The Highest Standards
of Data Governance

TLC Group, which includes group companies and their affiliates i.e., TLC DigiTech Pvt. Ltd., Goodtimes Marketing Pvt. Ltd., SLS Software Pvt. Ltd., TLC EMarketing Pvt. Ltd., TLC International Limited, Nairobi Kenya, TLC International W.L.L. Bahrain, TLC Digitech (Private) Limited, Sri Lanka (hereinafter collectively referred to as “TLC”) is committed to conducting its operations in full compliance with applicable laws and regulations with respect to Privacy and Data Protection. TLC is transparent about how it collects, stores, uses and shares data to make it easier for the User (the “User”) to understand and exercise choices available in this regard. Throughout this Privacy Policy, references to "we", "us" and “our” refer collectively to TLC. References to “you” and "your" refers to User.

TLC Privacy and Data Protection Policy (“Privacy Policy”) describes the privacy practices of TLC in relation to Personal Data. “Personal Data” refers to information that identifies you personally, either alone or in combination with other information provided by you. We collect Personal Data in manners listed below:

• Through websites and apps operated and owned by TLC or managed by TLC (collectively, the “Websites”)
• Through our direct-to-customer (D2C) e-commerce platforms that we own and operate where you browse, register, purchase or transact (collectively, the “Customer Platforms”)
• Through the social media pages that we operate (collectively, our “Social Media Pages”)
• Through e-mail messages, online directories, and digital campaigns including third-party sites through Google, affiliate marketing, blogs, influencers, forums, internet search etc. (collectively, our “Digital Campaigns”)
• Through our various offline interactions including voice, print, direct at client sites - hotels, restaurants, RWAs, corporate presentations, events, retail malls, airports, public directories and others (collectively, “Offline Engagement”)
• Whenever you enroll, use, access or subscribe to the products/services/experiences linked to our technology products or services including, ‘Memberships & Subscriptions’ and, ‘Table Reservations & Feedback’, ‘Experience Vouchers & Gifting’ and ‘Delivery & Takeaway’, through Websites and Apps (collectively, the “Apps”) owned and/or operated by us or software applications made available by us (collectively, our “Tech Products” and such websites and Apps, the “Tech Platforms”).
• Data received through our business partners and third parties as a part of our engagement with them.

Collectively, we refer to the above as “Services”. By using the Services, you acknowledge that you have read, are aware of, and understand, the terms and conditions of this Privacy Policy. Where and as required under applicable law, we will request for, and be required to obtain, your consent pursuant to privacy statement prior to processing your Personal Data.

The User must carefully read this Privacy Policy, which has been written clearly and simply, to facilitate its understanding, and to freely and voluntarily determine whether the said User wishes to provide their Personal Data, or that of third parties, to TLC.

Please note, that if you fail to provide certain information when requested or choose to not provide your consent, or withdraw your consent for the use of your Personal Data for any or all of the purposes specified in the privacy statement requesting for your consent, or provide us incomplete or inaccurate information, we may not be able to perform the contract that we or our partners/clients have entered into with you, and we may also be prevented from complying with our own legal obligations.

IDENTIFICATION: WHO WE ARE & WHAT WE DO

NAME OF THE COMPANY: TLC DigiTech Private Limited

REGISTERED OFFICE: 501, Salcon Aurum, Jasola District Centre, New Delhi-110 025, India

EMAIL: contactus@tlcgroup.com

DATA PRIVACY OFFICER (DPO): Abdul Majid, Contact: privacyofficer@tlcgroup.com

TLC is in the business of inter alia, lifecycle management of membership, subscription programs and providing other technology solutions (such as food delivery, table reservations, experience vouchers, etc.) through its Tech Products and Tech Platforms in the B2B space. TLC also operates in the B2C space through its e-commerce platforms. Details of its various Services and clients are available on www.tlcgroup.com.

This data is also collected for the purposes of enrolling members and providing Services in respect of loyalty membership programs managed by TLC in conformity with the respective privacy policies of TLC and such hotels and program partners.

The information provided by Users to TLC can and may be shared with the hotels, hotel companies, restaurant partners, and/or similar businesses or third parties whose products, services and/or membership programs are offered to you, each in relation to and for the purpose of facilitating fulfilment of the commitments made to you by the hotel, hotel companies, restaurant partners and/or similar businesses.

1. Information & Consent: Scope of this Privacy Policy

This Privacy Policy describes how TLC protects your privacy when TLC receives Personal Data from the various channels mentioned above. This Policy may be supplemented or amended from time to time to inter alia reflect changes in the law, our data collection and use practices, the features of our Services, advances in technology, or changes in the geographical location.

Use of information we collect is subject to this Privacy Policy in effect at the time such information is used. By using our Services and/or providing us with your information as described above, you are expressly agreeing to our terms and conditions, including the terms of this Privacy Policy. If you do not agree to the collection, use, disclosure and transfer of your information as described in the privacy statement and this Privacy Policy, you may cease to avail our Services and not provide us the information as described above. You may also choose to get your information deleted from our records as per Clause 8 below.

2. Nature of Data: Personal Information/Data

As used in this Privacy Policy, the term “Personal Data” means personal information that identifies you personally, either alone or in combination with other information provided by you and available with us. The personal information/data you provide directly to us could include the following with several fields being optional which are clearly communicated as ‘Optional’ depending on the Service availed.

1. Full Name
2. Mobile Phone Number
3. E Mail ID
4. Activation codes provided by us or changed by you
5. Geolocation data, IP Address
6. Membership Number
7. Date of birth (Optional)
8. Photograph (Optional)
9. Date of anniversary (Optional)
10. GSTIN (Optional)
11. Spouse name, and contact details (email and mobile) (Optional)
12. Social media account ID or data made available by linking your social media details and the loyalty membership and/or TLC accounts (Optional)
13. Data provided by Users for referrals including name, mobile and email. (Optional)

In addition, the User may provide their credit or debit card data to enable a transaction, for example purchase of membership or guarantee a reservation. Please note that this transaction is processed through a third-Party Secure Payment Gateway and this information is never received by or stored in TLC Servers.

TLC collects only Personal Data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We do not collect personal data speculatively or for undefined future uses. There are other forms of “non-personal information/data” which may be gathered/stored by us. The same has been discussed in detail in Paragraph 6 of this Privacy Policy.

3. Sensitive Personal Data That We Do Not Collect

TLC as a matter of policy never seeks, collects, processes or retains any of the Special Categories of Personal Data as mentioned in the EU General Data Protection Regulation, which are data/information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

TLC also as a matter of policy never seeks, collects, processes or retains any of the sensitive personal data or information as defined under applicable Indian Laws. Sensitive personal data or information of a person under the Indian Information Technology law means such personal information which consists of information relating to;— (i) password (excluding passwords for our Tech Platforms); (ii) financial information such as bank account or credit card or debit card or other payment instrument details ; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.

4. How We Collect Personal Data

TLC may collect Personal Data in a variety of ways subject to your consent or for certain legitimate uses, to the extent required and/or permitted under applicable laws, for the specific purposes set out in the privacy statement and in this Policy. The way we collect Personal Data is detailed in this Privacy Policy under the definition of Personal Data. This is repeated below for complete transparency.

1. Through websites and Apps operated and owned by us or managed by us (collectively, the “Websites”)
2. Through our direct to customer e-commerce platforms that we own and operate where you browse, register, purchase or transact (collectively, the “Customer Platforms”)
3. Through the social media pages that we operate (collectively, our “Social Media Pages”)
4. Through e-mail messages, online directories, and digital campaigns including third party sites through Google, affiliate marketing, blogs, influencers, forums, internet search etc. (collectively, our “Digital Campaigns”)
5. Through our various offline interactions including voice, print, direct at client sites - hotels, restaurants, RWAs, corporate presentations, events, retail malls, airports, public directories and others (Collectively, “Offline Engagement”)
6. Whenever you enroll, use, access or subscribe to the products/Services/experiences linked to our technology products or Services including, ‘Memberships & Subscriptions’, ‘Table Reservations & Feedback’, ‘Experience Vouchers & Gifting’ and ‘Delivery & Takeaway’, through Websites and Apps (collectively, the “Apps”) owned and/or operated by us or software applications made available by us (collectively, our “Tech Products” and such websites and Apps, the “Tech Platforms”).
7. Data received through our business partners and third parties as a part of our engagement with them.

5. What Do We Do With The Data We Collect & How Long We Keep It ?

TLC collects your data, including Personal Data, to fulfill its obligations to its clients, customers and partners to manage the membership and subscription programs and manage the related customer lifecycle from acquisition to engagement to retention, with an objective to enhance your experience at the hotels and make the most of the membership programs you have enrolled in.

The data we collect also helps us to enable you to optimally use our Tech Products and Tech Platforms for online confirmations and personalized experiences. Our Customer Platforms allow us to personalize your Web and App journey to help you get the best offer and transact with us.

The consent given by you at your discretion shall ensure that the data provided by you is used with the principle of purpose limitation for the following purposes:

1. To inform you about products, Services or membership programs you may be interested in
2. To manage our contractual relationship with you when you are a member under a loyalty membership program with us or a user of our Tech Platforms, Tech Products and other Services, because we have a legitimate interest in doing so and/or to comply with a contractual or legal obligation
3. To manage and facilitate the deliveries, bookings and reservations made (including the ones made in advance), confirmations or pre-arrival messages
4. To personalize the products and Services according to your browsing history, purchase behavior and stated preferences
5. To manage the user’s contact requests with TLC through the channels provided to this end
6. To manage surveys and/or evaluations regarding the quality of the Services provided by TLC and/or the perception of its image as a company
7. To promote our D2C Customer Platforms

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, disclose it to unrelated third parties or there is a change in our policies, we will notify you and seek your consent afresh, or explain the legal basis which allows us to do so.

We may keep your Personal Data until the fulfillment of the specified purpose for which it was collected or the withdrawal of your consent (whichever comes first), subject to any mandatory retention requirements under applicable laws. This means that we may keep your information for as long as you continue to be a User of our Services or our Platforms or a member with any of our programs for fulfillment of (i) the legal and contractual obligations entered into by you and (ii) our retention obligations under applicable laws.

In case you cease to be a member or a User, we will retain your Personal Data for a further period of 36 months post expiration of the membership or your last transaction with us or deletion of your User account. This information would also help us communicate any new benefits, coupons, discounts, etc. based on your past buying behavior. Please note that at any point (a) you can choose to opt out of receiving such communications and (b) raise a request for removal of your Personal Data through our Privacy Officer.

Notwithstanding the retention periods described above, TLC may be required under applicable laws to retain Personal Data for longer periods where those records are necessary to satisfy statutory financial and tax obligations. Upon expiry of the 36 months period as defined above, such data is transferred to TLC’s operational systems into a secure archive where it is held for the duration prescribed by the relevant statutory or regulatory requirement.

6. Collection of Other Data

Our Websites and Apps collect click-stream data, browser and device data, data collected through cookies, pixel tags and other technologies.

Cookies allow us to select which advertisements or offers are most likely to appeal to you and display them while you are using the Services. You can choose whether to accept cookies by changing the settings on your browser or by managing your tracking preferences by clicking on “Tracking Preferences” located at the bottom of our home page. If, however, you do not accept cookies, you may experience some inconvenience in your use of the Services. For more information on how to disable cookies and different kinds of cookies used by us, please read our Cookie Policy. For any clarifications/assistance, please contact us on +91 11 40701234 or email us on contactus@tlcgroup.com.

We treat certain information collected by cookies and other technologies as non-personal information to the extent that applicable laws permit such treatment. However, to the extent that Internet Protocol (IP) addresses or similar identifiers are considered personal information by applicable laws, we treat these identifiers as Personal Data. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as Personal Data for the purposes of this Privacy Policy and applicable laws.

Non-personal data can help us, for example, in controlling access to certain content on our site and in alerting users to new site content and services. This information is shared externally only:

1. in anonymous, aggregated form for generalized user analysis, or
2. to review whether users qualify for additional benefits

7. Links to Third Party Sites

We may provide links to third-party websites which are not controlled or operated by us. Please be aware that we do not control and are not responsible for the information collection practices of such third-party websites that may differ from those of our Websites and Apps. We are not responsible for and have no control over the practices and content of such websites accessed using the links contained in our Services /Tech Platforms. We encourage you to review and understand the privacy policies of these other websites before accessing and providing any information to them.

Further, any information you choose to directly share with a hotel, hotel company, restaurant partner and/or similar businesses or their respective employees or affiliates (for instance when you make a reservation and pay at the restaurant or avail certain services at a hotel) may be used by the hotel/restaurant for their own purposes. We do not control the privacy practices or policies of our partners and clients.

8. Rights of Data Principals/ Data Subjects: Information Access, Change and/or Deletion

You can get in touch with us to exercise your rights by using contact details set out in the section below, titled “Contact Us”. We will seek to deal with your request without undue delay and within a reasonable period, and in any event, within 90 (ninety) days (subject to any extensions to which we are lawfully entitled). Please note that TLC may keep a record of your communications to help us resolve any issues which you raise. Where TLC is legally permitted to do so, we reserve our right to refuse your request.

You are entitled to the following rights in relation to your Personal Data. Please note that if you withdraw your consent or request erasure of your Personal Data, TLC may not be able to provide you with the Services for which purpose you had provided such Personal Data.

1. Right to Access Information about your Personal Data: You have the right to request for a summary of your Personal Data which TLC holds in its records and processes at any time.
2. Right to Correction and Review: You have the right to review and have your Personal Data corrected, completed, or updated if it is inaccurate, incomplete or outdated.
3. Right to Erasure: You have the right to request for deletion of your Personal Data from TLC’s systems, in which case, the terms set out under clause 5 above shall apply. You will be solely responsible for any and all consequences in the event of erasure/deletion of your Personal Data pursuant to such a request being made.
4. Right to Withdraw and Manage Your Consent: You have the right to give, review, or withdraw your consent, or limit the way in which TLC can use or process your Personal Data by managing your consent.
5. Right to Nomination: You have the right to nominate a lawful person who is an adult, to exercise these rights, in the event of your death or incapacity.
6. Right to Grievance Redressal: You have the right to have readily available means of grievance redressal in respect of any act or omission by us regarding the performance of our obligations in relation to your Personal Data or the exercise of your rights under applicable laws. You may raise your concerns or grievance with the Grievance Officer as set out under the section below, titled “Grievance Redressal” for any misuse or unauthorized use of your Personal Data. We will respond to your grievance within a reasonable period not exceeding 90 (ninety) days under our grievance redressal system.

We may disclose your information, including Personal Data, subject to, and if required by, applicable laws. However, you would still be able to view your Personal Data. You may also, at any time, object to being subject to a decision based solely on automated processing, including profiling, and may request for human intervention in such decision-making by submitting a written request to privacyofficer@tlcgroup.com.

9. Security Measures

TLC has implemented generally accepted standards of technology and operational security to protect Personal Data from loss, misuse, alteration, or destruction.

TLC has global certifications for data security and governance including

1. ISO:27701- 2019 dealing with Privacy Information Management Systems
2. ISO:27001-2022 dealing with Information Security Management Systems

TLC has also undergone SOC II Type 2 assessment in relation to data security and governance through an internationally recognized Security Auditor.

We also follow IFCR controls including ITGC (Information Technology General Controls) with a Big 4 Audit Firm as Consultant.

Only authorized TLC personnel have access to the Personal Data, and these employees are required to treat this information as confidential through an Employment Contract.

We maintain appropriate physical, technological, and organizational safeguards and measures to protect your Personal Data against loss, misuse, unauthorized access or disclosure, alteration and destruction including encryption of Personal Data in transit and at rest, role-based access controls with multi-factor authentication and least privilege principles, data masking, obfuscation and tokenization, firewall, endpoint security, anti-malware and intrusion prevention systems, audit logging with required retention periods, regular vulnerability assessments, security audits, backup, disaster recovery and business continuity measures, breach detection, incident response and remediation processes.

Although we use reasonable measures to protect your Personal Data, it is important that you understand that no website or database is completely secure or "hacker proof". If you believe the security of your account has been breached, please contact us immediately at contactus@tlcgroup.com and privacyofficer@tlcgroup.com. Complaints and other disputes are escalated until they are resolved, and a resolution is communicated to the individual in writing within a reasonable frame of time. In the event of a personal data breach, TLC will comply with its obligations and notify the same to the competent authority without undue delay, and where feasible in 72 hours of becoming aware of such breach describing nature of breach subject applicable law.

Our security procedures mean that we may occasionally request proof of identity before we disclose your Personal Data to you.

10. Transfer & Sharing of Information

To the extent permitted under applicable laws, Personal Data collected may be transferred, from time to time, to TLC® offices or personnel or to third parties located throughout the world, and the Websites may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such data.

TLC may store your Personal Data on Salesforce servers located in Mumbai, India. TLC has no control over, and is not responsible for the performance, operation and security of such third party servers.

We will maintain reasonable security practices and procedures designed to protect your Personal Data, in accordance with our obligations under applicable law. We are not liable for any disclosure of your Personal Data caused by transmission errors, unauthorized third-party access, or events beyond our control. You are responsible for maintaining the security of your account and must not share your username, password, or other security details with anyone. Any actions taken using your login credentials will be deemed authorized by you, and we will not be responsible for any resulting loss or breach.

In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data, subject to applicable laws.

The Personal Data that TLC collects may be disclosed to:

1. TLC group companies, for marketing and/or administrative purposes and/or for purposes indicated above.
2. TLC's program partners, hotel/restaurant partners and clients, business partners, banks, retail companies and other collaborating partners of the TLC group for their own marketing purposes and fulfillment of aforementioned purposes.
1. In some cases, we may act as data processors for hotels, hotel companies, our clients or partners or similar third parties, and in such cases, we will share your Personal Data with such third parties and take your specific consent that you agree to collection, storage, transfer and handling of your Personal Data in accordance with the respective privacy policies of such clients/partners. While we seek assurances from such third parties that they will process your information in accordance with applicable laws, we do not control their privacy practices or policies and are not responsible for how your Personal data is utilized by such parties. We encourage you to review and understand the privacy statement/notices and policies of such clients before consenting to sharing your Personal Data.
2. In case our relationship with any hotel or program partner or restaurant partner offering the products, Services or membership program terminates, TLC or such relevant partner will seek your written consent to continue using your data, including Personal Data. If you do not give such written consent to TLC, TLC will destroy all copies of your data in its possession in accordance with this Privacy Policy, subject to, and as required under, applicable laws. In this event, our liability towards you will terminate with immediate effect, and TLC will not be responsible for any losses or claims in relation to your data, including Personal Data, which the client or hotel/restaurant partner may continue to use or retain, after such transfer or destruction of data.
3. Suppliers, Vendors, Strategic Business Partners and other service providers of TLC for the adequate fulfillment of its legal obligations and/or the purposes previously indicated.
4. Social networking websites and applications, when you use our Services to connect with us on, or share your actions/comments/feedback in relation to our Services on, third-party social networking platforms. We cannot control the privacy or security of information you cause or choose to make publicly available or share with others on social-networking or other publicly available platforms.

11. Contact Us

If you have any questions about the Privacy Policy or our privacy practices, please write to us at privacyofficer@tlcgroup.com.

12. Commercial & Promotional Communication: Do not Call

We follow the guidelines of Telecom Regulatory Authority of India with respect to voice calls and the DNC Registry.

13. E Mail and Text Communication

We may send Email and Text communication for the use of our Services. You may unsubscribe from this communication by tapping on Unsubscribe on any email received from us or by calling our Contact Centre or updating your communication preferences on the profile we maintain for you, which you can access post log in on our Websites and Apps.

14. Grievance Redressal

If you have any questions or concerns, please contact our Grievance Redressal Officer Mr. Aditya Singh at grievanceredressal@tlcgroup.com. We will respond to your request or grievance as soon as possible. In the event you do not receive any response from us within 90 (ninety) days, or believe that your grievance is not satisfactorily addressed by our grievance redressal process after exhausting the opportunity of having your grievance redressed by us, you may file a complaint with the Data Protection Board of India.

15. Breach of Your Personal Data

In the event of a breach of your Personal Data, we will intimate you, without delay, in a concise, clear and plain manner, through your user account or any mode of communication registered by you with TLC and provide a detailed report to the Data Protection Board of India within 72 hours of becoming aware of such breach, or within such extended time as permitted by such Board, including with respect to required particulars and updates. We will take similar actions with respect to local laws in the countries that we operate in.

16. User’s Responsibility / Declarations

The User:

1. Guarantees that they are of legal age and are persons who can form a legally binding contract under the Indian Contract Act, 1872 and that the information furnished to TLC is true, accurate, complete and up-to-date. Any use or access of the Services by a minor i.e., a person under the age of 18 years, is not permitted.
2. Guarantees that he/she has informed third parties on whose behalf he/she has provided data, where applicable, of the aspects contained in this document. Also guarantees that he/she has obtained the third party’s authorization to provide their data to TLC for the purposes indicated.
3. Will be responsible for false or inaccurate information provided through the Websites and Apps and for damages, whether direct or indirect, that this may cause to TLC or third parties.
4. Accepts and agrees that there may be certain data that we may not allow you to review for legal, security or other reasons.
5. In case of loyalty membership programs, when signing up for issuance of the add-on card including the Spouse Card, and the add-on member accepts and agrees that they can seek and receive any information pertaining to the membership including any previous transactions and bookings made under the program by any of them.

UPDATES

The “Last Updated” legend at the bottom of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services. Your use of the Services following these changes will constitute your consent and acceptance of the revised Privacy Policy. If you would like to review the version of the Privacy Policy that was effective immediately prior to this revision, please contact us at contactus@tlcgroup.com.

Last updated: May 2026