Last Updated: 13/06/2021
We are committed to protecting and respecting your privacy. This Privacy Notice (the “Notice”) governs the collection and use of personal data by DXB Entertainments PJSC and its affiliates or any company it controls (“DXBE”). It explains how and why we use your personal data and applies to the personal data that you provide us directly, or which we may obtain from other sources.
We may use your personal data for any of the purposes described in this Notice, or as otherwise stated at the point of collection. For more information about DXBE please see http://www.dxbentertainments.com/.
References to “our”, “us” or “we” within this Notice are to DXBE, PO Box 33772, Dubai, United Arab Emirates, email@example.com , +971 4 820 0000.
DXBE is the data controller of your personal data. We decide how and why your personal data is processed, either alone or jointly with others.
If you visit our venues or use our facilities and services, the entity which manages the relevant venue, facility or service will also be a data controller in respect of your personal information. You can access a ‘Data Controller List’ here, which sets out all of the different DXBE entities and their contact details. This will enable you to identify the relevant DXBE entity that holds, processes and secures your personal data and is the data controller in relation to your personal data.
If you have any questions about this Notice, the use of your data, or would like to be directed to our Data Protection Officer, please contact firstname.lastname@example.org.
In this Notice we refer to “processing” your “personal data”.
Processing is taken to mean anything that is done to or with personal data (including simply collecting, storing or deleting that data).
Personal data is any information relating to an identified or identifiable living person. When “you” or “your” are used in this statement, we are referring to the relevant individual who is the subject of the personal data.
We process different categories of personal data to enable us to provide services to you, and as further described below.
Contact Details: Includes but is not limited to address, email address and telephone number.
Identification data: Includes but is not limited to name, title, company and individual physical description.
Personal Information: Includes but is not limited to date of birth, age, gender, nationality, passport, marital status, signature, country of residence, photograph, family, voice recording, religion, languages spoken, place of birth, emergency contact details, insurance details and driving licence number.
Web Data: Includes but is not limited to cookies, user activity logs, IP address, social media profile and website visitor interaction data.
Health Data: Includes but is not limited to health, allergies, dietary requirements, medical information forms and notes and disability records.
Travel / Stay Information: Includes but is not limited to travel history, loyalty scheme information, preferences, stay information, feedback / analysis (e.g. surveys), product purchase information, reservation history, VIP status, visa information and occupancy information.
Financial Data: Includes but is not limited to card details and bank details.
The reason these categories of personal data are processed, along with our legal basis for doing so, are set out in the table below.
Description of Processing
Purpose for Processing
Category of Personal Data
We process your personal data when managing and fulfilling bookings, reservations and requests.
Customer service and processing/fulfilling orders and transactions
Contact Details, Identification Data, Personal Information, Web Data, Health Data, Travel / Stay Information and Financial Data
Contract, Legitimate Interest and when processing special category personal data – Explicit Consent
We process your personal data when facilitating the check-in and check-out process.
Contact Details, Identification Data, Personal Information, Health Data, Travel / Stay Information and Financial Data
Contract and when processing special category personal data – Explicit Consent
We process your personal data during your stay on our premises (e.g. in order to provide Wi-Fi to you).
Contact Details, Identification Data, Personal Information, Web Data and Travel / Stay Information
Consent and Legitimate Interest
We process your personal data in order to collect, manage and analyse membership information.
Maintaining / Servicing Accounts
Contact Details, Identification Data, Personal Information, Web Data, Travel / Stay Information and Financial Data
Consent, Legitimate Interest and when processing special category personal data – Explicit Consent
We process your personal data in order to conduct surveys, obtain feedback and manage and progress complaints as necessary.
Legitimate Interest and when processing special category personal data – Explicit Consent
We process your personal data for marketing purposes, such as personalising offers for you, as well as for analytics purposes.
Advertising / Marketing Services, Analytics Services
We process your personal data for service and quality monitoring purposes.
Contact Details, Identification Data, Personal Information and Financial Data
We process your personal data in relation to incidents and accidents.
Health and Safety
Contact Details, Identification Data, Personal Information, Web Data, Health Data and Travel / Stay Information
Legal obligation, Vital Interest, Legitimate Interest and when processing special category personal data – Heath Exemption
We process your personal data for invoicing purposes.
We process your personal data in order to comply with legal requirements and exercise or defend legal claims.
Litigation & Disputes
Contact Details, Identification Data, Personal Information, Health Data and Travel / Stay Information
Legal obligation, Legitimate Interest and when processing special category personal data – Legal Claims Exemption
We process your personal data for competition and event purposes.
We process your personal data in order to provide medical care where required. This includes COVID-19 processes and procedures
Consent, Vital Interest and Legal obligation and when processing special category personal data – Heath or Social Care Exemption
We process your personal data in order to improve the services we provide.
For management and audit of our business operations including accounting
Audit Purposes and Financial Management
Contact Details, Financial Details, Personal Information, Identification Data, Health Data, Travel / Stay Information
Legitimate Interest and when processing special category personal data – Heath Exemption
We process your personal data for security purposes and to ensure secure backup and archival of IT Systems.
Legitimate Interest and when processing special category personal data – Legal Claims Exemption
Identifying, investigating and mitigating incidents, such as if a personal data breach occurred
CCTV: We have CCTV cameras across our premises, in all entrances to our buildings and in public areas such as our restaurants and lounges. We use CCTV in order to better ensure the safety and security of our guests and our staff. It is in our legitimate interest to process any personal data captured. Your personal data will not be kept longer than necessary to meet the purposes detailed above. CCTV signage is in place where required by local laws or regulations.
We also receive some information about you from third parties. These are further detailed below:
Medical Service Providers: As necessary, we obtain your personal data from medical service providers when accidents and incidents occur, as well as in order to provide medical care when required.
Airport Authorised Resellers: As necessary, we obtain your personal data from airport authorised resellers for membership information purposes and to manage and fulfil bookings.
Travel and Leisure Booking Websites: As necessary, we obtain your personal data from travel and leisure booking websites for membership information purposes, to manage and fulfil bookings, to facilitate the check-in and out process, to manage complaints, in relation to competitions and events and in order to provide medical care when required.
Financial Service Providers: As necessary, we obtain your personal data from financial service providers for membership information purposes and to manage and fulfil bookings.
Social Media Platforms: As necessary, we obtain your personal data from social media platforms for analytics purposes, in order to manage and progress complaints, for marketing purposes, in order to improve the services provided and to conduct surveys.
To the extent necessary, we may also receive your personal data from other entities within DXBE’s holding company and/or group of companies.
Where we rely upon legitimate interest as a lawful basis, we have balanced your rights and freedoms against our interests, or those of any third parties, and determined your rights are not infringed. Legitimate Interest is where your personal data is processed for either our own interests or the interests of third parties. This can include commercial interests, individual interests or broader societal benefits.
Your personal data will not be kept longer than necessary to meet the purposes detailed above. The criteria that we use to determine how long we will keep your personal data includes the period of time during which we have an ongoing relationship with you, and whether we have a legal obligation to store it (for example, for accounting purposes or for litigation, or regulatory investigations purposes).
Should retention of your personal data no longer be required we will remove it from our systems and records and/or take steps to properly anonymise it so that you can no longer be identified from it.
Where necessary to fulfil the purposes described in this Notice, we shall disclose your personal data to certain third-parties, vendors and service providers or affiliated employees, contractors and entities as described below.
To the extent necessary, and where we have a legal basis to do so, we will also share your personal data with other entities within the DXBE group of companies, including any subsidiaries and holding companies.
Where we share personal data, we do so with the following parties for the following purposes:
Category of Third-Party
Purpose for Disclosure
Legal and professional advisers
Accident and Incidents, Comply with legal requirements and exercise or defend legal claims, Competition and events and IT security
Accident and Incidents, Comply with legal requirements and exercise or defend legal claims and Medical care
Accident and Incidents, Comply with legal requirements and exercise or defend legal claims and IT security
Accident and Incidents, Bookings / reservations / providing services, IT security and Medical care
IT security, Marketing and Memberships
IT, digital, technology and telecoms
Analytics, Bookings / reservations / providing services, Marketing and Memberships
Transport and Leisure Providers
Bookings / reservations / providing services, Complaints, Competition and events and Improve customer experience
Marketing and Research Services
Bookings / reservations / providing services and Marketing
Education and Childcare Providers
Bookings / reservations / providing services and IT security
Where we have a lawful basis to do so, we will use your personal data to evaluate certain personal aspects about you, such as to analyse or predict aspects concerning your economic situation, personal preferences, interests, reliability, behaviour, location or movements. This is known as “Profiling”. We only conduct profiling where it will not have a legal or other significant effect on you. We undertake profiling to help tailor our marketing to you.
When processing your personal data, we may transfer this to third parties based in other countries, to the extent necessary to fulfil the purposes described in this Notice. DXBE forms part of Dubai Holding LLC and its subsidiaries. Your personal data may be transferred within this group of companies, as well as to DXB Entertainments PJSC subsidiaries and holding company. Such transfers shall always be done in compliance with relevant data protection laws.
For transfers of personal data from the UK and European Economic Area (“EEA”) we transfer personal data to entities outside the EEA, under the EU Standard Data Protection Clauses.
To the extent required, we will also transfer your personal data to third parties in connection with a reorganization, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal data in a manner consistent with applicable laws and requirements.
DXBE has implemented technology and operational security measures in order to protect personal data from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal data; such individuals have agreed to maintain the confidentiality of this personal data.
You have certain rights relating to your personal data. However, these rights can differ depending upon the country in which you are located. That country’s law will determine which rights apply and in what instances.
Where you have provided your consent to us, you will always have the right to withdraw this at any time. You can do this by either following the information provided at the time you provided your consent, or by contacting us using the following email address email@example.com.
You will always have the right to request that we correct any personal data that we process about you that is inaccurate or incomplete. You can do this by contacting us at firstname.lastname@example.org.
Where the General Data Protection Regulation applies, you are also provided with additional rights. This allows you, subject to certain conditions, to:
It is important to understand that these rights are not absolute (e.g. their application may depend upon the legal basis we rely upon to process your personal data) and that we may require further information from you (e.g. to confirm your identity) in order to action your request.
If the General Data Protection Regulation applies, you also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU.
If you want to exercise any of the rights set out above or have any questions or concerns about how we treat your personal data, please contact us at email@example.com or by writing to us at: Dubai Parks and Resorts HQ, Riverland™ Dubai Office , Sheikh Zayed Road, Opposite Palm Jabel Ali, Dubai, United Arab Emirates . Please include your reply address when you write to us.
We keep this Notice under regular review. We reserve the right, at our discretion, to change, modify, add or remove sections of this Notice at any time. You are also encouraged to review this Notice from time to time for updates. We will notify you of any changes (including when they will take effect) if we are required to do so by data protection laws.