1. Important Information:
- Data Subject: means any person whose personal data is being collected, held or processed. For ease of understanding: You are the Data Subject, as the User.
- Data Processor: means any person (other than an employee of the data controller) who processes personal data of a Data Subject, on behalf of the Data Controller. Again, we reiterate that YAP may process your personal data directly, or through authorised agents and service providers of YAP, who may be chosen by us for the purposes of furthering the individual and entities’ business of YAP.
- Data Controller: means a person who (either alone or jointly with other persons) determines the purposes for and the manner in which any personal data is to be processed. As confirmed above, YAP is the Data Controller. YAP may process your personal data directly, or through authorised agents and service providers of YAP, who may be chosen by us for the purposes of furthering the individual and entities’ business of YAP. YAP is the data controller of your Personal Data. Data protection is important to us and we adhere to all applicable data protection laws and regulations globally, which includes, but is not limited to: the United Kingdom Privacy and Electronic Communications Regulations, the United Kingdom Data Protection Act 2018, as amended, the data protection and privacy requirements Dubai International Financial Center (“DIFC”) and where applicable to individuals in the European Union, the United Kingdom and the member states of the European Free Trade Association (“EFTA”), the General Data Protection Regulation (“GDPR” which had commenced on 25 May 2018) for the purposes mentioned in this policy. We may also process your Personal Data and you consent to the processing thereof, to satisfy all legal obligations, if it is necessary to carry out any obligations arising from any contracts entered into with you or to carry out any services to you, by any YAP entity, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of either YAP entity, it’s Users, customers, clients, other persons or other entities.
- Our European representative: Pursuant to Article 4 (7) of GDPR), the controller of your data whom we have appointed as the Data Protection Officer can be reached at firstname.lastname@example.org
- If you are based in Europe or the EEA region, be advised that you have the right to make a complaint at any time to a supervisory or regulatory authority, in particular within the Member State in the European Union or EEA where you are habitually resident, where we are based, or where an alleged infringement of the Data Protection law has taken place, however, we would appreciate the opportunity to address your concerns before you approach any such Authority (as appropriate), and so, please contact us in the first instance so that we may try to resolve your complaint amicably.
- If you are based in the United Kingdom, be advised that you have the right to make a complaint at any time to a supervisory or regulatory authority, within the United Kingdom where you are habitually resident, where we are based, or where an alleged infringement of the Data Protection law has taken place. You can access the portal here: https://ico.org.uk/for-organisations/report-a-breach/, however, we would appreciate the opportunity to address your concerns before you approach any such Authority (as appropriate), and so, please contact us in the first instance so that we may try to resolve your complaint amicably.
- Similar authorities include that of the Commissioner of Data Protection at DIFC and the Office of Data Protection at the ADGM Registration Authority, in so far as their respective Regulations will have application to the rights of a Data Subject.
- If you are based elsewhere globally, you have the right to make a complaint at any time to an appropriate regulatory or supervisory authority within the appropriate locality, as per the law of the region. In respect of any complaints, however, we would appreciate the opportunity to address your concerns before you approach any such Authority (as appropriate), and so, please contact us in the first instance so that we may try to resolve your complaint amicably.
2. Information that YAP Collects:
- YAP collects Personal Data and Anonymous Data of Data Subjects; and only in a manner as described below.
- Personal Data: means data that allows someone to identify or contact you, including, for example: your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data.
- Anonymous Data: means data that is not associated with or linked to your personal data. Anonymous Data (i.e. encrypted data) does not, by itself, permit the identification of individual persons.
- Please note that: You will, generally, not be required to pay a fee to access your personal data (or to exercise any of the other rights), however, that we may charge a reasonable fee (determined at our sole discretion and which is payable by you, the User and/or Data Subject) if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under the aforementioned circumstances.
- Information which may be further required from you: We may need to request specific information from you to help us to confirm and verify your identity, so as to ensure that your rights to access your personal data or to exercise any of your other rights, as determined by contract, the law or otherwise. This is a security measure to ensure that personal data is not disclosed to any authorised person, who has no right to receive it. We may also contact you to ask you for further information in relation to your request, in order to speed up our response to any request received from you, when you exercise your rights.
- Information about criminal convictions or activities: When you register for or otherwise use our Services or facilities, we may receive information about your criminal convictions, when we perform certain necessary verification or compliance checks. We carry out these checks in order to detect and/or prevent any unlawful or fraudulent acts, as well as to comply with our legal obligations. Also, in the event of a violation of our Terms and Conditions in the use of our facilities, or a violation of any restrictions on use of materials and information provided in or through our facilities, we may disclose personal user information to our affected members and business partners, affected service agents, other affected third parties or legal authorities.
- If you fail, neglect and/or refuse to provide us with your Personal Data: Where we need to collect personal data by law, or under YAP’s Terms and Conditions, in contracting with you and if you fail to provide that data when requested, we may not be able to perform the services. In this case, YAP shall have the right to discontinue the User Services and/or may close your User Account, however, we will notify you if this is the case at the time.
- Be advised that in usage of our facilities, you consent to the following:
- We may collect Personal Data from you, such as your first and last name, e-mail and mailing addresses, date of birth, government issued identification, (including but not limited to address, employment, etc.
- We may also collect other Personal Data supplied by third-party entities (including Governmental authorised or mandated entities) and service providers / agents in the outsourcing of services, including, but not limited to third party identity verification services.
- If you tell us where you are (i.e. by allowing any of your devices, mobile device or computer to send us your geo-location), we may store that information.
- Certain services, such as two-factor authentication may require collection, use, processing, transfer and storage of your phone number and possibly other data. We may associate that phone number to your mobile device identification information.
- If you provide us feedback or contact us, we will collect your name and e-mail address, as well as any other content included in form in which it was received (i.e. the details and content of an email), in order to send you a reply or in to contact you.
- We also collect other types of Personal Data that you voluntarily provide to us when contacting us – i.e. in seeking support services via email, or calling us via the Contact center, support chat room, or other information provided to support services staff.
- We may collect other data, including but not limited to referral Uniform Resource Locators (URLs), your location and analytics information related to the usage of our facilities.
- Some information is collected automatically by our facilities, including, but not limited to our websites, application, platform, networks and servers:
- Our servers (which may be hosted by a third party service provider) collect information from you automatically, including your browser type, Internet service provider (ISP), referring/exit pages, operating system, Internet Protocol (IP) address, domain name, and/or a date and time stamp for your visit to our facilities, as well as clickstream data.
- We retain information on your behalf, including customer data, transactional data and other session data, linked to your User Account.
3. Your Legal Rights (User rights) and Information that YAP Collects:
- Under the European Union General Data Protection Regulation (GDPR) number 2016/679, read together with the provisions of the United Kingdom Privacy and Electronic Communications Regulations, the United Kingdom Data Protection Act 2018, as amended, each Data Subject and you, the User (in so far as these laws have application) has eight (8) rights. These include:
- Right to be informed: This means that anyone processing your personal data must make clear what they are processing, why, and who else the data may be passed/transferred to or shared with. You have the right to know who, why and how your personal data is processed or shared.
- Right of access: this is your right to see what data is held about you by a Data Controller. You have the right to see what kind of data is held by us.
- Right to rectification: this is your right to have your data corrected or amended if what is held is incorrect / inaccurate in some way. You have the right to correct, amend and rectify any incorrect or inaccurate data held by us.
- Right to erasure: this is your right, under certain circumstances, whereby you can ask for your personal data to be deleted. This is also referred to ‘the Right to be Forgotten’. This would apply if the personal data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been expressly withdrawn, or where personal data has been unlawfully processed. Your right to ask for your personal data to be deleted only under certain circumstances, especially if that data is no longer required by us for the purposes it was collected for processing the data you had expressly withdrawn or if we have unlawfully processed your personal data.
- Right to restrict processing: this is your right to ask for a temporary halt or pause in processing of personal data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected. You right to request temporary halt or pause in processing of personal data, such as in the case where a dispute or legal case has to be concluded or the data has to be corrected.
- Right to data portability: this is your right to ask for any of your personal data supplied directly to the Data Controller to be provided to you in a structured, commonly used, and machine-readable or electronic format. Your right to request any of your personal data collected by us, in a structured, commonly used and machine-readable or electronic format.
- Right to object: this is your right to object to the further processing of your data which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation and direct marketing. Your right to object to further processing of your personal data which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation and direct marketing.
- Rights in relation to automated decision making and profiling: Your right not to be subject to a decision based solely on automated processing.
- Under the Office of the Commissioner of Data Protection of the DIFC, responsible for administering the Data Protection Law, each Data Subject (in so far as these laws have application) broadly has the following rights:
The data protection legislation gives certain rights to Data Subjects concerning their Personal Data and Sensitive Personal Data. Generally, a Data Subject has the right to access any Personal Data that is kept about them. If the Personal Data Processed by the Data Controller is inaccurate, then the Data Subject can request the Data Controller to take action to rectify, block or destroy the inaccurate data. However, there are certain circumstances, or exemptions, where it is legal for a Data Controller not to have to notify a Data Subject that Personal Data is being Processed. For example, where Personal Data is being released to a legitimate authority to comply with anti-money laundering obligations. A Data Subject can object on reasonable grounds to the Processing of their Personal Data, and request their Personal Data not be disclosed to third parties. This may include circumstances where an individual request a Data Controller to cease Processing Personal Data for the purposes of direct marketing. If the Data Controller objects to the request, the Data Subject may file a complaint with the Commissioner of Data Protection at DIFC who may refer the matter to mediation.
- Automated decisions: You may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
- Time limit to respond to User requests in exercising the aforementioned rights: We aim respond to all legitimate requests without undue delay and within one (1) month calendar of receipt of any request from you. Occasionally it may take us longer than one (1) month if your request is particularly complex, or if you have made duplicated or numerous requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).
- Be advised: Some of YAP’s facilities and services will have additional age requirements and will not be available to minors. This will be specified in respect of each such service or facility in YAP’s procedure of obtaining the required consent and permissions from Users. YAP does not and will not knowingly solicit or collect information from anyone whom is not of legal age. Should we retrospectively become aware that a minor has provided us with personal information where such services and / or facilities are unavailable to minors, we will erase such information it immediately and close the related User Account.
4. YAP’s Use of the Information it Collects:
- We will only use your Personal Data when and how the applicable laws allow us to. Most commonly, we will use your Personal Data in the following circumstances:
- Where it is necessary for our legitimate interests but where such interests do not override your fundamental rights; and/or
- Where we need to comply with a legal or regulatory obligation.
- Marketing: We provide you with choices regarding the Personal Data that YAP uses, particularly concerning marketing and advertising. We have established the following personal data control mechanisms:
- Promotional offers from YAP: We may use your Personal Data to determine what may be of interest to you. This is how we decide which products, services, and offers may be relevant and of interest to you. By using our facilities, using our services, registering a User Account, in contacting us, in requesting information from us, you expressly opt-in to receive marketing communications from YAP.
- Opting out: You can ask us to stop sending you marketing related material and/or communications at any time by following the opt-out links on any marketing message sent to you or by contacting us. at email@example.com or by calling on 600551214.
- YAPmay be compelled to surrender User information to legal authorities without express User consent, if presented with a Court Order or similar legal or administrative Order, or as required or permitted by the laws, rules, and regulations of any nation, state, or other applicable jurisdiction.
- Please be advised that we may process your personal data without your knowledge or consent where this is required or permitted by law. In general, the Personal Data which you submit to us is used either to respond to requests that you make, or to aid our service to you, the User.
- We use your Personal Data in the following ways:
- To facilitate the creation of and to secure your User Account on YAP Facilities and integrated facilities (where applicable).
- To prudently identify you and perform the necessary identity verification through our own efforts or through our partners or service providers.
- To provide improved administration of our facilities and Services.
- To improve the quality of your User experience when you interact with YAP Facilities and Services.
- To send you a one-time password (OTP) to verify ownership of the e-mail address or the mobile number provided when your User Account is created.
- To send you administrative notifications or other communications: i.e. User Activity, security, support and maintenance or other advisory services, sent via In-App, Mobile SMS and/or Email.
- To identify, prevent, and report potentially suspicious, fraudulent, or illegal activities.
- To notify you about important changes or updates to YAP Facilities, and
- To respond to your inquiries or other requests received.
- All data collected automatically will be used to administer or improve our services, including the following:
- All automated data collected is used for administration purposes, as well as to improve services and user experience
- We use IP address information to make our facilities and Services more useful to you, and to perform identity verification.
- We use your Emirates ID Information provided and the data available on your Emirates Chip to verify your identity in your submitted form of identification during the onboarding and User registration or User Account creation process. This technology collects information from your biometric data, and it shares this information with us. We use that information to verify your identity. We will store your biometric data for as long as is necessary to perform the services, and as long as the User account exists and will comply with applicable law relating hereto. By using the YAP facilities and/or services you agree that YAP may collect your biometric data to perform identity verification.
- We may use both session / transient Cookies (which expire once you close your device web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on and in using our facilities. This type of information is collected to make our facilities more useful to you and to tailor the experience with us to meet your special interests and needs. Please further refer to our Cookies Policy.
- Data Retention: YAP adheres to all applicable legislative provisions and Data Protection laws of each jurisdiction it operates in; hence YAP shall retain and store all specific data as recommended by the regulations.
5. How YAP Shares Users Personal Information:
- It may be necessary to disclose your information to law enforcement agencies, regulators, government/public officials, or other relevant third parties to comply with any law, subpoenas, court orders, government requests, to defend against legal claims, investigate or bring legal action against illegal or suspected illegal activities, to enforce our Terms and Conditions, or to protect the rights, safety, and security of YAP, our Users, other persons or the public.
- We may share your personal data with third parties and/or service providers, in so far as it may be necessary and in order to provide you with the services that we offer you through our facilities and to conduct quality assurance testing; to facilitate the creation of User Accounts; to provide technical support, operational support and maintenance services; to verify your identity; and/or to provide other services to YAP and any facilities of YAP. These third-party service providers are required not to use your Personal Data for any purpose, other than to provide the services mandated by us.
- IBAN: https://www.iban.com/privacy & https://www.iban.com/terms
- RAK Bank: https://rakbank.ae/wps/portal/footer/terms-and-conditions & https://rakbank.ae/wps/portal/footer/privacy-policy & https://rakbank.ae/wps/portal/footer/cookie-policy
- Financial Software and Systems (FSS): https://www.fsstech.com/terms-of-use & https://www.fsstech.com/privacy-statement/ & https://www.fsstech.com/themes/fss/pdf/fss-csr-policy.pdf
6. Extraterritorial Data Storage and Data Transfers:
- User Data is stored and transferred in compliance with the applicable legislation or Regulations of every applicable jurisdiction.
- We store and process your personal data in data centers located within the Country in which YAP operates, wherever we have our premises, wherefrom we provide services or where YAP’s service providers are located.
- We may share your Personal Data within the YAP group of associated companies which are based in various locations globally.
- If you are based in the United Kingdom, Europe or the European Economic Area (EEA), this will involve storing and transferring your data outside the with adherence to relevant legal requirements – where applicable.
- Subject to the Regulations of DIFC, this may involve storing and transferring your data outside of the DIFC, with adherence to relevant legal requirements – where applicable.
- If you are based in the United Arab Emirates (“UAE”), this may involve storing and transferring your data outside of the United Arab Emirates, with adherence to relevant legal requirements – where applicable.
- If you are based anywhere else globally, this may involve storing and transferring your data globally, with adherence to relevant legal requirements, wherever and however applicable.
- In addition, hereto, many of our external third parties are also based outside of the aforementioned geographical regions and globally, so, their processing of your personal data will involve the transfer and storage of data outside the aforementioned territories. We reiterate that you, as the User, accepts that through the application for the creation of a User account, the terms of their individual privacy policies, cookies policies, as well as terms and conditions, as third-party service providers to YAP.
- Some of the countries to which your personal data may be transferred do not benefit from an appropriate protection regulation. For such international countries, we shall have specific data-protection clauses in our agreements and arrangements with them.
- Whenever we transfer your personal data outside of the EEA, the UAE or any other territory, we will ensure that a suitable degree of protection is afforded to it by ensuring that at least one (1) of the below listed safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
- In respect of GDPR compliance (if applicable): we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- In respect of GDPR compliance (if applicable): In respect of transfers to entities in the United States of America (US), we may transfer Personal Data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
- In respect of the DIFC Data Protection Regulations relating to the transfer of personal data, Transfers will be conducted in accordance with the relevant Regulations.
- Please contact us at firstname.lastname@example.org if you want further information on the specific mechanism used by us when transferring your Personal Data.
7. How to Update your Information:
- Whenever possible, you can update your personal data directly within your User Account settings section, subject to verification by YAP. If you are unable to change your Personal Data, please contact us to make the required changes.
- If you wish for YAP to update your information, please contact us in making such a request.
- We will retain your information for as long as may be needed to provide you access to your User Account and or services of YAP.
- If you wish to close your User Account, you can do so from your User Account setting session or you can contact us. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms of the Service.
- Data collected automatically includes, but is not limited to Cookies, webpage counters and other analytics tools.
- Cookies are small data files that are collected automatically and stored on your device / computer’s hard drive.
- YAP collects web browser Information in order to enhance your User experience on our facilities, as well as to track how the facilities and Services are being used.
- Cookies are not permanent and will expire after a short time period of inactivity. Data collected via technical means, such as cookies, webpage counters and other analytics tools, are normally kept for a period of up to one (1) year from expiry of the cookie.
- You may opt to deactivate your cookies, but it is important to note that you may not be able to access or use some features of our facilities, should you do so, as such Cookies may enable certain functions thereon.
- Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. At this time, we do not respond to DNT signals.
9. Security Precautions Exercised by YAP for Protection of your Data:
- We take the protection of your personal information seriously and in so doing, we use industry-standard data encryption technology and have implemented restrictions related to the storage of and the ability to access your personal information.
- All your personal information and sensitive data is stored in Servers located within the Country.
- YAP’s facilities are scanned on a regular basis for security holes and known vulnerabilities, in order to best ensure its security.
- Your personal data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.
- Please note that no transmission over the Internet or any method of electronic storage can be guaranteed to be absolutely 100% secure, however, our best endeavours will be made to secure data and the ability to access your personal information.
- We would like to draw your attention on the fact that YAP will never send you email or SMS or call you to ask for financial or payment information, such as your credit card number, passcode, User Account number or pin number, in an e-mail, text or any other communication that we send to you. Please, always check that any website on which you are asked for financial or payment information in relation to our reservations or services is in fact legitimately owned or operated by YAP. The risk of impersonating hackers exists and should be taken into account when using our facilities and/or Services.
- If you do receive any suspicious communication of any kind or request, do not provide your information and report it us by contacting our offices immediately. Please also immediately notify us if you become aware of any unauthorised access to or use of your User Account.
- Since we cannot guarantee against any loss, misuse, unauthorised acquisition, or alteration of your data, please accept that you play a vital role in protecting your own personal data, including the adoption of sufficient safety measures such as your choosing of an appropriate password of sufficient length and complexity and to not reveal this password to any third-parties.
- Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us, or receive from us by Internet or wireless connection, including: email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. You can contact us if you have reason to believe that your data is no longer secure.
10. Contacting Us