Return Home

Privacy Policy

Last updated: April 2026 · Winterstone Lodge, Manali, Himachal Pradesh, India

Information We Collect

When you make a reservation or create an account on our website, we may collect the following personal information:

  • Identity Data: Full name
  • Contact Data: Email address, phone number
  • Booking Data: Check-in/check-out dates, room preferences, special requests, add-on selections
  • Payment Data: Transaction references and payment confirmation details. Card details are processed directly by Razorpay and are never stored on our servers.
  • Account Data: If you create an account or sign in via Google, we store your name, email, and login preferences
  • Technical Data: Browser type, IP address, and cookies necessary for website functionality and session management

How We Use Your Information

  • Reservations: To process, confirm, and manage your booking
  • Communication: To send booking confirmations, check-in instructions, and respond to your enquiries
  • Guest Services: To fulfil special requests and personalise your stay experience
  • Marketing (with consent): With your explicit consent, we may send promotional offers, surveys, or newsletters. You may opt out at any time.
  • Operations: Anonymised and aggregated data may be used to analyse booking trends and improve our services

Data Sharing

We share personal data only in the following circumstances:

  • Payment Processing: With Razorpay, our payment gateway, to process transactions securely
  • Channel Management: Booking details may be shared with our channel manager (eZee/Yanolja Cloud) to synchronise room availability across booking platforms and prevent double-bookings
  • Legal Compliance: When required by law, regulation, court order, or a request from a government authority
  • We do not sell or share your personal data with third parties for their independent marketing purposes without your explicit consent

Cookies & Authentication

  • Our website uses cookies to manage user sessions (login state) and enhance your browsing experience.
  • If you choose to sign in via Google, the authentication is handled through Google's OAuth service. We receive only your name and email address; we do not access your Google password or other Google account data.

Data Security

We implement reasonable technical and organisational measures to protect your personal information, including:

  • Encrypted data transmission (HTTPS/TLS)
  • Access controls restricting data access to authorised personnel only
  • Secure database hosting with established cloud providers

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Data Retention

  • Personal data is retained only for as long as necessary to fulfil the purposes outlined in this policy, or as required by applicable law.
  • Booking records may be retained for accounting and legal compliance purposes as required under Indian tax and hospitality regulations.
  • You may request deletion of your personal data by contacting us at the email address below, subject to any legal retention obligations.

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your data (subject to legal retention requirements)
  • Withdraw consent for marketing communications at any time

To exercise any of these rights, please contact us at: thewinterstoneofficial@gmail.com

Terms & ConditionsHome