website or its content by FMT.

FMT collects, uses, and may share non-personal and aggregated data — data which cannot be used to identify any individual — for the following purposes:

• Business analytics and performance monitoring;
• Market research and travel industry trend analysis;
• Improving our platform, user interface, and service quality;
• Sharing statistical insights with business partners or for publication (in aggregate, non-identifiable form only).

If FMT combines or connects aggregated data with any personal data in a way that would make the combined data capable of identifying an individual, the combined data will be treated as personal data and processed in accordance with this Policy.

You agree to defend, indemnify, and hold harmless Bhramanvisa (India) Private Limited, its directors, officers, employees, agents, and affiliates from and against any claims, losses, liabilities, damages, penalties, costs, and expenses (including reasonable legal fees) arising out of or in connection with:

• Your provision of false, inaccurate, forged, or misleading personal data to FMT;
• Your failure to disclose material information affecting any visa or immigration application;
• Your sharing of another person's personal data with FMT without that person's valid, explicit consent;
• Your failure, as a B2B Trade Partner, to obtain proper consent from your clients before sharing their data with FMT;
• Any breach by you of this Privacy Policy or any applicable data protection law;
• Any claim by a third party arising from your misuse of our platform or services in connection with personal data;
• Any regulatory fine or penalty imposed on FMT due to your non-compliance with data protection requirements that you were responsible for;
• Any Chargeback, dispute, or legal action initiated by a third party in connection with data shared by you for a transaction placed through your account.

This indemnification obligation survives the termination of your account, the cancellation of any booking, and the expiry of this Privacy Policy.

FMT reserves the right to update, modify, or replace this Privacy Policy at any time to reflect changes in: applicable laws and regulations (including any amendments to or notifications under the DPDPA 2023); our data processing practices; new services or products we offer; or business restructuring events.

When we make material changes to this Policy, we will:

• Update the "Effective Date" at the top of this Policy;
• Post a prominent notice on our website and partner portal;
• Send an email notification to registered users (for significant changes);
• Where required by law, obtain fresh consent before continuing to process your data under the new terms.

Your continued use of FMT's services after any update to this Policy constitutes your acceptance of the revised Policy. If you do not agree with any updated version, you must discontinue use of our services and may contact our Grievance Officer to exercise your data rights.