Privacy Policy
Your privacy is important to us. This policy outlines how we collect, use, and protect your personal information.
Introduction
Welcome to Mastiff Expedition. This Privacy Policy explains how Mastiff Expedition Pvt. Ltd. ("we", "us", or "our") collects, uses, discloses, and safeguards your personal information when you visit our website, use our services, or participate in our expeditions.
We are committed to protecting your privacy and handling your personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the Information Technology Act, 2000 (India), and other relevant regulations in the jurisdictions where we operate.
By accessing our website, booking an expedition, or engaging with our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services.
This policy applies to all information collected through our website (mastiffexpedition.com), mobile applications, social media pages, marketing communications, and any other services that reference this Privacy Policy.
Information We Collect
Personal Information You Provide
- ›Full name, date of birth, nationality, and gender
- ›Contact details including email address, phone number, and postal address
- ›Passport details and visa information for expedition permit applications
- ›Emergency contact information (name, relationship, phone number)
- ›Medical history, allergies, medications, and fitness assessments
- ›Climbing experience, certifications, and mountaineering qualifications
- ›Payment information including credit/debit card details and billing address
- ›Travel insurance details and policy numbers
- ›Dietary requirements and preferences
- ›Photographs and video recordings taken during expeditions
Information Collected Automatically
- ›IP address, browser type, operating system, and device information
- ›Pages visited, time spent on pages, referral URLs, and click patterns
- ›Cookies, pixel tags, and similar tracking technologies
- ›Geographic location data (with your consent)
- ›Communication metadata (email open rates, link clicks)
Information from Third Parties
- ›Social media profile data when you connect through social platforms
- ›Referral information from partners and affiliate organisations
- ›Credit and background verification data for high-risk expeditions
- ›Medical assessments from healthcare providers (with your explicit consent)
How We Use Your Information
We use the personal information we collect for the following purposes:
Service Delivery
- ›Processing expedition bookings, permits, and logistics
- ›Communicating expedition details, itinerary updates, and important notices
- ›Providing personalised training programmes and fitness guidance
- ›Managing emergency situations and medical evacuations during expeditions
- ›Processing payments, refunds, and financial transactions
Communication
- ›Sending booking confirmations, pre-departure briefings, and expedition updates
- ›Responding to your enquiries and providing customer support
- ›Sending newsletters, marketing communications (with your consent)
- ›Sharing expedition stories, photographs, and post-expedition reports
Business Operations
- ›Analysing website usage to improve our services and user experience
- ›Conducting market research and internal analytics
- ›Complying with legal obligations and regulatory requirements
- ›Preventing fraud, ensuring security, and protecting our legal rights
- ›Managing supplier and partner relationships
Data Sharing & Disclosure
We do not sell, trade, or rent your personal information to third parties for marketing purposes. We may share your information in the following circumstances:
Service Providers & Partners
- ›Expedition guides, Sherpas, and mountain staff who require your medical and emergency information
- ›Government authorities for permit applications (Nepal Ministry of Tourism, TIMS permits)
- ›Insurance providers for claims processing and emergency evacuations
- ›Payment processors and banking institutions for financial transactions
- ›Hotels, airlines, and transport providers for travel arrangements
- ›Medical facilities and rescue services in emergency situations
Legal Requirements
- ›When required by law, regulation, legal process, or government request
- ›To protect the rights, property, or safety of Mastiff Expedition, our clients, or others
- ›To enforce our terms of service and expedition agreements
- ›In connection with any merger, acquisition, or sale of company assets
Data Security
We implement industry-standard security measures to protect your personal information from unauthorised access, alteration, disclosure, or destruction. Our security protocols include:
SSL/TLS encryption for all data transmitted between your browser and our servers. AES-256 encryption for stored sensitive data including payment information and medical records. Regular security audits, vulnerability assessments, and penetration testing. Access controls and authentication protocols for staff who handle personal data. Secure data backup procedures with encrypted storage. Incident response plans for data breach scenarios.
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to using commercially acceptable means to protect your data.
Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.
Retention Periods
- ›Expedition records and client data — 7 years after the expedition date
- ›Financial and payment records — 7 years (as required by tax law)
- ›Medical records — 10 years (as required by healthcare regulations)
- ›Marketing consent records — Until consent is withdrawn
- ›Website analytics data — 26 months from collection date
- ›Communication records — 3 years from last interaction
- ›Emergency contact information — Duration of active client relationship plus 2 years
Your Rights
Depending on your location, you may have the following rights regarding your personal information:
Data Subject Rights
- ›Right of Access — Request a copy of the personal information we hold about you
- ›Right to Rectification — Request correction of inaccurate or incomplete personal data
- ›Right to Erasure — Request deletion of your personal information ("right to be forgotten")
- ›Right to Restrict Processing — Request limitation of how we process your data
- ›Right to Data Portability — Receive your data in a structured, commonly used format
- ›Right to Object — Object to processing of your personal data for marketing purposes
- ›Right to Withdraw Consent — Withdraw previously given consent at any time
- ›Right to Lodge a Complaint — File a complaint with a supervisory authority
To exercise any of these rights, please contact us at mastiffexped@gmail.com or call +91 88650 54525. We will respond to your request within 30 days.
International Data Transfers
As an international expedition company, your personal information may be transferred to and processed in countries outside your country of residence, including Nepal, India, and other countries where our operations, partners, and service providers are based.
When we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, data processing agreements with all third-party providers, and compliance with applicable international data transfer regulations.
By using our services, you consent to the transfer of your information to countries that may have different data protection laws than your home country.
Children's Privacy
Our services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16 without parental consent.
For expedition participants aged 16–18, we require written consent from a parent or legal guardian before collecting and processing their personal information. Additional safety and medical protocols apply for minors participating in our expeditions.
If you believe we have inadvertently collected information from a child under 16 without appropriate consent, please contact us immediately so we can take appropriate action.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Post the updated policy on our website with a new "Last Updated" date. Notify registered users via email about significant changes. Provide a summary of key changes at the top of the updated policy. Give you the opportunity to review the changes before they take effect.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our services after any modifications indicates your acceptance of the updated policy.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us using any of the following methods:
Mastiff Expedition Pvt. Ltd.
Thamel, Kathmandu, Nepal 44600
Your Trust Matters
We are committed to maintaining the highest standards of data protection and transparency. If you have any concerns about how we handle your data, please do not hesitate to contact us. Your trust is the foundation of everything we do.