PRIVACY POLICY www.prestigemiles.com Effective Date: April 9, 2026 | Last Updated: April 9, 2026 1. Introduction Welcome to PrestigeMiles ("Website"), accessible at www.prestigemiles.com. PrestigeMiles is an independent travel and loyalty rewards information platform that helps users maximize airline miles, hotel points, credit card rewards, and airport lounge access in India and globally. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, and outlines your rights with respect to your personal data. By accessing or using our Website, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our Website. 2. Identity of the Data Controller Website Name: PrestigeMiles Website URL: www.prestigemiles.com Nature of Business: Travel rewards, loyalty miles, credit card reviews, and airport lounge access information blog Country of Operation: India Contact Email: ashvamedhharetailinglp@gmail.com For privacy-related queries, users may contact us via the Contact Us page on our website. 3. Information We Collect We may collect the following categories of information: 3.1 Information You Provide Directly • Name, email address, and phone number when you submit a contact form or subscribe to our newsletter • Comments or messages you send us via the website or email • Any feedback or correspondence you provide voluntarily 3.2 Automatically Collected Information • IP address and approximate geographic location • Browser type, device type, and operating system • Pages visited, time spent on pages, and referring URLs • Cookies and similar tracking technologies (see Section 8) 3.3 Payment-Related Information If our website facilitates any paid transactions (such as premium content, subscriptions, or sponsored tools), payment processing is handled by Paytm Payment Gateway, a PCI DSS-compliant payment processor. We do not store, collect, or have access to your full credit/debit card numbers, CVV, or banking credentials. All payment data is transmitted directly and securely to Paytm in accordance with PCI DSS v4.0.1 standards. 3.4 Third-Party Sources • Analytics providers (e.g., Google Analytics) may share aggregate usage data with us • Affiliate networks may share referral or click-tracking data 4. How We Use Your Information We use the information we collect for the following purposes: • To operate, maintain, and improve our website and services • To respond to your enquiries, comments, or requests • To send newsletters, updates, and promotional content — only with your explicit consent • To analyze usage trends and improve the user experience • To detect and prevent fraudulent, unauthorized, or illegal activity • To comply with applicable laws and regulations, including the Digital Personal Data Protection Act, 2023 (DPDP Act) and RBI guidelines • To process payments for any paid services via Paytm Payment Gateway • To fulfill any contractual obligations arising from your use of our services 5. Legal Basis for Processing (DPDP Act 2023 Compliance) In compliance with India's Digital Personal Data Protection Act, 2023 (DPDP Act), we process your personal data only on valid legal grounds, which include: • Consent: Where you have given us your explicit, informed, and voluntary consent to process your data for a specific purpose • Contractual Necessity: Where processing is necessary to fulfil a contract with you or to take steps at your request prior to entering into a contract • Legal Obligation: Where we are required to process data to comply with applicable laws, RBI directives, or regulatory requirements • Legitimate Interests: Where we have a legitimate interest in processing your data and such interest is not overridden by your rights You have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing that occurred prior to withdrawal. 6. Sharing and Disclosure of Your Information We respect your privacy and will never sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your information only in the following limited circumstances: 6.1 Service Providers We may share data with trusted third-party vendors who assist us in operating our website, including hosting providers, email service providers, analytics platforms, and payment processors. These parties are contractually obligated to keep your data confidential and use it only as necessary to provide their services. 6.2 Payment Gateway For any paid transactions, relevant payment data is shared with our authorised payment gateway partner, which is an RBI-authorised Payment Aggregator and PCI DSS compliant. Data shared is limited to what is strictly necessary to process your transaction. Please refer to the respective payment gateway's privacy policy on their official website for details on their data practices. 6.3 Affiliate and Partner Networks We participate in affiliate marketing programs with airlines, hotels, credit card issuers, and other travel-related companies. We may share anonymized or aggregated data with these partners for reporting and commission tracking purposes. No personally identifiable information is shared without your consent. 6.4 Legal Requirements We may disclose your information if required by law, court order, or government authority, or where we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. 6.5 Business Transfers In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the transaction. You will be notified of any such change in ownership or control of your personal information. 7. Data Retention We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. The following retention periods apply: • Contact form submissions and email correspondence: Up to 2 years from the date of last communication • Newsletter subscription data: Until you unsubscribe or withdraw consent • Analytics and usage data: Up to 26 months (as per Google Analytics default) • Payment transaction records: Up to 8 years as required under Indian financial regulations and RBI guidelines Upon expiry of the applicable retention period, data will be securely deleted or anonymized. 8. Cookies and Tracking Technologies Our website uses cookies and similar technologies to enhance your browsing experience and analyze website traffic. Cookies are small text files placed on your device by the website. 8.1 Types of Cookies We Use • Essential Cookies: Necessary for the website to function correctly. These cannot be disabled. • Analytics Cookies: Used to understand how visitors interact with our website (e.g., Google Analytics). • Advertising & Affiliate Cookies: Used to track referrals and measure the effectiveness of affiliate partnerships. • Preference Cookies: Used to remember your settings and preferences. 8.2 Managing Cookies You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. You may also opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on available at https://tools.google.com/dlpage/gaoptout. 9. Payment Security PrestigeMiles takes the security of financial transactions seriously. All payment processing on our website is handled by Paytm Payment Gateway, which maintains the following certifications and compliances: • PCI DSS v4.0.1 Level 1 Compliance — the highest level of payment security certification • RBI Authorization as a Payment Aggregator under the Payment and Settlement Systems Act, 2007 • Implementation of SSL/TLS encryption for all data transmissions • Tokenization of card data to prevent exposure of raw card details • Two-Factor Authentication (2FA) as mandated by RBI's Authentication Mechanisms for Digital Payment Transactions Directions, 2025 We do not store card numbers, CVV codes, or banking passwords on our servers. If you have questions about a specific transaction, please contact Paytm's grievance officer at grievanceofficer@paytm.com or our support email. 10. Your Rights Under the DPDP Act, 2023 As a Data Principal under India's Digital Personal Data Protection Act, 2023, you have the following rights: • Right to Access: You may request a summary of the personal data we hold about you and the purpose for which it is being processed. • Right to Correction: You may request correction of inaccurate or incomplete personal data. • Right to Erasure: You may request deletion of your personal data, subject to legal or contractual retention obligations. • Right to Withdraw Consent: You may withdraw consent for processing at any time. • Right to Grievance Redressal: You may lodge a complaint regarding our data processing practices. • Right to Nominate: You may nominate another individual to exercise your rights in the event of your death or incapacity. To exercise any of these rights, please contact us at ashvamedhharetailinglp@gmail.com. We will respond to your request within a reasonable time and in any event within 30 days. 11. Third-Party Links and Affiliate Disclosures Our website contains links to third-party websites, including airline portals, hotel booking platforms, credit card issuer websites, and affiliate partner pages. We are not responsible for the privacy practices or content of these external websites. We encourage you to review the privacy policies of any third-party sites you visit. PrestigeMiles participates in affiliate programs and may earn commissions when you click on links or make purchases through them. This does not affect the price you pay and does not influence our editorial opinions. All affiliate relationships are disclosed in accordance with applicable advertising guidelines. 12. Children's Privacy Our website is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected information from a child, please contact us immediately and we will take steps to delete such information. 13. Data Localisation and Cross-Border Transfers All personal data collected by PrestigeMiles is stored and processed within India, in compliance with the RBI circular on Storage of Payment System Data dated April 6, 2018. Where any data processing involves cross-border transfer, we ensure adequate safeguards are in place in accordance with applicable Indian law, including the DPDP Act, 2023. 14. Data Security Measures We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These measures include: • HTTPS/TLS encryption for all data transmissions on our website • Regular security assessments and vulnerability testing • Access controls limiting data access to authorized personnel only • Secure server infrastructure and data backup systems While we take all reasonable precautions, no method of transmission over the internet is 100% secure. In the event of a data breach affecting your rights, we will notify you and the applicable regulatory authority as required by law. 15. Grievance Officer In accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, we have designated a Grievance Officer for any complaints or concerns regarding our data practices: Grievance Officer: PrestigeMiles Privacy Team Email: ashvamedhharetailinglp@gmail.com Website: www.prestigemiles.com/contact-us We will acknowledge your grievance within 72 hours and aim to resolve it within 30 calendar days of receipt. 16. Changes to This Privacy Policy We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or for any other reason. The updated policy will be posted on this page with a revised Effective Date. We encourage you to review this Privacy Policy periodically. Your continued use of our website following the posting of changes constitutes your acceptance of such changes. For material changes, we will notify registered users by email where feasible. 17. Governing Law and Jurisdiction This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts in India. This policy is compliant with: • The Information Technology Act, 2000 and IT (Amendment) Act, 2008 • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 • The Digital Personal Data Protection Act, 2023 (DPDP Act) • Reserve Bank of India Payment Aggregator Master Directions, 2020 (updated 2025) • RBI Authentication Mechanisms for Digital Payment Transactions Directions, 2025 • PCI DSS v4.0.1 (effective March 31, 2025) © 2026 PrestigeMiles. All rights reserved. | www.prestigemiles.com This document constitutes the official Privacy Policy of PrestigeMiles as required for Paytm Payment Gateway compliance.