Book NOW
Enquire Now
Book NOW

Privacy Statement

Home

Privacy Statement

Privacy Statement

Last Update: February 18, 2025

Our goal at Kairali – The Ayurvedic Healing Village (“Kairali,” “we,” “us,” or “our”) is to safeguard your privacy and make sure that your personal data is handled sensibly and safely. This Privacy Statement describes how we gather, use, share, and safeguard your personal information when you engage with us, such as when you browse our website, make a reservation, or make use of our health and Ayurvedic services.

1. Information We Collect

We collect personal data in the following ways:

1.1 Information You Provide Directly

  • Name, contact details (email, phone number, address) when you make a reservation or inquiry.
  • Health-related information (only with your consent) for Ayurvedic consultations and treatments.
  • Payment details for bookings, purchases, or spa treatments.
  • Preferences, feedback, and communication history.

1.2 Information Collected Automatically

  • IP address, browser type, and device details when you visit our website.
  • Cookies and tracking technologies to analyze website usage and improve user experience.
  • Location data (if permitted) to provide personalized recommendations.

1.3 Information from Third Parties

  • Travel agencies, partners, or wellness platforms when you book through third-party services.
  • Social media interactions if you engage with our content on platforms like Instagram, Facebook, or LinkedIn.

2. Children policy 

We do not intentionally target our platforms to children or knowingly collect information from children. We will remove any information we discover that we have gathered from minors. For additional details regarding the Digital Personal Data Protection Act (DPDPA) of 2023, which applies to websites that target children younger than 18.

3. How We Use Your Information

We use your data for the following purposes:

  • Providing Services – Taking reservations, personalizing Ayurvedic therapies, and improving your overall health.
  • Communication –sending newsletters, special offers, booking confirmations, and customer service messages.
  • Health & Safety – Based on your health details ( only with consent) ensuring personalized Ayurveda treatments 
  • Marketing & Promotions – Sharing exclusive wellness offers, updates, and retreat information.
  • Website Optimization – Improving our digital experience through analytics and performance tracking.3.6 Legal & Compliance – Meeting regulatory requirements, fraud prevention, and ensuring data security.
  • Sensitive data handling – Sensitive information, including health, religious views, and biometric data, is handled, kept, and safeguarded as per local laws. 

4. Data Sharing &  Disclosure

We do not sell or trade your personal data. However, we may share information with:

  • Service Providers: Payment processors, IT support, and trusted third parties who assist in delivering our services.
  • Legal Authorities: If required by law, court orders, or regulatory obligations.
  • Marketing & Advertising Partners: Only with your consent, for exclusive offers and wellness programs.

5. Data Security & Retention

We put strong security measures in place to guard against abuse, unauthorized access, and alteration of your personal data. Your information is only kept for as long as is required to achieve its goals, meet legal requirements, or settle disputes.

5.1 Security Measures We implement comprehensive security protocols including:

  • Industry-standard encryption for all data transmission and storage
  • Regular security audits and penetration testing
  • Mandatory data protection training for all staff members
  • Access control systems with multi-factor authentication
  • Regular backup procedures and disaster recovery planning

5.2 Retention Periods We retain your information according to the following guidelines:

  • Health and treatment records: 7 years from your last visit, as required by Indian healthcare regulations
  • Booking and accommodation data: 3 years from your last stay
  • Marketing preferences: Until you withdraw consent
  • Financial records: 8 years, as required by tax regulations

6. Data breach

As soon as a breach is discovered, we will start containment procedures and carry out an initial evaluation to ascertain the type and extent of the problem. As required by law, Kairali will notify the appropriate supervisory authorities within 72 hours of the breach being confirmed. When a breach poses a serious risk to the rights and freedoms of affected data subjects, they must be informed as soon as possible.  Such notifications shall include: 

  • description of the breach,
  • categories of personal data affected, likely consequences, 
  • measures taken to mitigate potential adverse effects, 
  • contact information for further inquiries. 

If prompt disclosure might obstruct a criminal investigation, Kairali retains the right to postpone reporting. All breaches will be thoroughly documented by us, including the facts, consequences, and corrective measures implemented. After a breach occurs, we will put in place the proper organizational and technical safeguards to stop it from happening again. These safeguards may include improved encryption techniques, system updates, and employee training. 

7. User Rights & Choices

Under the Digital Personal Data Protection Act (DPDPA), you have certain rights regarding your personal information:

7.1 Access and view your personal information we hold: 

  • View and access the personal data we have on you.
  • To guarantee accuracy, ask for corrections.
  • When your data is no longer needed, delete it.
  • Remove your consent to the processing of your data.
  • Get your data in a transferable format.
  • Object to certain processing methods

7.2 How We Handle Your Data

As a data fiduciary, we are committed to:

  • Getting your consent before gathering or using your data
  • Putting in place the right security measures to safeguard your information
  • Notifying you of any potential data breaches
  • Processing just the information required to deliver our Ayurvedic services
  • Keeping our data management procedures transparent

7.3 Data Protection Measures

We have implemented:

  • Regular security assessments
  • Data protection training for employees
  • Systems for safely storing medical records
  • Protocols for data encryption
  • Access restrictions for private data

7.4 Data Retention

We retain your information only for as long as necessary to:

  • Offer our ayurvedic treatments.
  • Observe your legal responsibilities
  • Keep up-to-date medical records
  • Encourage any continued medical interventions.

7.5 Compliance with DPDPA

As required by law, we:

  • Keep track of all data processing actions.
  • Regularly evaluate the impact of data protection.
  • Collaborate with the Indian Data Protection Board
  • Respond quickly to requests for data transfers.

7.6  International Data Protection Standards

While we operate primarily under Indian law (DPDPA), we also respect and comply with international data protection standards where applicable, These include, but are not limited to:

  • EU General Data Protection Regulation (GDPR) 
  • California Consumer Privacy Act (CCPA) 
  • South Korean Personal Information Protection Act (PIPA) 
  • Singapore  Personal Data Protection Act (Singapore) 
  • Japanese Act on the Protection of Personal Information (APPI)
  • Other regional privacy laws as applicable to our international guests

7.7  Consent Management

We obtain explicit consent through:

  • Clear consent for health data collection
  • Specific authorization for sharing data with treatment providers
  • Documented consent for international data transfers

7.8 Data Protection Officer

For privacy-related inquiries or concerns, contact our designated Data Protection Officer:

Email: info@kairali.com 

Address: D-130 Ambedkar Colony Mehrauli, New-Delhi 110030
Feel free to contact us at info@kairali.com to exercise these rights. As required by DPDPA standards, we will reply to your request within the allotted period.

8. Opt-out option 

We offer thorough opt-out procedures to data subjects about the use of their personal information for targeted advertising. Data subjects have the right to revoke their consent at any moment for the use of their data for marketing purposes by: 

  • adjusting privacy preferences through their account settings
  • clicking the “unsubscribe” link in any commercial electronic communication,

Kairali will stop using the data subject’s personal information for targeted advertising after receiving an opt-out request. We may nonetheless process personal data despite such an opt-out if it is required to carry out contractual obligations or if it is otherwise allowed by relevant legislation.

9. AI Chatbot Disclosure & Policy

At Kairali – The Ayurvedic Healing Village, our AI chatbot offers automated help for reservation support, frequently asked questions and general inquiries. Although it improves convenience, it cannot provide medical diagnoses or tailored Ayurvedic recommendations nor substitute for human interaction. For professional advice, we recommend seeking out our experts. 

We emphasize the importance of data privacy and adherence to regulations. Following CCPA (USA), our AI does not retain personal information without permission, and per Japan’s AI Transparency Regulation, all AI-based interactions are completely transparent. 

If you have any questions about AI interactions, kindly contact info@kairali.com 

10. Cookies & Tracking Technologies

Our website uses cookies to enhance user experience, track website activity, and improve services. You can manage cookie preferences through your browser settings.

For more details, refer to our Cookie Policy.

11. International Data Transfers

As Kairali serves an international clientele, your data may be processed outside your home country. We ensure compliance with global data protection laws when handling such transfers.

12. Third-Party Links & External Services

Our website may contain links to third-party services, such as social media platforms, booking partners, or wellness affiliates. We are not responsible for their privacy practices and encourage you to review their policies.

13. Updates to This Privacy Statement

We may update this Privacy Statement periodically to reflect changes in legal requirements or our services. The latest version will always be available on our website.