Privacy Policy

Kailash Mansarovar Yatra Limited ("we", "us", "our", or "the Company") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are the Data Controller responsible for your personal data. By using our website or services, you agree to the collection and use of information in accordance with this policy.

We collect and process various types of personal data depending on your interaction with our services. The personal data we may collect includes:

2.1 Identity Information

• Full name (first name, middle name, surname)
• Date of birth
• Gender
• Nationality
• Passport number and expiry date
• Passport photographs and scanned documents
• National Insurance number (if applicable)

2.2 Contact Information

• Email address
• Telephone number(s) (mobile and landline)
• Home address (billing and correspondence address)
• Emergency contact details

2.3 Financial Information

• Payment card details (processed securely through our payment provider)
• Bank account details (for refunds)
• Billing address
• Transaction history

2.4 Health and Medical Information (Special Category Data)

• Medical conditions and health declarations
• Disability and mobility requirements
• Dietary requirements (which may reveal religious beliefs)
• Allergies and medications
• Fitness levels and ability to undertake high-altitude travel
• Emergency medical information
• Travel insurance medical cover details

2.5 Travel Information

• Travel preferences and requirements
• Previous travel history with us
• Booking details and itinerary
• Travel insurance information
• Visa application details
• Special requests (religious, dietary, accessibility)

2.6 Technical Information

• IP address
• Browser type and version
• Device information
• Operating system
• Time zone setting and location
• Cookie data (see our Cookie Policy)

2.7 Marketing and Communications

• Marketing preferences
• Your preferences in receiving marketing from us and third parties
• Communication history with us

We collect personal data through the following methods:

3.1 Direct Interactions

You provide data directly when you:

• Make a booking or enquiry
• Fill in forms on our website
• Contact us by phone, email, or post
• Subscribe to our newsletter or marketing communications
• Complete customer surveys or feedback forms
• Provide medical declarations and health information
• Submit visa application documents

3.2 Automated Technologies

We automatically collect technical data when you interact with our website using cookies and similar technologies. See our Cookie Policy for more details.

3.3 Third Parties

We may receive personal data from:

• Analytics providers (e.g., Google Analytics) based outside the UK
• Payment processors
• Travel insurance providers
• Airlines and accommodation providers
• Visa processing agencies
• Travel agents or group organizers acting on your behalf

Under UK GDPR, we must have a lawful basis for processing your personal data. We process your data on the following legal bases:

4.1 Contractual Necessity

Processing is necessary to perform our contract with you or to take steps at your request before entering into a contract. This includes:

• Processing your booking
• Arranging travel services
• Processing visa applications
• Providing customer support

4.2 Legal Obligation

Processing is necessary to comply with legal obligations, including:

• Financial record-keeping and tax obligations
• Compliance with Package Travel and Linked Travel Arrangements Regulations 2018
• Immigration and border control requirements
• Health and safety obligations

4.3 Legitimate Interests

Processing is necessary for our legitimate interests or those of a third party, provided your interests and rights do not override those interests:

• Improving our services and customer experience
• Marketing and business development
• Fraud prevention and security
• Website analytics and optimization
• Administrative purposes

4.4 Consent

For certain processing activities, we rely on your explicit consent:

• Processing special category data (health information, religious beliefs)
• Sending marketing communications
• Using cookies (see Cookie Policy)
• Using your photographs for marketing purposes

You have the right to withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.

4.5 Vital Interests

In emergency situations, we may process your data (including medical information) to protect your vital interests or those of another person.

We use your personal data for the following purposes:

5.1 Booking and Travel Services

• Process and confirm your booking
• Arrange flights, accommodation, and ground transportation
• Process visa applications
• Arrange travel insurance
• Provide pre-departure information and documentation
• Manage your travel arrangements and itinerary
• Assess medical fitness for high-altitude travel

5.2 Payment Processing

• Process payments and refunds
• Detect and prevent fraud
• Maintain financial records

5.3 Customer Service and Support

• Respond to enquiries and requests
• Handle complaints and dispute resolution
• Provide emergency assistance during your trip
• Gather feedback to improve our services

5.4 Marketing and Communications

• Send marketing communications (with your consent or where permitted by law)
• Personalize your experience on our website
• Conduct market research and customer surveys
• Send you information about similar products or services

5.5 Legal and Regulatory Compliance

• Comply with legal and regulatory requirements
• Enforce our terms and conditions
• Protect our legal rights and interests
• Cooperate with law enforcement and government authorities

5.6 Business Operations

• Analyze and improve our services
• Monitor website performance and usage
• Maintain security and prevent fraud
• Manage and improve business efficiency

We may share your personal data with the following categories of recipients:

6.1 Service Providers

• Airlines, hotels, and ground transportation providers
• Local tour operators and guides in Tibet, Nepal, and China
• Travel insurance companies
• Visa processing agencies
• Payment processors
• IT service providers (hosting, email, CRM systems)
• Website analytics providers

6.2 Government and Regulatory Bodies

• Chinese, Tibetan, and Nepalese immigration and border control authorities
• UK government agencies (when legally required)
• Law enforcement and regulatory authorities
• Tax authorities (HMRC)

6.3 Professional Advisers

• Legal advisers and solicitors
• Accountants and auditors
• Insurance brokers

6.4 Emergency Services

In emergency situations, we may share your information (including medical data) with:

• Medical professionals and hospitals
• Emergency services
• Your emergency contacts
• Consular services

6.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the new owner.

Due to the nature of our services, your personal data will be transferred to and processed in countries outside the United Kingdom and European Economic Area (EEA), including:

• China and Tibet: For visa applications, accommodation bookings, and ground arrangements
• Nepal: For border crossing arrangements and accommodation
• India: For connecting flights and transit arrangements

These countries may not have the same level of data protection as the UK. However, we ensure appropriate safeguards are in place:

7.1 Safeguards We Use

• Standard Contractual Clauses (SCCs) approved by the UK government
• Contractual obligations on data processors to protect your data
• Technical and organizational security measures
• Limiting data transfers to what is strictly necessary

In some cases, transfers may be necessary for:

• Performance of our contract with you (e.g., visa applications)
• Reasons of substantial public interest (e.g., legal requirements)
• Protection of vital interests (e.g., medical emergencies)

You can request further information about the safeguards we use for international transfers by contacting us at privacy@kailashmansarovar.co.uk.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

8.1 Retention Periods

8.2 Secure Deletion

When your data is no longer needed, we securely delete or anonymize it to prevent unauthorized access or use.

Under UK GDPR, you have the following rights regarding your personal data:

9.1 Right of Access

You have the right to request a copy of the personal data we hold about you (Subject Access Request). We will provide this free of charge within one month of your request.

9.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data in certain circumstances:

• The data is no longer necessary for the original purpose
• You withdraw consent (where consent was the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed

This right does not apply when we need to retain data for legal obligations or legitimate interests (e.g., financial records).

9.4 Right to Restrict Processing

You have the right to request that we limit how we use your data in certain circumstances:

• You contest the accuracy of the data
• Processing is unlawful but you don't want erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing pending verification

9.5 Right to Data Portability

Where processing is based on consent or contract and is carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format and to transfer it to another controller.

9.6 Right to Object

You have the right to object to:

• Processing based on legitimate interests (we must stop unless we demonstrate compelling legitimate grounds)
• Direct marketing (we will stop immediately upon request)
• Processing for research or statistical purposes

9.7 Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

9.8 Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

10.1 Security Measures

• Encryption: Data is encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict access controls and authentication procedures
• Payment Security: PCI DSS compliant payment processing
• Staff Training: Regular data protection training for all staff
• Physical Security: Secure storage of paper records
• Monitoring: Regular security assessments and audits
• Incident Response: Procedures for data breach notification

10.2 Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the Information Commissioner's Office (ICO) within 72 hours
• Notify affected individuals without undue delay if the breach poses a high risk
• Provide details of the breach and steps taken to mitigate it

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyze website traffic, and understand visitor behavior.

11.1 Types of Cookies We Use

• Strictly Necessary Cookies: Essential for website functionality (no consent required)
• Performance Cookies: Help us understand how visitors use our site (e.g., Google Analytics)
• Functionality Cookies: Remember your preferences and settings
• Marketing Cookies: Track your browsing to deliver relevant advertising (with consent)

11.2 Managing Cookies

You can control and delete cookies through your browser settings. Please note that disabling cookies may affect website functionality.

For detailed information about cookies we use, please see our Cookie Policy.

Our website may contain links to third-party websites (airlines, hotels, insurance providers, etc.). We are not responsible for the privacy practices of these websites. Please review their privacy policies before providing personal data.

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent.

If you are under 16, please ensure your parent or guardian has provided consent and makes the booking on your behalf. If we become aware that we have collected data from a child under 16 without proper consent, we will delete it promptly.

14.1 How We Use Your Data for Marketing

We may send you marketing communications about our travel packages, special offers, and services if:

• You have given explicit consent, or
• You are an existing customer and we are marketing similar products/services (soft opt-in)

14.2 Opting Out

You can opt out of marketing communications at any time by:

• Clicking the "unsubscribe" link in any marketing email
• Emailing info@kailashmansarovar.co.uk
• Calling us on +44 7545 066652
• Writing to our registered address

Please note that opting out of marketing does not affect service-related communications (booking confirmations, travel updates, etc.).

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Any changes will be posted on this page with an updated "Last Updated" date. For significant changes, we will provide prominent notice or seek your consent where required by law.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

If you have concerns about how we handle your personal data, please contact us first at privacy@kailashmansarovar.co.uk. We will investigate and respond to your complaint promptly.

You also have the right to lodge a complaint with the UK's supervisory authority: