1.General

(i)This Privacy Statement explains what information about You (defined below) is collected by The Fern Hotels & Resorts (hereinafter Fern, we, us, or our), a brand of Concept Hospitality Private Limited, and how that information may be used, processed, protected, and otherwise handled when You use or visit our website https://www.fernhotels.com (Website).

(ii)This Privacy Statement applies to any person or entity (You or Your) that accesses the Website or has shared any data about an individual who is identifiable by or in relation to such data (PD) with us.

(iii)You have been directed to this page to familiarise with the terms of this Privacy Statement as well as provide Your informed consent to the processing of PD. Before you submit any PD to us, please read this Privacy Statement for an explanation of how it will be processed by us. If You do not agree with this Privacy Statement, please do not use the Website.

Changes to this Privacy Statement: We reserve the right to update this Privacy Statement at any time, and we will provide You with a new Privacy Statement when we make any substantial updates. We may also notify You in other ways from time to time about the processing of Your PD.

2.What PD Do We Collect?

(i)We collect and process PD provided by You when You access and browse our Website; make a booking and avail our services; subscribe to our newsletter and other content; contact us for help; submit an enquiry; or otherwise enter information on the Website. This does not include data where the identity of the individual has been removed irreversibly and permanently, i.e., anonymous data.

(ii)PD collected includes the following categories:

Basic information – This includes Your name, title, address, country of residence, telephone number, e-mail address, photographs, gender, marital status, and age. Identification information – This includes Your national insurance or tax ID number, PAN card, and driving license/passport/Aadhaar details.

Sensitive personal data – This includes financial and payment information including bank account details, biometrics, and health data.

Technical data - Our servers automatically collect and log analytics data for all visitors to the Website. This includes Your IP address, referring website, Your geographic location, date/time each page was requested, pages visited, Your operating system type and version, Your web browser type and version, total bytes of data transferred.

Grievance information – This includes information that You provide to us when raising a complaint on the Website.

CCTV footage and other information obtained through electronic means such as door access records.

Information about your use of our information and communications systems.

3.How We Collect PD

(i)We collect PD:

directly from You when You voluntarily provide Your PD while accessing, browsing, or using any part of the Website, or any PD that you may provide us for availing our services and offerings; and

indirectly from other sources such as cookies, web beacons, website traffic, information available in public domain through internet searches, analytic studies and other information that we may derive while processing PD.

(ii)Cookies - As is standard practice on many corporate websites, the Website uses cookies and other technologies to help us understand which parts of the Website are most popular, where our visitors are going, and how much time they spend there. We use cookies and other tracking technologies to study traffic patterns on the Website, to make it even more rewarding as well as to study the effectiveness of our customer communications, and to customize Your experience and provide greater convenience each time You interact with us.

(iii)Form Data – The Website contains on-line forms which enable You to submit enquiries for products or services, and request support or participate in an on-line discussion. All data collected through these forms is used only for the purpose for which it was supplied.

(iv)In all these circumstances, we act as the organization collecting and retaining your PD.

4.Why We Collect PD

(i)We collect and process PD to support our operational, administrative, and compliance needs. The purposes of such collection include:

Responding to inquiries and service requests;

Managing reservations, events, and corporate communication;

Enhancing guest experience and improving our services;

Managing employee, vendor, and partner relationships;

Providing You with information of services offered by us;

Communicating with You;

Conducting market research, surveys, trend research, analytics to understand Your need for using the Website, services, updates, upgrades and software feature requirements;

Improving and developing the Website;

Obtaining feedback from You and act thereupon;

Protecting and securing Your PD, detect and handle actual, suspected, or pre-empted data breach scenarios;

periodically reviewing PD collected to adhere with Your requests regarding Your rights and legal obligations under applicable law;

Promotion, marketing and advertising;

Managing payments and transactions;

Defending or initiating legal, contractual and other equitable relief should such situation arise; and

Ensuring security and legal compliance with applicable law.

(ii)We collect and process PD only for legitimate business purposes and as permitted under applicable laws.

(iii)Analytics data is used by us to generate detailed reports and statistics on Website visits.

5.How We Process PD

(i)We collect, record, organise, structure, align, retrieve, adapt, access, review, archive, analyse, pseudonymize, encrypt, decrypt, profile, transfer, perform other related technological and manual processing activities.

(ii)PD is processed only for the specified purposes above for which we have legitimate use because You voluntarily provided PD or have consented to processing of PD, or processing is necessary for performance of contracts executed with You in relation to our services, or for compliance with applicable laws, or for defending our rights and claims.

(iii)We process PD in accordance with fair, accountable and transparent processing principles as required under applicable law. Governing principles that we follow for processing are:

process lawfully, fairly and with transparency;

process only for purposes communicated, or those which are reasonably expected to be connected with the purposes, or for purposes which are compatible with them;

minimise collection only as much is adequate, relevant and necessary for the processing purposes;

take reasonable steps to maintain accuracy in light of the processing purposes;

retain in such form and for such duration as is permissible under law, bearing in mind the processing purposes;

use technical, operational, and organisational security measures;

prevent accidental loss, unlawful destruction, or access, or damage; and

maintain confidentiality and integrity of PD.

6.Who We Share PD With

(i)We do not sell, rent, or trade Your PD in any manner.

(ii)We disclose PD on a strict need-to-know basis to our affiliates and other group entities, internally with our personnel, and third party service providers, like hosting partners, cloud service providers, maintenance vendors who assist us in operating and maintaining the Website, etc.

(iii)We may also disclose PD to third parties if required for compliance with law, to enforce our policies, or protect ours or others’ rights, property or safety, investigate fraud, or respond to a government request.

(iv)In all instances of disclosure, we require the receiving third-party to maintain confidentiality, use PD only for the limited purpose for which it is disclosed, and restrict onward transfer. We also insist that the recipient destroys PD to the extent feasible once the purpose is achieved.

(v)Before transferring PD to a third party, we conduct reasonable due diligence factoring the purposes, such as evaluation of processes implemented, reserving audit and inspection rights, requiring representations, and mandating compliance with applicable laws concerning data protection and privacy from the third party. We also contractually require them to implement appropriate technical, operational and physical security safeguards.

(vi)We have a record of the incoming email address if You have sent us an email or submitted an enquiry. We will only use your email address to respond to your requests and communicate directly with you. We do not add your email address to a mailing list and we will not send you unsolicited emails (SPAM).

7.How We Protect Your PD

(i)We implement reasonable security practices and procedures. Our security framework follows recognized industry standards, ensuring appropriate technical, administrative, and physical safeguards are in place to protect personal data from unauthorized access, disclosure, alteration, or destruction.

(ii)All our staff, personnel, and representatives receive appropriate and on-going training to ensure they are fully aware of their obligation to uphold confidentiality, protect PD, and respect Your privacy. Only limited authorised personnel and approved third parties have access to PD on a need-to-know basis and only for specific purposes.

(iii)We do not provide facilities for the secure transmission of information across the internet. Website users should be aware that there are inherent risks transmitting information across the internet. You are strongly advised to exercise discretion while providing PD and using our Website, given that the internet is susceptible to security breaches.

8.How Long We Store PD

(i)We will store and process Your PD for such duration as is necessary in order to fulfil the purposes stated in this Privacy Statement and otherwise, where retention is required for compliance with applicable law.

(ii)Under all circumstances, it is our practice to follow data minimization and retain it in a safe manner only for purposes already identified in this Privacy Statement.

(iii)Our overarching goal is not to retain PD in identifiable form longer than what is necessary, after which it will be destroyed.

9.Rights You Have

(i)You have the right to:

Access Your PD that is processed by us

Request corrections or updates to Your PD

Submit queries or raise concerns about the processing of Your PD

Withdraw consent where consent is the processing basis

(ii)In order to know more about Your Rights, including how to exercise them, You may contact our grievance officer at grievanceofficer@fernhotels.com.

Note: 

10.Grievance Redressal Mechanism and Contact Details

If You have any grievances or concerns, please contact our grievance officer Ms. Humaira Khan at grievanceofficer@fernhotels.com. We will try our best to provide the necessary information in pursuance of your requests and redress your grievances within 30 days from receipt of the request/grievance. Should you require further details about our processes in this regard, please write to our grievance officer on the details mentioned herein.