Privacy Policy

Effective from 01 March 2026

At The Surya Golden Palace, we cherish your trust and are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website (www.thesuryagoldenpalace.com), make bookings, or interact with our services. We adhere to the highest global standards, including India’s Digital Personal Data Protection Act, 2023 (DPDP Act), and the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) or those invoking GDPR rights.

Information We Collect

We collect minimal personal data necessary to provide exceptional hospitality experiences:

  • Contact Details: Name, email, phone number, and address provided during bookings or inquiries.
  • Booking Information: Stay dates, room preferences, special requests, and guest details.
  • Usage Data: IP address, browser type, pages visited, and timestamps (anonymized where possible).
  • Cookies: We use essential cookies for site functionality; optional analytics cookies require consent.

We do not collect sensitive data such as financial details beyond what’s needed for processing.

How We Use Your Information

Your data is used solely to:

  • Process and confirm bookings.
  • Communicate about your reservation, including confirmations and updates.
  • Enhance your stay through personalized services (e.g., dietary preferences).
  • Improve our website and services via aggregated, anonymized analytics.

We never use your data for marketing emails, spam, or unsolicited communications. Opt-in is required for any newsletters, and you can unsubscribe anytime.

Legal Basis and GDPR Compliance

  • Under the DPDP Act and GDPR, processing is based on contract necessity (bookings), legitimate interests (site security), or your explicit consent.
  • EEA users have full GDPR rights: access, rectification, erasure, restriction, portability, and objection. Contact us to exercise these.

Sharing with Third Parties

We do not sell or rent your data. Limited sharing occurs only as needed:

  • Booking Engine: Provided by a separate third-party provider (e.g., our integrated reservation system partner). Their privacy practices apply; review their policy during booking.
  • Payment Processors: We partner with secure third-party gateways (e.g., Razorpay or Stripe). We do not store payment instrument information—all payment data is handled exclusively by the provider under their terms.
  • Service Providers: Cloud hosts, analytics tools (e.g., Google Analytics with anonymization), and legal advisors, bound by strict data protection agreements.
  • Legal Requirements: Only if compelled by law or to protect rights.

All third parties must comply with GDPR and DPDP Act equivalents.

Data Security and Retention

We employ industry-leading security (encryption, firewalls, access controls) to protect your data. Retention is limited: booking data for 7 years (legal/tax needs), then securely deleted. Inquiries are retained for 1 year.

Your Rights and Choices

  • Access, correct, or delete your data.
  • Withdraw consent or object to processing.
  • Cookie preferences via browser settings or our consent banner.
  • No spam guarantee: Unsubscribe links in any permitted emails.

For EEA users, our Data Protection Officer oversees GDPR compliance.

Children’s Privacy

Our services are not for children under 18. We do not knowingly collect their data.

International Transfers

Data may transfer outside India (e.g., to EU servers). We ensure adequacy via Standard Contractual Clauses (SCCs) for GDPR compliance.

Changes to This Policy

We may update this policy; changes post on our site with notice. Continued use implies acceptance.

Contact Us

For privacy concerns, data requests, or issues, email our General Manager: gm@thesuryagoldenpalace.com. We respond within 30 days.

Thank you for choosing The Surya Golden Palace—your serenity is our privilege.

WhatsApp Chat