Spring season open · Mar 15 – Jun 25 places left · Classic 7d · May 03Rhododendron bloom reported at Forest Camp
Trail status: Open
Mardi Himal privacy policy
Effective 1 January 2026

Privacy policy.

We collect only what is needed to take you up the mountain and get you home safely, and we do not sell or rent your data. This page explains exactly what we hold, why, with whom we share it (permit offices, hotels, insurers), and how to ask us to delete it.

1. Who we are

Mardi Himal is the Annapurna brand of Himalayan 360, the trading name of Himalayan Three Sixty Pvt. Ltd., a Nepal-registered trekking, climbing, and adventure tour operator with our office at Galkopakha Marg, Ward 16, Kathmandu, Bagmati Province, Nepal. In this policy "we", "us", "our", or "Mardi Himal" refers to Himalayan Three Sixty Pvt. Ltd. acting in its capacity as the data controller for this site and for bookings. You can reach us at hello@mardihimal.com or at the address on the contact page.

2. What we collect

We collect three categories of data:

2.1 Booking data

  • Full name, as in passport
  • Date of birth, nationality, passport number and expiry
  • Email address and phone number (with country code)
  • Home address (for invoicing)
  • Emergency contact details
  • International flight numbers and arrival times
  • Travel insurance provider, policy number, altitude cap, and 24-hour assistance line
  • Dietary needs, medical conditions, prior altitude experience

2.2 Site usage data

  • Pages visited, referring URL, device type, approximate location (city level)
  • Cookies for session management and (with your consent) analytics
  • IP address, retained for 30 days for fraud detection

2.3 On-trek data

  • Photographs and video taken during the trip (used for marketing only with your written consent at check-in)
  • Trip notes from guides (route progress, altitude readings, any incidents)

3. Why we collect it (legal basis)

  • Contract performance. We need passport, contact, and insurance details to issue the ACAP and TIMS permits, book teahouses and Pokhara hotels, and confirm the climbing-guide assignment.
  • Legal obligation. Nepal Tourism Board requires permit holders' identity and TIMS card holders' entry/exit log, and it is checked at ACAP gates.
  • Vital interests. Emergency contact, medical condition, and insurance details are kept on the trail for any rescue or evacuation.
  • Consent. Marketing emails, site analytics cookies, and on-trip photography for our website use only happen if you opt in.

4. Who we share it with

We share the minimum needed with the following third parties, all of whom we treat as data processors:

  • Nepal Tourism Board (NTB). Passport copy, photo, and contact details for the ACAP entry permit and TIMS card.
  • Department of Immigration. No direct sharing; you handle your own visa.
  • Hotels in Pokhara and Kathmandu. Name and arrival date for room bookings.
  • Teahouses on the trail. Name and number of nights only, no passport details.
  • Insurance and rescue partners. If a rescue is needed, we provide your insurance policy number and the on-trail incident report to your insurer and to the helicopter operator coordinating the evacuation, which needs your name and approximate weight to plan the lift.
  • Payment processor and bank. Card authorisations and bank transfers are handled through our bank, Everest Bank Ltd. We do not store full card numbers on our systems.
  • Email service. Booking confirmations are sent through a transactional email provider. Marketing emails go via a separate list with one-click unsubscribe.
  • Site analytics. If you accept the analytics cookie, anonymised, aggregated usage data with no personal identifiers is used to understand how the site performs.

We do not sell or rent personal data. We do not share booking details with marketing partners or advertising networks.

5. International transfers

Data may be processed in Nepal, the European Union, the United Kingdom, and the United States, depending on the third party. For transfers out of the EU/UK we rely on Standard Contractual Clauses or the EU-US Data Privacy Framework where applicable.

6. How long we keep it

  • Booking files. Five years from the trip end date, in line with Nepali tax retention rules.
  • Permit copies. Two years, then deleted.
  • Marketing email list. Until you unsubscribe.
  • Site analytics. Aggregated, no personal identifiers, kept for 24 months.
  • Photographs from your trip. Deleted on request, otherwise archived to backup storage for five years.

7. Your rights

Depending on your jurisdiction (GDPR for EU/UK residents, similar laws elsewhere), you have the right to:

  • Access the data we hold about you (a SAR, free of charge once per year)
  • Correct inaccurate data
  • Delete your data (we will keep what we are legally required to retain)
  • Restrict or object to processing
  • Export your data in a portable format
  • Withdraw consent for marketing or analytics at any time
  • Lodge a complaint with your national data protection authority

To exercise any of these, email hello@mardihimal.com with "Data request" in the subject line. We respond within 30 days.

8. Cookies

We use three categories of cookies:

  • Strictly necessary. Session and CSRF cookies. No consent needed.
  • Functional. Remembers your cookie banner preference. Set with consent.
  • Analytics. Privacy-friendly, aggregated analytics. Set with consent. No cross-site tracking.

You can clear cookies any time from your browser. Refusing cookies will not stop you from booking.

9. Security

The site is served over HTTPS. Booking files are stored with restricted staff access, and card numbers are not stored on our systems. We keep encrypted backups. No method of transmission or storage is completely secure, but we take reasonable steps to protect your data. If a data breach affects your personal data, we will notify affected travellers without undue delay.

10. Children

We do not knowingly collect data from anyone under 16. The trek is bookable from age 12 with a parent or guardian; the climbing expedition is restricted to age 18 and above.

11. Changes to this policy

When we change this policy we update the "Effective" date at the top. Material changes (new third-party processors, new categories of data) are notified by email to active travellers and listed in the changelog at the bottom of this page once we have one.

12. Contact

Himalayan Three Sixty Pvt. Ltd. (Himalayan 360, operating as Mardi Himal)
Galkopakha Marg, Ward 16, Kathmandu 44600
Bagmati Province, Nepal
Email: hello@mardihimal.com
Phone: +977 985 116 7270