logo-header
    logo-header

    Privacy Policy

    Introduction Privacy Policy

    This Privacy Policy describes how Wanderlux Travel agency L.L.C (“we” or “us”) collects, uses, shares and protects personal data on our website and services (tour bookings, hotel reservations, travel guides). It applies to all users worldwide (including UAE and EU residents) who create accounts or use our services. We are committed to protecting your privacy in accordance with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) and with international standards such as the EU General Data Protection Regulation (GDPR). The PDPL provides an integrated framework to ensure confidentiality of information and protect individual privacy. The law generally prohibits processing personal data without the individual’s consent (with limited exceptions for public interest or legal obligations). This policy explains what information we collect, how we use it, with whom we share it (including any cross-border transfers), how we protect it, your rights under the law, our use of cookies, and how to contact us.


    Data We Collect

    We collect personal data you provide to us as well as certain technical data automatically. Account and booking information: When you create an account or make a booking, we collect your first name, last name, email address, phone number, passport information (for travel document verification), and any other information you choose to provide. Payment information: For online payments (Visa, Apple Pay, Google Pay), we collect necessary payment details (e.g. card token or masked card data) through secure, PCI-compliant payment gateways; full card numbers and CVVs are not retained by us. Usage data: When you visit or interact with our site, we automatically collect technical data such as your IP address, device/browser information, pages visited, and time spent, typically via cookies and similar technologies. In particular, we use Google Analytics, Google Search Console and Microsoft Clarity to analyze site traffic and performance. These tools may use cookies or online identifiers (IP address, device ID) to generate analytics data. We only collect minimal personal data needed for these purposes, and aggregate or pseudonymize it where possible. We do not collect sensitive personal data (such as race, health, religion, etc.) through the site.

    As required by law, this notice is provided in clear, plain language and is concise and accessible. We describe the categories of data collected and the purposes of processing so you can make informed choices.


    How We Use Your Data

    We use personal data for the following purposes, based on legal grounds as explained below:

    • Performing Contracts: To fulfill travel bookings, hotel reservations and related services you request (for example, confirming your booking, arranging itineraries, processing payments), we process your name, contact, passport and payment data as necessary to perform our contract with you. This includes communicating booking confirmations and updates, arranging travel, and providing customer support.
    • Consent-Based Marketing: With your explicit consent, we may send you promotional emails or newsletters about our services. You can withdraw marketing consent at any time. We only use your contact details for marketing if you have opted in, and each message explains how to unsubscribe. Under PDPL, consent must be clear and unambiguous. We keep records of consents given and allow you to withdraw consent as easily as it was given.
    • Legitimate Interests and Legal Obligations: We may use data as needed for legitimate business interests (such as fraud prevention, auditing, or enforcing our terms) and to comply with legal requirements (for example, financial record-keeping, tax laws, or law enforcement requests). Processing for these purposes is limited and documented to protect your privacy.
    • Improving Our Services: We analyze anonymized usage data (via Google Analytics and Microsoft Clarity) to understand how our website is used and to improve its functionality and user experience. Such analytics data does not identify you personally and is used in aggregate form. If we do use any data for profiling or personalized features, we will inform you and obtain consent where required.

    At all times, we collect only data necessary to achieve the stated purposes (data minimization). When collecting personal data, we inform you of the purpose and legal basis for processing.


    Sharing of Personal Data

    We do not sell your personal data. We share information only as necessary to provide our services or to comply with law:

    • Service Providers: We may share your data with third-party service providers who assist us in operating the website and providing services (e.g. payment processors, cloud hosting providers, email service providers, customer support platforms). For example, your payment is processed by Visa/Apple/Google via their secure payment gateways; these providers have strict privacy and security controls. We also share reservation details with hotels, tour guides or travel agencies as needed to fulfill your booking.
    • Analytics and Advertising: We use third-party analytics tools (Google Analytics, Microsoft Clarity, etc.) to measure and improve our services. These providers may access limited personal data (e.g. IP address, device info) as part of their analytics. We do not share marketing lists with advertisers or other parties for their independent use, except with consent.
    • Legal and Regulatory Authorities: If required by law or to protect our rights, we may share personal data with government authorities or courts (for example, in response to a subpoena, or to investigate fraud or illegal activity). Personal data may also be shared to prevent harm (e.g. in emergencies) as permitted or required under applicable laws.

    In all cases, we disclose only the minimum data needed for the purpose. Where possible, we enter contractual agreements requiring third parties to protect your information. Our privacy notice discloses categories of recipients and cross-border transfers as required by law.


    International Data Transfers

    Because we operate online and use global service providers, your data may be transferred outside the UAE and, for EU/EEA users, outside the EU. For example, Google Analytics data may be processed on servers outside the UAE/EU. Under UAE law, transferring personal data abroad is permitted only if certain safeguards are in place. We ensure that overseas recipients provide adequate protection (for instance, by relying on countries with similar data protection laws, or by using approved contractual safeguards). Under GDPR, we also follow its rules on international transfers (e.g. using EU standard contractual clauses or other approved mechanisms). In any case, transfers are made only for legitimate business needs and with appropriate security.

    If you wish to learn the locations to which your data has been sent or to provide explicit consent to a transfer, please contact us (see “Contact Information” below). Details on these transfers and safeguards are available upon request.


    Cookies and Tracking Technologies

    Our website uses cookies and similar technologies to enhance your experience and gather usage information. Cookies are small data files stored on your device. We use strictly necessary cookies for essential site functions (such as keeping your session active during login or processing your shopping cart), which do not require your consent. We also use analytics cookies (Google Analytics and Microsoft Clarity) to understand site traffic and performance (these cookies collect data on pages visited and how users navigate the site, in anonymous form). Additionally, we may use preference/functionality cookies (to remember your language or preferences) and marketing cookies (to show you relevant offers if you have consented).

    In compliance with privacy regulations, we inform you about cookies and (where required by law) obtain your consent for non-essential cookies. On first visit, a cookie banner or settings panel will allow you to accept or decline non-essential cookies. You can also manage or delete cookies through your browser settings at any time. Detailed information about the specific cookies and their purposes can be found in our Cookie Policy (link) or by contacting us. If you decline analytics or marketing cookies, certain site features (such as personalized recommendations or statistics gathering) will not operate.


    Data Subject Rights

    Under the PDPL and GDPR, individuals have rights regarding their personal data. These include the right to:

    • Access: Request a copy of the personal data we hold about you and information about how we process it.
    • Rectification: Ask us to correct or update any inaccurate or incomplete data.
    • Erasure (Right to be Forgotten): Request deletion of your personal data when it is no longer needed or if you withdraw consent (subject to legal exceptions).
    • Restriction of Processing: Request that we pause or limit the processing of your data in certain cases (e.g. if accuracy is contested).
    • Portability: Receive your data in a structured, commonly used format and transfer it to another data controller (when technically feasible).
    • Object: Object to our processing of your data on grounds of legitimate interest or for direct marketing.
    • Withdraw Consent: Withdraw any consent you have given for data processing at any time (without affecting processing prior to withdrawal).
    • No Automated Decisions: Not be subject to decisions based solely on automated processing that produce legal or similarly significant effects, unless explicitly permitted (and even then, you may request human intervention).

    These rights align with international standards. To exercise your rights, you may contact us at any time (see Contact Information). We will promptly verify your identity and respond to requests free of charge. If you are a UAE resident, you may also complain to the UAE Data Office if you believe we are not complying with the law. EU residents can lodge a complaint with their national data protection authority (for example, an EU resident’s local supervisory authority).


    Data Security and Retention

    We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. These measures include encryption (e.g. HTTPS/TLS for data in transit), access controls, firewalls, and secure servers. Sensitive information such as passport details is encrypted in our databases. Access to personal data is limited to authorized personnel who need it to perform their duties. Under PDPL and GDPR, security of personal data is a fundamental requirement.

    We retain personal data only as long as necessary for the purposes described above or to meet legal or regulatory requirements. For example, we keep booking and payment records for the duration required by financial regulations, and marketing consents on record until you withdraw them. When data is no longer needed, we securely delete or anonymize it. We review our retention practices regularly.


    Contact Information

    If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us:

    • Data Protection Officer: Data Protection Officer, Wanderlux Travel Agency L.L.C Email: info@wanderlux.ae
    • General Contact: Wanderlux Travel Agency L.L.C, Phone: +971 50 8295065, Email: info@wanderlux.ae

    We strive to respond promptly to all requests. We also provide a means (via our website or email) to submit Data Subject Access Requests directly.


    Leave a Reply

    User comments