Privacy Policy
1. Introduction
Traveltime Mobility India Private Limited (“Traveltime”, “Company”, “we”, “us”, or “our”) operates the website currently accessible at https://www.traveltime.co.in/ (the “Website”).
We are responsible for deciding how and why personal data collected through the Website is processed. In this Privacy Policy, “personal data” means any data about an individual who is identifiable by or in relation to that data, and “processing” means any operation performed on such data, such as collection, storage, use, sharing, or erasure.
This Privacy Policy explains what personal data we collect through the Website, the purposes for which we process it, the basis on which we do so, how long we keep it, with whom we share it, and the rights you may exercise.
This Privacy Policy should be read together with the Terms of Service, the Disclaimer, and the Grievance Redressal Framework published on the Website, of which it forms an integral part. By accessing or using the Website, you confirm that you have read and understood this Privacy Policy. Where we need your consent for any specific processing activity, we will ask for that consent separately, through a clear notice given at the relevant time.
2. Scope and Applicability
This Privacy Policy applies to all personal data that we collect through the Website, whether you provide it directly (for example, when you submit an enquiry form) or it is collected automatically (for example, through server logs and website analytics).
This Privacy Policy does not apply to:
- personal data that we collect offline or through channels other than the Website;
- personal data processed by third-party websites or platforms that the Website links to, even where we have placed those links; and
- personal data of employees, contractors, or job applicants, which we process under separate internal policies.
3. Personal Data We Collect
3.1 Personal data you provide directly
We collect the following personal data when you submit the Contact Us / Enquiry form on the Website:
- first name;
- last name;
- email address;
- phone number;
- subject of the enquiry; and
- message content and any information you choose to include in the message.
The fields marked mandatory in the form are name, email, phone, and message. The remaining fields are optional. Please do not include sensitive personal information (for example, financial account details, government identification numbers, health information, or passwords) in the message field.
3.2 Personal data we collect automatically
We do not deliberately deploy any tool that captures your IP address, device fingerprint, or precise location. However, the hosting infrastructure that supports the Website generates standard server logs in the ordinary course of operation. These server logs may record:
- the IP address of the device that accesses the Website;
- the date and time of access;
- the pages requested and the response status; and
- the browser type, operating system, and referring URL.
We use these logs only to monitor Website performance, detect and investigate unauthorised access, and ensure the security and continuity of the Website.
3.3 Cookies and analytics
Google Analytics is the only cookie and analytics tool deployed on the Website. We use it to understand how visitors interact with the Website. Google Analytics sets cookies on your browser and processes information such as pages viewed, session duration, approximate geographic location derived from the IP address, and device and browser type. The Website does not deploy any other cookies.
A cookie notice will be displayed when you first visit the Website. You may accept or decline non-essential cookies through that notice, and you may change your preferences at any time through the cookie settings link on the Website. Strictly necessary cookies that the Website requires to function will operate by default. You may also disable cookies through your browser settings, although doing so may affect the functionality of certain parts of the Website.
3.4 Personal data of third parties
The Website displays the names, logos, or images of clients, partners, government authorities, employees, and individuals who participate in CSR activities or appear in the gallery. We publish such information only after we obtain the necessary consent or licence from the relevant person or institution, or where the publication is otherwise permitted by law. We maintain an internal record of the consents and licences obtained for such material.
3.5 Children’s data
The Website is not directed at children. We do not knowingly collect personal data from any individual under the age of eighteen years. If you are under eighteen, please do not submit any personal data through the Website. If we become aware that we have collected personal data of a child without verifiable parental consent, we will delete that data without undue delay.
4. Purposes of Processing
We process your personal data only for the following purposes:
- to respond to enquiries that you submit through the Website, including by contacting you by email, phone, or post;
- to provide information about our services, business verticals (STU, ETS, and EVBM), expertise, CSR activities, and career opportunities, where you request such information;
- to operate, maintain, secure, and improve the Website, including through analytics and server-log review;
- to detect, prevent, and investigate fraud, security incidents, and other unlawful activity;
- to comply with applicable law, regulatory requirements, and lawful requests from courts, government authorities, and law-enforcement agencies; and
- to establish, exercise, or defend legal claims.
We will not process your personal data for any purpose that is incompatible with the purposes listed above without first giving you a fresh notice and, where consent is the basis for the processing, obtaining your fresh consent.
5. Basis on Which We Process Personal Data
(a) Consent. We process your personal data on the basis of your free, specific, informed, unconditional, and unambiguous consent, given by a clear affirmative action. You give such consent when you tick the consent box at the foot of the enquiry form and submit it. You may withdraw your consent at any time, with the same ease with which you gave it (see Section 8 below).
(b) Other grounds permitted by law. In limited situations, the law permits us to process personal data without consent, for example, to comply with a judgment, decree, or order of a court or authority in India, or to respond to a medical emergency involving a threat to life or health. We rely on such grounds only to the extent the law expressly permits.
6. Sharing and Disclosure of Personal Data
We do not sell your personal data. We share personal data only in the limited circumstances set out below.
6.1 Service providers
We engage external vendors to host and maintain the Website and to provide analytics services. As on the date of this Privacy Policy, these include:
- Dvio Digital Private Limited, which designs, develops, and manages the content of the Website; and
- Tecnovibes Digital Services Private Limited, which hosts the Website.
We enter into a written contract with each service provider that processes personal data on our behalf, requiring it to process that data only on our documented instructions, implement reasonable security safeguards, and assist us in meeting our legal obligations.
6.2 Internal teams
We may share enquiry data internally with our HR department and other relevant business teams for the purpose of responding to the enquiry. Internal access is restricted on a need-to-know basis.
6.3 Legal and regulatory disclosure
We may disclose personal data to a court, regulator, government authority, or law-enforcement agency where the disclosure is required by law, court order, or other valid legal process, or where we in good faith believe that the disclosure is necessary to protect the rights, property, or safety of the Company, its users, or others.
6.4 Business transfers
If we undergo a corporate transaction such as a merger, acquisition, restructuring, or sale of all or a substantial portion of our assets, personal data may form part of the assets transferred. We will notify affected users where the law requires such notification.
6.5 Cross-border transfer
We store enquiry data on a local server within India. Google Analytics, however, may transfer aggregated and pseudonymised analytics data to servers located outside India that Google operates. We will not transfer personal data to any country or territory to which the transfer of personal data from India is restricted by the Central Government. We review this position at least annually.
7. Retention of Personal Data
We retain your personal data only for as long as is necessary to fulfil the purpose for which it was collected, unless a longer retention period is required or permitted by law. We apply the following retention periods:
| Category of personal data | Retention period | Basis |
|---|---|---|
| Enquiry form submissions (name, email, phone, subject, message) | Twelve months from the date of your last interaction with us, after which we will erase the data unless retention is required by law. | Purpose of the processing has been fulfilled. |
| Server logs | Minimum of one year. | Detection, investigation, and remediation of unauthorised access. |
| Cookie and analytics data | As per the retention period configured in Google Analytics, which will be published in the cookie notice. | Website performance and improvement. |
| Personal data required to be retained under any other law (for example, tax or company-law records) | The period prescribed under that law. | Compliance with applicable law. |
Where the law requires it, we will give you at least forty-eight hours’ notice before we erase personal data that you have provided.
8. Your Rights
You have the rights set out below. We will respond to a valid rights request within the timelines prescribed by law and, in any case, within ninety days of receipt of the request.
(a) Right to access. You have the right to obtain a summary of the personal data that we process about you, the processing activities undertaken on that data, and the identities of all other entities with whom we have shared that data.
(b) Right to correction, completion, updating, and erasure. You have the right to ask us to correct inaccurate or misleading personal data, complete incomplete personal data, update outdated personal data, and erase personal data that is no longer necessary for the purpose for which it was collected, unless we are required to retain it under any law.
(c) Right to grievance redressal. You have the right to submit a grievance to the Grievance Officer named below, and to receive a response within the timelines set out in the Grievance Redressal Framework published on the Website.
(d) Right to nominate. You have the right to nominate another individual to exercise your rights in relation to your personal data in the event of your death or incapacity. You may exercise this right by writing to the Grievance Officer.
(e) Right to withdraw consent. You have the right to withdraw your consent at any time. The withdrawal will not affect the lawfulness of processing carried out on the basis of your consent before the withdrawal. After withdrawal, we will stop processing the relevant personal data unless a separate lawful basis applies.
To exercise any of these rights, please write to the Grievance Officer at the contact details set out in Section 13 below. You may also use any consent management dashboard or self-service portal that we publish on the Website. We may ask you to verify your identity before we act on a rights request.
9. Security Safeguards
We implement reasonable security safeguards to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These safeguards include:
- encryption or masking of personal data, where technically feasible;
- role-based access controls and the principle of least privilege;
- access logging, monitoring, and periodic review;
- regular data back-ups to support continued processing in the event of a security incident;
- contractual safeguards in agreements with service providers that process personal data on our behalf;
- periodic security assessments of the Website and its underlying infrastructure; and
- an incident response process for detecting, investigating, and remediating personal data breaches.
No security safeguard can guarantee absolute protection. We therefore cannot warrant the unconditional security of any personal data that you transmit to the Website.
10. Personal Data Breach
If we become aware of a breach of personal data, we will inform the affected users and the Data Protection Board of India without delay, and will submit a detailed report to the Board within seventy-two hours of becoming aware of the breach, or within such other period as the law permits. The intimation to affected users will, in plain language, describe the nature and extent of the breach, its likely consequences, the measures we are taking to mitigate the risk, the steps you can take to protect yourself, and the contact point for further information.
11. Third-Party Websites
The Website contains links to third-party websites. We are not responsible for the privacy practices or the content of those websites. You should review the privacy policy of each third-party website before you provide any personal data to it.
12. Changes to this Privacy Policy
We may revise this Privacy Policy from time to time to reflect changes in law, regulatory guidance, or our processing activities. We will publish the revised Privacy Policy on the Website and update the “Last updated” date at the top. Where the change is material, we will, in addition, give you reasonable advance notice through a banner on the Website or by other appropriate means.
13. Contact
For any question, complaint, or rights request relating to this Privacy Policy or our processing of personal data, please contact:
Grievance Officer, Traveltime Mobility India Private Limited
Name: Ajay Pawar
Designation: HR Manager
Email: ajay.p@traveltime.co.in
Phone: +91 99229 22629
Postal address: Traveltime Mobility India Private Limited, 1st Floor, Astral Court, Above Axis Bank, Aundh, Pune – 411007
The full grievance redressal procedure is set out in the Grievance Redressal Framework published on the Website.