The entity responsible for processing your personal data is:

Company Name:Birdres Technologies Private Limited

Address: E-9, Connaught House, Connaught Place,New Delhi - 110001

We operate the website www.birdres.com/booking and any associated mobile applications (collectively, the "Platform").

We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains what information we collect, how we use it, who we share it with, how we protect it, and your rights regarding your data.

Although we operate a business-to-business service and do not, in the ordinary course, collect the personal information of individual consumers, this Privacy Policy applies to all individuals from whom we may collect personal information. This includes, without limitation:

any user who visits our website and from whom personal information may be collected in the course of such use; and
registered travel agents who hold a username and password for the purpose of accessing and using the services that we provide.

By accessing or using our Platform, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our services.

For the purpose of European data protection laws, we act as a controller, and for the purposes of Indian data protection laws, we act as the data fiduciary in connection with the personal information described in this Privacy Policy.

1. Information We Collect

We collect several types of information to provide, improve, and personalize our travel booking services. We will obtain your consent as required under applicable law prior to obtaining such information from you.

Information you provide directly:

Account & Profile: name, email address, phone number, date of birth, gender, nationality, password
Booking & Travel Details: full name (as in passport), passport/ID number & expiry, date of birth, gender, nationality, visa information (where required), frequent flyer / loyalty program numbers, special requests (e.g., meal preferences, mobility assistance)
Payment Information: billing name, credit/debit card details (or other payment method info), billing address (we usually tokenize / do not store full card details ourselves — see Payment section below)
Travel Companions: same categories as above for any passengers / guests you book for
Communications: information you provide when contacting support, writing reviews, or participating in promotions / surveys

Information collected automatically:

Device & Usage: IP address, device type & ID, browser type, operating system, unique identifiers, pages visited, time spent, search queries, clicks, bookings started/abandoned
Location: approximate location from IP, precise location (with consent) for nearby search / airport detection
Cookies & Similar Technologies: see our separate Cookie Policy

Information from third parties:

Partners: airlines, hotels, car rental companies, tour operators, visa processors (confirmation data, updates, cancellations)
Social login providers: (Google, Apple, Facebook) if you choose to sign in that way
Payment gateways / processors
Identity verification / fraud prevention providers

2. How We Use Your Information

We use your personal information for the following purposes:

To create and manage your account
To search availability, process bookings, issue tickets/vouchers, handle changes/cancellations/refunds
To process payments and prevent fraud
To send booking confirmations, itineraries, travel alerts, service updates, and essential communication
To provide customer support and handle disputes/complaints
To personalize your experience (e.g., saved searches, favorite destinations, recommendations)
To send marketing communications (only with your consent where required by law)
To improve our Platform, services, and user experience (analytics, testing, research)
To comply with legal obligations (e.g., passenger name record / API data to governments, anti-money laundering rules)
To protect our rights, safety, and property (fraud detection, security, enforcing Terms)

We will only process your personal information as necessary so that we can pursue the purposes described above. In limited circumstances, where we are required to collect personal information to comply with a legal obligation, we will indicate the same to you prior to collecting such personal information.

3. Sharing & Disclosure of Information

We share your information only in these limited circumstances:

Travel Suppliers & Service Providers: airlines, hotels, car rental companies, tour operators, transfer providers, activity providers, visa/insurance partners — to fulfill your booking
Payment processors & gateways: to process transactions (they are bound by PCI DSS and do not receive full card details when we use tokenization)
Service providers: working on our behalf (cloud hosting, email delivery, customer support tools, analytics, fraud detection, marketing automation) — under strict data processing agreements
Business transfers: in case of merger, acquisition, or sale of assets
Legal requirements: to comply with law, respond to subpoenas/court orders, protect rights/safety, report suspicious activity
With your consent: e.g., sharing with travel companions you add, or for joint marketing (where you opt-in)

We do not sell your personal information to third parties for their own direct marketing purposes.

4. International Data Transfers

Your information may be transferred to, stored, and processed in countries outside your country of residence (including India, USA, EU member states, Singapore, etc.), where data protection laws may differ. We will transfer your information in compliance with applicable law, and we will take steps to ensure that your rights continue to be protected and will ensure that adequate safeguards are in place to protect your personal information at all times.

When we transfer personal data from the EEA/UK to countries without an adequacy decision, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), or rely on other permitted mechanisms.

5. Data Security

We implement reasonable technical and organizational measures to protect your personal information from unauthorized access, loss, misuse, or alteration (encryption in transit/rest where appropriate, access controls, regular security assessments, etc.).

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We keep your personal information only for as long as necessary for the purposes outlined in this policy, or as required by law (e.g., tax, accounting, aviation security rules often require 5–10+ years retention of PNR/passenger data). We also retain personal information as long as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

After that period, we delete or irreversibly anonymize the data.

7. Your Rights

Your Rights under Indian Laws

We guarantee certain rights in respect of our processing of your personal information. Among such rights, you may exercise the following in respect of the personal information that you provide us by contacting the grievance officer mentioned in this Privacy Policy:

Right to Access: you may ask us to: (a) confirm, and provide a summary of the personal information about you that is in our possession at any time, including information related to the processing of your personal information; (b) provide details of all third parties with whom we share your personal information with, along with a description of the personal information so shared; and (c) provide any other information related to your personal information, as may be permitted/required under any applicable law.
Right to Rectification: you have the right to request that we rectify, correct, complete or update any inaccurate, misleading or incomplete personal information that that we have in our possession. It is important that the personal information in our possession is accurate and current.
Right to Erasure: you have the right to request that we erase your personal information in certain circumstances. Upon the exercise of such right, we will, within a reasonable time, cease, and cause any data processors engaged by us to cease the processing of such personal information for such purposes, subject to any legal requirement to continue processing such data under any applicable law.
Right to Withdraw Consent: you may withdraw your consent to the processing of your personal information at any time, and we will cease to carry out such processing activity that you previously consented to. We will also, erase your personal information, collected previously for such purpose, within a reasonable period of time, unless we are required to retain it for a longer period under any applicable laws.
Right to Grievance Redressal: you have the right to lodge a complaint regarding the processing of your personal information and the exercise of your rights mentioned in this Privacy Policy by contacting the grievance officer.
Right to Nominate: you have the right to nominate another person to exercise your rights on your behalf (in case of your death/incapacity).

Your Rights under European Union Law

As detailed below, to the extent provided by the law of your jurisdiction, you may have legal rights in relation to the personal information about you that we hold. We may require you to prove your identity with approved identification if you request this information. That said, if you are a resident in the EEA/UK, we process your personal information on the following legal bases:

Contract: It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal information to us, we will not be able to carry out our obligations under the terms of the contract.
Legitimate Interests: We are permitted to process your personal information if it is based on our legitimate interests. In relation to general inquiry and complaints you send us, our legitimate interest is to provide you with information you have requested and to provide any support. You can object to the processing that we carry out on the grounds of legitimate interests.
Consent: Where you have given us consent to do so, we provide you, or permit third parties to provide you, with information about goods or services which we feel may interest you. You also have the right to withdraw your consent.
Legal Claims: We need to process your personal information to defend or establish a legal claim (for example, claims relating to the sale of our goods and services under contract law).

You have the following rights, where provided under applicable law, regarding your information (each of which are subject to various exceptions and limitations):

Right to be Informed: You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Policy.
Right of Access : You have the right to obtain access to your information (if we are processing it), and certain other information (similar to that provided in this Privacy Policy). This is so you are aware and can check that we are using your information in accordance with applicable data protection law.
Right to Rectification: You are entitled to have your information corrected if it is inaccurate or incomplete.
Right to Erasure : This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure, and there are exceptions.
Right to Restrict Processing: You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
Right to Data Portability: You have rights to obtain and reuse your personal information for your own purposes across different services and platforms.
Right to Object: You have the right to object to certain types of processing, in particular processing based on our legitimate interests. You also can object at any time to your information being used for direct marketing purposes (including profiling related to such direct marketing). Where you object to processing for direct marketing purposes, the personal information shall no longer be processed for such purposes.
Right to Refuse or Withdraw Consent: You have the right to refuse to provide and withdraw your consent to processing of your personal information at any time with effect for future processing.

Please note your rights in relation to your personal information are not absolute. We may, for example, deny you access to your personal information when required or authorized by law, or if granting access would have an unreasonable impact on another individual’s privacy. We will retain and use your personal information as described in this Privacy Policy, including as necessary to comply with our legal and business obligations, resolve disputes, and enforce our agreements.

CCPA/CPRA Residents (California): You have the right to know what personal information we collect/use/share, to opt-out of “sales” (we do not sell personal information as defined by CCPA), and to limit use of sensitive personal information. Use the same email above or our dedicated form [link if exists].

8. Children's Privacy

Our services are not directed to children under 18 (or the relevant age in your jurisdiction). We do not knowingly collect personal information from children under this age without verifiable parental consent. If we become aware of such data, we will delete it.

9. Persons with Disability

In the event that you are a person with disability, we will seek verifiable consent from your lawful guardian prior to obtaining your personal information in accordance with applicable laws. Note that we will not collect your personal information without obtaining such verifiable consent as required under applicable law.

10. Changes to This Privacy Policy

We may update this policy from time to time. The "Last updated" date at the top indicates when changes were last made. We will notify you of material changes (via email or Platform notice) where required by law.

11. Contact Us

If you have any questions about this Privacy Policy, or if you have any other complaints or have any specific requests regarding the personal information that is in our possession, or any other concerns regarding the exercise of your rights relating to your personal information, you may exercise your rights by writing to the grievance officer below:

Email: dpo@birdres.com

We will resolve any such grievances within a period of 90 days on receipt of a grievance.

Please write to the grievance officer if you wish to access this Privacy Policy in any other language listed in Schedule 8 of the Indian Constitution.

If you are unsatisfied with the redressal provided by the grievance officer in response to your grievances, please feel free to make a complaint to the relevant Information Commissioner’s Office in the European Union, or to the Data Protection Board in India through [specify here the manner of raising a complaint as notified by the Data Protection Board of India] (as the case may be).