Privacy & Policy

ZAMZAM WEBSITE PRIVACY POLICY

Who are we ?

Welcome to the Zamzam website privacy policy. (“Zamzam”) is a provider of a B2C (Business to Consumer) travel portal (the “Platform”) that allows registered Travellers/Users (“Travellers”) to book hotels, flights and other travel services with our selected hotels, airlines, tour operators, car rental companies, cruise lines and private transfer providers (“Suppliers”) in real time on their behalf or one behalf of others. References in this privacy policy (“Privacy Policy”) to “we”, “our”, or “us” are references to Zamzam. We operate the Zamzam website available at https://www.zamzam.com/ (the “Website”) to promote and provide further information and content about the Zamzam Platform and to provide you with the opportunity to register to use the Platform and receive information and promotional materials about those services.

About this Policy

We are committed to protecting and respecting the privacy of the Users of the Service. This Privacy Policy sets out the basis on which your personal data, as a User of our Website, will be processed by us as a controller. If you visit or use our Website, we may use your personal data in connection with your request for or use of our services. In accordance with UK and European Economic Area (“EEA”) data protection laws, we are the controller of the personal data that you provide to us or that we collect from you. We are responsible for safeguarding your personal data which will be processed in accordance with this Privacy Policy. Please read the Privacy Policy carefully to understand how we will use your personal data.

Once you have created an account for our Platform, any personal data that we process will be governed by our Platform Privacy Policy.

How can you contact us ?

If you have any questions about your personal data, how we look after it or if there are any changes to your personal data, please email us at dpo@zamzam.com

What personal data do we collect and process, and how do we use it ?

When you access the Website, you may provide us with personal data, and we may collect and process such personal data in accordance with this Privacy Policy.

We will only use your personal data where we have a valid lawful basis to do so. We have included a table below which lists all the ways in which we use your personal data and the lawful basis we rely on to do so.

Where we mention “legitimate interests”, this is the lawful basis we rely on when we feel that it is necessary to use your personal data for a reason which is in our and/or your interests and which does not unfairly affect your rights over your personal data.

What personal data do we process? Why do we process this personal data? What is our lawful basis for processing?
Information you give us
Identity Data : this may include your full name, geographical location and other personal identifiers. Additional data may be collected about you from the correspondence that you send to us, any conversations you have with us and any feedback you give us.

Admin Contact Data : this may include your professional email address, phone number(s), postal address and any other contact details you may choose to provide to us.

Company Data : this may include information about the company you work for including the company name, email address, phone number and postal address.
  • To register your account on the Platform on behalf of your company (whether as a Travel Agent or Supplier)
  • To respond to your enquiry if you contact our customer service team
  • To provide you with a demo of the Platform if you request it
  • To contact you with details of our Platform if you request them
  • To send you marketing and promotional material if you sign up to receive it
  • To perform our contract with you or to take steps prior to entering into a contract with you
  • To satisfy our legitimate interests (to run and operate the Website, run our business and maintain our records)
  • Your express consent (where legally required to do so).
If you are:

  • a business customer (including, a director, officer or employee of the organisation) or
  • have previously purchased products and/or services from us
we will assume you are happy to receive relevant marketing communications unless you have previously opted out of such communications. This is based on our legitimate interests in promoting our business and to provide you with offers for relevant products/services.

If you change your mind about this, you can withdraw your consent at any time by clicking on the “unsubscribe” link at the bottom of each email.

If you choose to withdraw your consent to receiving these marketing emails, we will still be able to send you service emails that are necessary for our relationship with you.
Information automatically collected when you browse our Website
Technical Data : we may automatically collect data regarding general technical use of the Website, such as your IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We may also receive technical data about you if you visit other websites through the Website using our cookies. For more information about cookies, please see our Cookie Policy.

Usage Data : we may generate information about how you navigate and engage with our Website and download materials and online activity data such as clickstream data, page interaction information, your preferences (including country and language) and methods used to browse away from our content or Website.

Location: we can identify the country that you are located in based on your IP address.
  • To identify any problems, defects or issues with the Website
  • To optimise the performance of the Websitee
  • To improve future versions of the Websitee
  • To monitor operations, user activity and networks for fraud prevention and crime detection
  • To satisfy our legitimate interest (to enable you to use the Website most effectively, improve the usability of the Website and make any necessary modifications and updates to the Website).
  • Necessary for compliance with a legal obligation to which we are subject.

We will only use your personal data for the reasons we have set out above. If we need to use your personal data for any other reason, we will let you know and tell you the reason along with the relevant lawful basis, unless the law prevents us from doing so.

Who do we share your personal data with ?

By using the Website, we may need to disclose your personal data to the following categories of third parties in limited circumstances so that we can operate our Website and comply with our legal duties.

  • With our third party service providers: your personal data may be held and processed securely by us on the dedicated systems supplied, monitored and maintained by our third party infrastructure providers, and by any other third party service providers we may use, such as our Website hosting provider, customer relationship management provider, analytics, security operations and other third-party service providers.
  • In corporate transactions: we may transfer your personal information if we are involved, whether in whole or in part, in a merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy or other change of ownership or control.
  • Regulators or law enforcement agencies: we may disclose your personal information if reasonably necessary with regulators, law enforcement agencies or where mandatory under a court order:
    • to comply with a legal process, such as a court order, subpoena or search warrant, government / law enforcement investigation or other legal requirements.
    • to assist in the prevention or detection of crime (subject in each case to applicable law).
    • to protect the safety of any person.
  • To enforce our legal rights: we may also share your personal data:
    • if disclosure would mitigate our liability in an actual or threatened lawsuit.
    • as necessary to protect our legal rights and legal rights of our users, business partners or other interested parties.
    • to enforce our agreements with you, and
    • to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing.
  • With other entities within the Group: when it is necessary for operational reasons such as the use of a group-wide logistics and IT infrastructure and for any administrative purposes to organise, develop and deliver our services, run our organisation and decide on future strategies.

You can ask us for more information about these organisations by contacting us using the details at the top of this policy.

Where do we store your information ?

We will not transfer or store your personal data outside of the European Economic Area (EEA) (or the UK to the extent the UK is no longer part of the EU), except to selected third parties that we have instructed to help us provide the services to you.

If we do transfer or store your personal data outside of the EEA, we will ensure we have put adequate measures in place in order to protect your personal data to an equivalent data protection standard as in the UK and the EEA.

We will only share your personal data with countries and organisations that:

  • The European Commission has deemed as having equivalent data protection laws as in the EEA or
  • We have entered into a contract with which include certain requirements to make sure your personal data is protected to equivalent standards as in the EEA and the UK .

If there are any other circumstances which would require us to transfer your personal data outside of the EEA (or the UK to the extent the UK is no longer part of the EU), we will seek your consent to transfer your personal data outside of the EEA.

You can ask us for more information about where we may transfer or store your personal data and how we will take steps to ensure your personal data is protected by using the contact details in section 3 of this policy.

How do we keep your personal data secure ?

We will ensure we put security measures in place to protect your personal data from being destroyed, lost or shared with somebody that should not see it. However, we cannot guarantee your personal data will be free from every security risk that may be possible when your information is sent to and from the Website.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

The Website may include links to third-party websites which may collect your personal data. We have no control over what these websites do with your personal data. Please check the policies on these websites which will tell you what they do with your personal data.

How do we use cookies ?

We use cookies or other similar technologies to capture certain data when you interact with the Website. For further information on our use of cookies, please see our Cookie Policy.

How long do we keep your information for ?

We will only keep your personal data for as long as is necessary for us to do so for the reasons we collected it for in the first place as set out in this Privacy Policy or as otherwise required by applicable laws. We store your personal data in line with legal, regulatory, financial and good-practice requirements.

If you want further information on how long we keep your personal data, please contact us using the details set out in section 3 of this policy.

What are your rights in relation to your personal data ?

As a result of us collecting and processing your personal data, you may have the following legal rights:

  • To access the personal data we hold about you and request a copy of it
  • To ask us to correct your personal data if it inaccurate or incomplete
  • To ask us to delete your personal data where we do not have a compelling reason to continue to process your personal data in such circumstances
  • To ask us to stop using your personal data in certain circumstances where there is no need for us to continue processing it in certain circumstances
  • To ask us to only use your personal data for certain things if: it is not accurate it has been used unlawfully or it is not relevant for the purposes it was initially collected for and/or
  • To ask us to stop using your personal data to send you marketing emails

If you want to exercise any of the rights listed above at any time, please contact us using the details in section 3 of this policy.

We will respond to all requests that we receive from users in accordance with applicable data protection laws. We may ask you to provide proof of identity before we can answer the above requests. In some cases, we may reject requests for certain reasons (for example, if the request is unlawful).

How can you make a complaint ?

You also have the right to make a complaint about how we have used your personal data to :

  • Us - by contacting us by email or post using the details in section 3 of this policy and we will always try to help you with your problem in the first instance.

If you’re still not happy with how we have dealt with your complaint, you can contact:

  • A data protection regulator or
  • The national courts – to seek a remedy if you think that your rights in relation to your personal data have been breached.

Changes to this Privacy Policy

We may need to change this Privacy Policy as our Service develops and offers you more exciting features or if the law changes. We will let you know if any important changes are made, otherwise, we will always display the latest version of our policy on our Website.

ZAMZAM- PLATFORM USAGE POLICY

Who are we?

Welcome to the Zamzam.com (“Zamzam”) privacy policy. “ZAMZAM E TRAVEL SERVICES DMCC” owns and operates the booking platform which can be accessed on www.zamzam.com (the “Platform”) and the Zamzam smartphone app for iOS and Android devices (the “App”), collectively referred to as the Zamzam “Service”.

How does Zamzam work?

We have developed the Zamzam Service to enable travellers/users to book hotels, flights and travel services with our selected hotels, airlines, tour operators, car rental companies, cruise lines and private transfer providers (“Suppliers”), in real time.

We are committed to protecting and respecting the privacy of the Users of the Service. This privacy policy (“Privacy Policy”) sets out the basis on which (i) your personal data, as a Traveller/User or any representative(s) that you authorise to use the Service on your behalf, will be processed by us as a controller and (ii) your personal data will be processed by us as a processor. Please read the Privacy Policy carefully to understand how we will use your personal data.

How can you contact us ?

If you have any questions about your personal data, how we look after it or if there are any changes to your personal data, please email us at dpo@zamzam.com

Zamzam as controller and processor

Controller

If you visit our register on our Platform, or download our App as a Traveller/User, we may use your or your representative(s)’ personal data in connection with your request for or use of our Services. In order to use the Services, you must accept our Terms and Conditions which are available here https://www.zamzam.com/ZamZam/Terms. Where this is the case, in accordance with UK and European Economic Area (“EEA”) data protection laws, we will be the controller of the personal data that you provide to us or that we collect from you. We will be responsible for safeguarding your personal data which will be processed in accordance with this Privacy Policy.

Processor

Our Service is intended for use by Travellers/Users such as you. However, our Service provides the functionality for Travellers/Users to input their information which is then sent to our Suppliers. Where we process any Traveller/User personal data, our role will be limited to that of an intermediary and we will be considered a processor in accordance with UK and EEA data protection laws. We will be processing Traveller/User personal data on behalf of Travel Agents, who will be the controllers of any Traveller personal data, under the terms and conditions that we have in place with the Travel Agents. The Travel Agents will be responsible for the processing of Traveller/User or your personal data on our Platform or App which will be processed in accordance with their own privacy policies. For example, a Travel agent acting as your representative may input personal data in order to search for a hotel and send an email to you the Traveller/User’s at your email address to provide a quotation or send a voucher for the reservation.

We may also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate Traveller/User personal data from confirmed bookings for internal reporting purposes.

What data do we collect about you?

When you use the Service, we may collect, use, store, transfer and otherwise process the following types of data depending on your relationship with us:

Traveller/User

Either you or your representative may choose to input, collect or use some or all of the following types of the data when using our Service:

Category of data Types of data collected
Identity and contact data
  • Full name
  • Phone number(s)
  • Email address
  • Postal and/or billing address
  • Country of residence
  • Country of travel
  • Passport details
  • Date of birth
  • Nationality and
  • Photo (as included on passport).
Payment Data
  • Name of card holder
  • Account number
  • Debit/credit card details.
Special Requirements Data
  • Special needs/requirements such as dietary information and medical information, where provided.

How do we collect personal data about you ?

We collect personal data in different ways, including:

From our registered Travellers/Users

Travellers/Users registered for our Services, may input, use and share personal data for the purpose of making a booking for one of our travel services with our Suppliers.

Any Traveller/User personal data processed and used in connection with our Services, will be done so in accordance with the relevant Supplier/Travel Agent’s privacy policy.

How do we use your personal data?

We collect your personal data so that we can provide you with our Services. We will only use your personal data where we have a valid lawful basis to do so. We have included a table below which lists all the ways in which we use your personal data and the lawful basis we rely on to do so.

Where we mention “legitimate interests”, this is the lawful basis we rely on when we feel that it is necessary to use your personal data for a reason which is in our and/or your interests and which does not unfairly affect your rights over your personal data.

What we use your personal data for ? What personal data we use ? The lawful basis that we rely on to use your personal data
To provide our Services to Travellers/Users that have registered an account with us, including enabling registered Travellers/Users to input their personal data on the Platform/App for the purposes of performing a booking for one of our travel services.
  • Identity and contact details
  • Payment data andv Special requirements data.
Not applicable.

We only use your personal data on behalf of our registered Travel Agents and in accordance with their instructions.
To contact you in circumstances where required in fulfilment of the travel services.
  • Name
  • Email address
  • Phone number
Not applicable.

We only use your personal data on behalf of our registered Travel Agents and in accordance with their instructions.

We will only use your personal data for the reasons we have set out above. If we need to use your personal data for any other reason, we will let you know and tell you the reason along with the relevant lawful basis, unless the law prevents us from doing so.

Who do we share your personal data with ?

We may share your personal data with other organisations so we can provide our Service to you and comply with our legal duties. We have set out below who these organisations are and the reasons for sharing your personal data with such organisations

  • Our Suppliers – in order to fulfil a booking on behalf or on behalf of the person you are making a booking for and to provide our Service, including:
    • hotels
    • airlines
    • tour operators
    • car rental companies
    • cruise lines
    • private transfer providers and
    • any intermediary booking platforms such as Expedia.
  • Our Travel Agents – in order to fulfil a booking through our Travel Agent’s to provide our Service.
  • Our Service Providers – who help us operate and improve our services by assisting with various tasks including:
    • payment service providers
    • marketing
    • personal information hosting and maintenance
    • analytics
    • security operations and
    • other third-party service providers that we may use from time to time
  • Third party Purchaser – in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

You can ask us for more information about these organisations by contacting us using the details at the top of this policy.

We may also need your share your personal data to comply with the law to enforce our Terms and Conditions to protect the rights, property or safety of us, other Platform or App users or other individuals/organisations or where you have given us your consent to do so.

Where do we store your information?

We will not transfer or store your personal data outside of the European Economic Area (EEA) (or the UK to the extent the UK is no longer part of the EU), except to selected third parties that we have instructed to help us provide the services to you.

If we do transfer or store your personal data outside of the EEA, we will ensure we have put adequate measures in place in order to protect your personal data to an equivalent data protection standard as in the UK and the EEA.

We will only share your personal data with countries and organisations that:

  • The European Commission has deemed as having equivalent data protection laws as in the EEA or
  • We have entered into a contract with which include certain requirements to make sure your personal data is protected to equivalent standards as in the EEA and the UK.

If there are any other circumstances which would require us to transfer your personal data outside of the EEA (or the UK to the extent the UK is no longer part of the EU), we will seek your consent to transfer your personal data outside of the EEA.

You can ask us for more information about where we may transfer or store your personal data and how we will take steps to ensure your personal data is protected by using the contact details in section 3 of this policy.

How do we keep your personal data secure?

We will ensure we put security measures in place to protect your personal data from being destroyed, lost or shared with somebody that should not see it. However, we cannot guarantee your personal data will be free from every security risk that may be possible when your information is sent to and from the Platform or App.

The Platform or App may include links to third-party websites which may collect your personal data. We have no control over what these websites do with your personal data. Please check the policies on these websites which will tell you what they do with your personal data.

How do we use cookies?

We use cookies or other similar technologies to capture certain data when you interact with the Platform or App. For further information on our use of cookies, please see our Cookie Policy.

How long do we keep your information for?

We will only keep your personal data for as long as is necessary for us to do so for the reasons we collected it for in the first place.

We will only keep Traveller/User personal data for a 12-month period to comply with the rules on accounting, reporting or any other law or the period determined by the relevant Travel Agent which is the controller of the Traveller/User personal data. For details on how long the relevant Travel Agent retains your personal data, please contact them or read their privacy policies.

In certain circumstances, we may aggregate your personal data (so that it will no longer identify you) for research, analytical or statistical purposes, in which case we may use this information indefinitely without further notice to you.

If you want further information on how long we keep your personal data, please contact us using the details set out in section 3 of this policy.

What are your rights in relation to your personal data?

As a result of us collecting and processing your personal data, you may have the following legal rights:

  • To access the personal data we hold about you and request a copy of it
  • To ask us to correct your personal data if it is inaccurate or incomplete
  • To ask us to delete your personal data where we do not have a compelling reason to continue to process your personal data in such circumstances
  • To ask us to stop using your personal data in certain circumstances where there is no need for us to continue processing it in certain circumstances
  • To ask us to only use your personal data for certain things if: it is not accurate it has been used unlawfully or it is not relevant for the purposes it was initially collected for and/or
  • To ask us to stop using your personal data to send you marketing emails.

If you want to exercise any of the rights listed above at any time, please contact us using the details in section 3 of this policy.

How can you make a complaint?

You also have the right to make a complaint about how we have used your personal data to:

  • Us - by contacting us by email or post using the details in section 3 of this policy and we will always try to help you with your problem in the first instance.

If you’re still not happy with how we have dealt with your complaint, you can contact:

  • A data protection regulator or
  • The national courts – to seek a remedy if you think that your rights in relation to your personal data have been breached.

Changes to this Privacy Policy

We may need to change this Privacy Policy as our Service develops and offers you more exciting features or if the law changes. We will let you know if any important changes are made, otherwise, we will always display the latest version of our policy on our Platform and App.