Privacy policy

This policy explains how Hola Rentals (“we”, “us”) handles personal information when you use https://www.holarentals.online, submit an enquiry, correspond on WhatsApp, or interact with related services. We are committed to handling data fairly and lawfully under applicable Indian requirements, including norms under the Digital Personal Data Protection Act, 2023 (“DPDP Act”) where they apply to our processing.

·

1. Scope

This policy covers visitors to our public website, admin users of our separate staff panel (who have additional internal policies), and anyone who enquires or hires through channels we operate. It does not govern third-party sites we link to (maps, social networks, payment gateways you may use if we enable them).

2. Data we collect

Depending on what you do with us, we may process:

  • Identity & contact: name, phone number, email, WhatsApp identifier, pickup/drop preferences, messages you send.
  • Booking details: dates, locations, vehicle interest, free-text requirements, and internal notes needed to fulfil the hire.
  • Technical & usage: IP address, browser type, approximate timestamps, pages requested, referrer URL, device hints (via server and optional analytics snippets you allow in browser).
  • Session & visitor analytics (public site): a first-party cookie may assign a random ID to understand active usage patterns in our admin dashboards; it is not used for advertising retargeting by us.
  • Documents: images or copies of driving licence / ID when required for lawful hire and fraud prevention.

3. How we use data

  • To respond to enquiries and operate self-drive rental in Goa.
  • To confirm identity, manage deposits, process payments we agree on, and recover lawful charges.
  • To secure our website, detect abuse, and improve performance and content.
  • To comply with court orders, lawful government requests, and accounting or tax obligations.
  • To send operational messages about a booking you have with us (not marketing spam).

4. Legal bases (summary)

Under Indian law, different processing activities may rely on consent (where required), performance of a contract, compliance with legal obligations, or legitimate interests (such as fraud prevention, network security, and understanding aggregate site traffic). Where the DPDP Act mandates consent, we will obtain it in a clear manner for that processing—e.g. optional marketing, or non-essential cookies if we ever deploy them in a consent-gated way.

5. Cookies & similar technologies

Our Laravel application may set standard session and security cookies. We may also set a durable first-party cookie for visitor session analytics (see live visitor tooling in our admin). You can delete cookies via browser settings; some features may degrade. If our site settings include third-party analytics HTML, that provider’s terms may apply—we aim to keep such scripts minimal and documented in admin settings.

6. WhatsApp, Meta, and other processors

When you message us on WhatsApp, your data is processed by Meta Platforms under their terms and privacy policy, in addition to our use of the content to serve you. We do not control Meta’s infrastructure. Avoid sending unnecessary sensitive data in chat; we only request what we reasonably need for the hire.

We may use hosting providers, email delivery, maps, or backup services that process data on our instructions (processors). We select reputable vendors and limit sharing to what is needed.

7. Retention

We keep enquiry and hire records long enough for customer support, dispute resolution, accounting, and legal compliance—often several years for transactions subject to tax law. Server logs and analytics aggregates are rotated or deleted on a shorter cycle. If you want erasure, contact us; we will comply where the law does not require retention.

8. Security

We use HTTPS, access controls on admin accounts, and reasonable technical measures for a small business. No online system is perfectly secure; protect your devices and WhatsApp account.

9. Your rights

Depending on applicable law, you may have rights to access, correct, update, or delete personal data, to withdraw consent where processing was consent-based, and to complain to the Data Protection Board of India or other competent authority once fully operational under the DPDP framework. To exercise rights, email or WhatsApp us with enough detail to locate your records.

10. Children

Our services are not directed at children under 18 for independent hire. We do not knowingly collect children’s data without parental involvement appropriate to law.

11. Cross-border transfers

Primary processing occurs in India. Some tools (e.g. WhatsApp, global CDNs) may involve transfer outside India under standard contractual or statutory mechanisms. We minimise personal data in such channels.

12. Changes

We will update this page when practices change materially. Check the last updated date.

13. Contact (data protection)

Contact page — use the same channels as bookings and mark the subject “Privacy request”.