+91 98765 43210  |  support@ihh.com Verified Buyers & Suppliers Only  |  Pan India
Privacy Policy

Privacy Policy

We are committed to protecting your personal data and your privacy. Please read this policy carefully.

Last Updated: 01 March 2025
Home / Privacy Policy
Sections
Questions? Contact us

Please Read Carefully

By accessing or using indiahospitalityhub.com, you acknowledge that you have read, understood and agreed to this Privacy Policy. If you do not agree, please discontinue use of this platform immediately. This policy is a legally binding document under the Indian Contract Act, 1872.

1 Overview

This Privacy Policy describes how India Hospitality Hub ("IHH", "we", "us" or "our"), operated at indiahospitalityhub.com, collects, uses, stores, shares and protects personal data of users ("you") of our platform.

This policy applies to all users of IHH including registered sellers, buyers who submit enquiries, and visitors who browse the platform. It covers data collected through our website, mobile browser and any associated communications.

This Privacy Policy is published in compliance with:

  • Digital Personal Data Protection Act, 2023 (DPDP Act)
  • Information Technology Act, 2000 — Section 43A (Reasonable Security Practices)
  • IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
  • Indian Contract Act, 1872

2 Data Controller (Data Fiduciary)

Under the DPDP Act 2023, the Data Fiduciary responsible for your personal data is:

Platform Name: India Hospitality Hub
Website: indiahospitalityhub.com
Registered Address: New Delhi, India — 110001

3 Personal Data We Collect

We collect only the minimum data necessary ("data minimisation principle") to operate the marketplace. We collect data in the following situations:

Seller Registration Data

When a seller registers an account

  • Full name, email address, mobile number
  • Company name, business type (manufacturer/wholesaler/trader)
  • GST number, PAN number
  • Business address, city, state, pincode
  • Business description, logo, profile photo
  • Bank account details (for subscription billing)
  • Identity documents: GST certificate, PAN card, Aadhaar, shop photos

Buyer Enquiry Data

When a buyer submits an OTP-verified enquiry

  • Full name
  • Mobile number (OTP-verified)
  • Email address (optional)
  • Requirement / message text
  • Product and seller the enquiry was sent to
  • Timestamp of enquiry

Contact Form Data

When a user submits the Contact Us form

  • Full name, email address, mobile number (optional)
  • Subject and message content
  • User type (buyer/seller/partner)

Automatically Collected Data

Automatically when you use the platform

  • IP address and approximate location
  • Browser type, device type, operating system
  • Pages visited, time spent, referring URL
  • Search queries on the platform
  • Cookie identifiers (see Section 9)

Sensitive Personal Data: Bank account details, Aadhaar and PAN information are classified as Sensitive Personal Data or Information (SPDI) under IT Rules 2011. This data is encrypted at rest and access is strictly restricted to authorised personnel only.

4 How We Use Your Personal Data

We use personal data only for the purposes for which it was collected, with your consent or as permitted by law. Specifically:

Purpose Data Used Legal Basis
Account creation & verification Name, email, mobile, OTP Consent + Contract
Seller identity verification GST, PAN, Aadhaar, documents Legal obligation + Consent
Delivering buyer enquiries to sellers Name, mobile, email, requirement Consent (OTP verified)
Sending email/SMS notifications Email, mobile Consent + Contract
Processing subscription payments Bank details, billing info Contract + Legal obligation
Customer support & grievance handling All relevant data Legal obligation
Platform security & fraud prevention IP, device, usage data Legitimate interest
Platform analytics & improvement Anonymised usage data Legitimate interest
Legal compliance & court orders Any required data Legal obligation

We will NEVER: Sell your personal data to third parties. Send you unsolicited marketing without your explicit consent. Use your data for any purpose not listed in this policy without updating this policy and notifying you.

5 Data Sharing & Disclosure

We do not sell, rent or trade your personal data. We share data only in the following limited circumstances:

Between Buyers and Sellers

When a buyer submits an OTP-verified enquiry, their name, mobile number and requirement are shared with the specific seller of that product. The seller receives this as a lead notification. By submitting an OTP-verified enquiry, the buyer explicitly consents to this sharing.

Authorised Service Providers (Data Processors)

We share data with trusted third-party service providers who help us operate the platform, including: email delivery (SendGrid), payment processing (Razorpay), server hosting (DigitalOcean). These providers are contractually bound to process data only as instructed by IHH and may not use it for their own purposes.

Legal Compliance & Government Authorities

We may disclose personal data if required by Indian law, court order, government directive or to comply with requests from law enforcement agencies. This includes compliance with the IT Act 2000, DPDP Act 2023 and any applicable regulations. We will notify affected users of such disclosures where permitted by law.

Protection of Rights

We may disclose data to protect the rights, property or safety of IHH, our users or the public — including sharing information to prevent fraud, abuse or illegal activity on the platform.

6 Data Retention

We retain personal data for as long as necessary for the purposes described in this policy, or as required by Indian law — whichever is longer.

Data Type Retention Period Reason
Active seller account data Duration of account + 3 years Legal & accounting compliance
Buyer enquiry / lead data 2 years from submission Platform operations & dispute resolution
Payment & billing records 8 years GST & Income Tax Act requirements
KYC / identity documents 5 years post account closure AML & regulatory compliance
OTP verification logs 90 days Security audit trail
Contact form submissions 1 year Support operations
Server & access logs 90 days Security & fraud prevention
Anonymised analytics data Indefinite Platform improvement (no personal data)

After the applicable retention period, personal data is securely deleted or anonymised.

7 Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023, you have the following rights regarding your personal data:

Right to Access

Request a summary of the personal data IHH holds about you and how it is being processed.

Right to Correction

Request correction of inaccurate, incomplete or outdated personal data.

Right to Erasure

Request deletion of your personal data, subject to legal retention requirements and ongoing contractual obligations.

Right to Withdraw Consent

Withdraw your consent for data processing at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

Right to Grievance

File a complaint with our Grievance Officer if you believe your data rights have been violated. Escalation to the Data Protection Board of India is available.

Right of Nominees

In the event of your death or incapacity, your designated nominee may exercise these rights on your behalf as per DPDP Act 2023.

How to exercise your rights: Email privacy@indiahospitalityhub.com from your registered email address with the subject line "Data Rights Request — [Your Name]". We will acknowledge your request within 72 hours and respond within 30 days as required by the DPDP Act 2023.

8 Data Security

We implement technical and organisational security measures as required under Section 43A of the IT Act 2000 and the IT (Reasonable Security Practices) Rules 2011:

SSL/TLS Encryption
All data in transit is encrypted via HTTPS/SSL.
Password Security
Passwords are hashed using bcrypt. We never store plain-text passwords.
Sensitive Data Encryption
Documents and bank details are encrypted at rest.
OTP Authentication
All critical actions require OTP verification.
Secure Hosting
Platform is hosted on secured cloud servers with firewalls and access controls.
Access Controls
Data access is restricted to authorised personnel on a need-to-know basis.
Important: Despite our best efforts, no internet-based platform can guarantee 100% security. In the event of a data breach that is likely to cause harm, we will notify affected users and the Data Protection Board of India as required by law, within the prescribed timeframe.

9 Cookies & Tracking

IHH uses cookies and similar technologies to operate the platform and improve your experience. We use the following types of cookies:

Essential / Session Cookies Required

These are strictly necessary for the platform to function — maintaining your login session, storing form data temporarily, CSRF security tokens. Cannot be disabled.

Analytics Cookies Optional

Used to understand how users interact with the platform — pages visited, time spent, search terms. Data is anonymised and aggregated. You may opt out.

Preference Cookies Optional

Used to remember your preferences such as filters and settings. You may opt out.

You can control cookies through your browser settings. Disabling essential cookies will affect platform functionality.

10 Children's Privacy

IHH is a B2B platform intended exclusively for business use by adults. We do not knowingly collect personal data from persons under the age of 18 years.

If you are under 18, please do not register on this platform or submit any personal information. If we become aware that we have collected data from a minor, we will delete it immediately. If you believe a minor has submitted data, please notify us at privacy@indiahospitalityhub.com.

11 Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements or other factors.

When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Send an email notification to all registered sellers
  • Display a prominent notice on the platform for at least 7 days

Continued use of the platform after the effective date of a revised policy constitutes your acceptance of the changes.

12 Grievance Officer

As mandated by the IT (Intermediary Guidelines) Rules 2021 and the DPDP Act 2023, we have designated a Grievance Officer to address privacy-related complaints:

Designated Grievance Officer
India Hospitality Hub
Postal Address: Grievance Officer, India Hospitality Hub, New Delhi — 110001, India
Acknowledgement: Within 24 hours of receipt
Resolution: Within 15 days as per IT Rules 2021

If your grievance is not resolved satisfactorily, you may escalate to the Data Protection Board of India once constituted under the DPDP Act 2023.

13 Contact Us About Privacy

For any questions, requests or concerns regarding this Privacy Policy or your personal data, please contact us:

Privacy Requests
Response: Within 72 hours
Resolution: Within 30 days
General Support
Phone: +91 98765 43210
Hours: Mon–Sat, 9am–6pm IST