Privacy Policy
1. Introduction
The Wonder Nepal ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, and safeguard data when you use our website and marketplace platform at thewondernepal.com (the "Platform").
By using the Platform you consent to the practices described in this Policy. Please read it carefully.
2. Information We Collect
2.1 Information You Provide Directly
- Account data: your name, email address, phone number, and password when you register.
- Profile data (Guides): display name, business or license details, bio, profile photo, bank account details for payouts, and identity documents submitted for verification.
- Booking data (Travelers): traveler names, ages, nationalities, passport numbers, dietary requirements, emergency contact details, and special requests provided during checkout.
- Payment data: transaction references, proof-of-payment images, and gateway responses. We do not store raw card numbers; payments are processed by third-party gateways (Khalti, eSewa).
- Communications: messages you send us via the contact form, email, or WhatsApp.
2.2 Information Collected Automatically
- IP address, browser type and version, operating system, referring URL, and pages visited (via access logs and Google Analytics 4).
- Session identifiers and cookies as described in Section 5.
- Article hit counts (via django-hitcount, used to display popular articles).
3. How We Use Your Information
We use your personal information to:
- Create and manage your account on the Platform.
- Process bookings, send booking confirmation emails, and coordinate with the relevant guide.
- Verify guide credentials and publish approved guide profiles.
- Process payments and payouts, and maintain financial records.
- Send transactional communications (booking confirmations, receipts, status updates).
- Send occasional marketing emails about new tours and editorial content — you may unsubscribe at any time.
- Improve the Platform through analytics on usage patterns.
- Comply with applicable legal obligations, including tax record-keeping.
4. Sharing Your Information
We do not sell your personal data. We may share your data with:
- Guides: when you make a booking, we share your name, contact details, traveler information, and booking reference with the guide to fulfil the tour.
- Payment providers: Khalti and eSewa receive your transaction data to process payments. These providers have their own privacy policies.
- Analytics providers: Google Analytics 4 receives anonymised usage data. Google's data processing terms apply.
- Legal authorities: where required by Nepali law, court order, or regulatory body.
Any data transferred to third parties is governed by appropriate data processing agreements.
[REVIEW: legal team — confirm DPA or contractual requirements with Khalti and eSewa]5. Cookies & Analytics
We use cookies and similar tracking technologies for the following purposes:
- Session cookies: required for the Platform to function (authentication, CSRF protection). These are deleted when you close your browser.
- Analytics cookies: Google Analytics 4 places cookies to help us understand how visitors use the Platform. Data is aggregated and anonymised.
You can disable cookies in your browser settings. Disabling session cookies will prevent you from logging in or completing bookings.
[REVIEW: legal team — consider adding a cookie consent banner if the audience includes EU/UK visitors (GDPR/UK PECR)]6. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. After account closure, we retain data for a further period as required by applicable law (e.g., financial records for tax compliance). Guide verification documents are retained for a minimum of 2 years after the guide's profile is closed.
[REVIEW: legal team — confirm retention periods against Nepali tax/financial regulation requirements]7. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Measures include encrypted data storage, HTTPS for all data in transit, and restricted internal access controls.
No internet transmission is completely secure. While we take reasonable precautions, we cannot guarantee absolute security.
8. Your Rights
You have the right to:
- Access: request a copy of the personal data we hold about you.
- Correction: request that inaccurate data be corrected.
- Deletion: request erasure of your personal data, subject to our legal retention obligations.
- Withdraw consent: for marketing communications, by clicking "unsubscribe" in any email or contacting us directly.
- Data portability: request a machine-readable copy of your data where technically feasible.
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
9. Children's Privacy
The Platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes take effect immediately upon posting. We will notify registered users of material changes via email where reasonably practicable.
11. Contact
For questions or requests about this Privacy Policy, please contact our data controller at:
The Wonder Nepal
Email: [email protected]
This document is a preliminary draft. Do not rely on it as legal advice.