November 9 - BRESH | Tickets

Terra Solis

Telephone

Privacy Policy

Version: 11/05/2023

Thank you for visiting our website https://terrasolisdubai.com/. We welcome your interest in our company.

The protection of your privacy and personal data is of utmost importance to us. We make every effort to protect your privacy and to ensure that you can safely entrust us with your personal data. As such, we always handle personal data securely and discreetly. Furthermore, appropriate security measures have been taken to avoid loss, alteration, access by unauthorised persons and/or any other unlawful processing of your personal data.

We aim to be transparent regarding how we process your personal data and what we do with your personal data. We provide you with more detail on those processes in this privacy policy.

Who are we?

Terra Sol Hospitality Services Mazaya Business Avenue BB2, Office 2308, Dubai (United Arab Emirates) (hereinafter, "TSHS", "we" or "us").

You can contact us via the following contact details:

E-mail: legal@terrasolisdubai.com

Representative details:

Name: Vamshi Krishna
Tel.: 050 446 7621
E-mail: legal@terrasolisdubai.com

We process your personal data in accordance with the applicable legal provisions regarding privacy and the protection of personal data applicable in the UAE and in Dubai (the DIFC DP Law of 2020 (Dubai) and the UAE Personal Data Protection Law (Federal Law No 45 of 2021) (“PDPL”). The legal provisions regarding privacy and the protection of personal data applicable in Dubai and the UAE are consistent with the legal provisions regarding privacy and the protection of personal data appliable in the European Union (including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter the "GDPR").

General Data Protection Regulation (GDPR) – European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Terra Sol Hospitality Services has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

- by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
- by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium

Some definitions

As far as this privacy policy is concerned, the term "personal data" refers to: all information about an identified or identifiable natural person (the ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular through an identifier, such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. In other words, all the information which can be used to identify a person. These elements include, for instance, your surname, first name, date of birth, telephone number and email address, as well as your IP address.

The term "processing" is very broad and covers, among other things, collecting, recording, organising, storing, updating, modifying, retrieving, consulting, using, disseminating, combining, archiving and deleting data.

The term “sensitive data” means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, as well as any other personal data with a medium to high degree of sensitivity.

Entity responsible for the processing of your personal data (the "Controller").

TSHS is responsible for the processing of your personal data.

We are what the PDPL refers to as the “data controller” of your personal data. In concrete terms, this means that TSHS, possibly, in the circumstances that may prevail, together with other entities, determines the purpose and means for the processing of your personal data.

What categories of personal data do we process, why, on what legal basis and for how long?

In the table below you can read:

All processing activities involving your personal data takes place for one or more specific purposes.

In addition, we only process your personal data when we can rely on a valid legal basis. The applicable legal basis, which you can find in the column 'Legal basis', means the following:

Categories of personal dataPurposesLegal basisRetention period

Identification details (first name and surname, email address, phone number, residential address, nationality, credit card details and financial information (credit or other bank card details, PayPal details)

To facilitate any reservation or booking request we receive from you

Agreement

Until your and our contractual obligations under the booking or reservation are fulfilled

Proof of identification (e.g. Emirates ID or passport)

To comply with legal requirements of identity verification for restaurant reservations and room bookings

Legal obligation

Until your and our contractual obligations under the booking or reservation are fulfilled

Financial information (credit or other bank card details, PayPal details)

To process your payments in compliance with applicable laws (e.g. fraud and anti-money laundering)

Legal obligation (compliance with rules and regulations relating to payments, including but not limited to fraud and anti-money laundering)

For as long as legally required

Such sensitive information as required to comply with your special request (e.g. photograph, passport details when applying for a travel visa, health information to comply with requests for special assistance such as accessible parking and wheelchair assistance, etc.)

To comply with any special requests you may have

Explicit consent

For the period required to comply with your special request

Identification and contact details (first name and surname, email address, telephone number (optional), nationality) and your question/message

To respond to your question, message or query transmitted to us via the contact form on our website or through any other means

Consent

For as long as required to address your question, message or query

Identification and contact details (first name and surname, email address, telephone number (optional)), information you provide to us relating to your interests and preferences

To provide you with information (including newsletters) about any of our future events and latest service offerings and to tailor such communications to your interests and preferences

Legitimate interest (commercial interests: direct marketing) / consent (in case you have not purchased any services from us in the past two years)

Until you unsubscribe, expressing your wish to no longer be kept informed about our services

Identification and contact details (first name and surname, partner issued membership ID) and transaction history with our business partners

To enable you to obtain exclusive offers and benefits from our business partners

Consent

24 Months

Identification and contact details (first name and surname, email address), transaction history and feedback or complaints in the submission form on the website or through a survey after a hotel stay or dining experience with us

To respond to your feedback and complaints

Legitimate interest (commercial interests: to be able to provide you with the best services possible)

3 Months

Identification and contact details (first name and surname, email address, telephone number, employer or company that you are representing, company function, LinkedIn profile information)

To establish and maintain a commercial relationship with your employer or the company that you are representing, and in pursuit thereof, to among others:

  • Share information relating to us to your employer or the company that you are representing;
  • To invite you to our future events, that may be of interest to you, your employer or the company that you are representing.

Legitimate interest (commercial interest: to establish and maintain a commercial relationship with our corporate clients)

24 Months

Identification and contact details (first name and surname, email address, telephone number, employer or company that you are representing, company function, company employee ID)

To enter into, renew or fulfil service contracts with your employer or the company that you are representing (for example to facilitate group bookings, reservations and events)

Legitimate interest (commercial interest: to enter into, renew or fulfil service contracts with our corporate clients)

24 Months

Records and copies of all communications between you and us (including recordings of your telephone conversations with our Customer Services centre)

To monitor and improve our service offerings

Legitimate interest (commercial interests: to be able to provide you with the best services possible)

24 Months

Identification details (email address and IMEI code) and your behaviour (tracking of whenever you receive, open, click a link or download any attachments from an email you receive from us)

To facilitate our sales and marketing email campaigns

Consent

24 Months

Identification and contact details (surname, first name, address, email address, front side of your electronic identity card)

To manage your request to exercise your rights

Legitimate interest (to facilitate the exercise of your rights)

10 years for request (in the event of a judicial procedure: until termination of judicial procedure)

Identification and contact details (surname, first name, address) and any other information relating to you that may be necessary to defend and protect our rights (e.g. your bank account details)

To defend and protect our rights

Legitimate interest (legal defence)

Applicable statute of limitations

Minors

We do not intend to collect any personal data from persons younger than 16 years old. These minors are not allowed to provide us with any personal data or a statement of consent without permission from the person who has parental authority.

Cookies

We also use cookies, primarily to permanently optimise our website for its users. For more specific information about the cookies we use, you can consult our cookie policy.

Opt-out

We understand that you may not prefer for us to contact you any further with any offers, promotions or details of our products and services. In the event you opt-out, we may be required to maintain information such as first name and surname, email address, telephone number and the subscription(s) that you have opted out of to ensure compliance with your requests. Also, in the future, if you wish to hear from us, you may at any time, contact us to opt-in and we would be happy to keep you posted about our latest offers, promotions and/ or details of our products and services.

HOW TO OPT-OUT?

Your privacy rights

To give you more control over the processing of your personal data, you have various rights at your disposal. These rights are laid down, inter alia, in articles 13-18 of the PDPL (the rights to obtain information, to request transfer of personal data, to correction and erasure of personal data, to restrict processing, to stop processing, and to processing and automated processing) and in terms of articles 15-22 of the GDPR (the rights of access, rectification, cancellation (right to erasure [to be forgotten]), restriction of processing, notification of rectification or erasure of personal data or restricting of processing, data portability, objection, automated decision-making and profiling, and restrictions).

You have the following rights (in terms of the GDPR):

The right to access the personal data we process about you (art. 15 GDPR):

You have the right to be informed by us at any time whether or not we are processing your personal data. If we are processing them, you have the right to access these personal data and to receive additional information about:

If we cannot give you access to your personal data (e.g. due to legal obligations), we shall inform you as to why this is not possible.

You can also obtain a free copy, in an understandable format, of the processed personal data in an understandable format. Please note that we may charge a reasonable fee to cover our administrative costs for any additional copy you may request.

The 'right to be forgotten' (the right to request us to delete your personal data) (art. 17 GDPR):

In certain cases, you can request that we delete your personal data. In this event, however, please note that we shall no longer be able to offer you our services if you exercise this right. Please also note that your right to be forgotten is not absolute. We are entitled to continue to store your personal data if this is necessary for, among other things, the execution of the agreement, compliance with a legal obligation, or the establishment, execution or substantiation of a legal claim. We shall inform you of this in more detail in our response to your request.

The right to rectification (art. 16 GDPR):

If your personal data is incorrect, out of date or incomplete, you can ask us to correct these inaccuracies or incomplete information.

The right to data portability (art. 20 GDPR):

Subject to certain conditions, you also have the right to have the personal data that you have provided to us for the performance of the agreement or for which you have given your consent, transferred by us to another controller. Insofar as technically possible, we shall provide your personal data directly to the new controller.

The right to restriction of processing (art. 18 GDPR):

If any of the following elements apply, you may request us to restrict the processing of your personal data:

The right to object (art. 21 GDPR):

You can object to the processing of your personal data on the basis of your particular situation, if we process your personal data on the basis of legitimate interests or on the basis of a task of general interest. In this event, we shall cease the processing of your personal data, unless we can demonstrate compelling and legitimate grounds for processing which outweigh your own, or if the processing of the personal data is related to establishing, exercising or substantiating a legal claim.

The right not to be subject to automated decision-making (art. 22 GDPR):

You have the right not to be subject to a decision made exclusively on the basis of automated data processing that significantly affects you or has legal consequences and that is made without substantial human involvement.

You cannot exercise this right in following three situations:

The right to withdraw your consent (Art. 7 GDPR):

If your personal data are processed on the basis of your consent, you may withdraw this consent at any time upon simple request.

Exercising your rights

To exercise these rights, you can contact us by using the contact details set out in Section – ‘Who are we’.

In order to verify your identity when you wish to exercise these rights, we may ask you to send us a copy of the front side of your identity card. The image on your electronic identity card shall not be retained by us. We strongly advise you to “blackline” the image before transmitting a copy of your electronic identity card to us.

You can exercise the abovementioned rights free of charge, unless your request is manifestly unfounded or excessive (for instance due to its repetitive nature). In such cases, we shall be entitled to charge you a reasonable fee or to refuse to respond to your request.

Sources of your personal data

We may obtain personal data relating to you through the following sources:

Categories of recipients

We shall only disclose your personal data to third parties in accordance with the applicable legal framework, if you have given your consent, if such disclosure is necessary for the performance of our services, based on our legitimate interest or when we are legally obliged to do so (e.g. disclosure to governmental bodies, such as supervisory or law enforcement bodies).

In certain cases, our employees and associates may be assisted in their work by external service providers. With regard to data protection, an agreement has been concluded with all these service providers to ensure that they manage your personal data securely, with respect and with due care and diligence.

In particular, we may (but shall not be under any obligation, in any circumstances whatsoever and howsoever and notwithstanding at whose instance and/or request and/or demand, save and except 7 below):

Transfer to third countries outside of the European Economic Area (“EEA”)

We shall only transfer your personal data to processors or controllers in third countries to the extent we are legally entitled to do so. Your personal data may be transferred to, and stored at, various destinations depending on the requirements of the services provided to you, in particular in the UAE and the European Union (“EU”). Your personal data may also be processed by our vendors’ staff members operating outside of the UAE and the EU.

Insofar as such transfers are necessary, we take the necessary measures to ensure that your personal data are highly protected and that all transfers of personal data outside the UAE and EEA take place lawfully. If a transfer takes place to a country outside the UAE and EEA for which the European Commission has not determined that it offers an adequate level of protection and for which the laws of the UAE deem to have adequate levels of protection, this transfer shall always be subject to an agreement that complies with all requirements for transfers to third countries, such as the relevant safeguards and standard contractual clauses on data protection approved by the European Commission.

The 2021 amended standard contractual clauses of the European Commission will be applicable to the transfer of data outside of the UAE and the EEA.

Furthermore, when transferring your personal data to a non-EU or a non-UAE organisation or country (“Transfer Destination”), a full risk assessment and due diligence on the Transfer Destination concerned and the data protection legislation applicable to that Transfer Destination, on a case-by-case basis, in order to ensure that the personal data will be adequately protected.

Security of your personal data

The security of your personal data is an important concern for us. We have taken all reasonable and adequate technical and organisational security measures to protect your personal data as best as possible against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.

We aim to ensure secure transmission of your personal data from your computer, smartphone, and other electronic devices to our servers. We use industry security standards to safeguard the confidentiality of your information (e.g., firewalls, Transport Security Layer (“TLS”) etc.). All information you provide to us is stored on our secure servers behind firewalls. All payment transactions are encrypted using TLS technology.

Furthermore, we have taken the following measures:

The security of your personal data also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our website, you are responsible for keeping such password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website. Any transmission of personal data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the website.

Complaints?

We make every effort to securely protect your privacy and personal data. If you have a complaint about the way in which we process your personal data, you can notify us thereof via our contact details, as mentioned at the beginning of this privacy policy, so that we can deal with it as quickly as possible.

You can also lodge a complaint with the competent supervisory authority.

Do you have any questions?

You can always contact us by using the contact details set out in Section – ‘Who are we’. We are happy to answer any of your questions.

Amendments

In response to feedback, or to reflect changes in our processing activities, we may amend this privacy policy from time to time. We therefore invite you to always consult the latest version of this privacy policy on our website.