This privacy policy (“Privacy Policy”) sets out how Brance Technologies Private Limited, operating under the brand “30 Sundays” (“30Sundays”, “we”, “us”, or “our”), collects, uses, discloses and otherwise processes personal data in connection with the provision of curated travel experiences and related services. It is intended to be read together with our applicable terms of use / booking terms, but prevails over them in the event of any inconsistency on matters pertaining to personal data.
By accessing or using our website, mobile application or any other online or offline interface made available by us from time to time (collectively, the “Platform” or “Services”), you acknowledge that you have read and understood this Privacy Policy and agree to be bound by it. If you do not agree with any part of this Privacy Policy, you should refrain from using the Services; certain existing bookings may, however, continue to be processed to the limited extent necessary to give effect to your prior instructions or to comply with legal obligations.
This Privacy Policy applies to all individuals who interact with us in relation to the Services, including but not limited to: visitors to the Platform, prospective and confirmed travellers, persons booking on behalf of others, co‑travellers whose information is provided to us, emergency contacts, and recipients of our communications (including WhatsApp and other messaging channels).
Our core processing footprint is in India and is intended to be consistent with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and applicable subordinate rules, together with other sectoral and general laws that may apply. For users located outside India, this Privacy Policy applies to the extent it is not inconsistent with any mandatory local requirements; where required, jurisdiction‑specific addenda or notices may supplement this document.
30 Sundays is a direct travel solutions provider. In the ordinary course, we conceptualize, curate and sell our own travel packages, particularly for couples and small groups, and retain primary responsibility for the design and commercial structuring of your itinerary. We are not a pure market place that merely lists third‑party offerings.
For data‑protection purposes, we typically act as the “data fiduciary” (or functional equivalent under other regimes) in relation to your personal data processed via the Platform. However, certain downstream entities (for example, hotels, airlines, transport operators, visa facilitators, and other on‑ground vendors) will independently process your personal data for their own purposes and in accordance with their own privacy practices. Those entities remain separately responsible for compliance with laws applicable to them.
The specific data we collect will depend on the nature of your interaction with us and the Services you choose to use.
Broadly, we may process the following categories of personal Identity and contact data : Name, title, gender, date of birth, marital status, nationality, email address, postal address, country and city, contact numbers, and similar identifiers for you and, where applicable, your co‑travellers or emergency contacts.
- Booking and travel profile data
Preferred destinations and dates, travel history with us, accommodation and budget preferences, dietary or medical needs relevant to travel (to the extent you choose to disclose them), special occasions (for example, honeymoon, anniversary), passport and visa details for relevant journeys, frequent‑traveller or loyalty identifiers, and any other details reasonably necessary to design and service your itinerary.
- Payment and transaction data
Limited payment‑instrument details (for example, partial card information as returned by our payment partners), payment method, UPI or wallet identifiers, bank or transaction references, billing address, transaction timestamps and amounts, refund and chargeback data, and related reconciliation trails. We do not store full card numbers, CVV, PINs or other sensitive authentication data.
- Technical and usage data
IP address, device identifiers, operating system and browser/app version, access dates and times, log data, in‑app actions(e.g., clicks, scrolls, feature usage), cookie or similar identifiers, language and time‑zone settings, and approximate location where you have enabled such collection.
- Communications data
Records of communications with you (including email, in‑app chat, WhatsApp, calls to our customer support, and social media interactions), metadata associated with such communications, and your feedback, ratings or reviews.
- Marketing and analytics data
Referral codes, campaign identifiers, engagement with marketing assets (for example, opens, clicks, unsubscribes), segmentation and propensity scores generated through analytics, and information about your interactions with content and offers across the Platform.
- Other data you choose to provide
Any additional information, documents or media that you voluntarily share with us (for example, photographs for profile enrichment, copies of travel documents, special instructions for on‑ground vendors), including in free‑text fields.
If you provide personal data relating to third parties (such as co‑travellers), you confirm that you have the authority to do so and that those individuals are aware of the disclosure and, where applicable, have consented to it.
While the DPDP Act adopts its own terminology, in practical terms we process personal data based on the following principles and grounds:
-Performance of a contract or pre‑contractual steps
Where processing is necessary to respond to your enquiry, prepare and share itineraries, confirmand administer bookings, process payments and refunds, provide customer support, or otherwise perform our obligations in relation to the Services.
- Compliance with legal and regulatory obligations
Including obligations under tax, accounting, foreign‑exchange, and company law; record‑keeping and audit requirements; know‑your‑customer and traveller‑information obligations (where applicable); and responding to lawful directions or requests from regulators, courts, law‑enforcement or other competent authorities.
- Legitimate business interests
Including securing the Platform and our infrastructure; managing risk, fraud and abuse; monitoring and improving our products, pricing, content and user experience; conducting internal analytics; and tailoring communications and offers in a manner that respects your reasonable expectations and does not override your rights and interests.
- Consent
In circumstances where consent is the appropriate or legally required ground—for example, for certain categories of electronic marketing, non‑essential cookies and similar technologies, or specific high‑impact app features. Where we rely on consent, you may withdraw it at any time; this will not affect processing that has already occurred, but may limit our ability to offer certain features or benefits thereafter.
Where the applicable legal basis is not self‑evident from context, we will clarify it upon reasonable request, subject to any applicable legal or confidentiality constraints.
We use personal data for purposes that are reasonably connected with operating, protecting, and enhancing the Services, including to:
- Respond to enquiries, design bespoke itineraries, present options aligned with your stated preferences and constraints, and manage the end‑to‑end booking lifecycle.
- Process payments, issue invoices and vouchers, manage refunds or credits, and perform reconciliations and internal accounting.
- Coordinate with suppliers and partners (for example, hotels, airlines, transport providers, and activity organisers) to ensure accurate and timely service delivery.
- Operate and secure user accounts, authenticate access, detect suspicious activity, and prevent, investigate or respond to fraud, misuse, or security incidents.
- Provide service‑related communications such as confirmations, reminders, itinerary changes, alerts, and support updates via email, SMS, WhatsApp, in‑app messages or push notifications.
- Personalize content and recommendations on the Platform, including destination suggestions, trip ideas and offers likely to be of interest based on your profile and past interactions.
- Conduct data analytics and modelling (typically on an aggregated, pseudonymised or otherwise minimised basis) to understand usage patterns, enhance our offerings, and inform commercial and operational strategy.
- Run promotions, referral programmes, surveys, feedback initiative sand other engagement mechanisms, and to communicate with you about these where permitted.
- Enforce our terms, protect our rights, interests and property, pursue or defend legal claims, and comply with binding legal obligations.
We do not engage in automated decision‑making that produces legal or similarly significant effects on you without appropriate human oversight or review.
The mobile application may request access to certain device‑level features. Such access is requested only to the extentnecessary to support specific functionalities, for example:
-Location (GPS): To provide proximity‑based suggestions (e.g., nearby airports, hotels or attractions),contextual prompts, and relevant offers.
- Camera and gallery / file storage: To scan or upload documents(such as passports or visas), capture photographs for your profile or trip, orstore itineraries and vouchers on your device.
- Microphone: To enable optional voice‑based input or assistance features, where available.
- Contacts: To facilitate the addition of co‑travellers or to share itinerary details; we do not access your contacts for bulk messaging or unrelated marketing without your express and granular consent.
- Notifications: To send time‑sensitive updates, alerts, reminders and select promotional communications.
Permissions can generally be managed or revoked at the device or operating‑system level. Disabling a permission may restrict the corresponding feature, but core booking and support functionality will remain accessible via at least one channel (for example, website or direct contact).
Payments made through the Platform are processed via integrated third‑party payment service providers (such as card acquirers, payment gateways, UPI apps, or wallets) that operate in compliance with applicable regulatory and industry security standards. Sensitive payment credentials are collected and processed directly by these providers and are not stored by us in full.
We retain transaction‑level data that is reasonably required for reconciliation, dispute resolution, refunds, tax and accounting purposes, and fraud‑management. In each case, we apply the principles of data minimisation and purpose limitation.
We use WhatsApp and, where appropriate, other messaging channels as structured extensions of our customer‑engagement and support framework. Typical uses include sharing itineraries and vouchers, addressing queries, sending reminders and alerts, and, where you have not opted out, informing you of relevant offers or content.
Where such channels are facilitated through official APIs or third‑party providers, they act under our instructions and subject to contractual confidentiality and security obligations. You may opt out of marketing‑oriented messages on these channels at any time (for example, by using prescribed keywords or by contacting us), although we may continue to send strictly transactional or service‑critical messages where permitted by law.
Our websites and applications use cookies and similar technologies to enable essential functions (such as maintaining sessions and security), and—where permitted—to improve performance, personalise content, and measure the effectiveness of our communications.
We also use analytics and marketing tools operated by third parties (for example, web and app analytics, attribution partners, and ad‑tech platforms) to understand how the Platform is used and to optimise our product and marketing efforts. These tools may set or read their own identifiers and receive limited information about your interactions with the Platform, subject to their own privacy commitments and applicable law.
In addition, we may deploy AI‑ or large‑language‑model‑enabled tools (for example, to assist with itinerary ideation, summarise options, or support our internal teams). Where personal data is processed by such tools, we do so under contractual safeguards that restrict the use of that data to our purposes and prevent it from being used to train general‑purpose models for the benefit of third parties, to the extent commercially and technically feasible.
To the extent required, we will seek your consent for non‑essential cookies and similar technologies and provide you with reasonable means to manage your preferences.
We do not sell personal data as a standalone commercial product. However, we may disclose personal data to the following categories of recipients, in each case on a need‑to‑know basis and subject to appropriate safeguards:
-Travel suppliers and on‑ground partners Hotels, airlines, transport operators, local hosts, visa or documentation facilitators, activity organisers and similar parties, to the extent necessary for them to provide the relevant component of your trip.
- Technology and infrastructure providers Cloud‑hosting providers, IT and security service providers, CRM and marketing platforms, communication and collaboration tools, analytics providers, and AI/LLM vendors, engaged to support the functioning and improvement of the Services.
- Payment and risk‑management partnersPayment gateways, banks, card schemes, fraud‑detection and risk‑scoring services, and chargeback‑management partners.
- Professional advisers and auditors External counsel, auditors, tax advisors and other professional service providers operating under duties of confidentiality.
- Corporate transactions Prospective or actual counterparties (and their advisors) in connection with any merger, acquisition, investment, restructuring or similar corporate transaction involving 30Sundays, subject to appropriate confidentiality and, where required, post‑closing notices or consents.
- Regulators, authorities and other third parties Governmental, regulatory or law‑enforcement authorities, courts, tribunals, and counterparties, where disclosure is required by applicable law, regulation, legal process or enforceable governmental request, or where we consider it reasonably necessary to protect our rights, interests, property, users or the public.
Where we engage third parties to process personal data on our behalf, we seek to put in place contractual terms that reflect appropriate data‑protection, confidentiality and security commitments.
Personal data is primarily hosted on infrastructure located in India or in data centres serviced by providers with a significant Indian footprint. That said, the inherently cross‑border nature of travel, cloud computing and modern tooling means that personal data may be transferred to, or accessed from, jurisdictions outside India (for example, where a supplier, group entity, or service provider is located or operates infrastructure overseas).
Where such cross‑border transfers occur, we endeavour to ensure that they are effected in compliance with applicable law and that the level of protection afforded to your personal data is not materially lower than that provided under this Privacy Policy. This may include entering into appropriate contractual arrangements, implementing technical safeguards (such as encryption and access controls), and limiting transfers to what is strictly necessary.
We retain personal data in identifiable form only for as long as necessary to fulfil the purposes for which it was collected, including:
- Providing the Services and administering your relationship with us.
- Meeting statutory retention periods applicable to financial and corporate records, tax filings, and other regulated documentation.
- Managing disputes, chargebacks, complaints, investigations and litigation within applicable limitation periods.
- Supporting legitimate business analytics and planning, typically using aggregated, pseudonymised or otherwise minimised data sets.
Once personal data is no longer required for these purposes and there is no independent legal or legitimate‑interest basis for further retention, we aim to delete it securely or irreversibly de‑identify it, subject to residual back‑ups maintained for disaster‑recovery and business‑continuity purposes.
Subject to applicable law and certain limitations, you may have the following rights in relation to your personal
- The right to know what personal data we collect and process about you and to request a reasonable summary thereof.
- The right to request correction of inaccurate or incomplete personal data (for example, incorrect spellings on travel documents).
- The right to withdraw consent in respect of processing activities that rely on consent, such as particular forms of marketing or certain cookies.
- The right to request deletion of personal data that is no longer necessary for the purposes for which it was collected and is not required to be retained by law or for legitimate business purposes.
- The right, in certain cases, to object to or request restriction of processing based on legitimate interests, where your specific circumstances so warrant.
- The right to escalate unresolved grievances to the competent data‑protection or sectoral authority, where such mechanisms exist.
To exercise any of the above rights, you may contact us using the details in Section 18. For your protection and that of others, we may need to verify your identity and, where your request relates to third‑party data (for example, co‑travellers), your authority to act on their behalf.
Our Services are primarily designed for adults. We do not knowingly solicit or intentionally collect personal data from children under 16 years of age without appropriate consent from a parent or legal guardian, where required by applicable law.
If you believe that we may inadvertently have collected personal data relating to a child in a manner inconsistent with this Privacy Policy or applicable law, you should contact our Grievance Officer so that we can review and, where appropriate, delete or suitably limit processing of such data.
While no system can guarantee absolute security, we maintain a layered security programme designed to protect personal data against unauthorised access, use, alteration, disclosure or destruction. Indicative measures include:
- Encryption of data in transit over public networks and, where appropriate, at rest. - Access controls, including role‑based permissions and logging, for systems that host or process personal data.
- Regular updating and patching of key infrastructure and applications.
- Internal policies, training and awareness mechanisms for personnel who handle personal data.
- Vendor‑management practices aimed at ensuring that service providers with access to personal data maintain appropriate security standards.
- Incident‑response procedures to investigate, contain and, where required by law, notify relevant stakeholders of material security events.
Where an incident is likely to result in a material risk to your rights or interests, we will take steps consistent with applicable legal requirements to inform you and any relevant authorities.
We may amend this Privacy Policy from time to time to reflect changes in law, technology, our business operations, or industry practices. Any material changes will, where practicable, be notified to you through the Platform, by email, or by other appropriate means.
Unless stated otherwise, the revised Privacy Policy will take effect from the “Last Updated” date indicated below. Your continued use of the Services after such date will constitute your acknowledgement of the revised Policy.
For any queries, requests or complaints relating to this Privacy Policy or our handling of personal data, you may contact us at:
Registered Office (Legal Correspondence) Brance Technologies Private Limited
K‑19, Ground Floor, Hauz Khas Enclave
South Delhi, New Delhi – 110016, India
Corporate / Operational Office (30 Sundays) Brance Technologies Private Limited (30 Sundays)
1st & 2nd Floor, Plot No. 130, Sector 44
Gurugram, Haryana – 122003, India
Grievance Officer / Data Protection Contact
Name: Nishant Dixit
Designation: Grievance Officer / Data Protection Contact
Email:grievanceoffice@30sundays.clubPhone: +91- 9266743840
For general booking or service‑related queries that are not primarily about privacy, please write to:
Email:
contact@30sundays.club
We endeavour to acknowledge and resolve privacy‑related grievances within timelines prescribed under applicable law and, in any event, within a commercially reasonable period.
.svg)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
