gbp
IS
Privacy Policy

Privacy Policy

 

1. Introduction

 

1.1 This Privacy Policy (hereinafter - the “Privacy Policy”) regulates relationships between Amsaan Accessible Tours LLC, (“AMSAAN” or the “Company” or “We”, “Our”, “Us”) and its Customers and website visitors, users of the Amsaan application – the “Data Subjects” or the “Data Subject”, or “You”, “Your”, in connection with the processing of the personal data obtained as part of (1) specifically and willingly provided by the Customers or visitors on a Company`s website (the “Landing or Website”) in the special contact form at the website, or (2) specifically and willingly provided by the Customers or visitors in the process of usage of the Amsaan application (the “Amsaan Application” or “Amsaan App”), downloaded via Apple AppStore or Google Play Market; or (3) in any other manner and as part of other services later developed and launched by the Company.

 

By using website, and/or registering in the Amsaan App you approve and accept these Privacy Policy.

1.2 Laws and Regulations

 

Due to the fact, that the Company provides services to individuals and entities on the worldwide basis, including those based in the UK, the EU, and the UAE there is a requirement to be compliant with the following applicable law: the UK Data Protection Laws, the UAE Data Protection Laws and the EU General Data Protection Regulation.

 

Reference to the “UK Data Protection Laws” shall mean a law which regulates particular aspects of the data protection, namely: The UK Data Protection Act 2018 (the “UK Data Protection Laws”), which is the UK’s implementation of the General Data Protection Regulation.

 

Reference to the “UAE Data Protection Laws” shall mean a number of laws which regulates particular aspects of the data protection, namely: The Federal Decree-Law No. 45 of 2021 regarding the Data Protection, The Federal Law No. 15 of 2020 on Consumer Protection, Federal Law No. 5 of 2012 on Combatting Cybercrimes, Federal Law No. 1 of 2006 on Electronic Commerce and Transactions, other Laws that may be adopted by the UAE Government in the course of data protection regulation (the “UAE Data Protection Laws”).

 

General Data Protection Regulation” or the “GDPR” shall mean the Regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

 

Specific definitions in this Privacy Policy, in particular: “processing”, “controller”, “processor”, “pseudonymisation”, “profiling”, “restriction of processing”, “consent”, - shall be ascribed the meanings given to them by the GDPR.

 

By providing the services and the landing to the Data Subjects, the Company shall act as a controller of the Personal data obtained from such Data Subjects. Subject to the applicable rules and laws, the Company may engage third parties for the processing of the personal data and, where required, shall obtain the Data Subjects consent for such processing.

 

 

2. Categories of Personal Data Collected,

Purposes of and Bases for the Processing

 

Note, We don’t intentionally collect and process the Personal data of minors (individuals who didn’t attain the age of majority in their countries of residence). If You happen to be aware of such instances, please report them to Us.

 

2.1 When offering and providing the Services, the Company may process certain Personal data relating to the Data Subjects, of the following scope and for the following purposes:

 

2.1.1 Personal data received automatically:

 

  1. when You access the Landing or Amsaan application, the Company will automatically receive the so-called “user agent data” including but not limited to Your IP address, session id, device type and operating system, screen resolution, browser identifiers, preferred language, time stamp, referral source (from where you were redirected to the Landing/Amsaan application) and other online identifiers usually received via HTTP requests.

 

Purpose of the processing and legal basis for the processing: processing is necessary for You to access and browse Our Landing, Amsaan application to be able to place the order, communicate with Us using Our communication tool and interact with Us for any other purposes of your choosing. Processing is also necessary for the performance of a contract under the Terms of Service. This information is mandatory for using the Landing, Amsaan application and for the Services provision. Legal bases for the processing are the contract performance and Our legitimate interests to prevent possible attacks, fraud, spot unconscientious patterns of behavior and keep Our software infrastructure and systems healthy and secure.

 

2.1.2 Personal data obtained in communication with You:

 

  1. By using Our communication tool (contact form) added to the Landing, Amsaan application or electronic mail address of Our support team or any other contact channel accessible on the Landing or Amsaan application You can voluntarily provide Us Your name, contact details (such as email, phone number), information about the subject of Your request and other data which may be necessary to respond to your queries and questions.

 

Purpose of the processing and legal basis for the processing: processing may be necessary for You to communicate with Us using Our communication tool and interact with Us for any other purposes of your choosing. Processing may also be necessary for the performance of a contract under the Terms of Service. This information may be mandatory for the Services provision. Legal bases for the processing are the contract performance, consent, as the case may be, and Our legitimate interests to prevent possible attacks, fraud, spot unconscientious patterns of behavior and keep Our software infrastructure and systems healthy and secure.

 

2.1.3 Personal data required to place, accept, perform Your orders, process Your payments and deliver the Services to You:

 

  1. For placing, accepting Your order and delivering the Services to You, You may be required to provide Us with Your first and last name, passport (ID card) details, email address, phone number, subject of Your order, payment details for Us to process the payments and other transactions related with the Services and other information requested by Our Administrator. Depending on the current functionality of the Landing or Amsaan application Our decision and Your preferences, as the case may be, We may decide not to request or accept from You any of the information stated above.

 

Purpose of the processing and legal bases for the processing:

 

  1. Your first and last name, passport (ID card) details are usually required to legally identify You, serve Your order, address You, issue You a bill and/or a receipt for the Services provided to You, identify You in Our internal databases and management systems. Processing is necessary for the performance of a contract under the Terms of Service. The given information is usually mandatory for the Services provision;

 

  1. Your email address and/or phone number, as applicable, are required to liaise with You, serve Your order, respond to Your requests, ask for additional information from You. Processing is necessary for the performance of a contract under the Terms of Service. The given information is mandatory for the Services provision;

 

  1. Subject of Your order: You are required to describe the subject of Your request and be ready to respond to follow-up questions of Our Administrator. Processing is necessary for the performance of a contract under the Terms of Service. The given information is mandatory for the Services provision;

 

  1. Payment details and transactions: You can use the payment means allowed under the Terms of Service and depending on the selected and/or available payment means, We will process, along with Our payment processor and banking institution, a certain pool of data needed to issue invoices to You, carry out the payment operations, keep Our internal accounting, resolve any payment disputes etc., such as Your bank card number and type, validity term of the card, issuer of the card, amount due to Us for the Services delivered, date of the invoice issuance, payment period stated in Our invoice, date when the payment is due, information on payment delays, interest accrued on the amount due, date when the invoice has been paid in full and other data related with the processing of the payments and transactions in connection with the Services provision to You. Processing is necessary for the performance of a contract under the Terms of Service. The given information is mandatory for the Services provision.

 

2.1.4 Personal data created in furtherance as a result of Your use of the Services:

 

  1. Your use of Our Services, performance of Your orders by Us and delivery of the Services to You obviously result in the creation of the new pool of Personal data about You, which may include, but is not limited to the order and payment history, types of and nature of Your requests, transactions related with the Services provided to You and other information. 

 

Purpose of the processing and legal basis for the processing: We may use these data for analytical and statistical purposes, for resolving any conflicts, requests, keeping Our internal customer relationships databases, without limiting the foregoing and We will try to aggregate these data on the depersonification basis when sharing them with third parties such as Our prospective business partners, investors, stakeholders or anonymize them, as the case may be. By processing this information We rely on the contract performance when processing this information. The given information is not mandatory for the Services provision.

 

Please note, that the Company will not use, process, or collect any other personal information, which do not state in this Privacy Policy, and which may be provided by You in the course of using Our services of sign language interpretation. In case any such information will be received by Us, it will be immediately deleted. 

 

2.1.5 Your use of the social media on the Landing:

 

  1. The Landing may have links and buttons leading to the social sharing features such as Facebook, Instagram and other social and digital platforms and properties where the Company may hold and operate its business pages and accounts. Please note that such social media have their own terms and policies and before following, accessing and using their links and buttons, please familiarize Yourself with their documentation. We are neither responsible for, nor do We control the collection and processing of the Personal data by such social media. Please don’t follow the social media links or click their buttons, if You don’t want to provide the Personal data to them.

 

Purpose of the processing and legal basis for the processing: Please consult terms and policies of the respective social media. The given information is not mandatory for the Services provision.

 

2.1.6 Personal data collected and processed by Our processors: cookie vendors and other providers:

 

        1. If you are the UK national or book our services from the UK via our partner tour operator Amsaan Accessible Tours UK Ltd (London, UK), - your personal data such as your first and last name, passport (ID card) details, email address, phone number, subject of Your order, may be processed by Amsaan Accessible Tours UK Ltd.

 

Purpose of the processing and legal basis for the processing: Amsaan Accessible Tours UK Ltd (hereinafter – “Amsaan Tours UK”) is our tour operator partner in the UK, therefore Amsaan needs to share your personal data such as: your first and last name, passport (ID card) details, email address, phone number, subject of Your order, - to the Amsaan Tours UK in order to ensure proper provision of services according to your order.

 

Amsaan and Amsaan Tours UK implemented appropriate technical and organisational measures to ensure the security of your data, including during transmission, and protection against a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access (hereinafter ‘personal data breach’).

 

  1. Cookies Used by Google Analytics.

 

Purpose of the processing and legal basis for the processing: Google Analytics collects certain data about You, such as a number of sessions, session duration, operating systems, device models, geography and other statistical and analytical data: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008. We use Google Analytics to optimize the data obtained via Google Analytics to measure Your use of the Landing and Our Services. Identifiers such as cookies are used to measure Your interactions with the Landing, while IP addresses are used to provide and protect the security of Our infrastructure and to give Us a sense of where You come from. We may choose to use the data collected by Google Analytics for ads personalization, but only upon Your consent.

 

You can exercise Your right to object to the processing of Your Personal data that We process in reliance on Our legitimate interests and disable/delete the cookies set to Your browser by Google Analytics.

 

3. Your Rights With Regard to the Personal Data Processing

 

3.1 In connection with the accessing, browsing of the Landing and using of the Services, You shall be entitled to exercise certain rights laid down by the UK Data Protections Laws, UAE Data Protections Laws and GDPR and outlined herein below, however exercise of some of those rights may not be possible in relation to the Landing and Services taking account of the Services’ nature, manner, form and other applicable circumstances.

 

3.2 Right to Access: You may request all personal data being processed about You by sending the right to access request to [email protected]. The subject line of such a request must read: “ACCESS TO PERSONAL DATA REQUEST”, with all letters being capitalised, otherwise We will ignore it. Please note that We may not be in a position to sufficiently identify You in Our systems at the time of Your request, therefore, We may ask You to provide Us additional evidence and information confirming that the Personal data belong to You. In case We are still not able to properly identify You, We will send You the denial. Please allow a sufficient amount of time for Us to process Your request, it can even take several months.

 

3.3 Right to Rectification: exercise of the given right directly depends on the data category concerned: if it concerns online identifiers obtained by the Company automatically, then their rectification isn’t possible, but such categories of personal data as Your first and last name, passport (ID card) details, phone number, email and password, address may be rectified by sending Us the respective request to: [email protected].

 

3.4 Right to Erasure (Right to be Forgotten): subject to fulfillment of the obligations laid down in the Terms of Service, You can send us the request to delete all Personal data We are currently processing about You to: i[email protected]. The subject line of such a request must read: “DELETION OF ALL DATA REQUEST”, with all letters being capitalised, otherwise We will ignore it. Please note that We may not be in a position to sufficiently identify You in Our systems at the time of Your request, therefore, We may ask You to provide Us additional evidence and information confirming that the Personal data belong to You. In case We are still not able to properly identify You, We will send You the denial. Please allow a sufficient amount of time for Us to process Your request, it can even take several months.

 

3.5 Restriction of Processing: You shall be entitled to request restriction of processing from Us if You contest the Personal data accuracy. However, exercise of the right to restriction of processing may not be possible in relation to certain Personal data.

 

3.6 Objection to Processing: please see above regarding Your right to disable cookies We process in reliance on Our legitimate interests. This right also can apply to the information used for direct marketing for which the Company shall be obliged to seek Your consent.

 

3.7 Right to Data Portability: unfortunately, currently the Company doesn’t provide the opportunity to import Your Personal data into another program or platform however You still can exercise Your right to data access provided for above.

 

3.8 Consent Withdrawal Right: You shall be entitled to withdraw consent to the processing of the Personal data to which You provided Your consent.

 

3.9 Automated Decision-Making, Profiling: neither is being carried out by the Company as for now, Your consent will be sought before carrying out any such activities.

 

3.10 Personal Data Storage Period or Criteria for Such Storage: Your Personal data will be stored till:

  1. they are necessary to render You the Services and make the Landing with all supported features accessible to You;
  2. Your Personal data have been deleted following Your “DELETION OF ALL DATA REQUEST”;
  3. We have received the court order or a lawful authority’s request mandating to permanently delete all the Personal data we have obtained about You; or
  4. In other circumstances prescribed by applicable laws. 

 

3.11 You shall have the right to lodge a complaint with a competent data protection supervisory authority.

4. Personal Data Recipients and Transfer of Personal Data

 

4.1 For the purposes of rendering the Services to You and operating the Landing, the Company may share Your Personal data with certain categories of recipients and under circumstances mentioned below:

 

4.1.1 sign language interpreters, consultants, advisors, and partners acting as processors for the Company, which may supply sign-language interpretation services, accounting services, software development and support services, advertising campaign services, cookie setting and processing and other capabilities to run and operate the Landing, maintain, deliver and improve the Services. With all such parties We enter into data processing agreements required to be concluded by the applicable laws to protect and secure the Personal data by using appropriate technical and organizational measures;

 

4.1.2 owners, managers, workers of the Company, such as the Interpreters, the Administrators, software development and technical support personnel or other type of workers which may be contracted by the Company on a case-by-case basis, whether they are employees or act on behalf of the Company on the ground of service agreements. When engaging personnel to support the Services, in addition to any other agreements executed with such workers, where applicable, the Company enters into confidentiality and data protection agreements to provide appropriate safeguards as laid down by the applicable law. Regardless of having the relevant agreements with its workers in place, We try to conduct periodic training for and consultations with Our personnel having regular and day-to-day access to the Personal data;

 

4.1.3 only in strict compliance with the UK Data Protection Law, the UAE Data Protection Law and GDPR provisions, the Company also may share the Personal data with governmental authorities upon their decision, receipt of court orders mandating the Company to disclose the Personal data. In any such case, the Company will strive to disclose only a portion of the Personal data which is definitely required to be disclosed, while continuing to treat the rest of the data in confidence;

 

4.1.4 with any other third parties, if We have been explicitly requested to do so by You and as long as it doesn’t infringe the UK Data Protection Law, the UAE Data Protection Law and GDPR.

 

4.2 If the Company intends to share the personal data with any other category of recipients not conspicuously enumerated herein, it shall communicate information on such recipients to You prior to sharing the Personal data.

 

5. Security of Processing and Data Breaches

 

5.1 Taking account of the nature of Services, scope, context and purposes of processing as well as the risk for Your rights and freedoms, costs of implementation and state of the art, the Company may use appropriate data protection mechanisms to secure Your Personal data when they are in transit, as well as at rest.

 

5.2 Data protection mechanisms employed by the Company may include, inter alia, but aren’t limited to:

 

5.2.1 data encryption (pseudonymisation) which is used at all stages and phases of processing;

 

5.2.2 multi-step secured access to the Personal data, comprising of storing encrypted data on reliable and resilient servers providing for access systems only to specifically authorized persons, including the making of check-out procedures, entering electronic access codes, passwords;

 

5.2.3 securing Our premises where We store Our hardware and software used to operate and support the Landing, process Your orders and do other activities necessary to deliver the Services to You, with alarm systems and providing specific entry pass and access keys, cards and codes to Our authorized personnel in all territories where We have Our operational facilities;

 

5.2.4 teaching and instructing Our personnel on the data protection issues.

 

5.2.5 execution with processors contracted by the Company of data processing agreements required by the applicable law, as well as standard contractual clauses in circumstances of transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.

 

5.3 We will make all efforts to avoid and prevent any Personal data breaches, but should, despite the technical and organizational measures used, We become aware of the Personal data breach, We will immediately assess risks to Your rights and freedoms and if the risks turned out to be high and such risks cannot be mitigated by resorting to technical and organizational protection measures, We will communicate the Personal data breach to You as soon as possible, meanwhile taking all reasonable measures and making all efforts possible to mitigate consequences.

 

6. Contacts and Requests; Changes to the Privacy Policy

 

6.1 Please send all Your requests and queries in connection with Your rights and freedoms relating to the Personal data protection and processing conducted by the Company as part of providing the Landing and rendering the Services to You to: [email protected].

 

6.2 Changes to the Privacy Policy will be displayed in the form of the updated document published on the Landing. We also can arrange the updates introduced to the Privacy Policy by archiving the previous versions of the document accessible in the electronic form on the Landing. Please check the Privacy Policy regularly to stay up to date.

 

Company Information:

AMSAAN ACCESSIBLE TOURS LLC

Duly registered under UAE law, License number: 1116469.

Registered office: Business Bay, Blue Bay Tower No.1708, Dubai, UAE

 

Last updated: September 20, 2023.