Privacy Policy

Introduction & scope

This Privacy Policy (“Policy”) explains how Royal Regency and its properties in Shimla and Manali (collectively “the Hotel”, “we”, “us”, “our”) collect, use, disclose, store, and protect personal information when you browse our website, contact us, make or manage a reservation, pay online, check in, or otherwise stay with us in India.

We aim to meet expectations consistent with premium hospitality in India: transparency with guests, compliance with applicable laws (including the Digital Personal Data Protection Act, 2023, where it applies), and responsible handling of data needed to operate safe, lawful, high-quality hotels.

This Policy should be read together with notices provided at booking or check-in (including registration cards or house rules). By using our website or services, or by completing a stay where our practices are reasonably brought to your attention, you acknowledge this Policy except where mandatory law gives you rights that cannot be waived.

Who we are & data contact

Royal Regency operates hospitality properties in Himachal Pradesh, India. For this Policy, the entity operating the property you deal with is responsible for personal information collected in that context. Privacy-related questions, access requests, or complaints should be sent using the contact section at the end of this page.

Information we collect

The categories below depend on how you interact with us. We collect only what is appropriate for the stated purposes.

• Identity & contact — name, email, phone, postal address, nationality, and similar details from bookings, enquiries, or registration.
• Reservation & stay — dates, party size, room type and rate, special requests, dietary or accessibility needs where you volunteer them, correspondence, and incident or service notes where relevant to your stay.
• Account & authentication — credentials and profile data if you create an account on our site.
• Payment data — online payments are handled by our payment partner (see Payments). We receive confirmations, transaction references, and limited billing metadata, not your full card number on our own servers.
• Communications — content you send via forms, email, telephone, SMS, or messaging apps.
• Technical & usage — IP address, device/browser type, approximate location from IP, pages viewed, and related diagnostics via cookies and similar technologies (see Cookies).
• Check-in & legal registers — government photo identification, passport/visa details for foreign nationals, and particulars required under Indian law (including police or foreigner registration rules applicable to hotels). We collect such data because statute or lawful authority requires it for guest registers and public safety.
• On-property safety — CCTV in public and semi-public areas (see Security cameras). We do not use CCTV in guest rooms or other private spaces.

Cookies & similar technologies

We use cookies and similar technologies to run the site, remember preferences, maintain security sessions, measure performance, and understand aggregate traffic. You can restrict non-essential cookies via browser or, where offered, consent tools; essential cookies may be required for booking, security, or login to work correctly.

How we use your information

We use personal information to:

• Confirm, price, modify, and honour reservations and folio charges.
• Communicate about your booking, stay, loyalty or service matters, and respond to requests.
• Process payments through our gateway and reconcile disputes, refunds, or chargebacks.
• Meet legal obligations — including guest registers, foreign guest reporting, tax invoicing, and responses to lawful requests from public authorities.
• Safeguard guests, staff, and property; investigate incidents; and prevent fraud or abuse.
• Improve our website, services, and operations through analytics and feedback.
• Send transactional messages. Marketing is handled as described under Marketing.

Legal bases (India)

Where the Digital Personal Data Protection Act, 2023 applies, we rely on permissible grounds such as: voluntary consent where required (for example certain marketing); processing necessary for the performance of our contract with you (your stay or booking); compliance with legal obligations (including statutory registers); legitimate interests that are not overridden by your rights (such as security, fraud prevention, and improving service quality); and, in rare cases, protection of life or safety. If you have questions about the basis for a specific activity, contact us.

Payments (Razorpay)

Online payments on our website are processed by Razorpay Software Private Limited (“Razorpay”), our payment gateway. Card, UPI, and bank details are submitted directly to Razorpay under its security standards and privacy policy.

We do not store complete card numbers on our web servers. We may retain transaction IDs, amounts, status, and limited metadata needed for accounting and support.

You can read Razorpay's privacy practices in their official privacy policy.

Failed, disputed, or refunded payments may require us and Razorpay to retain and process related data until the matter is closed.

Sharing & processors

We disclose personal information only as needed to operate the Hotel:

• Payment processors — Razorpay for online payments; banks or terminals for on-property card present transactions.
• Service providers — hosting, email, SMS, PMS/booking tools, analytics, customer-support platforms, and IT support, bound by confidentiality and processing instructions where applicable.
• Advisers — lawyers, accountants, and insurers when professional advice requires limited disclosure.
• Authorities — law enforcement, courts, tax, tourism, or immigration bodies when required by Indian law or a lawful order, or when necessary to protect vital interests.
• Corporate transactions — a successor in a merger or asset sale may receive personal information subject to continued protection consistent with this Policy, where permitted.

We do not sell your personal data in the ordinary sense of selling lists to unrelated marketers. We may use aggregated or de-identified information that does not identify you for analytics, benchmarking, or reporting.

Security cameras (CCTV)

For guest and staff safety and asset protection, CCTV may operate in entrances, lobbies, corridors, parking, and other public or semi-public areas. Signage is displayed where practicable. Recording is not deployed inside guest rooms or private guest-only spaces. Footage is accessed on a need-to-know basis for security, incident investigation, or compliance with lawful requests, and is retained for a limited period consistent with operations and law.

Marketing

We may send promotional offers, newsletters, or event invitations where permitted by law and, when consent is required, only after you opt in. You may unsubscribe via links in marketing emails or by writing to us. Operational messages (booking confirmations, policy updates that affect you, safety notices) may still be sent without constituting “marketing”.

Retention

Retention depends on the type of record. Guest ledgers, invoices, payment evidence, and police/foreign guest registers may be kept for years as required by taxation, company law, or police instructions. Marketing suppression lists, CCTV cycles, and web logs are kept for shorter periods. When retention ends, we delete or anonymise data where feasible.

Security of information

We apply technical and organisational measures appropriate to the sensitivity of the data, including access controls, encryption in transit where standard for payments, staff training, and vendor diligence. No internet transmission or storage is absolutely risk-free; you share information at your own risk beyond what reasonable hospitality practice can mitigate.

Your rights & grievances (India)

Depending on applicable law, including the DPDP Act where it governs our processing, you may request access, correction, or erasure; withdraw consent where processing was consent-based (without affecting prior lawful processing); nominate a representative; or escalate grievances. Statutory timelines and exemptions (for example, records we must keep by law) may apply.

You may also lodge a complaint with the Data Protection Board of India when the Act permits. To exercise rights, contact us using the details below; we may verify identity before disclosing or changing records.

Children

Our services are not aimed at minors booking independently. Parents or guardians making reservations for families remain responsible for accompanying children. If you believe we have collected a child’s personal information improperly, contact us and we will address it in line with law.

Cross-border transfers

We primarily host and process guest data in India. If data is transferred outside India (for example to a cloud or email provider), we do so with safeguards required by applicable Indian law and, where relevant, contractual clauses approved for such transfers.

Third-party links

Our site may link to maps, social networks, or partners. Their privacy practices are governed solely by their policies. We are not responsible for third-party sites you choose to open.

Guest responsibilities, property damage, fines & incidental charges

To maintain standards expected of hotels in India at our tier, guests must comply with reasonable house rules, respect staff and other guests, and use rooms and facilities only for lawful purposes. The following terms protect the Hotel while staying fair and predictable:

• Damage, loss, or destruction — You are responsible for any damage to or loss of hotel property (including furniture, fixtures, electronics, décor, linen, and inventory) caused by you, your invitees, or minors in your care. The Hotel may charge the documented cost of repair or replacement, procurement, and reasonable labour; where exact cost cannot be immediately verified, a provisional hold or deposit may be taken pending final invoice.
• Smoking & odours — Smoking is permitted only in designated areas. Smoking or vaping in non-smoking rooms or balconies where prohibited may result in deep-cleaning, odour treatment, and inventory charges assessed reasonably by management.
• Keys & hotel property — Unreturned key cards, locks requiring replacement, or removal of hotel assets (towels, robes, fixtures, minibar items not posted to folio, etc.) may be charged at replacement or retail value plus handling.
• Disorderly or unlawful conduct — Behaviour that endangers safety, violates law, or disturbs other guests may lead to removal from the premises without refund of unused nights, and to charges for security or third-party call-outs where reasonably incurred.
• Extraordinary cleaning — Excessive soiling, biological hazards, or misuse requiring specialised cleaning may incur additional charges based on vendor invoices or standard tariff.
• Incidentals & folio — Charges correctly posted to your folio (telephone, minibar, laundry, dining, spa, transfers, or damages agreed or assessed under this Policy) are payable on departure. Where you have supplied a card or signed an authorization at check-in or online, you authorise the Hotel to settle outstanding balances through that channel, subject to applicable card network rules and rate disclosures.
• Disputes — Please raise billing concerns before or at check-out. Amounts are determined in good faith by management based on inspection, photographs, repair quotations, or customary hotel tariffs. Nothing in this Policy limits non-waivable rights you may have under applicable consumer or contract law in India.

Serious theft, assault, or unlawful activity may be referred to the police. CCTV or access logs may be used as part of incident review where lawful.

Limitation of liability (website & general)

To the fullest extent permitted by the laws of India, the Hotel and its owners, managers, and staff shall not be liable for indirect, incidental, special, consequential, or punitive losses arising from use of this website except where such exclusion is invalid (for example certain fraud or wilful misconduct, or non-excludable statutory guarantees under the Consumer Protection Act, 2019). For website-only claims unrelated to a paid stay, where liability is found despite the foregoing, recovery may be limited to the fees you paid for the specific online transaction giving rise to the claim in the twelve months preceding the event, if any. Nothing here excludes liability that cannot be excluded by law, including for death or personal injury caused by negligence where Indian law does not permit exclusion.

Governing law & jurisdiction

This Policy and disputes arising from privacy practices or the Hotel’s handling of personal information shall be governed by the laws of India. Subject to mandatory rules that require another forum (including consumer or labour Courts), you agree to the exclusive jurisdiction of the courts at Shimla, Himachal Pradesh, India, or such other courts in Himachal Pradesh as applicable law may direct.

Cancellation & refund policy

Cancellation charges depend on how far in advance of the arrival date notice is received:

• 15 days or more before arrival — no charge.
• 10–14 days before arrival — 20% of the total booking value.
• 5–9 days before arrival — 50% of the total booking value.
• Within 4 days of arrival or no-show — 100% of the total booking value.

All cancellation requests must include the booking reference. Refunds, where due, are processed within 7–10 business days to the original payment path where possible. Date changes are subject to availability and may be treated as a cancellation and new booking. Group or contracted rates may carry different terms if expressly agreed in writing.

Changes to this Policy

We may revise this Policy to reflect legal, operational, or service changes. The “Last updated” date will change accordingly. Material changes may be highlighted on our website or by email where appropriate. Continued use of our website or services after updates, where permitted by law, constitutes notice of the revised Policy.