Legal notice

The following person is responsible for processing your personal data:

BLEUWORLD – FZCO is a company based in Dubai.

Address: Dubai Silicon Oasis Building name: Dubai Digital Park

If you have any questions or ideas regarding data protection, or if you want to exercise your rights, please contact us using the following link: https://bleudubai/en/contact-us/

Data subject to data protection includes personal data, which is defined as any information related to an identified or identifiable individual. The term “data” is then used to refer to personal data.

When you visit our website, your device automatically sends us data for technical reasons. The following information is stored separately from any other information you may send us:

• the URL of the visited webpage
• the network connection latency
• the date
• the time

We retain this data for the following reasons

• to balance the loads, that is, to distribute access to our website across multiple devices and to provide you with the shortest possible download times;
• to ensure the security of our computer systems, for example, to defend against specific cyber-attacks on our systems and to recognize attack patterns;
• to ensure the proper functioning of our computer systems, for example, if we encounter errors that we can only correct by storing the IP address;
• to be able to initiate criminal proceedings, address threats, or take legal action if there is concrete evidence of wrongdoing.

Your IP address is retained for a period of 30 days only.

In this case, the processing is carried out to ensure the security of processing in accordance with Article 32 of the GDPR, as well as based on our legitimate interest in protecting ourselves against the abusive use of our services (Article 6, paragraph 1, letter f of the GDPR).

4.1 Registration

You can create a customer account with BleuDubai to manage bookings, save favorites, and view past reservations. To do this, you must provide the following mandatory information:

• the last name/first name
• the email address
• the passwords

Your registration information is necessary to set up and manage a user account for you. In this case, you enter into a free usage contract with us, under which we collect this data (Article 6, paragraph 1, letter b of the GDPR).

You must provide this data in order to execute the contract. However, you are not contractually or legally obligated to complete the transaction and, therefore, to provide the data.

On our website, you can rate and review guided tours, excursions, and activities, as well as leave comments. After you have completed a tour/guide visit/one or more excursions booked through our website, we may ask you to provide your feedback. Submitting reviews is, of course, entirely voluntary. When you submit a review, we collect the information you provide in order to process it according to the function you selected and to publish it on our website. You can request a review to be conducted at any time by contacting our customer service.

The processing of your data for these purposes is carried out to protect our legitimate interest in providing as much information as possible to our customers about the tours/guided visits/excursions we offer. User reviews are also in the interest of all users. The processing is based on Article 6, paragraph 1, letter f of the GDPR in an appropriate manner.

6.1 Request Processing

If you send us requests via email, phone, contact form, WhatsApp, social media accounts, or any other method, we will process the information you provide in connection with this operation in order to respond to your request (Article 6, paragraph 1, letter b of the GDPR). The ultimate storage of the data transmitted in response to your request is based on our legitimate interest in properly executing our business operations and safeguarding our legal positions (Article 6, paragraph 1, letter f of the GDPR) and, if necessary, on the fulfillment of legal obligations (Article 6, paragraph 1, letter c of the GDPR).

6.2 Translations

In some cases, we may need to translate requests addressed to us in a specific language. This operation may require the processing of personal data, which is necessary to protect our legitimate interest in providing international customer service (Article 6, paragraph 1, letter f of the GDPR).

We engage technical service providers for hosting and certain services necessary for the website. Data processing takes place on the servers of these service providers in an appropriate manner. These service providers process the data only in accordance with our specific instructions and are required to maintain adequate technical and organizational safeguards to ensure data security. Therefore, our service providers work for us as processors, as defined by Article 28 of the GDPR.

7.1 Website Hosting

We use the services of Amazon Web Services EMEA S.a.r.l. (“AWS”), a company based in Luxembourg, to host our website. Therefore, whether you interact with our website or provide personally identifiable information, it is stored on AWS servers.

8.1 Booking

When you book a tour/guided visit/excursion, activity, or similar service on our website, we collect the necessary information to carry out the tour/guided visit/excursion. In general, this process includes the following information: the first and last name of the person, billing address, email address, phone number, number of participants, as well as the date and time. Depending on the activity booked, we may also need to collect other information, such as flight number or the ages of participants. The processing associated with these operations is based on Article 6, paragraph 1, letter b of the GDPR. If necessary, we will pass your information to the organization in charge of the tour/guided visit/excursion/activity. If a transfer to a third country outside the European Economic Area is necessary, the operation is based on Article 49, paragraph 2, letters b and c of the GDPR. If you make reservations through a partner’s website, we will receive from the partner the information we need to complete the booking.

8.2 Payments

You have several options for paying for your bookings. Therefore, we will process the requested data differently in each case, depending on the payment method used. In this case, your personal data will be processed as described below, with this processing being based on Article 6, paragraph 1, letter b of the GDPR and being necessary to use the payment method you have selected.

To protect ourselves and the activity providers against fraudulent bookings, we conduct an assessment of the information provided by our customers during the booking process, including the technical data transmitted by their device, to the extent necessary to safeguard our legitimate interest and that of the activity providers in having legitimate bookings (Article 6, paragraph 1, letter f of the GDPR).

We use what are called “cookies” to enable us to offer certain features on our website and improve the user experience. The term “cookies” refers to small text files that are stored on your device via your web browser.

Unless other cookies are specifically mentioned elsewhere in this privacy statement or in our cookie consent, we use the following cookies:

• session cookies: These cookies are necessary to store certain technical data during your visit to our website, for example, to determine if you are logged in;
• persistent cookies: These cookies are necessary to save data after a browsing session (if you wish).

11.1 Google Analytics

If you give us permission, we use Google Analytics 360, a web analytics service. Google Analytics 360 collects anonymous data about your use of our website, including your IP address, and uses cookies. This data is sent to a Google server. Google will use this data to evaluate your internet usage, generate reports on web activity, and provide other services related to web activity and usage. Google may share this data with third parties in the event of a legal obligation or when those third parties process data on behalf of Google.

Google Analytics stores your information for a period of 14 months. The data is deleted after this period, and only aggregated statistics are retained.

The use of Google Analytics is based on your consent (Article 6, paragraph 1, letter a of the GDPR).

We manage accounts and profiles on various social media platforms. In this context, personal data is processed as described below.

Si vous interagissez avec nous par le biais de nos sites de médias sociaux ou de nos posts, nous collecterons et traiterons les informations que vous fournissez dans le cadre de ces opérations, y compris, le cas échéant, votre nom d’utilisateur et toute photo de profil, par exemple, si vous marquez un post par un » j’aime « , un » partage » ou un » retweet « , si vous laissez un commentaire ou si vous mettez d’autres contenus à disposition. Le traitement des données à cet égard est effectué de manière routinière sur la base de notre intérêt légitime à fournir les fonctions correspondantes sur nos pages de médias sociaux (article 6, paragraphe 1, lettre f RGPD) et, le cas échéant, sur la base de votre consentement à l’opérateur de réseau concerné (article 6, paragraphe 1, lettre an RGPD) ou de votre relation contractuelle avec l’opérateur (article 6, paragraphe 1, lettre b RGPD). Veuillez également garder à l’esprit que ces contenus sont publiés sur nos sites web liés aux médias sociaux, selon les paramètres de votre compte, et qu’ils peuvent être consultés par n’importe qui dans le monde.

We may need to go through a data processing step in order to accept and respond to requests or messages sent through our social media sites on the Internet (article 6, paragraph 1, letter b GDPR).

In addition, when you visit our social media sites and/or interact with them or our posts, the responsible operators collect and process personal data about you under their own data protection responsibility. This is especially true if you are a member of the relevant network or logged into it. Even if you are not logged into a network, operators collect certain personal data when you visit a page, such as unique identifiers linked to your Internet browser or device.

12.1 Facebook

You can find our Facebook page at the following address: https://www.facebook.com/bleudubai/

Facebook is managed by Facebook Ireland Limited (“Facebook”), 4 Grand Canal Square, Dublin 2 (Ireland). If you visit or like our Facebook page while logged in as a Facebook user, Facebook will collect your personal data. Even if you are not a Facebook member and visit our Facebook page, Facebook may collect anonymous usage data about you. Please see Facebook’s Data Policy at https://www.facebook.com/about/privacy/ and https://www.facebook.com/legal/terms/information about page insights data for more information. You’ll also find information on your Facebook account’s adjusting options in the data policy.

12.2 Instagram

Our Instagram page can be found at the following address: https://www.instagram.com/bleu.dubai/

Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2 (Ireland) (“Facebook”) manages Instagram. Instagram’s privacy policy can be found at the following address: https://help.instagram.com/519522125107875. You will also find information about your account settings options there.

It is possible that your personally identifiable information may be shared with other companies within Facebook or Instagram. This operation may involve the transfer of personal data to the United States and other countries for which the European Commission has not issued an adequacy decision. In this case, Facebook uses the contractual clauses adopted by the European Commission. You can also find more detailed information in Instagram’s privacy policies.

12.3 Pinterest

You can find our Pinterest page at the following address: https://www.pinterest.fr/entreprisebleudubai/

Pinterest is managed by Pinterest Europe Ltd (“Pinterest”), Palmerston House, 2nd Floor, Fenian Street, Dublin 2 (Ireland). Pinterest’s privacy policy can be accessed online at the following address: https://policy.pinterest.com/en/privacy-policy.

Please remember that Pinterest sends personal data to countries outside the European Economic Area, countries for which the European Commission has not issued an adequacy decision. If necessary, Pinterest will take appropriate data protection measures, such as entering into the types of contractual agreements adopted by the European Commission. Please consult Pinterest’s privacy and security policy for more information.

12.4 WhatsApp

You can also contact us via WhatsApp if you have any inquiries. Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2 (Ireland) (“Facebook Ireland”) manages WhatsApp. WhatsApp’s privacy policy can be found at the address https://www.whatsapp.com/legal/privacy-policy-eea?lang=en. You will also find information about your account settings options there.

It is conceivable that your personally identifiable information may be shared with other companies within Facebook. This operation may involve the transfer of personal data to the United States and other countries for which the European Commission has not issued an adequacy decision. In this case, Facebook uses the contractual clauses adopted by the European Commission. You can also find more detailed information in Facebook’s data policy.

12.5 Social media management

In order to assess the success of our social media campaigns, we count the number of times we have been tagged on social media. In this context, we process information about individuals who come to us for assistance. The processing that takes place in this context is based on our legitimate interest in optimizing our social media activities (Article 6, paragraph 1, letter f of the GDPR).

We also process our customers’ data in order to regularly improve our products. Thus, we use anonymous profiles to examine how certain target groups perceive our products and advertisements. Your information is processed in accordance with our legitimate interest in optimizing our products and measuring the success of our business activities/operations (Article 6, paragraph 1, letter f of the GDPR).

In case of agreement, we will also ask for your consent (Article 6, paragraph 1, letter a of the GDPR). You can withdraw any consent you have given for this purpose at any time, with the withdrawal taking effect immediately. For this purpose, you can contact us, for example, using the provided contact details. The processing we carried out until you withdraw your consent is not affected by your withdrawal.

We will delete or anonymize your personally identifiable data once it is no longer necessary for the purposes for which it was collected or used, as stated in the previous paragraphs. We will also retain your data if required by law, or if the data is needed for a longer period to pursue a criminal case, or to protect, assert, or enforce legal rights. When you delete your user account, your profile is permanently deleted.

However, we will retain backup copies of your data in case they are needed for legal reasons, a criminal investigation, or to protect, assert, or enforce legal rights.

If certain data must be retained for legal reasons, the processing will be limited. After that, this data will no longer be available for future use.

According to Article 6, paragraph 1, letter f of the GDPR, retention outside of the contractual relationship is based on our pre-existing legitimate interests.

You have the following rights regarding the processing of your personal data. You can exercise your rights by submitting a request here, which can be sent by mail or by email to the address mentioned above.

15.1 Rights of access for the data subject

You have the right to request information at any time about the personal data we process that concerns you, in the manner and according to the criteria set forth in Article 15 of the GDPR and Article 34 of the BDSG [loi fédérale sur la protection des données].

15.2 Right to rectification of inaccurate data

You have the right to request that we correct your personal data without delay if this information is inaccurate.

15.3 Right to erasure

You have the right to request that we erase your personal data under the conditions set out in Article 17 of the GDPR and Article 35 of the BDSG [législation fédérale sur la protection des données]. These conditions include the right to erasure if the personal data is no longer necessary for the purposes for which it was collected or processed in another manner, as well as the right to erasure in cases of unlawful processing, objection, or the existence of an erasure obligation imposed by a law of the European Union or a member state to which we are subject.

15.4 Right to data portability

In accordance with Article 20 of the GDPR, you have the right to obtain from us the personal data you have provided in a structured, commonly used, and machine-readable format.

15.5 Right to lodge a complaint

You have the right to contact a supervisory authority of your choice in the event of a complaint.