Last Modified: as on 22nd July, 2025

Background

1. At Aarna XP Private Limited, (hereinafter referred to as “Aarna” or “We/we” or “Us/us”, and shall include its successors and permitted assigns), protecting your private information is our priority. 

2. This privacy and cookie policy (“Policy”) applies to the Platform (as defined) and governs data collection and usage from you in accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (“SPDI Rules”) under Information Technology Act, 2000 (“IT Act”), the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”) and such  other equivalent / similar legislations, as applicable. The terms ‘Information’, ‘Data’, ‘Personal Information’ and ‘Personal Data’ are used interchangeably under this Policy. For the purposes of this Policy, unless otherwise noted, all references to Aarna include website “https://aarna.global/” and the mobile application “Aarna” (collectively, the “Platform”).    

3. Your use of our Platform is subject to our Terms of Use, available at the Platform. By using the Platform, you consent to the data practices described in this Policy. If you do not agree with this Policy, please do not use the Platform or provide us with any Information. This Policy does not apply to (i) other websites, software applications, and other online properties and services that do not link to this Policy; and (ii) any other collection, use or disclosure of data other than via the Platform.

   
   

Meaning

1. The term “Information” shall mean any personally identifiable information including but not limited to name, gender, mobile number, phone number, email, date of birth, any identity proof issued by the government, location, et cetera.

2. The term Information includes ‘Sensitive Personal Data or Information’ which includes, (a) password, (b) financial information such as bank account or credit card or debit card or other payment instrument details, (c) physical, physiological and mental health condition, (d) sexual orientation, (e) medical records and history, (f) biometric information, (g) your current and past remuneration or salary details, (h) any detail provided to Aarna in furtherance to providing services, and (i) any of the information received by Aarna for processing, information stored or processed under lawful contract or otherwise, including the Internet Protocol (“IP”) address, browser type, Internet Service Provider (“ISP”) (collectively, the “Information”).

3. The term “You/you” or “Your/your” or “Yourself/yourself”’ shall refer to any user accessing the Platform.

Applicability

1. This Policy is limited in its applicability only to your use of the Platform.

2. This Policy describes the manner in which Aarna collects, uses/processes, stores and discloses your Information, and the choices you have with respect to the manner in which Aarna ought to be dealing with your Information.

General Consent 

1. You agree to provide your express consent for Aarna to collect, process, store, share and purge the Information submitted by you. Aarna updates this Policy from time to time. Your continued use of the Platform posts the changes shall be deemed to be your acceptance of those changes made in this Policy. 
   
   

Consent by Minor 

1. We do not knowingly collect or solicit personally identifiable information from minors. If you are under the age of 18 (eighteen) or below the age permitted under applicable local laws, you must seek permission from a parent or guardian to use this website.

2. The Platform is intended for use only by individuals who are 18 years of age or older. By accessing or using the Platform, you represent and warrant that you meet the legal age requirement under applicable law. 

3. In the event of discovery of incorrect or inadequate Information, Aarna shall have the sole discretion to remove the Information from its system and abstain you from visiting the Platform without any notice.

Collection and Use of Information

1. In order to better provide you with the services offered on the Platform, Aarna will collect Information that may be personally identifiable to you as defined under this Policy. You acknowledge that any Information provided by you shall be true, correct, accurate and up-to-date. Furthermore, Aarna may collect information related to device information, communications, protected classifications, commercial information, usage data, geolocation data, audio, video and other electronic data, profiles and inferences.

2. We do not collect any Personal Information about you unless you voluntarily provide it to us. However, you may be required to provide certain Personal Information to us when you elect to use certain services available on the site. These may include:

   1. registering for an account on our Platform; 

   2. accessing and submitting managed or unmanaged experiences on our Platform;

   3. signing up for managed experiences through our Platform; 

   4. making orders and payments through our Platform in order to process your payment, order or refund, fulfill your order, including name, billing and shipping address and details, payment type, as well as credit card number or other payment account details (e.g., PayU);

   5. marketing and surveys;  

   6. mobile applications; and/or

   7. sending us emails or other communications or requests. 

3. When the Aarna mobile application is installed on your phone or tablet, a list of permissions appear and are needed for the app to function effectively. There is no option to customize the list. The permissions that the application requires and the data that shall be accessed and its use is as below:

Android Permissions:

1. Device & App history: We need your device permission to get information about your device, like OS (operating system) name, OS version, mobile network, hardware model, unique device identifier, preferred language, etc. Basis these inputs, we intend to optimize your travel booking experience, use OS specific capabilities to drive great in-funnel experiences using components of device’s OS, etc.

2. Camera: This permission enables you to use your camera from within the application to upload a new profile picture, upload an image for sharing hotel reviews and also allows you to take videos to upload as video reviews on our application. This permission will also enable you to scan QR codes for easy UPI payments.

3. Identity: This permission enables us to know about details of your account(s) on your mobile device. We use this info to auto-fill your email ID’s and provide a typing free in-funnel experience. It helps us map email ID’s to a particular user to give you the benefit of exclusive travel offers, wallet cash-backs, etc. 

4. Location: This permission enables us to give you the benefit of location specific deals and provide you a personalized in-funnel experience. When you launch Aarna app to make a travel booking, we auto-detect your location so that your nearest airport or city is auto-filled. We also require this permission to recommend you nearest hotels in case you are running late and want to make a quick last minute booking for the nearest hotel. Your options are personalized basis your locations. For international travel, this enables us to determine your time zone and provide information accordingly.

5. SMS: If you allow us to access your SMS, we read your SMS to autofill or prepopulate ‘OTP’ while making a transaction and to validate your mobile number. This provides you a seamless purchase experience while making a booking and you don’t need to move out of the app to read the SMS and then enter it in the app.

6. Phone: The app requires access to make phone calls so that you can make phone calls to hotels, airlines and our customer contact centres directly through the app.

7. Contacts: If you allow us to access your contacts, it enables us to provide a lot of social features to you such as sharing your hotel/ flight/ holidays with your friends, inviting your friends to try our app, send across referral links to your friends, etc. We may also use this information to make recommendations for hotels where your friends have stayed. This information will be stored on our servers and synced from your phone.

8. Photo/ Media/ Files: The libraries in the app use these permissions to allow map data to be saved to your phone's external storage, like SD cards. By saving map data locally, your phone doesn't need to re-download the same map data every time you use the app. This provides you a seamless Map based Hotel selection experience, even on low bandwidth network.

9. Wi-Fi connection information: When you allow us the permission to detect your Wi-Fi connection, we optimize your experience such as more detailing on maps, better image loading, more hotel/ flights/ package options to choose from, etc.

10. Device ID & Call information: This permission is used to detect your Android ID through which we can uniquely identify users. It also lets us know your contact details using which we pre-populate specific fields to ensure a seamless booking experience.

11. Calendar: This permission enables us to put your travel plan on your calendar.

12. Bluetooth: This permission enables us to provide you services of the third parties that make available certain features of their products/services on our application. The permission specifically enables our third party service providers whose services you book on the application to permit you to lock and unlock your self-driven vehicles seamlessly.

13. Video/Audio: This permission enables you to upload videos on our application or to submit video reviews of your hotel/property stays and thereby providing you with new ways of providing reviews of your experience on our application. The audio permission enables us to ensure that the video content that you upload has a clear audio in its background.

14. Phone Number: We need the permission of access to phone number to provide a seamless login experience, to optimise your travel booking experience and to enable you to obtain UPI services and to prevent fraud in some cases on our application.

15. IMEI/IMSI: This permission enables us to identifying different users uniquely and helps us to prevent frauds on our application.

16. Subscription Information: Your subscription information enables to provide you a seamless experience depending upon your network and to optimise the application’s performance. In addition, this also enables us in providing to you the train status even in an offline mode and additionally even in a no network area you can get fully aware of the status of the train you want to search for.

17. SIM Serial Number: This permission enables us to read your sim serial number and helps us in authenticating your mobile number for UPI registration. It helps us to ensure that the mobile number you are using is actually present on your device that you are using to register for UPI.

IOS Permissions:

1. Notifications: If you opt in for notifications, it enables us to send across exclusive deals, promotional offers, travel related updates, etc. on your device. If you do not opt for this, updates for your travel like PNR status, booking confirmation, refund (in case of cancellation), etc. will be sent through SMS.

2. Contacts: If you opt in for contacts permission, it enables us to provide a lot of social features to you such as sharing your hotel/ flight/ holidays with your friends, inviting your friends to try our app, send across referral links to your friends, etc. We will also use this information to make recommendations for hotels where your friends have stayed. This information will be stored on our servers and synced from your phone.

3. Location: This permission enables us to give you the benefit of location specific deals and provide you a personalized in-funnel experience. When you launch our app to make a travel booking, we auto-detect your location so that your nearest Airport or City is auto-filled. We require this permission to recommend your nearest hotels in case you are running late and want to make a quick last-minute booking for the nearest hotel. Your options are personalized basis your locations. For international travel, this enables us to determine your time zone and provide information accordingly.

The Information that you share with Aarna shall be kept strictly confidential. The Information along with all supporting documents submitted by you shall be used for the limited purpose of: 

1. providing / administering services and contacting you in such regard; 

2. storing and continuing billing your preferred payment method (e.g. credit card) even after it has expired, to use to pay other paid services you may purchase;

3. enable your access in order to use the services including delivering mobile and/or email notifications like one-time passwords, providing confirmations, alerts, updates, recommended jobs, et cetera; 

4. seeking or publishing your feedback regarding our services;

5. responding to your queries, requests and legitimate claims along with resolving any issues;

6. keeping you informed or update you on various services;

7. sending you such information that may be of interest to you;

8. archiving / backing up information;

9. cooperating with government and regulatory authorities, judicial, quasi-judicial, or regulators in accordance with our legal obligations under applicable laws to the extent required; 

10. notifying you (upon our reasonable belief or otherwise) of any violation of any 3rd party rights, law, agreements and/or policies;

11. sharing your data with trusted partners to help perform statistical analysis;  

12. conducting research and perform analysis in order to measure, maintain, protect, develop and improve our services;

13. monitoring aggregated metrics such as total number of visitors and traffic; sending you marketing communications with respect to Platform, other products and services of Aarna and / or its affiliated group companies; and 

14. sending you mails or contacting you for various customer satisfaction surveys, market research, promotional activities or in connection with certain transactions.

Aarna shall take all reasonable measures as prescribed under law to prevent unauthorized access and misuse of your Information. However, Aarna shall not be responsible for any such unauthorized access and misuse of your Information by unauthorized persons despite having taken all such measures. 

Data Sharing & Data Access

1. Aarna shall not use your Information for any purpose other than in furtherance to providing its services.

2. The employees of Aarna shall only have read-only access to your Personal Information. 

3. Aarna may share the Information in the following instances: 

   1. upon serving you a “prior notice”, to its successors or permitted assigns as permitted under law and/or to its subsidiary; 

   2. upon taking your express written “prior consent” and on “need to know” basis, with its business partner in furtherance to providing the services including for verification of your credentials / profile;

   3. upon your request to share applications with recruiters; and

   4. to any judicial, quasi-judicial, regulatory, statutory and/or any government agency pursuant to any legal requirement. 

Data Transfer 

1. Aarna may, from time to time, expand or reduce its business and this may involve the sale and or transfer of control of all or part of Aarna. The Information provided shall, where it is relevant to any part of the business so transferred, be transferred along with that and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Information for the purposes for which it was originally given to Aarna. 

2. Aarna may also disclose the Information to a prospective purchaser of its business or any part of it. Data may be transferred to or from different jurisdictions and we will take steps to ensure that privacy is protected.  

Public Data 

1. It is clarified that any Information that is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005, or any other law for the time being in force, shall not be regarded as Information for the purposes of IT Act, 2000 and the SPDI Rules.

2. Aarna shall not be responsible in any manner of whatsoever nature for any unauthorized use, violation or misuse of such Information. 

   
   

Data Retention and Storage 

1. Aarna shall retain your Information for a minimum period of 5 (five) years and/or for such periods as may be prescribed by law from time to time. 

2. In the event that Aarna is unable to process the Information submitted by you for any reason whatsoever, the same shall be deleted unless otherwise required under law and/or as may be required for any internal or external audit purposes. 

3. Aarna is committed to complying with applicable laws to ensure that all measures prescribed by law, are taken for storing the Information in order to ensure that such Information is safe and secure. 

Data Purging 

1. Aarna has necessary policies, mechanism and tools in place to ensure all the Information that are collected and stored are deleted as soon as the purpose as described in this Policy is completed, unless it is mandated by law to be maintained by Aarna. 

2. Any data destroyed shall be disposed of in a manner that protects the privacy of your Information, in an appropriate manner as per the industry standard practices and norms.

Your Rights 

1. For residents of India, the IT Act and SPDI Rules shall apply and your rights shall include:

   1. Aarna shall be happy to make corrections to your Information upon your written request. 

   2. You have the right to ‘opt out’ of providing Information and may withdraw the ‘Consent’ expressly in writing to support@aarna.global

2. For residents of European Union and United Kingdom, the GDPR shall apply. The GDPR requires a legal basis for us to use your Personal Information. Kindly note that the legal justification may vary depending on the specific purpose for which we use your Personal Information. You have the following rights with respect to your Personal Information:

   1. `Right to Access: You have the right to request for a copy of, or access to your Personal Information held by us. You may be required to prove your identity before providing the requested information.

   2. Right to Rectification: You have the right to direct the Company to rectify any inaccurate or incomplete Personal Information. 

   3. Right to Deletion: You have the right to request the Company to delete your Personal Information to the extent Diligent is not required to retain such data in order to comply with a legal obligation.

   4. Right to Restriction of Processing: You have the right to restrict the Company from processing your Personal Information.

   5. Right to Data Portability: You have the right to request the Company to transfer your Personal Information to another data controller to the extent possible.

   6. Right to Object: You have the right to object to any processing of your Personal Information carried out on the basis of our legitimate interests.

   7. Right to Withdrawal of Consent: If you have consented to the processing of your Personal Information by the Company, you have the right to withdraw your consent at any time.

   8. You can exercise the rights described above, by writing an email to support@aarna.global

3. For residents of United States of America, the CCPA shall apply and your rights shall include:

   1. You have the right to access the categories of Personal Information that we hold about you.

   2. You have the right to make corrections to your Personal Information upon your written request. 

   3. You have the right to request that we delete your Personal Information in certain circumstances, such as when it is no longer required for the purpose for which it was originally collected.

   4. Right to opt-out of sale or sharing of Personal Information. We do not sell or share your Personal Information with third parties, as those terms are defined under the CCPA.

   5. You have the right to protect against waiver of your rights.

   6. You have the right against discrimination because you exercised the rights available to you.

   7. You can exercise the rights described above by writing an email to support@aarna.global

International Transfer of Data

1. In the process of providing you the services, Aarna may transfer your Personal Information and other data that it collects to affiliated entities, within or outside the European Economic Area (“EEA”), which is duly permitted under the applicable laws governing data protection and privacy.

2. In the event, we transfer your Personal Information to countries outside of the EEA or the United Kingdom, we ensure that such Personal Information is transferred in accordance with this Policy and as permitted by the applicable laws on data protection and privacy.

3. Kindly note that we rely on European Commission adequacy decisions or use contracts with standard safeguards published by the European Commission and similar measures under the laws in United Kingdom for such transfers.

4. The Company shall ensure adequate level of protection by entering into Standard Contractual Clauses for the transfer of data as approved by the European Commission under Article 46 of the GDPR, or the Company shall seek your prior consent to such international data transfers.

Data Security

1. Aarna secures your Personal Information from unauthorized access, use, or disclosure. 

2. When Personal Information is transmitted to other websites, it is protected through encryption. We strive to take appropriate security measures to protect against unauthorized access to or alteration of your Personal Information.

3. Aarna shall endeavor to take reasonable measures to prevent unauthorized access to and improper use of your Information. It shall adopt all the suitable measures to diagnose any problems with its server and to administer the application including by blocking certain addresses that it feels are inappropriately using its application. In the event of any breach or attempted breach by any third party, Aarna shall endeavor to rectify the problems as soon as possible.

4. Aarna may collect the following information:

1. anonymous data from every visitor of the Platform to monitor traffic and fix bugs which includes (without limitation) information like web requests, the data sent in response to such requests, the Internet Protocol address, the browser type, the browser language, unique identifiers of the device through which the application is accessed, such as VPN, information of Wi-Fi connectivity and a timestamp for the request; and

2. log file information is automatically reported by your browser each time the application is viewed. The server supporting the application logs may include information such as web request, Internet Protocol (“IP”) address, Analytical Code, Geo Stamp, browser type, browser language, referring/exit pages and Universal Resource Locators (“URL”), platform type, number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular page, the date and time of the request (“Log File Information”). Such Log File Information collected is not associated with any Personal Information and is only tagged to the unique identifier for a particular device.

Liability 

1. Aarna shall in no manner be liable for any violation under this Policy, if the Information, 

   1. is already available in public domain; or 

   2. is collected by way of any illegal and unlawful means; or

   3. is provided by any person who is incompetent under Section 11 of Indian Contract Act, 1872. 

Tracking User Behavior

1. Aarna may keep track of the websites and pages our users visit within the Platform to determine what Aarna services are the most popular. This data is used to deliver customized content and advertising within the Platform to customers whose behavior indicates that they are interested in a particular subject area.

Use of Cookies

1. Aarna’s Platform may use “cookies” to help you personalize your online experience. A cookie is a text file placed on your hard disk by a web page server. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. Cookies help improve your experience by enabling the services to remember your actions and preferences over time. Cookies cannot be used to run programs or deliver viruses to your computer.

2. We use cookies and similar technologies across our Platform, including:

   1. First-party cookies placed by us.

   2. Third-party cookies set by analytics or advertising partners.

   3. Mobile device identifiers on the application for app analytics and targeted advertising.

3. We categorize cookies into the following types:

   1. Strictly Necessary Cookies. These cookies are essential for our services to function correctly. They enable core features like user login, security, network management, and accessibility. Without these cookies, certain services or functionalities may be unavailable.

   2. Performance Cookies. These cookies collect aggregated, anonymous data on how users interact with our services. They help us understand and improve performance, such as which pages or screens are most visited and if any errors occur.

   3. Functionality Cookies. These cookies help personalize your experience by remembering your preferences (e.g., language or region). They enhance usability but are not strictly necessary for the services to function.

   4. Analytical Cookies. These cookies track user activity across pages or screens. We use the data to analyze trends, understand user behavior, and tailor content or ads based on interests. This may include profiling and targeting, subject to your consent.

4. We use Google Analytics to collect information about your use of the services. This data helps us understand user behavior and improve our services. Visit: https://tools.google.com/dlpage/gaoptout to opt out of Google Analytics tracking. If you use multiple devices or browsers, you’ll need to opt out separately on each device or browser.

5. On the Aarna mobile application, we may use mobile identifiers (e.g., Android Advertising ID or Apple IDFA) and software development kits (SDKs) for analytics and ad targeting. These function similarly to cookies.

6. We respect your right to privacy and offer you tools to control cookie preferences on our Platform.

7. We may integrate third-party services such as social media widgets, ad networks, and analytics tools. These third parties may place cookies or use similar technologies on your device. We are not responsible for the cookie practices of such third parties.

Email Communications

1. From time to time, Aarna may contact you via email to provide announcements, promotional offers, alerts, confirmations, surveys, and/or other general communication. To improve our products and/or services, we may receive a notification when you open an email from us or click on a link therein provided.

2. If you would like to stop receiving marketing or promotional communications via email from Aarna, you may opt-out of such communications by clicking on the ‘UNSUBSCRIBE’ button.

External Data Storage Sites

1. We may store your data on servers provided by third-party hosting vendors that we have contracted with.

Information from Third Parties

We may collect, process and store your user ID associated with any social media account (such as your Facebook and Google account) that you use to sign into the Services or connect with or use with the Services. When you sign in to your account with your social media account information, or otherwise connect to your social media account with the Services, you consent to our collection, storage, and use, in accordance with this Policy, of the information that you make available to us through the social media interface. This could include, without limitation, any information that you have made public through your social media account, information that the social media service shares with us, or information that is disclosed during the sign-in process. Please see your social media provider's privacy policy and help center for more information about how they share information when you choose to connect your account.

We may also obtain information about you from third parties such as partners, marketers, third-party websites, and researchers, and combine that information with information which we collect from or about you.

Anonymous or De-Identified Data

We may anonymize and/or de-identify information collected from you through the Services or via other means, including via the use of third-party web analytic tools as described below. As a result, our use and disclosure of aggregated and/or de-identified information is not restricted by this Policy, and it may be used and disclosed to others without limitation.

Changes To This Policy

1. Aarna reserves the right to amend this Policy from time to time as may be required under law. 

2. We will notify you about significant changes in how we treat Personal Information by sending a notice to the primary email address specified in your account, placing a prominent notice on our site, and/or by updating any privacy information on this page. Your continued use of the site and/or services available through this site after such modifications will constitute your:

   1. Acknowledgment of the modified Policy.

   2. Agreement to abide and be bound by that Policy.

GRIEVANCE REDRESSAL

1. Raising a Complaint: All grievances by you should be addressed in writing to us at support@aarna.global. Alternatively, you may give a call at 040 418-92928 during the business hours between 10 a.m. to 7 p.m. between Monday through Friday (except national holidays, public holidays and government declared holidays). Your complaint or query shall be replied to within 48 (forty-eight) business hours of its receipt. Any follow-up question shall also be answered within 48 (forty-eight) business hours of its receipt. Our team will then work to resolve the complaint and take appropriate action required for such resolution. 

2. Grievance Officer: A designated grievance officer shall endeavor to resolve your grievances within a month of receipt of the complaint. The complaints in this regard may be addressed to the address mentioned below:

Name: [●]

Designation: Grievance Officer

Email ID: grievanceofficer@aarna.global 

Contact Information

1. Aarna welcomes your questions or comments regarding this Policy at support@aarna.global and contact number : 040 418-92928

2. Aarna Data Protection Officer is responsible for monitoring compliance with relevant legislation in relation to the protection of personal data. Please contact us at dpo@aarna.global 

3. You can contact us for any concerns or questions about your personal information, those we process or store.