Group Privacy Policy

Effective Date: 10 June 2025

Preface

This Privacy Policy outlines the practices followed by Le Travenues Technology Limited (hereinafter referred to as "ixigo" or the "Company") having three different LOBs namely "ixigo", "Confirmtkt", "Abhibus" ("we", "us", or "our") with respect to the collection, processing, storage, sharing, and protection of your personal data when you use the platform(s) through our website(s) (www.ixigo.com, www.confirmtkt.com, www.abhibus.com), mobile site, or mobile applications (iOS/Android).

This policy complies with applicable data protection laws, including the Information Technology Act, 2000, and more specifically reflects our commitment to the principles, obligations, and rights outlined in the Digital Personal Data Protection Act, 2023 ("DPDP Act").

By using our platform, you, as a user ("User", "you", or "your"), consent to the terms of this Privacy Policy and acknowledge that your personal data may be processed in accordance with applicable laws, including the DPDP Act. If you do not agree with any terms herein, we advise you not to use the platform.

Please note that third-party platforms, business partners, or external links accessed through Le Travenues may follow different data privacy practices. We encourage you to review their respective privacy policies independently.

Users outside the geographical limit of India

• Please note that the data shared with "Le Travenues Technology Limited" will be primarily processed in India and other jurisdictions where third parties may process data. It states that by agreeing to the policy, users provide explicit consent for processing their personal information, and notes that data protection regulations in India may differ from the user's country of residence.
• Provides three email addresses for users to contact if they have concerns about data processing or wish to withdraw consent: info@ixigo.com, support@confirmtkt.com, and support@abhibus.com.
• States that if data processing is essential for providing services, withdrawing consent may prevent the company from serving or confirming bookings. It gives an example: for flight or hotel bookings, personal information such as contact details, gender, dietary preferences, choice of room (e.g., smoking facility), and any medical conditions requiring specific attention may need to be shared with vendors for suitable arrangements.
• Details the consequences of withdrawing consent for processing information, presented as a numbered list:

1. It may "severely inhibit our ability to serve you properly and in such case, we may have to refuse the booking altogether."
2. It may "unreasonably restrict us to service your booking (if a booking is already made) which may further affect your trip or may compel us to cancel your booking."

Data Fiduciary under DPDP Act

Under the DPDP Act, Le Travenues Technology Limited acts as a "Data Fiduciary" with regard to the collection and processing of your personal data, and as such, is committed to fulfilling all obligations therein, including obtaining valid consent, processing data for legitimate purposes, and enabling users to exercise their rights effectively.

Information We Collect: Categories and Legal Basis

We collect and process your personal data solely for lawful purposes, with your consent where applicable, or in accordance with other valid grounds specified under the DPDP Act. These purposes include the provision of services, compliance with legal requirements, and business operations in line with our Terms of Use.

The information detailed below is collected by us to be able to provide the services chosen by you and also to fulfill our legal obligations as well as our obligations towards third parties as per our Terms of Use.

Personal Information of the User shall include the information shared by the User and collected by us for the following purposes:

• Registration on the Website: Information which you provide while subscribing to or registering on the Website, including but not limited to information about your personal identity such as name, gender, marital status, age, date of birth, passport details, profile picture, etc. and your contact details such as your email address, postal addresses, frequent flyer number, telephone (mobile or otherwise) and/or fax numbers. The information may also include information such as your banking details (including credit/debit card) and any other information relating to your income and/or lifestyle, billing information, payment history, tax information etc. (as shared by you).
• Other information: We may also collect some other information and documents, including but not limited to:

1. Transactional history (other than banking details) about your e-commerce activities and buying behaviour.
2. Your usernames, email addresses, and other security-related information used by you in relation to our Services.
3. Data either created by you or by a third party and which you wish to store on our servers such as image files, documents, etc.
4. Data available in the public domain or received from any third party including social media channels, including but not limited to personal or non-personal information from your linked social media channels (like name, email address, friend list, profile pictures, or any other information that is permitted to be received as per your account settings) as a part of your account information.
5. Information pertaining to any other traveler(s) for whom you make a booking through your registered account on ixigo, Confirmtkt, or AbhiBus. In such a case, you must confirm and represent that each of the other traveler(s) for whom a booking has been made, has agreed to have the information shared by you disclosed to us and further be shared by us with the concerned service provider(s).
6. If you request ixigo/ConfirmTkt/AbhiBus to provide visa-related services, then copies of your passport, bank statements, originals of the filled-in application forms, photographs, and any other information which may be required by the respective embassy to process your visa application.
7. For international bookings, Users, in compliance with the Liberalized Remittance Scheme (LRS) of RBI or any other law may be required to provide details such as their PAN information or passport details or any such information required by the Service Provider. Such information shall be strictly used as per the aforesaid requirements only. In case a User does not wish to provide this information, Le Travenues LOBs may not be able to process the booking. Le Travenues will never share User's PAN details without their prior consent unless otherwise such action is required for providing the services booked or by any law enforcement authority for investigation or by court order or in reference to any legal process.
8. In case you opt for contactless check-in at hotels, then copies of your government identification like Aadhaar, driving license, election card, etc., self-declaration, and any other information like date of birth, destination/ origin of travel and place of residence that may be required by the concerned hotel to honour your hotel booking.
9. We may also use your contact information to send you marketing emails, push notifications, SMS, or IVR calls. If you do not want to receive such communication, you may opt-out by following the instructions in the message or informing us over an email. If you correspond with us by email, we may retain the content of your email messages, your email address, and our responses.
10. If you use your Facebook, Google, or other social networking site ("SNS") account information to sign in to Le Travenues Technology Limited LOBs (ixigo, ConfirmTkt, or AbhiBus); we will collect and store your SNS user ID, and other information that you explicitly allow us to access when using an SNS login.
11. You also provide us with information in the User Content you post to the Service. Your questions, answers, and other contributions on the Service, and metadata about them (such as when you posted them), are publicly viewable on the Service, along with your name (unless the Service permits you to post anonymously). This information may be searched by search engines and be republished elsewhere on the Web in accordance with our Terms of Use.
12. When you use a debit or credit card or other payment method for your registered account, a third party that handles payments for us will receive your card information. To keep your financial data secure, we do not store card information on our servers.
13. If you choose to use our invitation service to invite a friend to the Service, we will ask you for that person's email address and automatically send an email invitation. You may also use our contact importer tool to help you upload your friends' email addresses so you can find friends who are already on ixigo/ConfirmTkt/AbhiBus or invite friends to the Service. ixigo/ConfirmTkt/AbhiBus store this information to send invitations, to register your friend if your invitation is accepted, to track the success of our invitation service, and to identify your friends on ixigo/ConfirmTkt/AbhiBus.

Such information shall be strictly used for the aforesaid specified and lawful purpose only. Users further understand that Le Travenues Technology Limited may share this information with the end service provider or any other third party for provision and facilitation of the desired booking. Le Travenues Technology Limited will never share any of the above information collected including PAN card details, Passport details, Aadhaar Card details without their prior consent unless otherwise such action is required by any law enforcement authority for investigation, by court order, or in reference to any legal process.

Additional information (Information collected automatically)

When you use the Service, we use persistent and session cookies and other tracking technologies to: (a) store your username and authentication tokens; (b) analyse the usage of the Service; (c) customize the Service to your preferences; and (d) control the advertising displayed by the Service. A persistent cookie remains on your computer after you close your browser so that it can be used by your browser on subsequent visits to the Service. Persistent cookies can be removed by following your web browser's directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly if the ability to accept cookies is disabled.

We collect the following categories of personal data, as per the definitions in the DPDP Act:

• Personal Data: Any data about an individual who is identifiable by or in relation to such data (e.g., name, email address, mobile number, identification documents).
• Sensitive Personal Data: Includes financial information, Aadhar/PAN, etc., which are collected and transmitted under explicit consent or as per lawful grounds as permitted by DPDP Act.

Detailed Data Collection Practices

Please refer to the list below of data collected, which includes:

• Registration and KYC data
• Payment and transactional data
• Usage behavior and metadata
• Social media integration-related data
• User-submitted content (posts, reviews, etc.)
• Location, device and other application permissions

In every case, the processing of the aforementioned data is based on your explicit consent, performance of contract, or compliance with legal requirements as per DPDP Act Sections 3, 4, and 5.

Legal Justifications for Processing under DPDP

We process your personal data under the following legal bases, permitted under the DPDP Act:

• Consent: For marketing communications, promotional services, or optional features, we will only process your data upon obtaining your clear and specific consent.
• Performance of Contract: For services booked/purchased on Le Travenues Technology Limited LOBs (ixigo, ConfirmTkt, and AbhiBus); processing your data (e.g., booking flights or hotels, trains, buses) is necessary to perform the contract with you.
• Legal Obligation: We process personal information to comply with regulatory obligations (e.g., as per RBI, SEBI, or immigration laws).
• Legitimate Use: For security, fraud prevention, and analytics, we may process data under "legitimate use" as provided under Section 7 of the DPDP Act.

User Rights under DPDP Act

As a Data Principal under the DPDP Act, you have the following rights regarding your personal data:

• Right to Access: Know what data we collect and how it's used.
• Right to Correction: Request correction of inaccurate or outdated information.
• Right to Erasure: Request deletion (subject to legal requirements).
• Right of Grievance Redressal: File complaints related to unlawful processing or violation of your privacy rights.
• Right to Nominate: Appoint a nominee in case of death or incapacitation (once rules are notified).

We provide mechanisms to exercise these rights through your account settings or by contacting our grievance officer at escalations@ixigo.com.

Consent Withdrawal

You may withdraw consent for optional processing activities at any time under Section 5(5) of the DPDP Act. Please note that some essential services (e.g., booking a flight, creating an account) may not be offered if the data required is no longer consented to. You can initiate withdrawal of consent by contacting us at:

• info@ixigo.com
• support@confirmtkt.com
• support@abhibus.com

Grievance Officer

In compliance with Section 13 of the DPDP Act, we have appointed a Grievance Officer to address queries, concerns, or complaints regarding your personal data:

Designation: Grievance Officer (as required under DPDP Act)

Email: escalations@ixigo.com

Address: Le Travenues Technology Limited
Second Floor, Veritas Building, Sector – 53, Golf Course Road,
Gurugram – 122002, Haryana, India

Data Retention

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, or as required under applicable laws, including rule-making powers under DPDP Act. Once data is no longer required, we ensure deletion or archiving in a manner prescribed by law.

Security and Safeguards

Le Travenues Technology Limited adopts reasonable technical and organizational security measures, including encryption and role-based access controls, in accordance with DPDP and other regulatory mandates to protect your personal information from unauthorized access, processing, loss, or destruction.

Data Breach Response

In the event of any personal data breach that negatively impacts your rights or raises significant risk, we will notify the Data Protection Board (once constituted under DPDP) and affected users, as required under the law.

Children's Data

Le Travenues Technology Limited does not knowingly collect personal information from children under the age of 18 without appropriate consent. In accordance with the DPDP Act, any processing of personal data of children or minors will follow the safeguards notified by the government, and we will obtain verifiable parental consent wherever necessary.

Updates to Policy

This Privacy Policy may be updated periodically to comply with new legal, business, or technological requirements. Upon such revision, we will update the "Last Updated" date and inform users via appropriate communication channels.

Your continued use of the ixigo platform after changes to this policy constitutes your acceptance of the revised policy.

Contact Us

If you have any concerns or queries regarding this privacy policy, you may contact us at:

Email: info@ixigo.com, support@confirmtkt.com, support@abhibus.com

Mailing Address:
Le Travenues Technology Limited
Second Floor, Veritas Building,
Sector – 53, Golf Course Road, Gurugram – 122 002, Haryana, India

By integrating principles of the Digital Personal Data Protection Act, 2023, into our privacy practices, we reaffirm our commitment to protecting your personal data and ensuring transparency, accountability, and user empowerment.