About this Policy
In this policy we refer to “processing” your “personal data”.
Processing is taken to mean anything that is done to or with personal data (including simply collecting, storing or deleting that data).
Personal data is any information relating to an identified or identifiable living person. When “you” or “your” are used in this statement, we are referring to the relevant individual who is the subject of the personal data.
DXB Entertainments PJSC ('DPR', 'we', 'us', 'our') regularly collect and use personal data about individuals who visit our attractions, browse our websites or mobile apps and use our services. Personal data is any information that can be used, directly or indirectly, to identify you as an individual.
DPR currently manages and operates Dubai Parks and Resorts™ (the “Attractions”).
Websites and mobile apps
DPR operates the following websites and mobile apps:
DPR also operates WiFi services at some of its attractions and a centralised authentication service, which allows you to seamlessly connect to various online, application and WiFi services. For further information on our WiFi, please review the sections below.
As the entity responsible for collecting your information when you use our services, DPR is a Data Controller of your personal data to engage with our services (please review sections 3 and 5 below). In certain circumstances, DPR may also be acting as a Data Processor for your personal data.
This Policy is additional to and is not intended to override other notices we may provide to you or the terms of any contract that you have with us (for example, Wi-Fi or specific Attraction or ticket terms and conditions) or any rights you may have under applicable data protection laws.
We have CCTV cameras in the lobbies of our hotels, in all entrances to our buildings and in public areas such as our restaurants and loungers. We use CCTV in order to better ensure the safety and security of our guests and our staff. It is in our legitimate interest to process any personal data captured. Your personal data will not be kept longer than necessary to meet the purposes detailed above. CCTV signage is in place where required by local laws or regulations.
1. What personal data do we collect, and how do we collect it?
Information we collect directly from you
- Information that you personally provide to us when: registering for an account, purchasing our products and services, subscribing to our mailing lists, registering for WiFi at our attractions, making a telephone booking or enquiry, completing a survey or taking part in promotional activities, applying for a job with us, engaging with us in our Attractions, or contacting us via a contact us form, live chat or other means available on our websites or mobile apps.
- Depending on the Attraction, website or mobile app you are visiting and the activity you are undertaking, this information may include:
- your first name, last name, date of birth, nationality, gender, country of residence, city of residence, e-mail address, telephone number;
- your chosen marketing preferences and objections;
- your preferred language and information about your preferences or interests;
- general enquiry details and any other information or messages you decide to provide to us;
- if availing yourself of a special offer, a copy of the relevant ID required to demonstrate eligibility;
- for certain services, including where you are seeking to participate in physical activity, this may also include special categories of personal data such as information about your health (for example, your height and weight) and any medical conditions. For some activities we require completion of a medical waiver form, which includes a confirmation that you do not have certain medical conditions, in order to take part. We collect as little information as is necessary and this typically involves a simple confirmation that you do not have certain medical conditions as opposed to us collecting specific information about your medical history. However, if you disclose certain medical conditions, including a history of neck, back or heart problems, you will be required to evidence that you have been specifically cleared to participate in the activity by providing a valid doctor’s note;
- if purchasing certain services at gate, or an annual pass to one of our attractions, this will also include biometric information (fingerprints), photograph/s and a copy of your emirates ID or passport;
- details of your activity history or proficiency for certain activities (for example, if you have completed indoor skydiving before and your perceived skill level);
- first name, last name and date of birth for your family members, and their relationship to you, where you have chosen to add your family members’ details to your profile (where this option exists on a particular website or mobile app);
- your credit or debit card and transaction details if you make a payment for our products and services on any of our websites or mobile apps, which are provided directly to our payment solution provider via a secured connection (we do not store your payment information or provide it to any other third parties, and neither does our third party provider).
Information we collect indirectly
- In some cases, information about you may be provided to us by a third party. For example, this could include if a family member or friend has purchased a group pass or tickets on your behalf, or has entered you into a competition. This may also include: our affiliated companies or partners (for example, your chosen travel agent, or where you engage with services that we provide in conjunction with other companies, such as rewards or loyalty points programs), or social media or internet platforms (for example, by using your Facebook or Google account login details to sign into our website, mobile app, or WiFi service, where such facility is available).
- Depending on the attraction, website or mobile app you are visiting and the activity you are undertaking, this information may include the same information as which you may provide directly (as detailed within this section 2 above).
Information we collect automatically
- This information includes traffic data, location data, weblogs, communication data and the resources you access; for example, your IP address, device ID, device type, referrer URL, operating system and version, geolocation, browser type and browsing history.
- Information may also be collected through campaign performance and engagement, including but not limited to information such as email opens, push notifications and SMS clicks.
2. How do we use your personal data?
We will use your personal data for the following reasons:
To respond to you and perform the contract
- We will use your information to process and respond to your requests, reservations or queries, when you register, subscribe or contact us, and to provide access to restricted parts of our websites or mobile apps if required. Where you purchase our services we use your information to enter and perform our contract with you.
To improve our products and services
- We use your information to provide content on our websites and mobile apps in the most effective way. Your information allows us to identify you as a user, remember your preferences and deliver an enhanced digital experience. Such data is not retained beyond your visit of the respective website page or mobile app, but may be kept in log files to allow us to maintain and improve our website or mobile app.
To keep our services secure
- Your information may be used to detect, investigate, prevent and rectify potential errors in our technology and against potential cyber-attacks or other abuse of our technology, and to prevent or mitigate any damages that may have been caused by such abuse.
To provide WiFi services
- Your information is used to provide the WiFi service and to carry out analytics, and a log of all service usage activity is maintained for system performance, maintenance and security purposes. Please note that we do not correlate the user of the WiFi service with the websites or content viewed.
- If you have provided your consent by opting in on registration or when contacting us or purchasing our services, we may send you our latest updates, news and promotions by email, SMS, mobile notifications (only available via the mobile app where you have opted in to receiving them), or occasionally contact you by telephone. You may withdraw your consent to receiving such materials at any time by using the [‘unsubscribe’] link in any communication received, or by contacting us at email@example.com where the particular website or mobile app has the facility to create an account, by changing your marketing preferences within the account management function on the website or mobile app.
- Our servers automatically protocol the consent gathering process to enable us to evidence that you have consented. For this purpose we will store the following information: email address, details of how and when consent was given, details of confirmation email sent and confirmation email clicked; including the date, time and IP address relating to the consent and clicked confirmation link, the wording of the consent and the information about the right to withdraw your consent at any time.
- If you have provided your consent to hear from other companies in our group or our partners, by opting in on registration or when contacting us or purchasing our services, you may also receive updates, news and promotions from such companies. Again, you may withdraw your consent at any time by using the unsubscribe link in any communication received, by contacting us at firstname.lastname@example.org., or where the particular website or mobile app has the facility to create an account, by changing your marketing preferences within the account management function on the website or mobile app.
Personalised content, advertisements and services
- Your personal information may be used to understand your customer journey and to provide you with personalised offers or advertisements. These offers or advertisements may be shown to you on our websites or mobile apps or the websites of third parties (for example, your chosen social media platforms).
- Where we have permission to send marketing materials (as set out under Marketing in this section), these personalised offers and advertisements may be included within those updates and will be in accordance with your chosen marketing preferences.
- Please note we do not carry out any automated decision making based on your information.
Promotional or other activities
- If (at your discretion) you decide to take part in any promotional activities such as competitions, surveys or interactive features of our services, your personal data may be processed to administer the activity or enable participation.
- We may notify you of any changes or updates to your current services or subscriptions. For example, security alerts or important support or administration messages about your services or notices of when annual passes are due to expire.
- We may have to process your information to comply with legal or regulatory obligations, where required by applicable laws.
- We may use your information for our business purposes; for example, to carry out data analytics to assess consumer demands and trends.
Internal business reasons
- We may also use your personal information for other internal business reasons; for example, for training staff.
Aggregated or anonymised data
3. What is the legal basis for processing your personal data?
In most cases, we process your data at your request in order to enter into a contract with you and to perform our contract obligations (for example, to process your booking and issue your tickets). If the processing is not related to a contract, we will process your information on one of the following basis:
- based on your explicit consent for us to do so (for example, when you have subscribed or opted in to our mailing lists or promotions);
- as required to comply with relevant legal or regulatory obligations (for example, to resolve disputes or enforce contracts);
- as required to support the legitimate interests that we have as a business (for example, to carry out analytics and to improve and market our products and services), provided always that such processing is carried out in a way that respects your privacy rights.
With regard to special categories of personal data, such as the health and medical information outlined at section 2, if you consent to us processing your special categories of personal data, you can withdraw your consent at any time. However, this may mean that some services (for example, services that may be conditional upon satisfactory health and medical information being provided and therefore us processing such data) can no longer be provided to you. We will advise of such consequences of withdrawing your consent if you take this action.
Where we rely upon legitimate interest as a lawful basis, we have balanced your rights and freedoms against our interests, or those of any third parties, and determined your rights are not infringed. Legitimate Interest is where your personal data is processed for either our own interests or the interests of third parties. This can include commercial interests, individual interests or broader societal benefits.
4. Who do we share your personal data with?
We may share your information with third parties who provide a service to us. We do this where it is necessary for the service provider to have access to your information and solely for the purpose of them delivering that service to us. An example of this is when you purchase a service from us your payment details are processed by a third party payment solution provider.
Our service providers include:
- IT companies (e.g. hosting providers);
- WiFi providers;
- Payment solution providers;
- Marketing or communication providers;
- Data analytics providers;
- Survey or market research providers;
- Professional advisers or auditors;
Other third parties
We may also disclose your personal data:
- to our employees who require access to perform their responsibilities as part of their employment (for example, data may be accessible to certain types of persons involved with the operation of our services from our administration, IT, sales, marketing or legal teams);
- to any of the companies in our group, including our holding company and its subsidiaries, and their employees who require access;
- if required by applicable laws or regulations;
- to government or supervisory bodies or agencies in response to their legitimate requests, or where it is in our legitimate interests to do so, even if such disclosure is not mandatory under law;
- if you explicitly requested or authorised us to do so;
- in the event we sold part of our business, we would need to transfer your information to the acquiring company.
We only share the information that is necessary for the required purpose so we do not disclose all of the information you provide to us and we do not sell, rent or lease your personal information to third parties under any circumstances.
Where we have a lawful basis to do so, we will use your personal data to evaluate certain personal aspects about you, such as to analyse or predict aspects concerning your economic situation, personal preferences, interests, reliability, behaviour, location or movements. This is known as “Profiling”. We only conduct profiling where it will not have a legal or other significant effect on you. We undertake profiling to help tailor our marketing to you.
Links to third party websites
You may have accessed one of our websites by clicking a link on a third party website; for example, you may have clicked a link on one of our partners’ websites so that you could view package holiday options and were then redirected to our website. Similarly, our websites contain links to our partners’ websites.
We also integrate our websites or mobile apps with third party products (for example, Google Analytics, Facebook, Twitter) to enable us to measure the performance of our websites and website content, present personalised offers and enable you to share, like and recommend pages to others via social media.
Transfers outside of the EEA
As a business located outside of the European Economic Area (“EEA”), we process your information outside of the EEA and in some cases (as described in section 5), your information may be transferred to and processed by third parties who are also located outside of the EEA.
We store your personal data in a centralised database hosted in the cloud, and affiliates or partners might have access to this database where such entities make use of personal data. We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical and organisational security measures to safeguard and secure the information we collect. You are responsible for maintaining the confidentiality of any password or account details (as may be applicable from time to time) and are fully responsible for all activities that occur under your password or account.
Control your Personal Data
How you can control your personal data:
You have certain rights in relation to your personal data as determined by applicable data protection laws.
If you benefit from the rights of a data subject under the European Union General Data Protection Regulation 2016/679, or the Dubai International Financial Centre Data Protection Law No. 5 of 2020, you will have certain additional rights in relation to our handling of your personal information, including:
You have the right at any time to:
- be informed of the use of your personal data;
- access, rectification or erasure of your personal data;
- restrict and/or object to the processing of your personal data;
- data portability;
- not be subject to any decision based solely on automated processing of your personal data.
You can exercise some of these rights when providing data to us at registration or purchase or when contacting us, by reviewing and selecting or deselecting the boxes on the forms you are required to complete. If at any time you wish to unsubscribe or opt out from any communications we have sent you based upon your selected preferences, you may do so by using the one click unsubscribe link on those communications. You can also contact us at email@example.com.
If you wish to discuss how we have handled your personal data, you can contact us at any time and we will investigate this. If you are not satisfied with the response or believe we are not processing your data in accordance with the applicable law you can refer the matter to any competent data protection authority.
For any privacy related queries, you may contact us at any time at firstname.lastname@example.org.