Spring season open · Mar 15 – Jun 25 places left · Classic 7d · May 03Rhododendron bloom reported at Forest Camp
Trail status: Open
Mardi Himal privacy policy
Effective 1 January 2026

Privacy policy.

We collect only what is needed to take you up the mountain and get you home safely, and we do not sell or rent your data. This page explains exactly what we hold, why, with whom we share it (permit offices, hotels, insurers), and how to ask us to delete it.

1. Who we are

Mardi Himal is the Annapurna brand of Himalayan 360, a Nepal-registered trekking, climbing, and adventure tour operator with our office at Galkopakha Marg, Ward 16, Kathmandu, Bagmati Province, Nepal. In this policy "we", "us", "our", or "Mardi Himal" refers to Himalayan 360 acting in its capacity as the data controller for this site and for bookings. You can reach us at hello@mardihimal.com or at the address on the contact page.

2. What we collect

We collect three categories of data:

2.1 Booking data

  • Full name, as in passport
  • Date of birth, nationality, passport number and expiry
  • Email address and phone number (with country code)
  • Home address (for invoicing)
  • Emergency contact details
  • International flight numbers and arrival times
  • Travel insurance provider, policy number, altitude cap, and 24-hour assistance line
  • Dietary needs, medical conditions, prior altitude experience

2.2 Site usage data

  • Pages visited, referring URL, device type, approximate location (city level)
  • Cookies for session management and (with your consent) analytics
  • IP address, retained for 30 days for fraud detection

2.3 On-trek data

  • Photographs and video taken during the trip (used for marketing only with your written consent at check-in)
  • Trip notes from guides (route progress, altitude readings, any incidents)

3. Why we collect it (legal basis)

  • Contract performance. We need passport, contact, and insurance details to issue the ACAP and TIMS permits, book teahouses and Pokhara hotels, and confirm the climbing-guide assignment.
  • Legal obligation. Nepal Tourism Board requires permit holders' identity and TIMS card holders' entry/exit log, and it is checked at ACAP gates.
  • Vital interests. Emergency contact, medical condition, and insurance details are kept on the trail for any rescue or evacuation.
  • Consent. Marketing emails, site analytics cookies, and on-trip photography for our website use only happen if you opt in.

4. Who we share it with

We share the minimum needed with the following third parties, all of whom we treat as data processors:

  • Nepal Tourism Board (NTB). Passport copy, photo, and contact details for the ACAP entry permit and TIMS card.
  • Department of Immigration. No direct sharing; you handle your own visa.
  • Hotels in Pokhara and Kathmandu. Name and arrival date for room bookings.
  • Teahouses on the trail. Name and number of nights only, no passport details.
  • Insurance and rescue partners. If a rescue is needed, we provide your insurance policy number and the on-trail incident report. Helicopter operators (Simrik Air, Air Dynasty, Manang Air) need name and approximate weight to plan the lift.
  • Payment processors. Stripe (international cards) and the Everest Bank wire desk (bank transfer). We never store full card numbers.
  • Email service. Booking confirmations are sent via a transactional email provider (Resend or AWS SES). Marketing emails go via a separate list with one-click unsubscribe.
  • Site analytics. If you accept the analytics cookie, anonymised usage is sent to Plausible Analytics (EU-hosted, no personal identifiers).

We do not sell or rent personal data. We do not share booking details with marketing partners or advertising networks.

5. International transfers

Data may be processed in Nepal, the European Union, the United Kingdom, and the United States, depending on the third party. For transfers out of the EU/UK we rely on Standard Contractual Clauses or the EU-US Data Privacy Framework where applicable.

6. How long we keep it

  • Booking files. Five years from the trip end date, in line with Nepali tax retention rules.
  • Permit copies. Two years, then deleted.
  • Marketing email list. Until you unsubscribe.
  • Site analytics. Aggregated, no personal identifiers, kept for 24 months.
  • Photographs from your trip. Deleted on request, otherwise archived to backup storage for five years.

7. Your rights

Depending on your jurisdiction (GDPR for EU/UK residents, similar laws elsewhere), you have the right to:

  • Access the data we hold about you (a SAR, free of charge once per year)
  • Correct inaccurate data
  • Delete your data (we will keep what we are legally required to retain)
  • Restrict or object to processing
  • Export your data in a portable format
  • Withdraw consent for marketing or analytics at any time
  • Lodge a complaint with your national data protection authority

To exercise any of these, email hello@mardihimal.com with "Data request" in the subject line. We respond within 30 days.

8. Cookies

We use three categories of cookies:

  • Strictly necessary. Session and CSRF cookies. No consent needed.
  • Functional. Remembers your cookie banner preference. Set with consent.
  • Analytics. Plausible (EU-hosted). Set with consent. No cross-site tracking.

You can clear cookies any time from your browser. Refusing cookies will not stop you from booking.

9. Security

The site runs on TLS 1.3 with HSTS. Booking files are stored in an encrypted database with restricted staff access. Card data is never stored by us; payment is tokenised by Stripe. Backups are encrypted at rest and rotated every 90 days. We have not had a reportable data breach in the last 24 months. If we ever do, we will notify affected travellers within 72 hours.

10. Children

We do not knowingly collect data from anyone under 16. The trek is bookable from age 12 with a parent or guardian; the climbing expedition is restricted to age 18 and above.

11. Changes to this policy

When we change this policy we update the "Effective" date at the top. Material changes (new third-party processors, new categories of data) are notified by email to active travellers and listed in the changelog at the bottom of this page once we have one.

12. Contact

Himalayan 360 (operating as Mardi Himal)
Galkopakha Marg, Ward 16, Kathmandu 44600
Bagmati Province, Nepal
Email: hello@mardihimal.com
Phone: +977 985 116 7270