Privacy Policy

This Privacy Policy applies to information collected through our website, booking portal, agent registration pages, login pages, payment pages, passenger manifest forms, support or contact channels, downloadable resources, business communications, marketing touchpoints, and operational systems connected to our services.

It also applies where personal data is provided to us by travel agents, corporate customers, passengers, representatives, partners, vendors, and service providers in connection with travel, booking, payment, or support activities.

Depending on the nature of the interaction, we may collect or receive the following categories of information:

• Identity information, such as full name, title, gender, nationality, date of birth, passport details, identification details, and other travel document information.
• Contact information, such as email address, phone number, billing address, registered office address, company or agency details, and emergency or representative contact details.
• Booking and travel information, such as booking references, flight details, seat selections, passenger categories, manifest records, baggage information, itinerary data, payment status, agency references, and operational notes.
• Account information, such as username, login credentials, encrypted passwords, session details, device information, browser data, IP address, access logs, timezone, and authentication history.
• Commercial and financial information, such as payment references, transaction details, settlement information, invoices, deposit amounts, balances, manual payment proof, and related accounting or reconciliation records.
• Technical usage information, such as cookies, analytics data, page interactions, browser identifiers, operating system details, referring URLs, timestamps, and performance or diagnostic logs.
• Communications and support information, such as messages, inquiry submissions, support correspondence, attachments, complaint details, call notes, or other records of interaction with our team.
• Compliance and security information, such as fraud-prevention data, verification results, security monitoring outputs, suspicious activity logs, and information reasonably required to protect our platform, customers, and business.

We may collect information in a number of ways, including:

• Directly from you when you fill in forms, register an account, submit manifest records, make a payment, contact us, or otherwise interact with our systems.
• From travel agents, agencies, operators, employers, or authorized representatives who submit passenger or booking information on your behalf.
• Automatically through browser technologies, system logs, cookies, analytics tools, security tools, and server-side monitoring.
• From business partners, payment providers, service providers, or technical integrations used to facilitate booking, verification, payments, hosting, analytics, communication, and support.
• From lawful public or regulatory sources where reasonably necessary for compliance, due diligence, fraud prevention, dispute handling, or legitimate business operations.

We may use collected information for one or more of the following purposes:

• To create, administer, and maintain user accounts, agent accounts, passenger records, booking records, and related service profiles.
• To process bookings, manage travel operations, confirm seat allocations, prepare manifests, and support related airline or travel workflows.
• To process, verify, reconcile, review, or record payments, deposits, balances, transaction proofs, and financial interactions.
• To communicate with customers, agents, passengers, partners, suppliers, and representatives in relation to services, support, updates, reminders, notices, or operational requirements.
• To provide customer support, technical support, account assistance, dispute handling, and service troubleshooting.
• To personalize or improve website functionality, user experience, product development, interface design, performance, reporting, and service quality.
• To detect, investigate, prevent, or respond to fraud, abuse, unauthorized access, suspicious activity, cybersecurity threats, data misuse, or violations of our policies or contractual rights.
• To comply with applicable legal, tax, accounting, regulatory, aviation, enforcement, risk management, and record-keeping obligations.
• To protect our legal rights, business interests, systems, personnel, customers, and property.
• To carry out internal administration, audit, reporting, analytics, service review, performance monitoring, forecasting, and business planning.
• To send service-related notices and, where permitted, business or marketing communications relating to our services, promotions, route offerings, trade opportunities, or system updates.

Where applicable under relevant law, we may process information because it is necessary to perform a contract, take steps before entering a contract, comply with legal obligations, protect legitimate business interests, maintain security, detect fraud, respond to claims or disputes, or because consent has been obtained where required. In some operational contexts, processing may also be necessary to administer travel, payment, identity verification, or customer support workflows.

Our website and systems may use cookies, session technologies, analytics tools, performance tools, and similar technologies to maintain sessions, remember preferences, improve navigation, understand usage, support security controls, and measure website or service effectiveness. These tools may collect device and browser-related information and may help us understand how visitors and users interact with our services.

You may be able to control certain cookie preferences through your browser settings, although doing so may affect functionality, session continuity, or service performance.

We may disclose information where reasonably necessary to operate our business and services, including disclosure to:

• Airline, travel, operational, or fulfillment stakeholders involved in service delivery or travel processing.
• Payment processors, financial institutions, settlement partners, accounting systems, and fraud-prevention providers.
• Hosting providers, infrastructure partners, security providers, cloud vendors, analytics providers, and software or communications platforms.
• Customer support providers, technical contractors, consultants, professional advisers, auditors, insurers, and legal counsel.
• Government bodies, regulators, law enforcement, courts, or authorities where required by law, lawful request, compliance duty, or risk management necessity.
• Potential investors, purchasers, acquirers, successors, or restructuring parties in connection with a corporate transaction, business transfer, financing, audit, or due diligence process, subject to appropriate confidentiality measures where applicable.

We do not sell personal data in the ordinary commercial sense. However, we reserve the right to share information as necessary for lawful operations, risk control, service delivery, compliance, and legitimate business administration.

Because our services may involve travel operations, cloud hosting, payment systems, support infrastructure, and partners located in multiple jurisdictions, information may be stored, accessed, or processed outside your country of residence. Where this occurs, we may take reasonable steps to ensure such transfers are handled in a manner consistent with applicable legal requirements and appropriate commercial safeguards.

We may retain information for as long as reasonably necessary for the purposes set out in this Privacy Policy, including service delivery, booking administration, manifest handling, payment processing, compliance, dispute resolution, fraud prevention, audit requirements, legal obligations, operational continuity, or protection of business interests. Retention periods may vary depending on the nature of the information and the legal or operational context in which it was collected.

We take reasonable technical, organizational, contractual, and administrative steps to protect data against unauthorized access, misuse, disclosure, alteration, destruction, or loss. Such measures may include access controls, authentication controls, audit logs, monitoring tools, restricted permissions, system hardening, backup practices, and other operational safeguards. However, no website, transmission method, or system environment can be guaranteed to be completely secure, and all use of digital services involves some level of inherent risk.

In some cases, travel-related services may require the handling of passport details, identification details, date of birth, nationality, gender, manifest information, and related travel documentation. Users submitting information on behalf of passengers, staff, clients, or representatives are responsible for ensuring they have the authority or lawful basis to do so. We may rely on the submitting party’s representation that the information has been lawfully collected and validly shared with us.

Our services are generally intended for business, trade, or travel-related users and not for children acting independently. Where child passenger data is submitted as part of a booking or manifest process, such information should be submitted only by an authorized adult, parent, guardian, agency, or lawful representative and only to the extent reasonably necessary for travel processing or associated service delivery.

Our website or services may contain links to third-party websites, payment gateways, external resources, partner systems, or integrated service providers. We are not responsible for the privacy practices, security standards, content, or policies of third-party services that are not directly under our control. Users should review the applicable privacy terms of those third parties separately where relevant.

Subject to applicable law and operational limitations, you may have rights to request access to, correction of, updating of, clarification regarding, or deletion of certain personal data, or to object to or restrict certain forms of processing. We may require identity verification, authority verification, and sufficient detail before acting on any request. We may also refuse or limit requests where permitted by law, where another party’s rights may be affected, or where retention is required for compliance, legal defense, operational integrity, or legitimate business purposes.

We may send operational, service, account, trade, route, or promotional communications where consistent with our relationship with you, your role as an agency or user, or where otherwise permitted by law. You may opt out of non-essential marketing communications where such option is made available, but we may still send service-related or legally required notices where necessary.

We reserve the right to use, preserve, review, and disclose relevant information where reasonably necessary to enforce contractual rights, defend legal claims, investigate misconduct, protect the business, support internal reviews, respond to chargebacks or payment disputes, prevent abuse of the platform, maintain service integrity, or cooperate with lawful investigations and compliance duties.

We may update, revise, expand, or amend this Privacy Policy from time to time to reflect business developments, service changes, legal requirements, operational needs, risk controls, or changes in our information-handling practices. Any updated version may become effective once published on the website unless otherwise stated.

If you have questions, requests, or concerns about this Privacy Policy or the way information is processed through our services, you may contact Ommri Travel & Tours Sdn Bhd through the contact channels listed on our website.

Nothing in this Privacy Policy limits any rights, protections, exemptions, defenses, disclosures, or lawful processing activities available to Ommri Travel & Tours Sdn Bhd under applicable law, contractual rights, compliance obligations, risk management requirements, dispute-handling needs, corporate governance, or legitimate business operations.