Privacy Policy

Privacy Policy
What Information We Collect
How We Use Your Data
Legal Basis for Processing (GDPR)
Data Retention
Data Security
Sharing & International Transfers
Your Rights
Children’s Privacy
Cookies
Data Processing Addendum (DPA)
Processor Obligations
Categories of Data Processed
Data Retention and Deletion
Liability and Indemnity
Governing Law
Contact Information

Explor42 Privacy & Data Processing Policy

Last Updated: 13 October 2025


Issued by: Explor42 Sports Tours LLP
25, 5th Block, Koramangala, Bangalore – 560095, India
partnership@explor42.com
www.explor42.com

1. Introduction

At Explor42 Sports Tours LLP (“Explor42”, “we”, “us”, “our”), your privacy and trust are our top priorities.
This Privacy & Data Processing Policy explains how we collect, process, use, store, and protect your personal data — whether you are a traveler, event participant, hotel partner, or service provider.

Explor42 is a community-led sports travel company that curates athlete-first experiences across marathons, triathlons, cricket, F1, football, and other global sporting events.

This policy is designed to comply with:

  • India’s Digital Personal Data Protection Act (DPDP 2023)
  • The EU General Data Protection Regulation (GDPR)
  • UK GDPR & Data Protection Act 2018
  • California Consumer Privacy Act (CCPA)

By using our website or services, you consent to this policy.

2. What Information We Collect

We collect personal information directly from you, automatically, or through our partners:

Type Examples Purpose
Identification Data Name, gender, DOB, nationality, passport number Event registration, visa support
Contact Data Email, phone, address Communication, customer support
Travel Data tinerary, hotel booking, event participation Fulfillment of travel packages
Payment Data Card, bank details (via secure gateways) Processing transactions
Preference Data Race category, food preferences Personalization of packages
Technical Data IP address, cookies, browser info Site analytics and improvement

We may also receive limited data from:

  • Payment processors (Razorpay, Stripe)
  • CRM tools (Zoho, Mailchimp)
  • Social media and advertising partners (Meta, Google Ads)

3. How We Use Your Data

We use your data to:

  • Register and manage your bookings
  • Communicate updates and confirmations
  • Process payments securely
  • Coordinate with hotels, event organizers, and logistics partners
  • Send optional marketing updates (only with your consent)
  • Improve user experience through analytics and feedback
  • Fulfill legal, accounting, and compliance obligations

4. Legal Basis for Processing (GDPR)

If you are based in the EU/EEA or UK, we process data based on:

  • Contractual necessity – to fulfill your booking
  • Consent – for marketing or optional data sharing
  • Legitimate interest – to improve services
  • Legal obligation – for tax and compliance

5. Data Retention

We retain personal data only as long as necessary:

  • Booking and financial data: 7 years
  • Marketing data: Until consent is withdrawn
  • Analytics/cookies: 12–24 months

6. Data Security

We implement strict controls including:

  • SSL encryption on all web and payment pages
  • Role-based access and password policies
  • Cloud infrastructure security (AWS/GCP)
  • Regular audits, firewalls, and backups

7. Sharing & International Transfers

We share data only when necessary with:

  • Event organizers (for bibs, registration)
  • Hotels and travel partners
  • Visa support agencies and logistics providers
  • CRM and marketing partners (Zoho, Meta, Google)
  • Payment gateways and banks

Data may be transferred internationally (e.g., Singapore, UAE, UK, EU). All such transfers follow GDPR adequacy standards or contractual safeguards.

8. Your Rights

You have the right to:

  • Access, correct, or delete your personal data
  • Withdraw consent for marketing
  • Request data portability
  • Lodge a complaint with the relevant authority

To exercise any of these rights, contact privacy@explor42.com. We respond within 30 days.

9. Children’s Privacy

Explor42 does not knowingly collect data from individuals under 18. If such data is identified, we delete it promptly.

10. Cookies

We use cookies for essential site operations, analytics, and marketing.
See our detailed Cookies Policy for more information and cookie management options.

Data Processing Addendum (DPA)

This section applies to all Explor42 partners, vendors, and service providers handling personal data on our behalf.

11. Purpose of This Addendum

This DPA governs how our partners (“Processors”) handle personal data shared by Explor42 (“Controller”) to deliver contracted services — e.g., hotel bookings, visa assistance, transportation, or event logistics.

12. Processor Obligations

Each Processor agrees to:

  1. Process Data Only on Written Instructions Use data only for purposes specified by Explor42.
  2. Confidentiality Ensure staff and agents maintain confidentiality.
  3. Security Measures Maintain strong data protection practices — encryption, limited access, and regular security reviews.
  4. Sub-processing Engage sub-processors only with Explor42’s consent and ensure equivalent protections.
  5. Breach Notification Notify Explor42 within 24 hours of any known or suspected data breach.
  6. Data Subject Assistance Cooperate with Explor42 in responding to data access or deletion requests.
  7. Return or Deletion of Data Delete or return all personal data upon completion of services unless required by law to retain it.
  8. Audit Rights Allow Explor42 to verify compliance through documentation or audits.

13. Categories of Data Processed

Category Examples
Traveler Details Name, gender, DOB, nationality, passport info
Contact Details Phone, email, address
Travel Information Booking ID, flight, hotel, itinerary
Payment Data Secure transaction details
Special Data (if applicable) Medical or dietary preferences (with consent)

14. Data Retention and Deletion

Data will be kept only for the duration of the service or as legally required. Once processing ends, data must be securely deleted or anonymized.

15. Liability and Indemnity

Each party is responsible for its own compliance.
The Processor shall indemnify Explor42 against any penalties or claims resulting from its non-compliance with this DPA.

16. Governing Law

This DPA is governed by the laws of India, without prejudice to applicable international data protection laws.
Disputes are subject to the exclusive jurisdiction of Bangalore courts, India.

17. Contact Information

Explor42 Sports Tours LLP
25, 5th Block, Koramangala, Bangalore – 560095, India
Email: partnership@explor42.com
Website: www.explor42.com
Phone: +91 9901911006