Safal Hospitality and Maintenance Services ("Safal Hospitality", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, share and protect personal information when you visit safalhospitality.com or engage our services. Our practices comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian laws.
1. Information We Collect
1.1 Information You Provide
When you submit an enquiry, request a quote, apply for a job or contact us, we collect:
- Identity data: name, gender, designation
- Contact data: email address, phone number, postal address, company name
- Service data: nature of facility, service required, scope, location, budget indication
- Career data: CV/resume, qualifications, work history (only when applying for a role)
- Communication data: messages sent via contact forms, WhatsApp, email or phone calls
1.2 Information Collected Automatically
When you visit our website, we automatically collect:
- Technical data: IP address, browser type, device type, operating system, referrer URL
- Usage data: pages visited, time spent, click events on phone, WhatsApp, map and email links
- Approximate location: derived from your IP address (city/region level only) via ipinfo.io
- Cookies and similar technologies: session cookies, security cookies (reCAPTCHA), and analytics cookies where applicable
2. How We Use Your Information
We use your personal data for:
- Responding to enquiries, providing quotes and delivering requested services
- Managing job applications and recruitment
- Sending service-related communication, contracts, invoices and updates
- Marketing communication (only with your consent — you can opt out anytime)
- Site security, fraud prevention and reCAPTCHA bot mitigation
- Analytics to improve website performance and user experience
- Statutory compliance, accounting and audit requirements
3. Legal Basis for Processing
We process personal data on the following lawful bases under the DPDP Act 2023:
- Consent — when you submit a form, opt in to communication, or accept cookies
- Contract performance — to deliver services you have requested
- Legal obligation — for taxation, statutory compliance, regulatory filings
- Legitimate interest — site security, fraud prevention, internal record-keeping
4. Sharing Your Information
We do not sell your personal data. We may share it only with:
- Service providers — payment processors, email/SMS gateways, hosting providers, CRM tools, reCAPTCHA (Google), ipinfo.io for location lookup
- Professional advisors — auditors, legal advisors, accountants under confidentiality obligations
- Government authorities — only when required by law, court order, or regulatory request
- Acquirers — in the event of a corporate restructuring, merger or acquisition (with notice)
All third-party recipients are contractually bound to handle your data securely and only for specified purposes.
5. Cookies & Tracking
Our website uses:
- Essential cookies — required for site security, form submission and reCAPTCHA
- Analytics cookies — to understand visitor behaviour and improve the site
- Phone tracking — we log clicks on phone, WhatsApp, map and email links to measure marketing effectiveness
You can disable cookies in your browser settings, but parts of the site may not function correctly.
6. Data Retention
We retain personal data only as long as necessary:
- Enquiry & quote data: up to 3 years from last contact
- Client contract data: for the contract duration plus 8 years (statutory accounting requirement)
- Recruitment data: 1 year from application closure (longer if hired)
- Website analytics: 26 months (Google Analytics default)
7. Your Rights (DPDP Act 2023)
Subject to applicable law, you have the right to:
- Access — request a copy of personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Erasure — request deletion of your personal data (subject to statutory retention)
- Withdraw consent — withdraw consent for marketing or non-essential processing at any time
- Grievance redressal — file a complaint with our Grievance Officer (details below) or the Data Protection Board of India
To exercise any right, email mayur@safalhospitality.com with subject line "Privacy Request — [your request type]".
8. Data Security
We implement reasonable technical and organisational measures to protect your data — HTTPS encryption, secure form submission with reCAPTCHA, access controls, employee confidentiality agreements, and regular security reviews. However, no system is 100% secure; we cannot guarantee absolute security but commit to notifying you and the Data Protection Board within 72 hours if a notifiable breach occurs.
9. Children's Privacy
Our services are intended for businesses and adults. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected such data, contact us for immediate deletion.
10. International Transfers
Most of our data processing happens within India. Some service providers (such as Google reCAPTCHA, ipinfo.io) may process limited data outside India, under standard contractual safeguards permitted by the DPDP Act 2023.
11. Third-Party Links
Our website may contain links to third-party websites (LinkedIn, Facebook, Twitter, Instagram, YouTube). We are not responsible for the privacy practices of those sites. Please review their privacy policies separately.
12. Changes to This Policy
We may update this privacy policy periodically. The "Last Updated" date at the top reflects the most recent change. Material changes will be highlighted on our homepage or notified to active clients via email.
13. Grievance Officer / Contact
For privacy-related questions, requests or grievances:
If you are not satisfied with our response, you may approach the Data Protection Board of India established under the Digital Personal Data Protection Act, 2023.
