Certainly! Let’s dive deeper into each section of the Privacy Policy and Terms of Use for Qafqaz Travel Company:

Introduction: Welcome to Qafqaz Travel! This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you interact with our website, book tours, or use our services. By using our website or services, you consent to the collection and use of your personal information as described in this policy.

Information We Collect:

  • Personal Information: When you make a booking or contact customer support, we may collect personal information such as your name, contact details (email address, phone number), and payment information (credit card details, billing address).
  • Automatically Collected Information: We may also collect information automatically through cookies and similar technologies when you visit our website. This may include your IP address, browser type, device identifiers, and browsing behavior.

How We Use Your Information: We use your personal information for the following purposes:

  • To process and manage your bookings, including sending booking confirmations and updates.
  • To communicate with you about your bookings, respond to your inquiries, and provide customer support.
  • To personalize and improve our services, including tailoring recommendations and offers based on your preferences.
  • To send you promotional communications, newsletters, and updates about our products and services, where you have opted in to receive such communications.
  • To comply with legal obligations, such as tax and regulatory requirements.

Sharing of Information: We may share your personal information with the following parties:

  • Service Providers: We may disclose your information to third-party service providers who assist us in delivering our services, such as payment processors, IT service providers, and marketing agencies.
  • Legal Authorities: We may disclose your information to legal authorities or government agencies when required by law or to protect our rights, property, or safety, or the rights, property, or safety of others.

Data Security: We take appropriate security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

Your Rights: You have the following rights regarding your personal information:

  • Right to Access: You have the right to access and obtain a copy of your personal information held by us.
  • Right to Rectification: You have the right to request the correction of any inaccurate or incomplete personal information.
  • Right to Erasure: You have the right to request the deletion of your personal information, subject to certain exceptions.
  • Right to Object: You have the right to object to the processing of your personal information for direct marketing purposes or on grounds relating to your particular situation.
  • Right to Restriction of Processing: You have the right to request the restriction of processing of your personal information in certain circumstances.

Cookies: We use cookies and similar technologies to enhance your browsing experience, analyze website traffic, and personalize content and advertisements. By using our website, you consent to the use of cookies in accordance with this policy. You can manage your cookie preferences through your browser settings.

Policy Updates: We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the “last updated” date at the top of the policy.

Terms of Use:

Acceptance of Terms: By accessing or using our website or services, you agree to be bound by these Terms of Use. If you do not agree with any part of these terms, please do not use our website or services.

Booking and Payment:

  • By making a booking through our website, you represent and warrant that all information provided is accurate, complete, and current.
  • Payment for bookings is subject to our pricing and cancellation policies, which you agree to abide by when making a booking.

Intellectual Property: All content on our website, including text, graphics, logos, images, and software, is the property of  Qafqaz Travel Company or its licensors and is protected by copyright, trademark, and other intellectual property laws. You may not reproduce, modify, distribute, or publicly display any content without our prior written consent.

Limitation of Liability: To the fullest extent permitted by law, we disclaim any liability for any direct, indirect, incidental, consequential, or punitive damages arising from your use of our website or services, including but not limited to lost profits, loss of data, or loss of goodwill.

Governing Law and Dispute Resolution: These Terms of Use are governed by the laws of [Jurisdiction]. Any disputes arising out of or relating to these terms shall be resolved exclusively through binding arbitration in [Arbitration Location], conducted in accordance with the rules of [Arbitration Organization].

Changes to Terms: We reserve the right to update or modify these Terms of Use at any time without prior notice. Any changes will be effective immediately upon posting on our website. Your continued use of our website or services after any such changes constitutes your acceptance of the modified terms.

Please note that this is a comprehensive draft and may need to be customized or expanded upon based on the specific practices and legal requirements of  Qafqaz Travel Company and the jurisdiction in which it operates. It’s recommended to review this draft with legal professionals to ensure compliance with applicable laws and regulations.

 

1.  Who are we and what do we do?

1.1 developing the tourism sector by building partnerships with relevant stakeholders and coordinating with destinations and attractions all over the world to maximize target visits. We are also responsible for various types of consumer-level engagement in the tourism sector, including via consumer-facing Digital Platforms.

1.2  Qafqaz  travel  considers it important to protect your Personal Data and endeavors to process it in accordance with applicable data protection laws and regulations.

1.3. For the purpose of Applicable Data Protection Law, Sphinx travel is the Controller ( person responsible for deciding how your Personal Data is processed) and responsible for your Personal Data.

2. What is the purpose of this document?

2.1  Qafqaz  travel  respects your privacy and is committed to protecting your Personal Data.  Qafqaz travel has adopted this Privacy Notice to notify (“you”, “your”) about the Personal Data collected, used, and processed relating to you, and how you can expect your Personal Data to be used and for what purpose. It is important that you read this Privacy Notice so that you are aware of how and why we are using such information and what your rights are under Applicable Data Protection Law.

2.2  This Notice:

(a)   Applies to anyone visiting or using the Digital Platforms

(b)    Sets out the types of Personal Data we collect about you.

(c)    Explains how and why we collect and use your Personal Data.

(d)    Explains how long we keep your Personal Data.

(e)    Explains how we will share your Personal Data – when, why, and with whom.

(f)    Explains your rights as the Data Subject.

(g)    Sets out the legal bases we have for using your Personal Data.

(h)    Explains the effect of refusing to provide the Personal Data requested.

(I)     Explains the different rights and choices you have as a Data Subject when it comes to your Personal Data.

(j)    Explains how we use automated decision-making and/or profiling – when and why.

2.3 The Digital Platforms are not intended for children under 18 and we do not knowingly collect Personal Data from children.

3. Compliance with Data Protection Principles

We will implement measures designed to comply with Applicable Data Protection Law, including measures designed to ensure that the Personal Data we hold about you is:

(a)    Used lawfully, fairly, and in a transparent way.

(b)    Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

(c)    Relevant to the purposes we have told you about and limited only to those purposes.

(d)    Accurate and kept up to date.

(e)    Kept only as long as necessary for the purposes we have told you about;

(f)    Kept securely.

(g)    Kept using appropriate measures and records in a way that allows us to demonstrate compliance with Applicable Data Protection Law.

4. Changes to this Privacy Notice 

We may change/update this Notice at any time in the future, at our sole discretion. Any changes will be effective immediately upon posting of the revised Notice. If the changes are material, we will provide you with additional notice, such as through a banner on our website or by sending you an updated version of this Notice in writing, including electronically where appropriate, unless you request a different delivery format. (You can request it in a different format by contacting us through this form.)

5. What Personal Data do we collect about you?   

5.1  We collect your Personal Data for the purposes listed further below in the Schedules. (The specific purposes vary depending on the Digital Platform.)

5.2  “Personal Data” means any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.

5.3  For completeness, Personal Data does not include data where the identity has been completely removed (e.g. completely anonymous data or Aggregate Data), however, it may still include pseudonymous data. Under Applicable Data Protection Law, there may certain types of more sensitive Personal Data that require a higher level of protection (“Sensitive Data”). Sensitive Data may include details about your race or ethnicity, religious or philosophical beliefs, information about your health, and genetic and biometric data. Information about criminal convictions and offenses may also be considered sensitive and warrant this higher level of protection.

5.4  We do not normally collect or process Sensitive Data. Such categories of Personal Data would typically require more stringent security measures (technical and organizational measures) whilst processing under the  Applicable Data Protection Law. In the exceptional case in which we may be required to collect and process such Personal Data, we would only collect it from you, and further obtain your explicit consent to  process such data, when permitted by law, such as when one of the lawful conditions for processing Sensitive Data detailed in Schedule 2 applies. Where required under Applicable Data Protection Law  we will collect a separate consent from you before processing your Sensitive Data.

5.5  We also may collect, use and share “Aggregated Data” (as that term is defined by Applicable Data Protection Law) for any purpose to the extent permitted by Applicable Data Protection Law. Aggregated Data could be derived from your Personal Data but is generally not considered Personal Data under Applicable Data Protection Law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data in accordance with Applicable Data Protection Law to calculate the percentage of users accessing a specific Digital Platform feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data, which will be used in accordance with this Privacy Notice.

6. What happens if you do not provide us with the Personal Data we request or ask that we stop processing your Personal Data?

If you do not provide us with the necessary Personal Data, or ask us not to process your Personal Data, we may not be able to perform the activities that you are expecting from us (for example, to provide you with information, or goods or services) or we may be prevented from complying with our legal obligations. In this case, we may have to reject your request or otherwise not fulfill your expectations – in which case we will seek to notify you.

7. Where do we collect Personal Data about you from?

The following are the different sources from which we may collect Personal Data about you:

7.1  Directly from you. This is Personal Data you provide to us, such as through visiting our Digital Platforms or through direct correspondence with us, or via other direct interactions with us such as completing a form on our Digital Platform, applying for our products or services, applying for a career with us on our Digital Platform, creating an account on our Digital Platform, subscribing to our service or publication, requesting marketing to be sent to you, entering a competition or prize draw, promotion or survey, giving feedback, contacting us by any means to submit an inquiry complaint, etc.

7.2  From an agent/third party acting on your behalf.

7.3  From publicly available sources. We may use the following public sources:

(a)    Social media.

(b)    Events (e.g. conferences).

(c)    Directories.

7.4  From analytics providers, advertising networks, search information providers, or providers of technical, payment (i.e. third party payment gateways) and delivery services.

7.5  Through any marketing communication we may send you, or through email communications sent from or received by us. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link or emailing us at the email address set out in Section 19 below with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about transactional relations.

7.6  Through automated technologies or interactions.As you interact with our Digital Platform or download/install our app(s), we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this Personal Data by using cookies, server logs, and other similar technologies. We may also receive Technical Data about you if you visit other Digital Platforms employing tracking technologies, including cookies. Please see our Cookie Policy for further details.

8. How and why do we use your Personal Data (lawful basis for processing and purposes for collecting and processing Personal Data)?

8.1  We want to give you the best possible user/customer experience while fulfilling our role as the  Tourism Authority. In order to do so, we need to paint an accurate picture of who you are, and what your preferences are, by combining different types of Personal Data we have collected relating to you.

8.2  We will only use your Personal Data when the law, including Applicable Data Protection Law, allows us to do so. Under Applicable Data Protection Law, it may be necessary to justify the use of Personal Data under one of a number of legal grounds (lawful basis for processing). This means that we will only collect Personal Data for specified, explicit, and legitimate purposes, and should not process the Personal Data in a matter incompatible with those purposes unless in limited circumstances. We will only use your Personal Data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

8.3  We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you. You will receive such marketing communications from us if you have requested information from us or purchased/received goods or services from us and you have opted in to receiving that marketing. You can ask us or our affiliates to stop sending you marketing messages at any time – by logging into the Digital Platform and adjusting your marketing preferences, by following the opt-out links on any marketing message sent to you, or by contacting us at any time. (Opting out of receiving marketing messages will not affect any transactional or service messages that we need to send to you in the context of transactions or services.)

8.4  In summary, we use your Personal Data to allow us to perform our contract with you, offer you the best possible customer experience in line with our legitimate interests, and enable us to comply with all of our legal obligations. The specific purposes for which we will process your Personal Data and the corresponding lawful basis for processing are listed in the Schedules. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

9. For how long do we keep your Personal Data?

9.1  We will only retain your Personal Data for as long as reasonably necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

9.2  We consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements – to determine the appropriate retention period for Personal Data.

9.3  In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may retain and use such information without further notice to you. Once you are no longer (as applicable) a customer, user, or employee of us, then we will retain and securely destroy your Personal Data in accordance with Applicable Data Protection Law.

10. Who do we share your Personal Data with?

10.1  Our own personnel have access to your Personal Data for the performance of their duties. We may share your Personal Data with other related entities to perform our role in the Saudi tourism ecosystem, in the context of assessing or reporting on activities or our performance, in the context of the reorganization of  Qafqaz travel, for system maintenance support and hosting of data, and for other operational reasons of this nature.

10.2  We may also share your Personal Data with our service providers (known as “trusted third parties”) involved in the provision of the information or services you have requested from us via our Digital Platforms for lawful purposes in order to help us run our business.  We rely on such trusted third parties for a range of our business operations and provision of services. We have agreements in place with these service providers to protect the confidentiality of your Personal Data. We do not share your Personal Data with third parties for their own marketing purposes, except with your specific consent.

10.3  If we share your Personal Data with trusted third parties, we:

(a)    Only provide them with the information needed for their specific services/specific purpose.

(b)    Enter into adequate contractual arrangements designed to ensure that they may only use your Personal Data for the exact purposes we specified in our contract with them.

(c)    Collaborate closely with our trusted third parties to ensure that your privacy and Personal Data are protected.

(d)    Where we stop using the services of our trusted third parties, we ensure any of the data held by them is securely deleted or put beyond further use.

10.4  In summary, our trusted third parties include:

(a)    Third party providers of payment gateways.

(b)    Suppliers/ service providers (e.g. delivery couriers, e-commerce service providers, technicians for handling complaints or fraud management, IT companies, and providers who support our Digital Platform).

(c)    Professional advisors (e.g. bankers, auditors, and lawyers).

(d)    Insurance (e.g. insurance brokers).

(e)    Direct marketing companies that help us in our e-communications with our customers.

(f)    Outsourcing certain business functions. For example, we may use service centers to whom we outsource functions such as document and information management, office support, technology, and IT services, word processing, photocopying, and translation services (we have agreements in place with these service providers to protect the confidentiality and security of information (including Personal Data) shared with them).

10.4.2  We also may share your Personal Data with vendors and other parties for analytics and advertising purposes. These parties may act as our service providers, or in certain contexts, independently decide how to process your Personal Data. These thirds parties may include:

(a)    Social media channels (e.g. Instagram, Facebook) to show you interesting products while you browse the internet, depending on your acceptance of cookies on our Digital Platform (see Cookie Policy) or your consent to direct marketing.

(b)    Data analytics/insight companies to help us ensure your details are maintained accurate and up to date.

10.5  We may, from time to time, be required to disclose your Personal Data to authorities, such as the police, law enforcement, regulatory and/or government agencies, in relation to legal investigations or proceedings conducted anywhere in the world, if required by applicable law or regulation, or if we reasonably believe it is necessary to protect STA, other customers, or the public. We will usually notify you before responding to such queries, except where the circumstances restrict us from doing so. We take your privacy into consideration and address such requests on a case-by-case basis.

11. What happens if there is a change of control?

If a change happens to the organization of Qafqaz travel, or the government authorities responsible for tourism are restructured, then the new ‘successor’ entity may use your Personal Data in the same way as set out in this Privacy Notice and your Personal Data may be transferred to such new entity according to the terms of this Notice.

Certainly! Let’s dive deeper into each section of the Privacy Policy and Terms of Use for Qafqaz Travel Company:

Introduction: Welcome to Qafqaz Travel! This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you interact with our website, book tours, or use our services. By using our website or services, you consent to the collection and use of your personal information as described in this policy.

Information We Collect:

  • Personal Information: When you make a booking or contact customer support, we may collect personal information such as your name, contact details (email address, phone number), and payment information (credit card details, billing address).
  • Automatically Collected Information: We may also collect information automatically through cookies and similar technologies when you visit our website. This may include your IP address, browser type, device identifiers, and browsing behavior.

How We Use Your Information: We use your personal information for the following purposes:

  • To process and manage your bookings, including sending booking confirmations and updates.
  • To communicate with you about your bookings, respond to your inquiries, and provide customer support.
  • To personalize and improve our services, including tailoring recommendations and offers based on your preferences.
  • To send you promotional communications, newsletters, and updates about our products and services, where you have opted in to receive such communications.
  • To comply with legal obligations, such as tax and regulatory requirements.

Sharing of Information: We may share your personal information with the following parties:

  • Service Providers: We may disclose your information to third-party service providers who assist us in delivering our services, such as payment processors, IT service providers, and marketing agencies.
  • Legal Authorities: We may disclose your information to legal authorities or government agencies when required by law or to protect our rights, property, or safety, or the rights, property, or safety of others.

Data Security: We take appropriate security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, and regular security assessments.

Your Rights: You have the following rights regarding your personal information:

  • Right to Access: You have the right to access and obtain a copy of your personal information held by us.
  • Right to Rectification: You have the right to request the correction of any inaccurate or incomplete personal information.
  • Right to Erasure: You have the right to request the deletion of your personal information, subject to certain exceptions.
  • Right to Object: You have the right to object to the processing of your personal information for direct marketing purposes or on grounds relating to your particular situation.
  • Right to Restriction of Processing: You have the right to request the restriction of processing of your personal information in certain circumstances.

Cookies: We use cookies and similar technologies to enhance your browsing experience, analyze website traffic, and personalize content and advertisements. By using our website, you consent to the use of cookies in accordance with this policy. You can manage your cookie preferences through your browser settings.

Policy Updates: We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the “last updated” date at the top of the policy.

Terms of Use:

Acceptance of Terms: By accessing or using our website or services, you agree to be bound by these Terms of Use. If you do not agree with any part of these terms, please do not use our website or services.

Booking and Payment:

  • By making a booking through our website, you represent and warrant that all information provided is accurate, complete, and current.
  • Payment for bookings is subject to our pricing and cancellation policies, which you agree to abide by when making a booking.

Intellectual Property: All content on our website, including text, graphics, logos, images, and software, is the property of  Qafqaz Travel Company or its licensors and is protected by copyright, trademark, and other intellectual property laws. You may not reproduce, modify, distribute, or publicly display any content without our prior written consent.

Limitation of Liability: To the fullest extent permitted by law, we disclaim any liability for any direct, indirect, incidental, consequential, or punitive damages arising from your use of our website or services, including but not limited to lost profits, loss of data, or loss of goodwill.

Governing Law and Dispute Resolution: These Terms of Use are governed by the laws of [Jurisdiction]. Any disputes arising out of or relating to these terms shall be resolved exclusively through binding arbitration in [Arbitration Location], conducted in accordance with the rules of [Arbitration Organization].

Changes to Terms: We reserve the right to update or modify these Terms of Use at any time without prior notice. Any changes will be effective immediately upon posting on our website. Your continued use of our website or services after any such changes constitutes your acceptance of the modified terms.

Please note that this is a comprehensive draft and may need to be customized or expanded upon based on the specific practices and legal requirements of  Qafqaz Travel Company and the jurisdiction in which it operates. It’s recommended to review this draft with legal professionals to ensure compliance with applicable laws and regulations.

 

1.  Who are we and what do we do?

1.1 developing the tourism sector by building partnerships with relevant stakeholders and coordinating with destinations and attractions all over the world to maximize target visits. We are also responsible for various types of consumer-level engagement in the tourism sector, including via consumer-facing Digital Platforms.

1.2  Qafqaz travel  considers it important to protect your Personal Data and endeavors to process it in accordance with applicable data protection laws and regulations.

1.3. For the purpose of Applicable Data Protection Law, Qafqaz  travel is the Controller ( person responsible for deciding how your Personal Data is processed) and responsible for your Personal Data.

2. What is the purpose of this document?

2.1  Qafqaz  travel  respects your privacy and is committed to protecting your Personal Data. Qafqaz  travel has adopted this Privacy Notice to notify (“you”, “your”) about the Personal Data collected, used, and processed relating to you, and how you can expect your Personal Data to be used and for what purpose. It is important that you read this Privacy Notice so that you are aware of how and why we are using such information and what your rights are under Applicable Data Protection Law.

2.2  This Notice:

(a)   Applies to anyone visiting or using the Digital Platforms

(b)    Sets out the types of Personal Data we collect about you.

(c)    Explains how and why we collect and use your Personal Data.

(d)    Explains how long we keep your Personal Data.

(e)    Explains how we will share your Personal Data – when, why, and with whom.

(f)    Explains your rights as the Data Subject.

(g)    Sets out the legal bases we have for using your Personal Data.

(h)    Explains the effect of refusing to provide the Personal Data requested.

(I)     Explains the different rights and choices you have as a Data Subject when it comes to your Personal Data.

(j)    Explains how we use automated decision-making and/or profiling – when and why.

2.3 The Digital Platforms are not intended for children under 18 and we do not knowingly collect Personal Data from children.

3. Compliance with Data Protection Principles

We will implement measures designed to comply with Applicable Data Protection Law, including measures designed to ensure that the Personal Data we hold about you is:

(a)    Used lawfully, fairly, and in a transparent way.

(b)    Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

(c)    Relevant to the purposes we have told you about and limited only to those purposes.

(d)    Accurate and kept up to date.

(e)    Kept only as long as necessary for the purposes we have told you about;

(f)    Kept securely.

(g)    Kept using appropriate measures and records in a way that allows us to demonstrate compliance with Applicable Data Protection Law.

4. Changes to this Privacy Notice 

We may change/update this Notice at any time in the future, at our sole discretion. Any changes will be effective immediately upon posting of the revised Notice. If the changes are material, we will provide you with additional notice, such as through a banner on our website or by sending you an updated version of this Notice in writing, including electronically where appropriate, unless you request a different delivery format. (You can request it in a different format by contacting us through this form.)

5. What Personal Data do we collect about you?   

5.1  We collect your Personal Data for the purposes listed further below in the Schedules. (The specific purposes vary depending on the Digital Platform.)

5.2  “Personal Data” means any data, regardless of its source or form, that may lead to identifying an individual specifically, or that may directly or indirectly make it possible to identify an individual, including name, personal identification number, addresses, contact numbers, license numbers, records, personal assets, bank and credit card numbers, photos and videos of an individual, and any other data of personal nature.

5.3  For completeness, Personal Data does not include data where the identity has been completely removed (e.g. completely anonymous data or Aggregate Data), however, it may still include pseudonymous data. Under Applicable Data Protection Law, there may certain types of more sensitive Personal Data that require a higher level of protection (“Sensitive Data”). Sensitive Data may include details about your race or ethnicity, religious or philosophical beliefs, information about your health, and genetic and biometric data. Information about criminal convictions and offenses may also be considered sensitive and warrant this higher level of protection.

5.4  We do not normally collect or process Sensitive Data. Such categories of Personal Data would typically require more stringent security measures (technical and organizational measures) whilst processing under the  Applicable Data Protection Law. In the exceptional case in which we may be required to collect and process such Personal Data, we would only collect it from you, and further obtain your explicit consent to  process such data, when permitted by law, such as when one of the lawful conditions for processing Sensitive Data detailed in Schedule 2 applies. Where required under Applicable Data Protection Law  we will collect a separate consent from you before processing your Sensitive Data.

5.5  We also may collect, use and share “Aggregated Data” (as that term is defined by Applicable Data Protection Law) for any purpose to the extent permitted by Applicable Data Protection Law. Aggregated Data could be derived from your Personal Data but is generally not considered Personal Data under Applicable Data Protection Law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data in accordance with Applicable Data Protection Law to calculate the percentage of users accessing a specific Digital Platform feature. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data, which will be used in accordance with this Privacy Notice.

6. What happens if you do not provide us with the Personal Data we request or ask that we stop processing your Personal Data?

If you do not provide us with the necessary Personal Data, or ask us not to process your Personal Data, we may not be able to perform the activities that you are expecting from us (for example, to provide you with information, or goods or services) or we may be prevented from complying with our legal obligations. In this case, we may have to reject your request or otherwise not fulfill your expectations – in which case we will seek to notify you.

7. Where do we collect Personal Data about you from?

The following are the different sources from which we may collect Personal Data about you:

7.1  Directly from you. This is Personal Data you provide to us, such as through visiting our Digital Platforms or through direct correspondence with us, or via other direct interactions with us such as completing a form on our Digital Platform, applying for our products or services, applying for a career with us on our Digital Platform, creating an account on our Digital Platform, subscribing to our service or publication, requesting marketing to be sent to you, entering a competition or prize draw, promotion or survey, giving feedback, contacting us by any means to submit an inquiry complaint, etc.

7.2  From an agent/third party acting on your behalf.

7.3  From publicly available sources. We may use the following public sources:

(a)    Social media.

(b)    Events (e.g. conferences).

(c)    Directories.

7.4  From analytics providers, advertising networks, search information providers, or providers of technical, payment (i.e. third party payment gateways) and delivery services.

7.5  Through any marketing communication we may send you, or through email communications sent from or received by us. You can opt-out of receiving promotional emails from us at any time by following the instructions as provided in emails to click on the unsubscribe link or emailing us at the email address set out in Section 19 below with the word UNSUBSCRIBE in the subject field of the email. Please note that you cannot opt-out of non-promotional emails, such as those about transactional relations.

7.6  Through automated technologies or interactions. As you interact with our Digital Platform or download/install our app(s), we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this Personal Data by using cookies, server logs, and other similar technologies. We may also receive Technical Data about you if you visit other Digital Platforms employing tracking technologies, including cookies. Please see our Cookie Policy for further details.

8. How and why do we use your Personal Data (lawful basis for processing and purposes for collecting and processing Personal Data)?

8.1  We want to give you the best possible user/customer experience while fulfilling our role as the  Tourism Authority. In order to do so, we need to paint an accurate picture of who you are, and what your preferences are, by combining different types of Personal Data we have collected relating to you.

8.2  We will only use your Personal Data when the law, including Applicable Data Protection Law, allows us to do so. Under Applicable Data Protection Law, it may be necessary to justify the use of Personal Data under one of a number of legal grounds (lawful basis for processing). This means that we will only collect Personal Data for specified, explicit, and legitimate purposes, and should not process the Personal Data in a matter incompatible with those purposes unless in limited circumstances. We will only use your Personal Data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

8.3  We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you. You will receive such marketing communications from us if you have requested information from us or purchased/received goods or services from us and you have opted in to receiving that marketing. You can ask us or our affiliates to stop sending you marketing messages at any time – by logging into the Digital Platform and adjusting your marketing preferences, by following the opt-out links on any marketing message sent to you, or by contacting us at any time. (Opting out of receiving marketing messages will not affect any transactional or service messages that we need to send to you in the context of transactions or services.)

8.4  In summary, we use your Personal Data to allow us to perform our contract with you, offer you the best possible customer experience in line with our legitimate interests, and enable us to comply with all of our legal obligations. The specific purposes for which we will process your Personal Data and the corresponding lawful basis for processing are listed in the Schedules. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

9. For how long do we keep your Personal Data?

9.1  We will only retain your Personal Data for as long as reasonably necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

9.2  We consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements – to determine the appropriate retention period for Personal Data.

9.3  In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may retain and use such information without further notice to you. Once you are no longer (as applicable) a customer, user, or employee of us, then we will retain and securely destroy your Personal Data in accordance with Applicable Data Protection Law.

10. Who do we share your Personal Data with?

10.1  Our own personnel have access to your Personal Data for the performance of their duties. We may share your Personal Data with other related entities to perform our role in the Saudi tourism ecosystem, in the context of assessing or reporting on activities or our performance, in the context of the reorganization of  Qafqaz travel, for system maintenance support and hosting of data, and for other operational reasons of this nature.

10.2  We may also share your Personal Data with our service providers (known as “trusted third parties”) involved in the provision of the information or services you have requested from us via our Digital Platforms for lawful purposes in order to help us run our business.  We rely on such trusted third parties for a range of our business operations and provision of services. We have agreements in place with these service providers to protect the confidentiality of your Personal Data. We do not share your Personal Data with third parties for their own marketing purposes, except with your specific consent.

10.3  If we share your Personal Data with trusted third parties, we:

(a)    Only provide them with the information needed for their specific services/specific purpose.

(b)    Enter into adequate contractual arrangements designed to ensure that they may only use your Personal Data for the exact purposes we specified in our contract with them.

(c)    Collaborate closely with our trusted third parties to ensure that your privacy and Personal Data are protected.

(d)    Where we stop using the services of our trusted third parties, we ensure any of the data held by them is securely deleted or put beyond further use.

10.4  In summary, our trusted third parties include:

(a)    Third party providers of payment gateways.

(b)    Suppliers/ service providers (e.g. delivery couriers, e-commerce service providers, technicians for handling complaints or fraud management, IT companies, and providers who support our Digital Platform).

(c)    Professional advisors (e.g. bankers, auditors, and lawyers).

(d)    Insurance (e.g. insurance brokers).

(e)    Direct marketing companies that help us in our e-communications with our customers.

(f)    Outsourcing certain business functions. For example, we may use service centers to whom we outsource functions such as document and information management, office support, technology, and IT services, word processing, photocopying, and translation services (we have agreements in place with these service providers to protect the confidentiality and security of information (including Personal Data) shared with them).

10.4.2  We also may share your Personal Data with vendors and other parties for analytics and advertising purposes. These parties may act as our service providers, or in certain contexts, independently decide how to process your Personal Data. These thirds parties may include:

(a)    Social media channels (e.g. Instagram, Facebook) to show you interesting products while you browse the internet, depending on your acceptance of cookies on our Digital Platform (see Cookie Policy) or your consent to direct marketing.

(b)    Data analytics/insight companies to help us ensure your details are maintained accurate and up to date.

10.5  We may, from time to time, be required to disclose your Personal Data to authorities, such as the police, law enforcement, regulatory and/or government agencies, in relation to legal investigations or proceedings conducted anywhere in the world, if required by applicable law or regulation, or if we reasonably believe it is necessary to protect STA, other customers, or the public. We will usually notify you before responding to such queries, except where the circumstances restrict us from doing so. We take your privacy into consideration and address such requests on a case-by-case basis.

11. What happens if there is a change of control?

If a change happens to the organization of Qafqaz  travel, or the government authorities responsible for tourism are restructured, then the new ‘successor’ entity may use your Personal Data in the same way as set out in this Privacy Notice and your Personal Data may be transferred to such new entity according to the terms of this Notice.