References in this Policy to “you” or “your” are references to individuals who use the Website. References in this Policy to “we”, “us” or “our” are references to Gulf Dunes.
Gulf Dunes is the world’s go-to Destination Management Company in the United Arab Emirates (UAE) and Oman for more than two decades, with headquarters in Dubai, United Arab Emirates and registered at Office 305, Al Barsha Boutique Building, Al Barsha 1, Dubai, United Arab Emirates.
Minors (as defined under the laws of their jurisdiction or residence) are not eligible to register for use or Purchase of any and all Products or Services available on our Website. We do not knowingly collect personal data from any Minor, and will not use this information if we discover that it has been provided by a minor.
Significance of personal data protection
Your privacy is important to us and we recognise that the use and disclosure of personal data has important implications for us and for the individuals whose personal data we process.
Purpose of this Policy
We respect your need to understand how and why information is being collected, used, disclosed, transferred and stored. Thus we have developed this Policy to familiarize you with our practices. This policy sets out the way in which we process your information when you use our Website or other digital platforms in accordance with applicable data protection laws. It is important that you read this Policy together with any other policies we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This policy supplements the other policies and is not intended to override them.
Defining controller of personal data
A “controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. This policy is issued on behalf of Gulf Dunes as controller. Unless we notify you otherwise Gulf Dunes is the controller for your personal data.
Personal data collected by us
Personal data includes any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data).
Throughout the course of conducting our business as a Destination Management Company, in dealing with Representatives, Partners, Suppliers, Clients, Guests of Partners & Clients, industry peers and contacts, and potential Partners and/or Clients, we may collect and process Personal Data about you.
We collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
We do not collect any special categories of personal data about you through our Website (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this Policy:
- “Contact Data”: including your work address, email address and telephone numbers;
- “Identity Data”: including your first name, last name, username or similar identifier, title. If you choose to pay by credit/debit card we will also require these details which will be destroyed once payment is taken;
- “Marketing and Communications Data”: including your marketing and communication preferences. We also track when you receive and read marketing communications from us, which information we use to improve our marketing services, provide you with more relevant information and improve the quality of our marketing materials. Additional information about the personal data we process in connection with marketing is included with the marketing communications we send you;
- “Profile Data”: including information collected progressively when you visit our site including your referral website, pages you visit, actions you take, patterns of page visits and information from forms you fill in;
- “Technical Data”: includes information collected when you access our Website or your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you are using;
- “Usage Data”: information about how you use our Website, and
- “Related Persons Information”: name and contact information of dependents or beneficiaries (including home address; home and work telephone numbers; mobile telephone numbers; date of birth; gender; emergency contacts; beneficiary information; dependent information).
Methods of collecting personal data
We may collect Personal Data by the methods listed below:
(a) Exchanges of Business Cards during:
• Business Meetings
• Exhibitions & Events
• Networking events
• Sales Calls
(b) Inquiry through:
• Phone call
• Instant Messaging (i.e. WhatsApp, etc.)
(c) Subscription to receive:
• Marketing & Promotion emailers
• Corporate Updates & Advisories
• Product & Service Updates & Advisories
• Direct E-mails
• Instant Messaging (i.e. WhatsApp, etc., with expressed and explicit consent)
• Sales, Marketing & Promotion collaterals
*Opt-Out: If you no longer wish to be contacted for marketing purposes, you can easily change your mind and withdraw such consent at any time by simply clicking the unsubscribe link in the footer of any email you receive from us. You may also do so by contacting us at email@example.com.
(d) Business and/or Booking Contracts as:
• Overseas Representative
(e) Social Media Platforms (These may also be covered by separate Privacy Policies of each of the social media platforms)
(f) Website Cookies
Information about Related Persons
Grounds for lawful processing of data
When you use our Website we will use your personal data in the following circumstances:
- “performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;
- “legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
- “legitimate interests”: where necessary for our interests (or those of a third party), provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest, to monitor how you are using our Website or client portals to ensure that the security of our Website or client portals or systems is maintained. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and
- “consent”: Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message.
We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Purposes for collecting personal data
Gulf Dunes collects, processes, and otherwise uses your Personal Data for purposes that are required by applicable law, regulations, collective agreements or other contracts, to allow the Company to fulfil its business needs and legal obligations. These purposes include:
- Marketing & Promotional activities, but subject to the wilful and explicit provision of consent;
- Fulfilment of Contractual Obligation to deliver Products and Services (either to Representatives, Partners, Clients, Suppliers and/or Guests);
- Sales activities;
- Supplier contracts;
- Accounting & Finance processes and procedures
Personal data may also be used internally for research, analysis and auditing
- The personal data we collect helps us to keep you posted about our latest product announcements, offers, promotions and events. It also allows us to improve our services, content and advertising. If you wish to unsubscribe, you can choose to do so.
- We may also use the personal data to improve our product offering, develop, and deliver products, services, content and advertising.
- We may use personal data to send you important notices and communications regarding our products and services availed or changes to the terms and conditions and policies.
- We may use the personal data we collect to allow you to access specific account information.
- We may use the information provided by you to customize your visit to the Website by displaying appropriate content at our judgment and discretion.
- The personal data we collect may be used to send you information about products and services offered by us and our affiliates, to contact you for payment reminder notices, travel vouchers and to keep you updated on the Travel sector through our newsletters. In event you do not wish to receive such information, you may unsubscribe through the facility in the email message you receive.
Collection and use of non-personal data
Non-personal data is data which can never be used to identify an individual. We may collection information regarding customer activities on our various portals. This aggregated information is used in research, analysis, to improve and monitor products and for various promotional schemes. It may be shared in aggregated, non-personal form with third party to enhance customer experience, products offering or services.
Cookies and other technologies
For your convenience, our Website provides links to other sites. When you click on one of these links, you are leaving our Website and entering another site. We are not responsible for such third party sites. You should carefully review the privacy statements of any other sites you visit, because those privacy statements will apply to your visit to such other sites.
Disclosure and Sharing of Personal Data (to third parties)
Your Personal Data will be disclosed only to individuals within Gulf Dunes who need access to your Personal Data to perform their duties for the purposes listed in Section 9 above or where required by applicable law.
Within Gulf Dunes, your Personal Data will be disclosed only to a limited number of restricted individuals, which may include marketing, sales, contracting, reservations, human resources, legal, finance, regulatory and compliance, accounting, compensation and benefit as well as certain managers to the extent any of these functions need access to your Personal Data in connection with their job responsibilities.
Gulf Dunes may disclose your Personal Data to third parties providing information technology support or technical and organizational services only in connection with the fulfilment of its business needs and legal obligations. The personal data collected is primarily used and passed on to third parties where it is necessary to process your booking, enquiry or participation. We may share personal data as required to fulfil the service offering and/or to make booking, reservation, blocking and any such activity initiated by user. We may share personal data with companies who provide services such as information processing, extending credit, fulfilling customer orders, delivering products to you, managing and enhancing customer data, providing customer service, assessing your interest in our products and services, and conducting customer research or satisfaction surveys. These companies are obligated to protect your information.
Gulf Dunes will exercise appropriate due diligence in the selection of its third party service providers, and require that they maintain adequate technical and organizational security measures to safeguard your Personal Data, and to process your Personal Data only as instructed by Gulf Dunes and for no other purposes.
It is understood that your Personal Data will be disclosed to third parties only as necessary in connection with the performance of contracts, the Company’s business activities and the purposes listed in Section 9 above, as permitted by consent or as otherwise authorized or permitted by the law.
We may have to share your personal data with the entities and persons set out below for the purposes for which we collected the personal data.
- Where required, we will (subject to our professional obligations and any terms of business which we may enter into with you) disclose your personal data to:
- any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body (<for example, organization names>);
- our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us; and
- service providers who provide information technology and system administration services to us.
- We may share your personal data with persons or entities outside of Gulf Dunes to whom we may sell or transfer parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the part of our business that is (as the case may be) sold, acquired or is the merged entity may use your personal data in the same way as set out in this Policy.
- Where required, we will (subject to our professional obligations and any terms of business which we may enter into with you) disclose your personal data to:
Due to the multinational character of Gulf Dunes, some of the affiliated companies and other recipients may be located in countries (including the United States) that do not provide a level of data protection equivalent to that set forth by the law in your home country. Gulf Dunes will take steps to make sure that such recipients act in accordance with applicable law and provide an adequate level of protection for your personal data including appropriate technical and organizational security measures, also through implementation of appropriate contractual measures to secure such transfer, in compliance with the applicable law.
Data protection and security
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing.
Gulf Dunes maintains physical, technical, and organizational security measures to protect the Personal Data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed in your local jurisdiction, the United States, or elsewhere. All the information you provide us through online systems is protected by a secure server. Any credit/debit card details will be destroyed once payment is made. We will never share your private details with anyone else, unless as specified above to facilitate your booking.
Marketing and exercising your right to opt-out of marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing. We will not use your personal data to send you marketing materials if you have requested not to receive them. If you request that we stop processing your personal data for marketing purposes, we shall stop processing your personal data for those purposes. If you no longer wish to be contacted for marketing purposes, you can easily change your mind and withdraw such consent at any time by simply clicking the unsubscribe link in the footer of any email you receive from us. You may also do so by contacting us at firstname.lastname@example.org.
As part of the registration process, we give you the ability to receive via e-mail or direct messaging, information about our Products and Services, updates to our Website, customised advertisements and promotions that are targeted to your specific interest. We may send this information directly ourselves, or via third party service providers.
Third-party advertisers and marketing
When you click on one of these advertisers’ links, you are leaving our Website and entering another site. We are not responsible for such third party’s sites. You should carefully review the privacy statements of any other site you visit, because those privacy statements will apply to your visit to that site, and may be very different from our policy.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, accounting, reporting requirements, to carry out legal work, for the establishment or defence of legal claims.
We will retain your personal data in our databases in accordance with our document management, retention and destruction policy and applicable laws. This period may extend beyond the end of your relationship with us, but it will be only as long as it is necessary for us to have sufficient information to respond to any issues that may arise later. For example, we may need or be required to retain information to allow you to obtain credit for trip your purchased but had to cancel. We may also need the retain certain information to prevent fraudulent activity; to protect ourselves against liability, permit us to pursue available remedies or limit any damages that we may sustain; or if we believe in good faith that a law, regulation, rule or guideline requires it.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further policy to you.
Changes to policy
Under certain circumstances, you have rights under applicable data protection laws in relation to your personal data. It is our policy to respect your rights and we will act promptly and in accordance with any applicable law, rule or regulation relating to the processing of your personal data.
Details of your rights under General Data Protection Regulation (GDPR) are set out below:
- Right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
- Right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
- Right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
- Right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
- Right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim;
- Right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a Website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
- Right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and
- Right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
You may exercise any of the above mentioned rights by sending a request to email@example.com. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Additionally, in case you have any questions, comments or concerns about this Policy, you may contact firstname.lastname@example.org. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.