Privacy Policy
Effective Date: 11 November, 2025
Travel Tech L.L.C-FZ (the “Company”, “we”, “us”, or “our”) operates an online marketplace platform (the “Platform”) facilitating the booking and sale of excursions and tourism experiences (the “Services”) provided by third-party excursion providers (each a “Provider” and collectively, the “Providers”). We are a limited liability company registered in Meydan Free Zone, Dubai, UAE, with registration number 2535525, and our registered office is located at Meydan Grandstand, 6th floor, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates.
As the data controller under the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the “PDPL”), we are committed to processing your personal data in a manner that is fair, transparent, and lawful, in compliance with the PDPL, the laws of the Emirate of Dubai, and applicable federal laws of the UAE. This Privacy Notice (the “Notice”) describes our data processing practices and your rights as a data subject. It applies to all users of the Platform (“you” or “your”), including visitors, registered users, customers, and Providers.
By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the terms of this Notice. If you do not agree, please do not use the Platform. We may update this Notice from time to time; material changes will be notified via the Platform or email, and continued use constitutes acceptance.
1. Personal Data We Collect
We collect personal data necessary for the provision of our services, limited to what is required for specified purposes. Personal data means any information relating to an identified or identifiable natural person.
1.1 Categories of Personal Data
– Identity Data: Full name, date of birth, gender, nationality, passport or ID number, and photographic identification.
– Contact Data: Email address, telephone number, postal address
– Financial Data: Payment card details (processed via secure third-party gateways; we do not store full card information), billing address, and transaction history.
– Transaction Data: Details of bookings, excursions purchased, tour preferences, group size, and special requirements (e.g., accessibility needs).
– Technical Data: Internet Protocol (IP) address, device type, browser type, operating system, location data (derived from IP or GPS with consent), and usage analytics (e.g., pages visited, time spent).
– Marketing and Communications Data: Preferences for receiving promotional materials, newsletters, or updates.
– Profile Data: User-generated content, such as reviews, feedback, or uploaded photos/videos from excursions (subject to your consent).
We do not routinely collect sensitive personal data (e.g., data revealing racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data) unless explicitly provided by you for specific purposes, such as dietary restrictions or medical needs for excursions, in which case we process it only with your explicit consent and apply enhanced safeguards.
1.2 Sources of Personal Data
– Directly from You: Provided during registration, booking, or communication (e.g., via forms, emails, or chat).
– Automated Technologies: Collected via cookies, web beacons, server logs, or similar tools when you interact with the Platform.
– Third Parties: From payment processors, excursion providers (for fulfillment), analytics providers.
2. How We Use Your Personal Data
We process personal data for legitimate business purposes, ensuring proportionality and minimisation. Processing includes any operation performed on data, such as collection, storage, use, disclosure, or deletion.
2.1 Purposes of Processing
| Purpose | Categories of Data Involved | Lawful Basis |
| To register you as a user and manage your account | Identity, Contact | Performance of a contract with you |
| To process bookings, payments, and fulfill excursions (including coordinating with providers) | Identity, Contact, Financial, Transaction | Performance of a contract; legal obligation (e.g., invoicing) |
| To provide customer support, resolve queries, and handle complaints | Identity, Contact, Transaction | Performance of a contract; legitimate interests (ensuring service quality) |
| To improve the Platform, conduct analytics, and personalize experiences (e.g., recommendations) | Technical, Profile, Usage | Legitimate interests (business optimization); consent (for personalization) |
| To send administrative communications (e.g., booking confirmations) | Contact | Performance of a contract |
| To send marketing communications (e.g., promotions on similar excursions) | Contact, Marketing | Consent; legitimate interests (direct marketing, subject to opt-out) |
| To comply with legal, regulatory, or audit requirements (e.g., anti-money laundering checks) | Identity, Financial, Transaction | Legal obligation |
| To prevent fraud, ensure security, and protect rights | All relevant categories | Legitimate interests (fraud prevention); legal obligation |
| For research, statistical analysis, or aggregated reporting (anonymized where possible) | Usage, Technical | Legitimate interests (business development) |
Where processing relies on consent, it is obtained via clear affirmative action (e.g., unchecked opt-in boxes) and is freely revocable at any time without affecting prior lawfulness. We do not process data for purposes incompatible with those specified unless we obtain further consent or a new lawful basis applies.
3. Disclosure and Sharing of Personal Data
We may disclose personal data to the following recipients, always under strict confidentiality obligations:
– Service Providers: Third-party processors (e.g., cloud hosting, payment gateways, email services) acting on our instructions, bound by data processing agreements ensuring PDPL compliance.
– Excursion Providers: To fulfill bookings, sharing only necessary transactions and contact details.
– Affiliates: Within our corporate group for operational purposes.
– Professional Advisors: Auditors, lawyers, or insurers, as required.
– Regulatory Authorities: To comply with laws, including the UAE Data Office or Dubai authorities.
– In Case of Business Transfers: To potential buyers in mergers or acquisitions (with notice to you).
We do not sell personal data. Disclosures are limited to what is necessary.
4. International Transfers
Personal data may be transferred outside the UAE where required for processing. Such transfers occur only if:
– The recipient ensures an adequate level of protection (e.g., via standard contractual clauses approved under PDPL); or
– Explicit consent is obtained; or
– Necessary for contract performance or legal obligations.
We assess adequacy on a case-by-case basis and implement safeguards, such as encryption.
5. Data Security and Breach Notification
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including encryption, access controls, and regular audits. These measures consider risks associated with processing.
In the event of a personal data breach posing a risk to your rights, we will notify the UAE Data Office without undue delay (within 72 hours) and, if high risk, inform you directly, describing the breach, impacts, and mitigation steps.
6. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined, or as required by law (e.g., 5-7 years for financial records under UAE commercial laws). Retention periods include:
– Booking data: Duration of the excursion plus 2 years for disputes.
– Marketing data: Until opt-out or 3 years from last interaction.
– Technical data: 12 months for analytics.
Thereafter, data is securely deleted, anonymized, or archived. You may request earlier deletion subject to legal holds.
7. Your Rights as a Data Subject
Under the PDPL, you have the following rights, exercisable free of charge via our DPO (response within one month; extensions for complex requests):
– Right of Access: Obtain confirmation of processing and a copy of your data.
– Right to Rectification: Correct inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): Request deletion where no longer necessary or consent withdrawn.
– Right to Restriction: Limit processing in cases of inaccuracy or objection.
– Right to Data Portability: Receive data in a structured, machine-readable format for transfer.
– Right to Object: To processing based on legitimate interests, marketing, or automated decisions.
– Right to Withdraw Consent: At any time, without affecting prior processing.
– Right to Lodge a Complaint: With the UAE Data Office or Dubai authorities.
We verify identity before responding and maintain records of exercises. Automated decision-making (e.g., profiling for recommendations) is not used in ways producing legal effects; where applied, you may request human intervention.
8. Cookies and Similar Technologies
The Platform uses cookies and tracking technologies for functionality, analytics, and advertising. Essential cookies are necessary for operation; others require consent via our cookie banner. You may manage preferences through browser settings. For details, see our Cookie Policy.
9. Children’s Privacy
The Platform is not directed at children under 18. We do not knowingly collect data from minors without verifiable parental consent. If aware, we will delete such data promptly.
10. Governing Law and Dispute Resolution
This Notice is governed by the laws of the UAE and Dubai. Disputes arising shall be resolved in the courts of Dubai.