Privacy Policy

Rezolv Hospitality LLP (“Rezolv”, “we”, “us” or “our”) is committed to protecting the personal data it processes and to handling such data responsibly and securely. Rezolv recognises the importance of privacy and the trust placed in it by individuals whose personal data is collected through its website and related online interfaces.

This Privacy Policy has been prepared in accordance with the Digital Personal Data Protection Act, 2023 and applicable rules thereunder, and describes how Rezolv collects, uses, stores, and safeguards personal data.

Rezolv processes personal data lawfully, fairly, and transparently, and only for purposes that are clearly identified and communicated at or before the time of collection. Personal data is limited to what is necessary for such purposes and is not used in a manner inconsistent with them.

Rezolv adopts a privacy-by-design approach by implementing appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or disclosure, and by restricting access to personal data to authorised personnel and service providers on a need-to-know basis.

Rezolv periodically reviews its privacy practices to ensure continued compliance with applicable data protection laws and to reflect changes in its operations and regulatory requirements.

This Privacy Policy applies solely to the processing of personal data collected by Rezolv through its website and related online interfaces operated and controlled by Rezolv.

In particular, this Privacy Policy governs personal data that is:

• voluntarily submitted by individuals through online inquiry, contact, or information request forms made available on the website; and
• collected automatically through the website by means of cookies, log files, and similar technologies, in accordance with the purposes described in this Privacy Policy.

This Privacy Policy applies to such processing irrespective of the geographic location of the individual, in accordance with applicable Indian data protection laws, where personal data is collected through and in connection with the use of Rezolv's website and is processed by Rezolv in its capacity as a data fiduciary.

This Privacy Policy does not apply to the processing of personal data carried out by Rezolv on behalf of its airline, transportation, or other enterprise clients, where such processing is undertaken pursuant to contractual arrangements and operational requirements.

Without limitation, this Privacy Policy does not govern personal data that is:

• provided to Rezolv by airline or enterprise clients for the purpose of delivering operational services, including but not limited to crew accommodation, passenger assistance, transport coordination, or disruption management;
• processed by Rezolv strictly in accordance with the documented instructions of such clients, in its capacity as a data processor; or
• collected, transmitted, or processed through operational platforms, enterprise systems, application programming interfaces (APIs), mobile applications, or communication and messaging platforms used for the delivery of client services.

Such processing activities are governed by:

• the privacy notices and policies issued by the relevant airline or enterprise client to their employees, passengers, or other individuals; and
• the data processing agreements or contractual arrangements entered into between Rezolv and the relevant client.

Individuals whose personal data is processed by Rezolv in this capacity are advised to refer to the privacy notices of the relevant client for information regarding the purposes of processing, legal basis, rights available to them, and grievance redressal mechanisms applicable to such processing.

For the purposes of this Privacy Policy, the following terms shall have the meanings set out below. These definitions are intended to be read in a plain and practical manner and shall be interpreted in accordance with the Digital Personal Data Protection Act, 2023.

“Personal Data” means any data or information that relates to an identifiable individual. An individual is considered identifiable if they can be identified directly or indirectly by reference to such data, either by itself or in combination with other information available to Rezolv. Personal Data includes, by way of example, contact details and professional information submitted through the website, but does not include data that has been irreversibly anonymised.

“Data Principal” means the individual to whom the Personal Data relates. In the context of this Privacy Policy, a Data Principal refers to any individual who submits Personal Data through Rezolv's website or whose Personal Data is otherwise collected through the website in accordance with this policy.

“Data Fiduciary” means any person or entity that alone or in conjunction with others determines the purpose and means of processing Personal Data. For the purposes of this Privacy Policy, Rezolv acts as a Data Fiduciary in relation to Personal Data collected through its website.

“Data Processor” means any person or entity that processes Personal Data on behalf of a Data Fiduciary and in accordance with its instructions. Rezolv may act as a Data Processor in relation to certain personal data processed on behalf of its airline or enterprise clients pursuant to contractual arrangements. Such processing is outside the scope of this Privacy Policy and is governed by separate contractual and privacy arrangements.

“Consent” means any freely given, specific, informed, unconditional, and unambiguous indication of the Data Principal's agreement to the processing of their Personal Data for a specified purpose. Consent may be expressed through an affirmative action, such as selecting a checkbox or submitting a form, and may be withdrawn by the Data Principal in accordance with the procedures set out in this Privacy Policy.

“Processing” means any operation or set of operations performed on Personal Data, whether by automated or non-automated means. This includes, but is not limited to, the collection, recording, organisation, storage, use, disclosure, sharing, retrieval, or deletion of Personal Data.

“Grievance Officer” means the individual designated by Rezolv to receive, acknowledge, and resolve grievances and complaints from Data Principals relating to the processing of their Personal Data under this Privacy Policy, in accordance with the requirements of the Digital Personal Data Protection Act, 2023.

Rezolv collects only such personal data as is necessary for the purposes described in this Privacy Policy and in accordance with applicable law. The categories of personal data collected through the website are set out below.

Rezolv may collect personal data that is voluntarily provided by individuals when they submit an inquiry or otherwise communicate with Rezolv through the website. This may include:

• name;
• business or professional email address;
• telephone number;
• organisation name and professional designation; and
• information included in the inquiry or message submitted by the individual.

Individuals are requested not to submit personal data that is excessive, irrelevant, or not required for the purpose of responding to their inquiry.

When an individual accesses or interacts with the website, Rezolv may automatically collect certain technical and usage-related information, including:

• Internet Protocol (IP) address;
• device type, operating system, browser type, and similar technical information;
• log data and usage information relating to interactions with the website; and
• information collected through cookies and similar technologies, in accordance with the website's cookie settings and applicable law.

Such data is collected primarily for purposes of website functionality, security, analytics, and performance improvement.

Rezolv does not intentionally collect the following categories of personal data through its website:

• sensitive personal data;
• government-issued identifiers, such as Aadhaar numbers, passport details, or similar identification information; or
• personal data relating to children.

If any such information is inadvertently submitted through the website, Rezolv does not use such data for any purpose and takes reasonable steps to delete or restrict access to such information in accordance with applicable law.

Rezolv collects personal data through the following sources, solely in connection with the operation of its website and related online interfaces:

Personal data is collected directly from individuals when they voluntarily submit information to Rezolv through inquiry, contact, or information request forms available on the website, or when they otherwise communicate with Rezolv through the website.

Certain personal data is collected automatically when individuals access or interact with the website. This includes data collected through technical means such as cookies, log files, and similar technologies that enable the website to function, operate securely, and analyse usage and performance, in accordance with this Privacy Policy.

Rezolv may use third-party tools or services integrated into the website for purposes such as hosting, analytics, security, or communication. To the extent such tools collect or process personal data through the website, such processing is carried out in accordance with this Privacy Policy and subject to appropriate contractual safeguards.

Rezolv processes personal data collected through the website only for specific, explicit, and lawful purposes. The table below explains what data is used and why:

Rezolv processes personal data only to the extent necessary for the purposes set out above and does not use such data for purposes that are incompatible with these purposes.

Rezolv collects and uses personal data through its website only where it is legally permitted to do so under the Digital Personal Data Protection Act, 2023.

In most cases, Rezolv processes personal data because you choose to share it with us.

When you submit an inquiry or contact Rezolv through the website, you are giving us your consent to:

• review the information you have provided,
• contact you in relation to your inquiry, and
• use your details for the purposes clearly explained at the time you submit the form.

We collect this consent through clear actions, such as submitting a form or selecting a consent checkbox. We only use your personal data for the purposes you would reasonably expect when you contact us.

In certain limited circumstances, Rezolv may process personal data without obtaining separate consent each time, where such processing is permitted under applicable law, including Section 7 of the Digital Personal Data Protection Act, 2023.

This may include situations where:

• an individual has initiated contact with Rezolv and the processing is necessary to respond to such request;
• processing is required to ensure the security, integrity, and proper functioning of the website and Rezolv's systems; or
• processing is necessary to comply with legal or regulatory obligations.

Such processing is carried out only to the extent permitted by law and is limited to what is necessary for the relevant lawful purpose.

Providing personal data through the website is voluntary. However, if you choose not to provide the information required to respond to your inquiry, Rezolv may not be able to contact you or provide the information you have requested.

Rezolv does not use personal data collected through the website for purposes that are unrelated to, or incompatible with, the purpose for which the data was originally collected, unless permitted or required by law.

Rezolv collects personal data through the website only where you voluntarily choose to provide it.

When you submit an inquiry or otherwise share your personal data through the website, you are providing your consent to Rezolv to collect and use such data for the purposes explained at or before the time of collection, including responding to your inquiry and communicating with you in relation to it.

Where required, consent is obtained through a clear and affirmative action, such as:

• submitting a completed inquiry or contact form; or
• selecting a consent checkbox provided on the website.

Rezolv does not rely on pre-selected boxes or implied consent for the collection of personal data.

Your consent is limited to the specific purposes for which your personal data is collected and as described in this Privacy Policy. Rezolv does not use personal data for purposes that are unrelated to, or incompatible with, the purpose for which consent was originally provided, unless permitted or required by applicable law.

You may withdraw your consent at any time by contacting Rezolv using the details provided in this Privacy Policy or by following the instructions communicated to you at the time of collection.

Upon withdrawal of consent:

• Rezolv will stop processing your personal data for the purpose for which consent was withdrawn, unless continued processing is permitted or required under applicable law; and
• such withdrawal may affect Rezolv's ability to respond to your inquiry or continue related communications.

Withdrawal of consent does not affect the lawfulness of any processing carried out prior to the withdrawal.

Where personal data is used for marketing or outreach communications, Rezolv provides a clear option to opt out or unsubscribe from such communications. Opting out of marketing communications does not affect Rezolv's ability to respond to inquiries or carry out other non-marketing related communications initiated by you.

Rezolv uses cookies and similar technologies on its website to ensure proper functioning, analyse website usage, and support marketing and advertising activities.

Cookies may be placed directly by Rezolv or by third-party service providers engaged by Rezolv, including analytics and advertising platforms. These cookies may collect information such as device and browser details, IP address, and usage patterns when you interact with the website.

Rezolv uses cookies for purposes including:

• enabling essential website functionality and security;
• understanding how visitors interact with the website and improving its performance;
• measuring the effectiveness of marketing and communications; and
• supporting marketing and advertising activities on third-party platforms.

You can manage or block cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the website.

For detailed information about the types of cookies used, their purposes, and how you can manage your cookie preferences, please refer to our Cookie Policy.

Rezolv retains personal data collected through its website only for as long as is reasonably necessary to fulfil the purposes for which such data was collected, and in accordance with applicable legal, regulatory, and business requirements.

Rezolv follows the principle of storage limitation, which means that personal data is:

• retained only for a defined and legitimate purpose;
• not retained indefinitely without justification; and
• reviewed periodically to determine whether continued retention is required.

The retention period for personal data depends on the nature of the data and the purpose for which it is collected. Indicative retention periods are set out below:

These periods may be extended where retention is required to comply with legal obligations, enforce contractual rights, or resolve disputes.

Once personal data is no longer required for the purposes for which it was collected, and subject to applicable legal requirements, Rezolv takes reasonable steps to:

• securely delete such personal data; or
• anonymise the data so that it can no longer be used to identify an individual.

Anonymised data may be retained indefinitely for analytical, statistical, or business planning purposes.

Rezolv maintains backup and archival copies of data as part of its standard information security and business continuity practices. Personal data contained in backups:

• is stored securely with restricted access;
• is not actively processed except where required for system recovery, compliance, or legal purposes; and
• is overwritten or deleted in accordance with Rezolv's backup retention cycles, typically within 90 to 180 days, unless a longer retention period is required for legal or operational reasons.

Rezolv shares or discloses personal data collected through its website only where necessary for legitimate purposes and in accordance with applicable law.

Access to personal data is restricted to authorised personnel within Rezolv who require such access to perform their job responsibilities. Rezolv follows a role-based access approach to ensure that personal data is accessed only on a need-to-know basis and is subject to appropriate confidentiality obligations.

Rezolv may share personal data with third-party service providers engaged to support the operation of its website and related business functions. This may include:

• hosting and cloud infrastructure providers;
• analytics and performance monitoring providers; and
• communication and customer engagement tools.

Such third-party service providers process personal data only on Rezolv's behalf and in accordance with Rezolv's instructions. Rezolv requires these providers to implement appropriate technical and organisational safeguards and to use personal data solely for authorised purposes.

Rezolv may disclose personal data where such disclosure is required to:

• comply with applicable laws, regulations, or legal processes;
• respond to lawful requests from government authorities, regulators, or law enforcement agencies; or
• protect the rights, safety, or property of Rezolv or others, as permitted by law.

Where feasible and lawful, Rezolv will limit such disclosures to what is strictly necessary and may take reasonable steps to notify affected individuals, unless prohibited by law.

Rezolv may process or store personal data collected through its website in jurisdictions outside India, including where its information technology systems or third-party service providers are located.

Any cross-border processing or storage of personal data is undertaken:

• in accordance with the Digital Personal Data Protection Act, 2023 and applicable rules thereunder;
• for legitimate business, operational, or technical reasons, such as hosting, analytics, communication, or security; and
• subject to appropriate contractual, technical, and organisational safeguards.

Rezolv does not transfer personal data to jurisdictions that are restricted or prohibited under applicable Indian law.

Where personal data is processed or stored outside India, Rezolv ensures that:

• such processing is carried out only by trusted service providers engaged under appropriate contractual obligations;
• reasonable security measures are implemented to protect personal data against unauthorised access, loss, or misuse; and
• personal data is used only for authorised purposes and in accordance with this Privacy Policy.

Cross-border processing does not affect the rights available to Data Principals under applicable law. Rezolv remains responsible for ensuring that personal data collected through its website is handled in accordance with this Privacy Policy, irrespective of where such data is processed or stored.

Rezolv implements reasonable technical and organisational measures to protect personal data collected through its website against unauthorised access, loss, misuse, alteration, or disclosure, in accordance with applicable law.

Rezolv employs appropriate technical safeguards, which may include:

• encryption of data in transit using industry-standard security protocols;
• secure hosting environments with network and infrastructure protections;
• firewalls, monitoring tools, and security controls to detect and prevent unauthorised access; and
• regular patching and updates of systems and software to address known vulnerabilities.

Rezolv maintains internal policies, procedures, and controls to ensure that personal data is handled responsibly. These measures include:

• documented internal SOPs governing data handling, retention, and deletion;
• designation of responsible personnel for privacy and data protection matters; and
• internal awareness and training, as appropriate, for personnel handling personal data.

Access to personal data is restricted to authorised personnel based on their roles and responsibilities. Rezolv follows a least-privilege and need-to-know approach, ensuring that:

• access rights are granted only where required for legitimate business purposes;
• credentials and access permissions are reviewed periodically; and
• access is revoked promptly when no longer required.

Rezolv periodically reviews its technical and organisational safeguards to assess their effectiveness and to address evolving security risks. Such reviews may include:

• evaluation of access controls and data handling practices;
• assessment of third-party service providers' security measures; and
• updates to safeguards in response to changes in technology, operations, or regulatory requirements.

Personnel and third-party service providers with access to personal data are subject to appropriate confidentiality obligations, whether through contractual arrangements, internal policies, or both. Rezolv requires that personal data be used only for authorised purposes and protected against unauthorised disclosure.

Rezolv recognises and respects the rights available to individuals (“Data Principals”) under the Digital Personal Data Protection Act, 2023, in relation to personal data collected through its website.

These rights may be exercised in accordance with applicable law and subject to verification of identity.

A Data Principal has the right to request confirmation of whether Rezolv processes their personal data and to obtain information regarding:

• the categories of personal data being processed;
• the purpose for which such data is being processed; and
• the manner in which such data is being processed, as permitted under applicable law.

A Data Principal has the right to request correction of inaccurate or incomplete personal data and to request that their personal data be updated where necessary.

Rezolv will take reasonable steps to ensure that personal data is accurate and up to date, having regard to the purpose for which it is processed.

A Data Principal has the right to request the erasure of their personal data where:

• the personal data is no longer necessary for the purpose for which it was collected; or
• consent on which the processing is based has been withdrawn and no other lawful basis for processing exists.

Erasure requests are subject to applicable legal, regulatory, or contractual retention requirements.

Where personal data is processed on the basis of consent, a Data Principal has the right to withdraw such consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

Withdrawal of consent may impact Rezolv's ability to respond to inquiries or provide information requested by the Data Principal.

A Data Principal has the right to raise a grievance regarding the processing of their personal data. Rezolv provides a mechanism for submitting grievances and will address such grievances in accordance with applicable law.

Details of the grievance redressal mechanism are set out in Section 15 of this Privacy Policy.

The exercise of Data Principal rights is subject to:

• verification of the identity of the requester;
• limitations and exceptions permitted under applicable law; and
• Rezolv's role as a data processor where personal data is processed on behalf of airline or enterprise clients.

Where Rezolv processes personal data as a data processor, requests may be redirected to the relevant client acting as the data fiduciary, as required.

Rezolv provides a single, unified mechanism for Data Principals to exercise their rights and to raise questions, concerns, or grievances relating to the processing of their personal data, in accordance with the Digital Personal Data Protection Act, 2023.

Rezolv has designated a Grievance Officer responsible for addressing all requests and grievances relating to personal data.

A Data Principal may submit a request or grievance by contacting the Grievance Officer using the details provided above. Requests may relate to, including but not limited to:

• access to personal data;
• correction or updating of personal data;
• erasure of personal data;
• withdrawal of consent; or
• concerns regarding the processing or handling of personal data.

All requests and grievances must include sufficient information to enable Rezolv to identify the Data Principal and understand the nature of the request.

For the protection of personal data, Rezolv may require reasonable information or documentation to verify the identity of the Data Principal before acting on any request or grievance.

Rezolv will acknowledge receipt of a request or grievance and will endeavour to resolve it within a reasonable period, and in any case within the timelines prescribed under applicable law, which shall not exceed ninety (90) days from the date of receipt.

Rezolv may refuse or limit a request where:

• the request cannot be fulfilled due to applicable legal, regulatory, or contractual obligations;
• the personal data is required to be retained for lawful purposes;
• Rezolv is acting as a data processor on behalf of an airline or enterprise client, in which case the request may be redirected to the relevant data fiduciary; or
• the request is manifestly unfounded or excessive, as permitted under applicable law.

Where a request is refused or limited, Rezolv will provide reasons to the extent required by law.

If a Data Principal is not satisfied with the response provided by Rezolv, or if Rezolv fails to respond within the prescribed timeline, the Data Principal may escalate the grievance to the Data Protection Board of India, in accordance with the procedure set out under applicable law.

Rezolv's website and services are not directed at children.

Rezolv does not knowingly collect, solicit, or process personal data relating to children through its website. The website is intended for use by business users and professionals seeking information about Rezolv's products and services.

If Rezolv becomes aware that personal data relating to a child has been collected inadvertently, Rezolv will take reasonable steps to delete such data as soon as practicable.

Rezolv does not use cookies, tracking technologies, or advertising tools to profile, track, or target children. Marketing and advertising cookies deployed on the website are intended for business and professional audiences and are not designed to target or engage children.

A parent or legal guardian who believes that a child's personal data may have been provided to Rezolv may contact the Grievance Officer using the details set out in Section 15. Rezolv will review such requests and take appropriate action in accordance with applicable law.

Rezolv is committed to maintaining appropriate safeguards to protect personal data and to responding promptly and responsibly in the event of a data breach or security incident.

Rezolv maintains procedures to identify, assess, and respond to suspected or confirmed personal data breaches. Upon becoming aware of a potential breach, Rezolv will take reasonable steps to:

• assess the nature and scope of the incident;
• determine whether personal data has been compromised; and
• evaluate the potential risk of harm to affected individuals.

Where a personal data breach is identified, Rezolv will take appropriate measures to:

• contain and mitigate the impact of the breach;
• prevent further unauthorised access or disclosure; and
• implement corrective actions to reduce the likelihood of recurrence.

Where required under applicable law, Rezolv will:

• notify the Data Protection Board of India of a personal data breach in the manner and within the timelines prescribed by law; and
• notify affected individuals where the breach is likely to cause harm or where such notification is otherwise required.

The content and timing of any notifications will take into account the nature of the breach, the risks involved, and guidance issued by the relevant authorities.

Where Rezolv processes personal data on behalf of airline or enterprise clients as a data processor, Rezolv will notify the relevant client of any personal data breach relating to such data in accordance with contractual obligations and applicable law.

Rezolv's website may contain links to external websites or platforms operated by third parties. Rezolv does not control and is not responsible for the privacy practices, content, or security of such third-party websites.

This Privacy Policy applies solely to personal data collected through Rezolv's website. Users are encouraged to review the privacy policies of any third-party websites they choose to visit through links provided on the website.

Rezolv may update or modify this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or website functionality.

Any updates to this Privacy Policy will be posted on the website, and the revised policy will indicate the effective date of the changes. Where changes are material, Rezolv may take reasonable steps to provide additional notice, such as through prominent website notices or other appropriate means.

Continued use of the website after the effective date of an updated Privacy Policy constitutes acceptance of the revised terms.

For any questions, clarifications, or concerns relating to this Privacy Policy or the processing of personal data, users may contact Rezolv at:

Rezolv will endeavour to respond to privacy-related queries in a timely and reasonable manner.

This Privacy Policy shall be governed by and construed in accordance with the laws of India.

Subject to applicable law, the courts and authorities located in India shall have exclusive jurisdiction in relation to any disputes arising out of or in connection with this Privacy Policy.

By accessing or using Rezolv's website, users acknowledge that they have read and understood this Privacy Policy and agree to the collection and processing of personal data in accordance with its terms.

Where explicit consent is required under applicable law, such consent will be obtained through appropriate mechanisms, including consent checkboxes or similar affirmative actions.