Privacy Policy
Effective Date: [June 5, 2026]
The Grand Holidays Pvt. Ltd. ("The Grand Holidays", "we", "our", or "us") respects the privacy of customers, website visitors, and business partners. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you visit tghmaldives.com, contact us, request a quotation, make a booking, or use our travel-related services.
This Privacy Policy applies to personal information processed by The Grand Holidays in connection with our website, enquiries, bookings, customer support, marketing communications, and related travel services. It does not apply to third-party websites, hotels, resorts, airlines, transport providers, payment processors, or other suppliers that process personal information under their own privacy policies.
This Privacy Policy does not rely on blanket consent for all processing. Where consent is legally required, such as for certain marketing communications or non-essential cookies, we will request consent separately, and you may withdraw it at any time.
Who Controls Your Personal Information
The data controller or responsible business for the website and booking-related personal information is The Grand Holidays Pvt. Ltd.
Contact details: The Grand Holidays Pvt. Ltd., Website: tghmaldives.com, Email: [Insert Email Address], Phone: [Insert Phone Number], Registered Office Address: [Insert Registered Office Address].
Privacy requests may be sent to the above email address with the subject line "Privacy Request".
Information We Collect
We may collect the following categories of information, depending on how you use the website and services:
- Identity and contact information, including full name, nationality, email address, phone number, country of residence, and emergency contact details.
- Booking and travel information, including arrival and departure dates, hotel or resort preferences, transfer requirements, excursion preferences, passenger details, special requests, and booking history.
- Passport, identification, and documentation information where required by hotels, transport providers, immigration authorities, airlines, or other suppliers.
- Payment and billing information, including billing details, transaction references, payment status, and limited payment-related information received from third-party payment processors. We do not intend to store full card numbers or card security codes on our website.
- Communications information, including enquiries, customer support communications, feedback, complaints, and correspondence with us.
- Website and device information, including IP address, browser type, device identifiers, pages viewed, referral source, approximate location derived from IP address, cookies, analytics data, and website usage data.
- Sensitive or special category information only where necessary for travel arrangements and voluntarily provided or legally required, such as health, accessibility, dietary, mobility, or medical assistance information.
How We Collect Information
- directly from you when you complete forms, request quotations, make bookings, contact us, subscribe to updates, or communicate with us;
- from third-party suppliers, travel partners, hotels, resorts, airlines, transfer providers, excursion providers, payment processors, and booking systems where necessary to manage a booking or enquiry;
- automatically through cookies, analytics tools, server logs, and similar technologies when you use the website.
Purposes and Legal Bases for Processing
We use personal information only for legitimate business, contractual, legal, and customer service purposes. Where the GDPR, UK GDPR, or similar international data protection law applies, we rely on one or more of the following legal bases: contract, steps taken before entering into a contract, legal obligation, legitimate interests, vital interests, and consent where required.
|
Purpose |
Examples of information used |
Legal basis where GDPR/UK GDPR applies |
|
Responding to enquiries and quotations |
Name, contact details, travel preferences, enquiry details |
Pre-contract steps; legitimate interests |
|
Processing and managing bookings |
Identity details, contact details, passport details, booking details, travel requirements |
Contract; legal obligation; legitimate interests |
|
Arranging hotels, transfers, excursions, and related services |
Passenger details, itinerary, special requests, supplier requirements |
Contract; legitimate interests |
|
Payment processing and fraud prevention |
Billing details, transaction references, payment status, verification information |
Contract; legitimate interests; legal obligation |
|
Customer support, complaints, and dispute handling |
Communications, booking records, supplier correspondence |
Contract; legitimate interests; legal obligation |
|
Legal, tax, accounting, and regulatory compliance |
Invoices, payment records, booking records, identification where required |
Legal obligation; legitimate interests |
|
Marketing communications |
Name, email, preferences, consent records |
Consent or legitimate interests where permitted by law |
|
Website analytics and improvement |
Cookie identifiers, IP address, usage data, device information |
Consent where required; legitimate interests for necessary security and performance data |
Sharing of Information
We may share personal information only where reasonably necessary for the purposes described in this Privacy Policy. Recipients may include:
- hotels, resorts, guesthouses, airlines, seaplane operators, speedboat operators, transfer providers, excursion providers, and tour operators;
- payment processors, banks, card networks, fraud prevention providers, and financial service providers;
- IT, website hosting, cloud, CRM, email, booking engine, analytics, and customer support service providers;
- professional advisers, auditors, insurers, and legal representatives;
- government, immigration, customs, police, tax, tourism, or regulatory authorities where legally required or necessary for travel arrangements;
- other parties where required to protect legal rights, prevent fraud, manage disputes, or comply with applicable law.
- We do not sell personal information to third parties.
International Transfers
As a Maldives-based travel business arranging international travel services, we may transfer personal information to suppliers, service providers, payment processors, and authorities in the Maldives and other countries. These countries may have different data protection rules from your country of residence.
Where the GDPR, UK GDPR, or similar law applies, and where we transfer personal information internationally, we will take appropriate steps required by applicable law. These may include using recognised contractual safeguards, carrying out supplier checks, limiting transferred information to what is necessary, and relying on permitted transfer mechanisms where available.
Online Payment Processing
Payments made through the website or payment links may be processed by secure third-party payment processors. The payment processor may collect and process card details, authentication data, billing information, transaction data, and fraud prevention information under its own terms and privacy policy.
We do not intend to store full card numbers or card security codes on our website. We may receive limited payment information such as transaction status, amount paid, payment reference, card type, last four digits, and billing details.
A booking is not confirmed merely because a payment has been attempted or authorised. Unless expressly stated otherwise, a booking is confirmed only when payment has been received, availability has been verified, supplier confirmation has been obtained where applicable, and we issue written confirmation.
Cookies and Similar Technologies
Our website may use cookies, pixels, tags, analytics scripts, and similar technologies. Some cookies are strictly necessary for the website to function. Others, such as analytics, advertising, remarketing, functional, or social media cookies, may require consent depending on the visitor’s location and applicable law.
Where required by law, including for visitors from the EU/EEA or UK, non-essential cookies will not be placed on your device unless you have given consent through our cookie banner or cookie settings tool. You should be able to accept all, reject non-essential cookies, or manage preferences by category.
Users may also disable cookies through browser settings, although some website features may not function properly. For detailed information on the specific cookies we use, their purposes, and how you can manage your preferences, please review our separate Cookie Policy.
Direct Marketing
We may send marketing communications where permitted by law and where we have an appropriate legal basis. Where consent is required, we will ask for consent before sending marketing communications.
You may opt out of marketing emails at any time by using the unsubscribe link in the email or contacting us. Opting out of marketing does not prevent us from sending service-related messages about existing enquiries, bookings, payments, travel updates, or customer support.
Data Security
We use reasonable technical and organisational measures designed to protect personal information against unauthorised access, loss, misuse, alteration, disclosure, or destruction. These measures may include access controls, secure systems, staff confidentiality obligations, supplier controls, secure payment processing, and appropriate internal procedures.
No website, email transmission, online payment system, or electronic storage system is completely secure. We cannot guarantee absolute security, but we will take reasonable steps to protect personal information and respond appropriately to suspected incidents.
Data Retention
We retain personal information only for as long as reasonably necessary for the purposes for which it was collected, including booking management, customer support, legal compliance, accounting, tax, audit, dispute resolution, fraud prevention, and business records.
Retention periods may vary depending on the type of information, legal requirements, supplier requirements, and whether a dispute or complaint is ongoing. Where information is no longer required, we will delete, anonymise, or securely archive it where appropriate.
Your Rights
- Subject to applicable law, you may have the right to:
- request access to your personal information;
- request correction of inaccurate or incomplete information;
- request deletion of personal information;
- object to or restrict certain processing;
- request data portability where applicable;
- withdraw consent where processing is based on consent;
- opt out of direct marketing;
- complain to a competent data protection or consumer authority where applicable.
Requests may be submitted using the contact details above. We may need to verify your identity before responding. Some requests may be refused or limited where we must retain information for legal, accounting, fraud prevention, contractual, or dispute-related reasons.
Children’s Privacy
Our website and services are not directed to children under 18 acting independently. Travel bookings involving minors must be made or authorised by a parent, guardian, or responsible adult. We do not knowingly collect personal information from minors without appropriate adult involvement or consent where required.
Third-Party Links and Supplier Websites
Our website may contain links to third-party websites or supplier platforms. We are not responsible for their privacy practices, cookie practices, content, security, or terms. Customers should review the privacy policies and terms of third-party suppliers before using their services.
Changes to this Privacy Policy
We may update this Privacy Policy periodically. The updated version will be posted on this page with a revised effective date. Material changes may be notified through the website or by other appropriate means where required by law.

