Privacy Policy

This Privacy Policy explains how Dumcheese collects, uses, stores, shares, and protects personal data when you use our website, submit a travel request, communicate with our team, track a request, download documents, or otherwise interact with our services.

Dumcheese operates as a request-first corporate travel operations platform. Our public website is designed for travel discovery, request submission, request tracking, document access, and support. It is not a self-serve checkout platform and final booking actions remain subject to Dumcheese operational processes.

This policy is written to reflect core privacy principles recognised across Indian and international norms, including lawful use, transparency, purpose limitation, data minimisation, accuracy, security, retention discipline, and user rights handling. Depending on where you are located, additional rights or protections may apply under local law.

We collect information you provide directly, such as traveller names, contact details, company or organisation details, travel routes, dates, passenger counts, preferences, invoice-related details, support messages, uploaded documents, and request-specific instructions.

We collect operational data generated through the service, such as request numbers, request status history, ticket and invoice associations, payment state updates, communication logs, admin workflow activity, and search comparison records created when our team runs partner portal search automation.

We may also collect technical and usage data such as browser type, device details, IP address, approximate location derived from network data, referral source, pages visited, timestamps, form activity, error logs, and security signals used to protect the website and investigate misuse.

Where required for fulfilment or compliance, we may receive personal data from your employer, travel coordinator, authorised representative, airline or supplier records, payment references, or documents you or your organisation provide to us.

Travel operations may require handling information that is more sensitive in context, such as passport details, visa details, dates of birth, government-issued identification references, billing documents, ticket files, and payment verification information. We only request and use such information where it is reasonably necessary for request processing, document handling, compliance, fraud prevention, traveller identification, or support.

Please do not submit medical, biometric, or other highly sensitive data unless it is strictly necessary for a travel requirement and requested by our team for a legitimate operational reason.

We use personal data to respond to enquiries, process travel requests, create and manage request records, compare supplier options, issue tickets, generate or link invoices, verify payments, provide updates, support travellers, manage documents, and resolve service issues.

We also use data to secure our systems, detect fraud or abuse, maintain audit trails, enforce our terms, comply with legal or tax requirements, improve reliability, analyse service performance, and maintain records needed for customer support and operational continuity.

Where permitted, we may use limited contact information to send important service communications, policy updates, transactional notices, or business-relevant operational follow-ups. We do not position Dumcheese as a data broker and we do not sell personal information.

Depending on the applicable law, we process personal data based on one or more valid grounds, including your consent, the need to take steps at your request, performance of a contract or service arrangement, compliance with legal obligations, protection against fraud or misuse, and our legitimate interests in running a secure and effective travel operations service.

If a particular activity depends on consent, you may withdraw that consent subject to legal, operational, or contractual limitations. Withdrawal will not affect processing already carried out before withdrawal.

We may use cookies, local storage, session identifiers, security tokens, and basic analytics tools to keep the website functional, remember preferences, support login and request tracking flows, measure performance, and prevent abuse.

Some cookies are necessary for website functionality and security. Others may support analytics, service quality measurement, or communication performance. You can control cookies through your browser settings, although disabling some technologies may affect website functionality.

We share personal data only where reasonably necessary for service delivery, compliance, or security. This may include airlines, travel suppliers, partner portals, payment channels, communication providers, cloud or hosting vendors, document processing services, fraud prevention tools, professional advisers, or lawful authorities where disclosure is required or justified.

Within Dumcheese, access is limited to personnel, contractors, or administrators who need the information for their role. Admin-triggered portal automation is used to support comparison workflows and does not remove manual operational control over final booking actions.

If Dumcheese undergoes a merger, acquisition, restructuring, financing event, or asset transfer, relevant information may be disclosed as part of that process subject to confidentiality and legal safeguards.

Because travel operations and technology services may involve suppliers, infrastructure, or support providers located outside your home jurisdiction, your personal data may be processed in other countries. When this happens, we take reasonable steps to ensure the transfer is consistent with applicable law and protected through contractual, organisational, or technical safeguards appropriate to the context.

If you access our services from outside India, you understand that data may be processed in India and in other jurisdictions involved in service delivery or infrastructure support.

We retain personal data only for as long as necessary for the purposes described in this policy, including request fulfilment, operational support, ticket and invoice history, payment verification, auditability, dispute resolution, fraud prevention, legal compliance, tax requirements, and recordkeeping.

Retention periods vary depending on the type of data and the reason it was collected. For example, request records, issued document references, billing-related records, and support trails may be retained longer than casual enquiry data because they are tied to operational, financial, or compliance obligations.

When data is no longer required, we aim to delete it, anonymise it, or securely archive it in a way that limits further use, subject to legal or evidentiary preservation needs.

We apply reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction. These measures may include access controls, role-based permissions, protected file access, secure credential handling, HTTPS, environment-based secret management, logging, monitoring, validation, and workflow restrictions for sensitive operations.

No digital system can guarantee absolute security. You are responsible for using secure devices, protecting request access details, and notifying us promptly if you believe your data or access has been compromised.

Subject to applicable law, you may have the right to request access to personal data we hold about you, request correction or updating of inaccurate data, request deletion where retention is no longer justified, object to certain processing, request restriction of processing, withdraw consent in relevant cases, or ask for a copy of certain data in a portable format.

Residents of India may also have rights available under applicable Indian data protection law, including rights connected to correction, erasure, grievance handling, and consent management where relevant. Users in other jurisdictions may have additional rights under local laws, such as GDPR-style rights where those laws apply.

We may ask you to verify your identity before acting on a request, and we may decline or limit requests where we have a lawful reason to do so, including security, fraud prevention, legal obligations, evidentiary needs, or the rights of other persons.

Our services are intended for business, organisational, and travel coordination use and are not directed to children. We do not knowingly collect personal data directly from children in a manner prohibited by law. If you believe a child’s data has been provided to us improperly, please contact us so we can review and address the issue.

Our website may contain links to third-party websites, supplier portals, or external services. Their privacy practices are governed by their own policies and controls, not this policy. We encourage you to review the privacy notices of any external service you use in connection with your travel request.

We may update this Privacy Policy from time to time to reflect legal changes, service changes, operational improvements, or security requirements. When we make material changes, we will update the published revision date and may provide additional notice where appropriate.

Your continued use of the website or our services after an update becomes effective will be treated as acceptance of the revised policy to the extent permitted by law.

If you have questions, requests, or complaints about this Privacy Policy or our handling of personal data, you can contact Dumcheese using the details below. Please include enough information for us to identify your request and respond appropriately.