BOOKOURBUS Privacy Policy
Effective Date: 03 December 2025
PREAMBLE
This Privacy Policy (“Policy”) constitutes a legally binding document outlining the data protection practices of BOOKOURBUS, a registered Partnership Firm under the laws of India, having its principal place of business at D-29, Vibhuti Khand, Gomti Nagar, Lucknow, Uttar Pradesh – 226010 (hereinafter referred to as “BOOKOURBUS”, “Company”, “we”, “our” or “us”). BOOKOURBUS values your trust and respects your right to privacy. This Policy describes how we collect, use, process, disclose, and protect personal information obtained from users (“User” or “you”) who access or use our website www.bookourbus.com, mobile applications, and other related services (collectively referred to as the “Platform”). By using or accessing the Platform, you expressly consent to the terms of this Policy. If you do not agree with any provision, please discontinue use of the Platform immediately.
1. PURPOSE AND APPLICABILITY
1.1 This Policy applies to all Users, including registered members, guests, and visitors of BOOKOURBUS. 1.2 The objective is to ensure that all personal data collected and processed by BOOKOURBUS is handled in accordance with applicable laws, specifically the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act). 1.3 This Policy applies to all data collected both online (via website, app, APIs) and offline (customer care, physical forms, etc.). 1.4 This Policy does not apply to information collected by third-party websites linked through the Platform.
2. LEGAL BASIS AND COMPLIANCE
2.1 BOOKOURBUS operates in compliance with Indian laws governing electronic data and digital records. 2.2 All data collection, processing, storage, and disclosure activities adhere to the principles of: (a) Lawfulness – Data shall be collected and processed only for lawful purposes. (b) Transparency – Users shall be informed of the nature and purpose of processing. (c) Data Minimization – Only necessary and relevant data shall be collected. (d) Purpose Limitation – Data shall be used solely for the stated purpose. (e) Retention Limitation – Data shall not be retained longer than necessary. 2.3 BOOKOURBUS is also committed to following globally recognized privacy principles such as fairness, accountability, and user control.
3. DEFINITIONS
Unless otherwise stated, the following terms shall have the meanings assigned below: (a) “Personal Data” means any information relating to an identified or identifiable natural person, including name, contact number, address, email ID, identification details, or any other similar information. (b) “Sensitive Personal Data” means such personal data that reveals financial information, passwords, biometric data, or government-issued identifiers. (c) “Processing” means any operation performed on personal data including collection, storage, use, dissemination, or deletion. (d) “Data Principal” refers to the individual to whom the personal data belongs. (e) “Data Fiduciary” refers to BOOKOURBUS, which determines the purpose and means of processing such data. (f) “Third Party” means any person or entity other than the Data Principal and BOOKOURBUS.
4. TYPES OF INFORMATION COLLECTED
BOOKOURBUS may collect the following categories of data from Users: 4.1 Personal Information: • Name, gender, date of birth, nationality; • Contact details such as address, email, and phone number; • Identity proofs such as Aadhaar, PAN, or Passport (where applicable); • Booking and travel information including boarding points, seat preference, and payment details. 4.2 Non-Personal Information: • IP address, device identifiers, browser details, operating system, language settings; • Platform usage data, clickstream patterns, and interaction logs. 4.3 Sensitive Personal Data: Financial data or any other legally defined sensitive category required for payment processing or regulatory compliance. 4.4 Automatic Data Collection: Information collected through cookies, tracking technologies, or analytics tools.
5. PURPOSE OF DATA COLLECTION
The data collected from Users is processed for lawful and legitimate purposes, which include but are not limited to: (a) Facilitating ticket and tour bookings; (b) Providing customer service, travel alerts, and updates; (c) Processing payments, refunds, and transactions; (d) Customizing user experience and recommendations; (e) Communicating offers, promotions, or surveys; (f) Detecting and preventing fraud, unauthorized access, or misuse; (g) Fulfilling statutory obligations under applicable law. BOOKOURBUS shall not collect or process personal information for any purpose inconsistent with the purposes listed above.
6. CONSENT AND USER AUTHORIZATION
6.1 By using the Platform, the User expressly provides consent for the collection, processing, storage, and sharing of personal data as described herein. 6.2 Consent may be withdrawn by contacting the Data Protection Officer (DPO) at support@bookourbus.com. 6.3 Withdrawal of consent shall not affect any prior lawful processing done before such withdrawal. 6.4 BOOKOURBUS may, at its discretion, require additional consent where sensitive personal data is processed.
7. METHOD OF DATA COLLECTION
BOOKOURBUS collects data through various lawful methods, including: (a) Direct submissions by Users during account registration, booking, or communication; (b) Automatic capture via cookies, log files, and analytics tools; (c) Third-party service integrations such as payment gateways or operator APIs; (d) Customer support interactions via phone or email. All data is collected with clear notice and for explicit purposes.
8. DATA RETENTION AND STORAGE
8.1 BOOKOURBUS retains personal data only for as long as necessary to achieve the purposes for which it was collected or as required by applicable law. 8.2 Data related to financial transactions, legal claims, or regulatory compliance may be retained for longer durations as mandated. 8.3 Upon completion of retention periods, BOOKOURBUS shall securely delete or anonymize personal data. 8.4 All data is stored on secure servers located within India, with encryption and restricted access protocols.
9. DATA SECURITY MEASURES
9.1 BOOKOURBUS implements a comprehensive framework of administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and availability of all collected data. 9.2 Security controls include but are not limited to: (a) SSL/TLS encryption for all data transmissions; (b) Multi-layer firewalls and intrusion-detection systems; (c) Role-based access control and employee confidentiality agreements; (d) Periodic security audits and vulnerability assessments; (e) Secure deletion and anonymization protocols for obsolete data. 9.3 BOOKOURBUS regularly reviews and updates its security practices in line with industry standards such as ISO/IEC 27001. 9.4 Users acknowledge that, despite all reasonable precautions, no electronic platform can guarantee absolute security and agree to use the Platform at their own risk.
10. DISCLOSURE AND THIRD-PARTY ACCESS
10.1 BOOKOURBUS may disclose personal data only under lawful circumstances and for legitimate purposes, including: (a) Service Fulfilment – sharing booking information with Bus or Tour Operators; (b) Payment Processing – providing transaction details to payment gateways; (c) Regulatory Compliance – furnishing data to statutory or law-enforcement authorities upon valid request; (d) Corporate Transactions – disclosure during mergers, acquisitions, or restructuring, subject to confidentiality safeguards. 10.2 Any third party receiving personal data shall be contractually obligated to maintain equivalent security and confidentiality standards. 10.3 BOOKOURBUS shall not sell, rent, or trade User data for commercial gain without explicit consent.
11. CROSS-BORDER TRANSFERS
11.1 Presently, BOOKOURBUS processes and stores data entirely within India. 11.2 If future business operations require cross-border data transfer, BOOKOURBUS shall: (a) Ensure the receiving entity upholds privacy protections equal to Indian standards; (b) Obtain prior consent from the concerned Data Principal; (c) Maintain a record of such transfer in compliance with the Digital Personal Data Protection Act, 2023.
12. USER RIGHTS AND CONTROL
Under the IT Rules 2011 and the DPDP Act 2023, Users are entitled to: (a) Right to Access: Request confirmation whether their personal data is being processed and obtain a copy thereof. (b) Right to Correction: Rectify inaccurate or incomplete data without undue delay. (c) Right to Erasure: Seek deletion of data when retention is no longer necessary or consent is withdrawn. (d) Right to Consent Withdrawal: Revoke consent for specific processing activities by writing to support@bookourbus.com. (e) Right to Data Portability: Receive personal data in a structured, commonly used format where technically feasible. (f) Right to Grievance Redressal: Lodge a complaint with the Company’s Grievance Officer if rights are infringed. BOOKOURBUS shall respond to all verified requests within fifteen (15) business days from receipt, subject to applicable law.
13. DATA BREACH RESPONSE PLAN
13.1 In the event of an actual or suspected personal-data breach, BOOKOURBUS shall: (a) Immediately assess the scope and severity; (b) Contain and remediate vulnerabilities; (c) Notify affected Users and competent authorities within a reasonable timeframe; (d) Maintain a breach log and cooperate fully with regulatory investigations. 13.2 Users are advised to promptly inform BOOKOURBUS of any unauthorized use of their accounts or credentials.
14. CHILDREN’S DATA PROTECTION
14.1 The Platform is intended only for individuals eighteen (18) years or older. 14.2 BOOKOURBUS does not knowingly collect or process data from minors. If such information is inadvertently obtained, it will be deleted immediately upon discovery or request from a parent or guardian.
15. UPDATES AND MODIFICATIONS
15.1 BOOKOURBUS reserves the right to amend this Policy to reflect changes in law, business practices, or technological advancements. 15.2 Any updated version will be posted on the Platform with a revised “Last Updated” date. 15.3 Continued use of the Platform after publication of amendments constitutes acceptance of the revised Policy.
16. GRIEVANCE OFFICER AND CONTACT DETAILS
In accordance with Rule 5(9) of the IT Rules 2011, BOOKOURBUS designates the following Data Protection & Grievance Officer: Name: Data Protection Officer (DPO) – BOOKOURBUS Address: D-29, Vibhuti Khand, Gomti Nagar, Lucknow, Uttar Pradesh – 226010 Email: support@bookourbus.com Phone: +91 9519829346 Website: www.bookourbus.com All complaints or requests concerning personal data shall be directed to the DPO, who will acknowledge receipt within seventy-two (72) hours and endeavour to resolve the issue within fifteen (15) business days.
17. GOVERNING LAW AND JURISDICTION
This Policy and any dispute arising therefrom shall be governed by and construed in accordance with the laws of India.
By using the Platform, you acknowledge and agree to this Privacy Policy.