Effective date: 02 September 2025
This Privacy Policy explains how Kandhari Aviation Service SRL ("Kandhari Aviation", "we", "us", or "our") collects, uses, discloses and protects personal data when you visit our websites, contact us, or use our travel services, and describes your rights under applicable laws including the EU/EEA General Data Protection Regulation (GDPR) and the India Digital Personal Data Protection Act, 2023 (DPDP Act).
Kandhari Aviation Service SRL
Via Giacomo Matteotti, 28, 24058, Italy
Phone: +39 0363 912500
Email: info@kandharitravels.com
For the purposes of GDPR and, where applicable, the UK GDPR, Kandhari Aviation Service SRL is the data controller for personal data we process in connection with our services in the EU/EEA and UK. For customers in India, we are the data fiduciary under the DPDP Act.
Data Protection Lead / Grievance Officer
Email: info@kandharitravels.com
(If you appoint a specific person, add their name and postal contact here.)
This Policy applies when you:
browse our websites, social media pages, or landing pages;
request quotes, make enquiries or bookings for air tickets, hotels, transportation, tours or holiday packages;
subscribe to our marketing communications (email/SMS/WhatsApp) or participate in promotions;
interact with us via phone, email, messaging apps, or in person;
provide data as a traveler, passenger, guest, payer, guardian, emergency contact, or as a corporate travel contact.
This Policy does not cover processing by third parties acting as independent controllers (e.g., airlines, hotels, car rental companies, insurance providers, payment card issuers) who will have their own privacy notices.
We collect the following categories of personal data, depending on your interaction with us:
Identity & Contact
Name, title, date of birth, gender (optional), nationality, passport/ID details, visa data, frequent flyer numbers, postal address, email, phone, emergency contact.
Travel & Booking
Itineraries, PNRs, ticket numbers, seat/meal preferences, baggage, loyalty program details, special requests, companion names, booking history, travel insurance details, voucher usage.
Payment & Billing
Billing address, payment method, masked card details or tokenized payment references (we do not store full card numbers), transaction details, tax identifiers where required.
Communications & Support
Call recordings (where permitted and with notice), emails, chat transcripts, customer service notes, feedback and complaints.
Online & Device Data
Cookie identifiers, IP address, device and browser data, approximate location, pages viewed, referral sources, campaign identifiers (e.g., UTM), and interactions with our emails (opens/clicks) subject to your consent where required.
Marketing Preferences
Your consents and preferences for email/SMS/WhatsApp, advertising personalization, and cookie settings.
Special Category Data (processed only where necessary and lawful)
Information revealing health (e.g., mobility assistance needs, allergies, medical fitness to travel), and dietary requirements that may indicate religious beliefs. We process such data only with your explicit consent or where otherwise permitted (e.g., vital interests, substantial public interest) and on a strict need-to-know basis.
Children’s Data
We may process children’s data to arrange travel at the request of a parent/guardian or as required by carriers/hotels. We do not market directly to children.
Data from third parties
Your employer/travel arranger, other passengers in your booking, corporate partners, referral partners, airlines, GDS/CRS providers, fraud prevention services, public databases, and marketing platforms (subject to applicable consent).
Directly from you (online forms, phone/email/WhatsApp, in-person).
Automatically via cookies and similar technologies when you visit our sites.
From third parties (e.g., airlines/hotels, global distribution systems, payment providers, identity verification and fraud prevention services, marketing partners) where lawful.
We process personal data only where we have a lawful basis under Article 6 GDPR, and special category data under Article 9 where applicable.
| Purpose | Examples of processing | Legal basis |
|---|---|---|
| Bookings & travel fulfilment | Searching and reserving flights/hotels, issuing tickets/vouchers, managing changes/cancellations, handling check-in/ancillaries | Contract (Art. 6(1)(b)); Legal obligation for invoicing/records (Art. 6(1)(c)) |
| Customer service | Responding to enquiries, complaints, after-sales support | Contract; Legitimate interests (Art. 6(1)(f)) |
| Payments & fraud prevention | Processing payments, chargeback handling, fraud and risk checks | Contract; Legitimate interests; Legal obligation |
| Marketing & promotions | Newsletters, offers, referral programs, audience building | Consent (Art. 6(1)(a)) via ePrivacy rules; or Legitimate interests with opt-out (Art. 6(1)(f)) where allowed |
| Analytics & site improvement | Audience measurement, A/B testing, conversion tracking | Consent (cookies/trackers) except strictly necessary cookies |
| Business operations & compliance | Audits, reporting, mergers/acquisitions, legal claims | Legal obligation; Legitimate interests |
| Special assistance / visas / insurance | Health or dietary data for assistance; visa letters; claims | Explicit consent (Art. 9(2)(a)); Vital interests (Art. 9(2)(c)); Substantial public interest where applicable |
| Security & abuse prevention | Detecting misuse, securing systems | Legitimate interests |
India (DPDP Act) legal bases: We rely on your consent for processing where required by the DPDP Act and other lawful grounds recognized by the Act for purposes reasonably expected by you. You may withdraw consent at any time (Section 7 DPDP Act), without affecting prior lawful processing.
We use cookies, SDKs, pixels and similar technologies to operate our site, measure performance, and, with your permission, personalize content/ads. On first visit, you will see a consent banner allowing you to accept, reject or manage cookie categories.
Cookie categories
Strictly necessary (always active): site security, load balancing, consent storage.
Performance/analytics: aggregated statistics on usage.
Functionality: remembering preferences.
Advertising/marketing: ad delivery, frequency capping, conversion tracking, audience creation.
You can change or withdraw consent at any time via our Cookie Settings link (footer). Your choices will be honored on this device/browser. Email tracking pixels are only used with your consent where required.
Note: If we use third-party tools (e.g., tag managers, analytics, ad platforms), those providers may act as our processors or independent controllers. Please refer to their notices as applicable.
We share personal data on a need-to-know basis with:
Travel suppliers: airlines, rail operators, hotels/resorts, car rental, transfer and tour providers, destination management companies, cruise lines, and insurance/assistance providers.
Global distribution systems / reservation and ticketing platforms used to source and manage travel inventory.
Payment service providers and banks for transaction processing, refunds and fraud prevention.
IT, cloud hosting, CRM and customer support tools that process data on our behalf under data processing agreements.
Marketing and analytics service providers (subject to consents) for campaign management, audience insights and ad measurement.
Professional advisers (lawyers, auditors) and authorities/regulators where required by law or to protect rights.
Corporate transactions: in connection with a merger, acquisition or asset sale, subject to safeguards.
We do not sell your personal data. We do not permit our processors to use your data for their own unrelated purposes.
Because travel is global, we may need to transfer data to countries outside the EU/EEA/UK (e.g., to airlines, hotels or service providers in other jurisdictions). Where we do so, we implement appropriate safeguards, such as:
Adequacy decisions by the European Commission/UK authorities (where available);
Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms;
Derogations under GDPR Art. 49 where necessary for performance of a contract with you (e.g., booking a flight/hotel located outside the EEA) or with your explicit consent.
For transfers involving Indian residents’ data, we comply with the DPDP Act and any applicable cross-border rules.
We retain personal data only for as long as necessary to fulfil the purposes described, including to meet legal, accounting and reporting requirements. Typical retention periods:
Bookings & travel records: for the duration of the booking and thereafter in line with statutory limitation and tax/accounting obligations.
Customer service records: up to 3 years after resolution, unless needed longer for legal claims.
Marketing data: until you withdraw consent or object, plus a short period to implement your request.
Special category data: kept only as long as needed for the specific assistance requested, then minimized or deleted unless required by law.
Cookies: per cookie lifespan disclosed in our Cookie Settings.
Where exact retention periods are mandated by local law, we comply with those requirements.
You have the right to access, rectify, erase, restrict processing, object to processing (including direct marketing), and data portability. Where processing is based on consent, you may withdraw consent at any time.
Iscriviti alla nostra mailing list per ricevere gli ultimi aggiornamenti e offerte.
© 2026 Kandhari Travels. Tutti i diritti riservati.