Version 2026-06-22 - effective from 7/13/2026
Privacy Policy
Effective Date: June 22, 2026 Last Updated: June 22, 2026
This Privacy Policy explains how Refuje Experiences Private Limited ("Refuje", "we", "us", or "our") collects, receives, uses, shares, stores, and protects personal data when you use Refuje's website, guest journeys, QR-linked flows, hotel-linked services, marketplace activity flows, communications, bookings, enquiries, or related services.
1. Who We Are
Refuje Experiences Private Limited Email: myrefuje@gmail.com Grievance Officer: Rajesh Thakur Phone: +91-7807740707
2. Processing Contexts And Role
Refuje processes personal data in different contexts, including:
- Direct Refuje Bookings, where Refuje directly confirms, sells, or operates an experience or service;
- Hotel-Linked Guest Journeys, where Refuje supports a hotel or property with guest-experience, QR-linked, concierge, pre-arrival, stay-related, or communication flows;
- Marketplace / Provider Activities, where Refuje displays, lists, routes, or supports enquiries for activities operated by independent activity providers.
These contexts are described further in our Terms & Conditions. Depending on the relevant context, Refuje may act as a Data Fiduciary where it determines the purpose and means of processing personal data, or as a Data Processor where it processes personal data on behalf of a hotel, provider, or other partner.
3. What Personal Data We Collect
Depending on how you interact with Refuje, we may collect or receive:
- identity and contact data, such as name, phone number, WhatsApp number, email address, city, state, or country;
- booking, stay, and experience data, such as hotel name, room or stay details, check-in/check-out dates, requested activity, preferred date/time, group size, special requests, service history, and communication history;
- marketplace enquiry data, such as lead ID, source hotel, selected activity, guest note, provider communication status, and reconciliation-related transaction metadata;
- health, safety, and suitability data, such as fitness-related disclosures, allergy or dietary information, medical or accessibility information, and emergency contact details where relevant;
- technical and device data, such as IP address, browser type, device identifiers, operating system, log data, cookie data, and analytics data;
- communication and support data, such as emails, calls, WhatsApp or message logs, complaint records, issue-resolution records, feedback, and support notes.
4. Lawful Purpose And Consent
Refuje processes personal data only for lawful, limited, and relevant purposes, including where consent is given, where data is voluntarily provided for a requested service, where processing is necessary for support, safety, legal compliance, fraud prevention, accounting, audit, dispute handling, service delivery, or other permitted purposes under applicable law.
Where consent is used, it should be free, specific, informed, unambiguous, and capable of withdrawal through Refuje's official contact channels, subject to legal, safety, accounting, audit, fraud-prevention, reconciliation, dispute, and operational retention requirements.
5. Hotel, PMS, And WhatsApp Data
Where a hotel or property authorizes Refuje to support pre-arrival, stay-related, QR-linked, concierge, or guest-experience communication, Refuje may receive or access limited guest and stay-related personal data from the hotel, PMS, or connected hotel systems.
This may include guest name, phone number, WhatsApp number, stay dates, room or booking identifiers, guest-service status, communication status, and other limited stay-related details reasonably required for guest communication and service delivery.
The hotel remains responsible for ensuring that it has lawful authority to share or authorize access to such data, that guests receive appropriate disclosures before or at collection where required, and that the hotel does not share data with Refuje where it lacks authority to do so.
6. How We Use Personal Data
We may use personal data to:
- manage bookings, enquiries, confirmations, modifications, cancellations, and support;
- provide guest-access links, QR-linked journeys, concierge flows, and stay-related communications;
- send pre-arrival, stay-related, service, safety, support, and transactional communications;
- route marketplace activity enquiries to relevant providers;
- coordinate service delivery, suitability assessment, safety handling, and incident response;
- track lead status, attribution, outcomes, reconciliation, and marketplace operations;
- process payments where applicable and support accounting, refunds, chargebacks, and disputes;
- detect misuse, spam, fraud, unauthorized data use, unsafe behaviour, or policy violations;
- maintain legal acceptances, signed proofs, version records, hashes, timestamps, audit evidence, and compliance records;
- improve Refuje's product, guest journeys, content, operations, support, and marketplace quality.
7. Marketplace Provider Sharing
When a guest continues with a marketplace activity enquiry, Refuje may share enquiry data with the relevant provider, including guest name, phone or WhatsApp number, preferred date or time, group size, guest note, source hotel, activity name, and lead or enquiry reference.
Providers may use shared enquiry data only to respond to, coordinate, fulfil, support, or reconcile the specific enquiry or activity. Providers must protect such data and must not resell, reuse, remarket, spam, independently market to guests, disclose the data to unauthorized persons, or use it for any unrelated purpose unless separately authorized by the guest and permitted by law.
Independent providers are responsible for their own handling, storage, use, deletion, security, and lawful processing of guest data after receiving it from Refuje. Refuje may restrict, suspend, remove, or take action against providers that misuse guest data or breach Refuje's provider terms.
To the maximum extent permitted by law, Refuje is not responsible for a provider's unauthorized, unlawful, or non-compliant use of guest data after the data has been shared for a marketplace enquiry, except to the extent caused directly by Refuje's own breach of applicable law or these terms.
8. Customer Relationship And Marketing Communications
When a user submits an enquiry, makes a booking, accesses a guest journey, scans a Refuje QR code, or otherwise provides contact details to Refuje in connection with a stay, service, activity, or experience, Refuje may send service-related, transactional, booking, stay-related, support, safety, feedback, and activity-related communications connected with that interaction.
Where permitted by applicable law, Refuje may also use contact details, booking history, enquiry history, preferences, feedback, and interaction history to maintain customer relationship records, personalize recommendations, and send Refuje updates, recommendations, offers, content, or promotional communications.
Users may opt out of marketing communications through unsubscribe, opt-out, or official contact channels. Service, safety, booking, legal, support, or transactional communications may still be sent where reasonably necessary.
Refuje will not use hotel/PMS-derived guest data for unrelated promotional marketing unless the guest has submitted an enquiry, made a booking, completed a form, opted in, or otherwise directly provided contact details to Refuje with appropriate notice, or unless such use is otherwise permitted by applicable law.
9. Health, Safety, And Suitability Data
Where relevant to service delivery or safety, Refuje may collect or receive fitness, allergy, dietary, accessibility, medical, emergency-contact, or other suitability information voluntarily provided by the guest or requested for a specific booking, enquiry, or activity.
Such information is used for service coordination, suitability assessment, safety handling, incident response, support, and legal or compliance purposes.
10. Children And Minors
A child means an individual under 18 years of age.
Where personal data of a minor is required for a family booking, age suitability, safety, guardian-supervised participation, or incident handling, the parent or lawful guardian is responsible for providing or authorizing such data.
Refuje does not knowingly undertake tracking, behavioural monitoring, or targeted advertising directed at children.
11. Rights And Requests
Subject to applicable law, users may request access to information about their personal data, correction of inaccurate or incomplete data, deletion or erasure where retention is no longer justified, withdrawal of consent where processing is based on consent, and grievance redressal.
Refuje may verify the requester's identity before acting on a request and may retain information where required or reasonably necessary for legal claims, fraud prevention, safety, reconciliation, accounting, audit, compliance, dispute resolution, or record-keeping.
12. Retention
Refuje retains personal data only for as long as reasonably necessary for the purpose for which it was collected, or for legal, audit, compliance, accounting, fraud-prevention, safety, support, dispute-resolution, reconciliation, or record-keeping purposes.
Legal acceptances, signed proofs, consent records, version records, hashes, and audit evidence may be retained for as long as required to establish, exercise, or defend legal rights and maintain legal audit integrity.
Where data is no longer needed, Refuje may delete, anonymize, securely archive, or restrict further use of the data as appropriate.
13. Security And Breach Handling
Refuje uses reasonable technical, administrative, and organizational safeguards to protect personal data, including access controls, role-based access, infrastructure protections, and restricted sharing with authorized personnel and service providers.
No transmission or storage system is completely risk-free.
If Refuje becomes aware of a personal data breach, Refuje will assess the incident, take reasonable containment and remedial steps, maintain appropriate records, and assess whether affected users, partners, authorities, or other parties must be notified under applicable law.
14. Vendors, Processors, And Transfers
Refuje may use vendors and service providers for hosting, cloud infrastructure, communications, WhatsApp, SMS, email, analytics, payments, support, security, and operational tooling.
Such vendors and service providers may process personal data only for authorized purposes connected with Refuje's services, operations, legal compliance, or support.
Where personal data is processed outside India, Refuje will take reasonable steps to ensure such processing is done where operationally necessary and permitted by applicable law.
15. Changes To This Policy
Refuje may update this Privacy Policy from time to time to reflect legal, product, operational, vendor, security, or risk-related changes.
Material updates may be posted on the website or communicated through appropriate channels. The latest current version published by Refuje will govern from its effective date.
16. Contact
Refuje Experiences Private Limited Email: myrefuje@gmail.com Grievance Officer: Rajesh Thakur Phone: +91-7807740707


