PRIVACY POLICY

This is the privacy policy of SAMHI Hotels Limited and its subsidiaries (“SAMHI”).

INTRODUCTION
Capitalised terms used but not defined herein shall have the meanings ascribed to such terms in the Terms and Conditions of Use of this Website (“Terms”), and this Privacy Policy shall, at all times, be deemed to be a part of Terms.

This privacy policy (“Privacy Policy”) is issued by SAMHI Hotels Limited and its subsidiaries Argon Hotels Private Limited which operates "CASPIA Hotel" (collectively referred to as “SAMHI”, “SAMHI Group”, “we”, “us” or “our” in this Privacy Policy). SAMHI is committed to ensuring that your privacy is protected. Accordingly, we have prepared this Privacy Policy to explain more about who we are, how we collect, manage and disclose your information (whether through our website, our hotels, our social media pages, or offline) and the choices you have about how we use your information. Specific additional rights may apply if required by applicable law Please read this Privacy Policy before using www.caspiahotels.co.in or using/availing any of our products and/or services or submitting any personal information. This policy will be updated subject to any changes in information collection, activities performed or any applicable regulations. You are encouraged to review the privacy policy whenever you provide your information by visiting www.caspiahotels.com or at the hotels or through other offline channels to make sure that you understand how any personal information you provide will be used and retained.

APPLICABILITY
This Privacy Policy is applicable to:
1. Everyone who accesses and uses www.caspiahotels.com including but not limited to external legal entities in any form or manner;
2. Our customers who visit or stay at our properties;
3. Third party service providers or their representatives; and
4. Employment candidates, current and former employees.

INFORMATION WE MAY COLLECT
SAMHI collects your personal information in accordance with the law. The information we collect may vary by territory/country or by your preferred method of interaction with us. The categories of personal information that we may collect (from our customers / website visitors / third party services providers) include: (a) Contact and identification information including first and last name, email address, postal address, country, phone number, , other similar contact data, professional title, employer or professional affiliations, passport and visa information and information from other government IDs. (b) Payment and Credit Information: We may collect credit card and other payment method details. (c) Other information: We may collect information such as your age, sex, date of birth, marital status, nationality, occupation, ethnicity, religion, travel history or any other personal information provided in responses to surveys or questionnaires. (d) Technical information: We may collect information such as website, device and mobile app usage, Internet Protocol (IP) address and similar information collected via automated means, such as cookies, pixels and similar technologies. (e) Biometric, Health-related or other Sensitive Personal Data or Information: We may collect Sensitive Personal Data or Information such as health-related or religion information you provide us to fulfil special requests (e.g., health or religious conditions that require specific accommodation or services), (f) Audio and Visual Information: We may record our customer service calls and security footage at our properties, which may include your voice and/or image; and If you submit any personal information relating to other people to us or to our service providers in connection with the services (e.g., if you make a reservation for another individual), you represent and warrant that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy. In addition to the information above, we may collect personal information from our employees or prospective employees, which may include: (a) Information provided in the Curriculum Vitae; (b) residency and work permit status; (c) taxpayer identification number, banking details; (d) sick pay, pensions, insurance and other benefits information (including the gender, age, nationality and passport information for any spouse, minor children or other eligible dependants and beneficiaries); (e) date of hire, date(s) of promotions(s), work history, technical skills, educational background, professional certifications, language capabilities and training courses attended; (f) Name, email, phone, emergency contact details, blood group; (g) height, weight and clothing sizes, photograph, physical limitations and special needs. (h) records of work absences, vacation entitlement and requests, salary history and expectations, performance appraisals, letters of appreciation and commendation, selection and development assessments, and disciplinary and grievance procedures; (i) where permitted by law and proportionate in view of the function to be carried out by an employee or prospective employee, government ID and address proof, the results of background checks, driving licence number, vehicle registration and any other related information. (j) information required to comply with laws, the requests and directions of law enforcement authorities or court orders; (k) acknowledgements, agreements regarding our policies; (l) information captured on security systems, including Closed Circuit Television (“CCTV”) and key card entry systems and other security and technology systems, to the extent permitted by applicable law including, in certain jurisdictions, biometric information. (m) emails, correspondence and other work product and communications created, stored or transmitted by an employee using our computer, network or communications equipment; and (n) date of resignation or termination, reason for resignation or termination, information relating to administering termination of employment; Most of the personal information we process is the information that has been provided to us by you knowingly. However, in a few instances, we process personal information inferred on the basis of the information provided by you or personal information received from a third party, such as a recruitment agent or background check vendor. Unless otherwise stated, all personal information we request from you is obligatory. However, please note that if you do not provide certain information, we may not be able to accomplish some or all of the purposes outlined in this Privacy Policy, and you may not be able to use certain tools and systems which require the use of such personal data. Further, if you do not provide and/or allow us to process the personal information as requested, we reserve the right to discontinue our services or our engagement for which the information is sought.

We may also collect information about Your preferences that We use to make Your current and future stays and experience with Us more enjoyable, including information about Your interests and other relevant information about You that We learn about during Your stay. This may also include any likes and dislikes about Our services that You tell us about so that We can improve Our services, and specific dietary or health restrictions to ensure Your wellbeing. We may also collect Your “Personal Preferences,” that may include details of Your special anniversaries (such as Your birthday or wedding anniversary), what type of activities You prefer to take part in when staying with Us, and Your hobbies. Personal Preferences may also include details about who You usually travel with, their relationship to You, and Your marital status.

If you submit any Personal Information about other people to Us (e.g., if you make a reservation for another individual), You represent that You have the authority to do so and You permit Us to use the data in accordance with this Privacy Policy.

You are giving us Your unconditional consent to the collection, storage and use of Your Personal Information as set forth in this Privacy Policy.

HOW WE COLLECT YOUR PERSONAL INFORMATION
We collect the above-referred categories of personal information from the following categories of sources: (a) We receive and store any information you enter on our website or third-party hotel booking websites or give us in any other way (e.g., at our hotels, kiosks). (b) We use cookies and related technologies to passively collect personal information from and across your devices when you interact with our website, emails, or other online content or when your device connects to, or is detected by, the wireless networks at our properties. (c) From social media: If you post to one of our pages on a social media site, we may receive contact and identification information, stay and purchase information, internet and network activity, and any other personal information contained in your social media posts or profile.

HOW WE USE YOUR PERSONAL INFORMATION
Any of the information we collect from you may be used in one of the following ways: (a) carry out our obligations arising from any contract entered into between you and us; (b) fulfil other purposes as disclosed to you in accordance with applicable law or with your consent; (c) provide you with information about the services and sending you information about materials, newsletters, events, conferences and offers; (d) provide products and/or services and communicate with you about products and/or services offered by us; (e) conduct market research, customer satisfaction and quality assurance surveys; (f) process, disclose, transmit, and/or share the information with third parties which have business or contractual dealings with us; (g) administer general record keeping; (h) meet legal and regulatory requirements or compliance obligations; (i) provide privileges and benefits to you, marketing and promotional campaigns based on your profile; (j) communicate with you (including to respond to your requests, questions, feedback, claims or disputes) and to customize and improve our services; (k) enforce the terms of use of our website; (l) prevent, detect, and investigate fraud, cyber incidents, or other illegal or harmful activity; (m) for any emergency and incident response ensuring the security of on-site services, responding to, handling, and documenting on-site accidents and medical and other emergencies (including facilitating in house doctor services), actively monitoring properties to ensure adequate incident prevention, response, and documentation (including CCTV), requesting assistance from emergency services, and sending notifications and alerts in the event of incidents or emergencies (such as via SMS, email, call, audio-visual device prompts, etc.); and (n) to otherwise support your relationship with SAMHI. In addition to the above, any of the information we collect from our candidates for employment, employees or former employees, may be used in one of the following ways: (a) evaluate applications for employment; (b) manage all aspects of an employee’s employment relationship, including, but not limited to, payroll, benefits, corporate travel, performance appraisal, disciplinary and grievance processes etc.; (c) maintain sickness records and occupational health programs; (d) investigate and respond to claims against SAMHI, its staff and its guests; (e) administer termination of employment and provide and maintain references; (f) maintain emergency contact and beneficiary details; and (g) comply with applicable laws, including judicial or administrative orders regarding individual employees. We may retain information of former employees for as long as it is necessary and in all cases for no longer than permitted by our retention schedule and applicable law.

DISCLOSURE OF INFORMATION
From time to time, we may disclose your personal information. Such disclosure shall be made in accordance with applicable law. In some jurisdictions, data privacy laws may require us to obtain your consent before we disclose your information to third parties. When you consent to this Privacy Policy, you are, to the extent required and permitted under your local law, granting your consent to the transfer of your personal information to such third parties for the purpose and to the extent stated in this section and as described in Section (How We Use Your Personal Information) above.

JOINT CONTROLLER OF CUSTOMER DATA
Our brand operators at various properties are joint controllers of customer information provided to us directly (as applicable) for the purposes of hotel stay. All customer information that is provided directly to us for hotel stay purposes is jointly accessed and controlled by the respective brand operators for various properties. Please refer the privacy policy of the respective brand operators to understand how your information may be processed by the respective brand operators.

COMMITMENT TO DATA PRIVACY & SECURITY
We are committed to protecting the confidentiality and security of the information that you provide to us. To do this, technical, physical and organizational security measures are put in place to protect against any unauthorized access, disclosure, damage or loss of your information. The collection, transmission and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that reasonable security safeguards are in place to protect your information. Only selected and authorised employees, business partners, vendors and other third party providers may have access to your information. SAMHI takes reasonable measures to ensure that our third party service providers employ industry standard security measures to ensure the security of information through legally binding terms and conditions.

LINKS TO OTHER SITES
Our websites and applications contain links to websites that are maintained and/or controlled by non-affiliated parties. In some instances, these websites may be co-branded and display our logos or other trademarks. This Privacy Policy and our responsibility arising from it is limited to our own information collection practices. SAMHI shall not be responsible for the information collection practices or privacy policies of other websites maintained by third parties or our service providers where you submit your personal information directly to such websites. We encourage you to review the privacy policies of these websites as their privacy policies may differ from ours.

RETAINING YOUR INFORMATION IN OUR SYSTEMS
We generally only keep your information for as long as is reasonably required for the purposes explained in this Privacy Policy. In some cases we keep transactional records (which may include your information) for longer periods if necessary to meet legal, regulatory, tax or accounting needs. We will also retain information if we reasonably believe there is a prospect of litigation. We maintain a data retention policy which we apply to the records we hold. In addition, even after deletion of information, including on account of exercise of your right under Section 11 (Withdrawing consent and restriction of processing) below, it may persist on backup or archival media for audit, legal, tax or regulatory purposes. SAMHI reserves the right to decline access to your information under certain circumstances. If your information is not disclosed to you, you will be provided with the reasons for this non-disclosure.

WITHDRAWING CONSENT & RESTRICTION OF PROCESSING
Where we have obtained your consent to process your personal information for certain activities, you may request to withdraw consent to personal information processing or you may review, update, correct or delete your personal information collected through the website or other channels unless we consider that there is an alternative legal basis to justify our continued processing of your personal information. Subject to the aforesaid, you may request to withdraw consent as mentioned above or you may review, update, correct or delete your personal information by e-mailing us at sanjay.jain@samhi.co.in .

SEVERABILITY
If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.

GRIEVANCE REDRESSAL MECHANISM
All complaints in relation to Your Personal Information shall be directed to the Grievance Officer at the following contact details:
Name: Sanjay Jain
Email address: Sanjay.Jain@samhi.co.in
SAMHI shall redress the complaints expeditiously and in compliance with applicable laws.