Privacy Policy

Miral Experiences LLC Privacy Policy

Introduction

Please read the following Privacy Policy carefully to understand how and why we use your personal data in order for you to access and browse our websites or mobile apps and use our services.

About this Policy

This Privacy Policy is issued for Miral Experiences LLC (“Miral”, “we”, “us”, “our”), the operator of this website or mobile app or service.

Miral regularly collect and use personal data about individuals who visit our attractions, browse our websites or mobile apps and use our services. Personal data is any information that can be used, directly or indirectly, to identify you as an individual.

Your privacy is very important to us and we understand our responsibilities to protect your personal data in an appropriate and lawful manner and in accordance with applicable data protection regulations. This Privacy Policy should be read in conjunction with our Cookies Policy, which together provide you with details of how and why we collect and process your personal data when you are using Miral’s websites, mobile apps or WiFi services.

For any privacy queries, you can contact us at any time at: privacy-me@miral.ae.

Miral Experiences LLC

P.O. Box 128717

Abu Dhabi

UAE

License Number: CN-1147824

Who is responsible for protecting your personal data?

Miral currently manages and operates Ferrari World Abu Dhabi, Warner Bros World™ Abu Dhabi, SeaWorld Yas Island, Abu Dhabi, Yas Waterworld, CLYMB™ Abu Dhabi and Qasr Al Watan leisure facilities in Abu Dhabi with new leisure facilities planned for the future (the “Attractions”).

In connection therewith, Miral operates the following websites and mobile app:
- yasisland.com and Yas Island mobile app
- ferrariworldabudhabi.com
- wbworldabudhabi.com
- yaswaterworld.com
- clymbabudhabi.com
- qasralwatan.ae
- seaworldabudhabi.com
Miral also operates a centralised authentication service called ‘MyPass’, which allows you to seamlessly connect to different services. Once you have created a MyPass, you can use your MyPass to login to any services that operate MyPass without having to register again. For example, you can use your MyPass to login to certain websites or mobile apps, purchase tickets, or access WiFi at designated attractions. For further information on MyPass, please review sections 3 and 5 below.

Data Controller

As the entity responsible for collecting your information when you use our websites, mobile apps or services, Miral is a Data Controller of your personal data. Our affiliates and partners may also be Data Controllers where they control the use or processing of your personal data. Please review section 5 for further information on the use of your personal data by our affiliates and partners. In certain circumstances (for example, where you use MyPass as part of our affiliates’ or partners’ services and your information is solely hosted within our digital platform as part of providing digital services), Miral may also be acting as a Data Processor for your personal data.

This Privacy Policy provides information on how and why we process your personal data in connection with our services, websites and mobile apps. This Privacy Policy is not intended to cover use of your personal data by third parties or third party services; for further information on how third parties use your personal data, please review the respective third party’s Privacy Policy on the relevant third party website, mobile app or service.

This Policy is additional to and is not intended to override other notices or policies we may provide to you or the terms of any contract that you have with us (for example, specific Attraction or ticket terms and conditions), or any rights you may have.
What personal data do we collect, and how do we collect it?

Miral collects three types of information about you: personal data, special categories of personal data and aggregated/anonymous data (as outlined in this Policy).

Information we collect directly from you

•Information that you personally provide to us when: registering for an account, purchasing our products and services, creating a MyPass, enrolling for a fingerprint biometric check or FacePass, subscribing to our mailing lists, registering for WiFi at our Attractions, making a telephone booking or enquiry, completing a survey, competition or taking part in promotional activities, applying for a job with us, engaging with us in our Attractions, or contacting us via a contact us form, livechat or other means available on our websites or mobile apps.

•Depending on the Attraction, website or mobile app you are visiting and the activity you are undertaking, this information may include:

o your first name, last name, title, date of birth, address, proof of identity or age, nationality, gender, country of residence, city of residence, e-mail address, telephone number, booking reference, MyPass ID, number of adults and children, children’s age, check-in/out date, and room or other booking related preferences;

o your chosen marketing preferences and objections;

o your preferred language and information about your preferences or interests;

o general enquiry details and any other information or messages you decide to provide to us;

o if availing yourself of a special offer, a copy of the relevant ID required to demonstrate eligibility;

o if purchasing certain services at gate, or an annual pass to one of our Attractions, this will also include photograph/s and a copy of your emirates ID or passport;

o if taking part in one of our driving experiences at Ferrari World Abu Dhabi, a copy of your driving license;

o details of your activity history or proficiency for certain activities (for example, if you have completed indoor skydiving before and your perceived skill level);

o first name, last name and date of birth for your family members, and their relationship to you, where you have chosen to add your family members’ details to your profile (where this option exists on a particular website or mobile app). If you give us personal information about other people (such as family members or friends), you should make sure you have their permission to do so;

o credit or debit card and transaction details, if you make a payment for our products and services, which are not stored by Miral and are provided directly to our payment solution provider via a secured connection. All credit and debit card and transaction processing adheres to global data security standards to protect cardholder data;

o for certain services, this may include special categories of personal data. For example:

- where you consent to use fingerprint biometric check or FacePass at our designated attractions this may also include your biometric information. The fingerprint scanned, or photo taken or uploaded for FacePass, is used only to convert your face into an encrypted unique numerical identifier and then deleted, For further information on the use of your personal data in connection with fingerprint biometric check or FacePass, please review sections 3 and 5;

- biometric information: as used in this Policy, biometric data includes “biometric identifiers” and “biometric information”. “Biometric identifier” means a scan of face geometry (Miral uses fingerprint biometric check and facial recognition for FacePass, please review section 3). Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.

Information we collect indirectly

- In some cases, information about you may be provided to us by a third party verbally or in writing. For example, this could include if a family member or friend has purchased a package or tickets on your behalf, entered you into a competition or makes a complaint. This may also include: our affiliated companies or partners (for example, your chosen travel agent or other entities where you use MyPass to access their site or service), or where you engage with services that we provide in conjunction with other companies (for example, rewards or loyalty points programs, joint promotions or FacePass), or social media or technology platforms (for example, by using your Facebook, Google or Apple account login details to sign into our website, mobile app, MyPass, or WiFi service, where such facility is available).

- Depending on the Attraction, website or mobile app you are visiting and the activity you are undertaking, this information may include the same information as which you may provide directly (as detailed within this section 2 above).

Information we collect automatically

• Information that we may collect automatically via cookies and other location-based tracking mechanisms when you visit our sites and applications (as outlined above) or use our applications on third-party sites or platforms. More information on the use of cookies is at section 8 below and in our Cookies Policy.

• This information includes traffic data, location data, weblogs, communication data and the resources you access; for example, your IP address, device ID, device type, referrer URL, operating system and version, geolocation, browser type and browsing history.

• Information may also be collected through campaign performance and engagement, including but not limited to information such as email opens, push notifications and SMS clicks.

• For security and public safety CCTV is in place in certain designated areas of the Attractions (only for security and safety reasons and to help prevent fraud or crime).

3.How do we use your personal data?

We will use your personal data for the following reasons:

To respond to you and perform the contract

• We will use your information to process and respond to your requests, reservations or queries, when you register, subscribe or contact us, and to provide access to restricted parts of our websites or mobile apps if required. Where you purchase our services or products we use your information to enter and perform our contract with you.

To improve our products and services

• We use your information to provide content on our websites and mobile apps in the most effective way. Your information allows us to identify you as a user, remember your preferences and deliver an enhanced digital experience. Such data is not retained beyond your visit of the respective website page or mobile app, but may be kept in log files to allow us to maintain and improve our website or mobile app.

To keep our services secure

• Your information may be used to detect, investigate, prevent fraud and rectify potential errors in our Attractions, technology and against potential cyber-attacks or other abuse of our technology, and to prevent or mitigate any damages that may have been caused by such abuse.

• While we take steps to maintain the security of your information, you should be aware of the many information security risks that exist and take appropriate care to help safeguard your information.

To provide WiFi services

• Some of our Attractions have a complimentary WiFi service which is provided by Ipera Solutions, a third party service provider who act as a Data Processor on behalf of Miral. This Privacy Policy explains how we use your information; for information on how Ipera Solutions handle your data, please visit www.iperasolutions.com/privacy-policy.

• Your information is used to provide the WiFi service and to carry out analytics, and a log of all service usage activity is maintained for system performance, maintenance and security purposes. Please note that we do not correlate the user of the WiFi service with the websites or content viewed.

• To use our WiFi service, we ask you to create a MyPass (please review the MyPass section below) and when you connect to the service we collect your mobile ID, device type and other location-based data (where you have permitted collection of this in your chosen device settings) to enable us to provide these services to you in the most effective way. For example, this information allows your device to automatically connect to the WiFi and MyPass services without you having to manually connect to the network or service each time. In order to disable the automatic authentication, you can select ‘Forget this network’ from your WiFi or mobile device settings.

To provide your MyPass (Unique Customer Identity)

• Most of our websites, mobile apps or WiFi services have the MyPass facility. If MyPass is available then when you choose to register for an account with us, we will collect your information to create a unique identifier for you called your MyPass, which is then used to authenticate you across the different services and enable you to enjoy a frictionless digital experience.

• MyPass is a centralised authentication service provided by Miral that allows you to seamlessly connect to various services throughout Abu Dhabi. This means that once you have created a MyPass, you can use your MyPass to login at other available locations and services (for example, at different Attraction websites or mobile apps or WiFi touchpoints where available), without you having to register again at each location or service.

• When you are using MyPass, we use your mobile ID, device type and other location-based data (where you have permitted collection of this in your chosen device settings) to enable us to provide these services to you in the most effective way.

• In certain cases, we might use your location and activities for which you have used your MyPass for the purpose of creating a unique customer profile. For example, if you have connected to the Wi-Fi in an Attraction using your MyPass and bought a ticket online for one of the Attractions, we will associate these activities to your MyPass.

• Further, as detailed at section 5, where you use MyPass your information may be shared with the other entities making use of MyPass.

• Where you log in to MyPass with your Facebook, Google or Apple account details, those parties will receive information about your activity on our websites or mobile apps. For more details on the information that such parties receive and how they use this, please review their respective Privacy Policies at http://www.facebook.com/policy, http://www.policies.google.com and www.apple.com/legal/privacy/en-ww.

FacePass and contactless services

• FacePass services, including contactless access and contactless payment services, are provided by Miral at certain designated attractions on Yas Island (such as Ferrari World Abu Dhabi, Warner Bros. World™ Abu Dhabi and Yas Waterworld).

• Contactless access involves the processing of your FacePass to identity you when entering the designated attractions; once your FacePass is enrolled you can enjoy easier and safer contactless entry to the attraction using your FacePass and without the need to scan your ticket or physically touch assets. The way this works is that you (or a parent or legal guardian, if the FacePass relates to a person under 18 years of age or a person of determination) can consent to enrol your FacePass. Enrolment may be done online through the Yas Island mobile app or website (where available), by uploading a photo of your face. Alternatively, enrolment may be done offline by completing the necessary requirements with guest relations at our designated Attractions and thereafter allowing the camera at the turnstiles to capture your photo.

• Contactless payment involves the processing of your FacePass to identify you when making payments at operating food and retail outlets (where available) inside the designated attractions. The way this works is that (provided you are 18 or older) you can choose to link a debit or credit card to your FacePass through the Yas Island mobile app or website (where available). Once this link is made you can enjoy making payments using your FacePass without the need to physically use the debit or credit card.

• The photo taken or uploaded for FacePass is used only to convert your face into a unique numerical identifier (your FacePass) for means of facial recognition. Once authentication is confirmed, the photo is not used for any other purpose and cannot be reused or regenerated for any means. Due to different factors such as picture quality of device used, shading and lighting, your photo may be stored securely on systems within Miral’s premises for up to a maximum of four weeks to ensure authentication and accuracy of the photo. When this process is completed the photo is then removed. The unique numerical identifier is encrypted and the encrypted value is stored securely on systems within Miral’s premises and linked to your customer profile.

• The encrypted values are stored and processed solely for authentication purposes; in other words, when you are next making a contactless entry or contactless transaction your FacePass will be authenticated against the stored encrypted value and once matched the entry or transaction will be completed. Your FacePass and the encrypted values are not processed for any other reasons.

• You can withdraw your consent for processing your FacePass and disable your payment information at any time by selecting the ‘Remove FacePass consent’ or ‘Manage your card’ options on the mobile app or website (where available). You can also contact us at privacy-me@miral.ae. Where you withdraw your consent, such services will no longer be provided to you.

Fingerprint Biometric Check

• To protect against fraud and misuse of tickets, Miral has enabled a fingerprint check for holders of multiple-entry tickets (any ticket with an entitlement of more than one access). The way this works is that you (or a parent or legal guardian, if the person is under 18 years of age or a person of determination who cannot consent) can consent to enrol your fingerprint. Enrolment may be done at the digital screens located at the turnstiles, by providing the appropriate consent and then placing your finger on the reader.

• If you do not wish to use the fingerprint biometric check, you can choose a manual verification process instead, by visiting the designated counter and showing your original official government issued photo ID. Your details will be associated with your ticket, and thereafter, you will need to show your original ID on each access to the Park so we can verify your identity.

If you do wish to use the fingerprint biometric check, then once the appropriate consent is provided at the turnstile, you simply place your finger on the reader. The system will take an image of your finger then convert the image into a unique numerical identifier which is encrypted. The image is immediately deleted but the encrypted value is stored securely on systems within Miral’s premises and used solely for authentication purposes; in other words, when you next scan your ticket, you will be prompted to scan your finger for authentication. The scan will be authenticated against the stored encrypted value and once matched, the entry will be completed. Your fingerprint and the encrypted values are not processed for any other reason and cannot be reused or regenerated for any means. We do not store an image or scan of your fingerprint.

• The unique numerical identifier is deleted promptly after the expiry of your ticket. For example, if you purchase a ‘3-day 3-park’ ticket then the identifier will be deleted after your third park entry, when your ticket expires.

• You can withdraw your consent for processing your fingerprint and disable this service by speaking to Guest Services at the park or emailing us at privacy-me@miral.ae. Where you withdraw your consent, such services will no longer be provided to you.

Marketing

• If you have provided your consent by opting in to receive personalised updates and offers, we may send you such updates and offers by email, SMS, mobile app notifications (only available via the mobile app where you have opted in to receiving them), WhatsApp, social media and post, or occasionally contact you by telephone. You may withdraw your consent to receiving such communications at any time by using the [‘unsubscribe’] link in any communication received, by contacting us at privacy-me@miral.ae, or where the particular website or mobile app has the facility to create an account, by changing your marketing preferences within the account management function on the website or mobile app.

• Our servers automatically protocol the consent gathering process to enable us to evidence that you have consented. For this purpose we will store the following information: email address, details of how and when consent was given, details of confirmation email sent and confirmation email clicked; including the date, time and IP address relating to the consent and clicked confirmation link, the wording of the consent and the information about the right to withdraw your consent at any time.

• If you have opted in to hear from other companies in our group or our partners, you may also receive personalised updates and offers from such companies. The list of affiliates or partners which you can opt to hear from are listed on the marketing consent opt-in page. You may withdraw your consent at any time by using the unsubscribe link in any communication received, by contacting us at privacy-me@miral.ae, or where the particular website or mobile app has the facility to create an account, by changing your marketing preferences within the account management function on the website or mobile app.

Personalised content, advertisements and services

• Your personal information may be used to understand your customer journey and to provide you with personalised offers or advertisements. These offers or advertisements may be shown to you on our websites or mobile apps or the websites of third parties (for example, your chosen social media platforms).

• Where we have permission to send marketing materials (as set out under Marketing in this section), these personalised offers and advertisements may be included within those updates and will be in accordance with your chosen marketing preferences.

• Please note we do not carry out any automated decision making based on your information.

Livechat

• We deploy technology on some of our websites and mobile app to provide live chat services with a view to effectively responding to your enquiries and providing information about our services and attractions. When you engage with our live chat, we use the information that you provide to us in order to respond to your enquiry.

• The live chat service provides non-personal data only about our services and attractions; for example, information about attraction opening hours. We do not request any personal data in connection with this service as personal data is not required to provide the livechat service.

• An open text box is required to provide the live chat service which means we do not control the information a user may input. Any information (whether personally identifiable or not) voluntarily placed into the live chat will be processed. If a user submits personal data then such personal data will not be used for any purposes.

Geolocation services

• Where you have provided your consent via the mobile app, we will use your device coordinates to offer location-based services and features, including:

o location-based reminders: receive timely notifications when you enter or leave specific places;

o exclusive promotions: enjoy special offers and promotions tailored to your location;

o safety alerts: stay informed about critical local alerts or emergency information.

• Geolocation data will be solely used to provide and enhance geolocation features.

• You can modify your location preferences or opt out at any time in your app's settings.

• For the best geolocation experience, you can choose your location accuracy:

o ‘high accuracy’: provides precise coordinates but may consume more battery;

o ‘battery saving’: offers approximate coordinates to conserve battery life.

• To fully enjoy geolocation benefits, you will need to grant access by updating the mobile app’s location settings to "Always". You can adjust this setting later in your app's preferences. For additional control over your location settings, you can access and amend your device's location preferences.

Promotional or other activities

• If (at your discretion) you decide to take part in any promotional activities such as employee benefits, competitions, surveys or interactive features of our services, your personal data may be processed to administer the activity or enable participation.

Notifications

• We may notify you of any changes or updates to your current services or subscriptions. For example, security alerts or important support or administration messages about your services or notices of when annual passes are due to expire.

Legal obligations

• We may have to process your information to comply with legal or regulatory obligations, where required by applicable laws. Information may be used to:

o enforce our terms and conditions and other agreements, policies, and standards, including investigation of any potential violation thereof;

o detect, prevent or otherwise address security, fraud or technical issues;

o protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law

(including exchanging information with other companies and organisations for such purposes).

Business analysis

• We may use your information for our business purposes; for example, to carry out data analytics to assess consumer demands and trends.

Aggregated or anonymised data

• We may use your information to compile aggregated or anonymised data (data which does not identify you as an individual, such as statistical or demographic data), so that we can analyse and improve our products and services. However, if we combine aggregated data with your personal data so that it can identify you in any way, we treat the combined data as personal data and it will be used in accordance with this Privacy Policy.

4. What is the legal basis for processing your personal data?

In most cases, we process your data at your request in order to enter into a contract with you and to perform our contract obligations (for example, to process your booking and issue your tickets). If the processing is not related to a contract, we will process your information on one of the following basis:

• based on your explicit consent for us to do so (for example, when you use the fingerprint biometric check access or FacePass, or opted in to our mailing lists or promotions);

• as required to comply with relevant legal or regulatory obligations (for example, to resolve disputes or enforce contracts);

• where processing is mandatory for the establishment, exercise or protection of a right;

• where data is publicly available;

• as required to support the legitimate interests that we have as a business (for example, to carry out market research and analytics, use CCTV at our Attractions, protect against unlawful behaviour or online services (such as prevent fraud by ensuring tickets are in the hands of the purchaser), create a profile regarding your interactions, purchases and interests (such as to inform you of new services or attractions that may be of interest to you) and to further improve and market our products and services), provided always that such processing is carried out in a way that does not violate your fundamental privacy rights.

With regard to special categories of personal data, such as the biometric or health and medical information outlined at section 2, we require your explicit consent (or the consent of your parent or legal guardian) to process such information. Such consent can be withdrawn; however, this is likely to mean that the services that require consent (for example, fingerprint biometric checkaccess or FacePass) can no longer be provided to you. We will advise of such consequences of withdrawing your consent if you take this action. Please note that we will only rely on consent as a legal basis when we strictly require consent for processing. We will not rely on this legal basis in circumstances where we may rely on one of the other legal bases, as outlined above.

5. Who do we share your personal data with?

Service providers

We may share your information with third parties who provide a service to us. We do this where it is necessary for the service provider to have access to your information and solely for the purpose of them delivering that service to us. An example of this is when you purchase a service from us your payment details are processed by a third party payment solution provider.

Our service providers include:

• IT companies (e.g. hosting providers);

• WiFi providers;

• Payment solution providers;

• Marketing or communication providers;

• Developers and support providers;

• Data analytics providers;

• Survey or market research providers;

• Professional advisers or auditors;

• Regulators;

• Insurers.

Affiliates and partners

We share your information with our affiliates and partners in certain circumstances, as described in this section.

If you opt-in to receiving marketing communications from our affiliates or partners when selecting your marketing preferences, we will share the information required in order for those affiliates and partners to contact you in the ways you have chosen. For example, our affiliate company Miral Destinations – Sole Proprietorship LLC is involved in managing marketing communications hence your personal data is shared with this entity for such purposes. The full list of affiliates or partners which you can opt to hear from are listed on the marketing consent opt-in page of the respective website, mobile app or touchpoint.

We may need to share your personal data with our partners connected with your booking. For example, if you book a package holiday with us that involves tickets to a theme park and a hotel stay, we may need to share certain information with the hotel in order to fulfil your booking. Such partners include but are not limited to hotels, theme parks, museums, restaurants or transport providers. We only share the information required to process the booking and if the partner does not require any personal data (for example, if they only need to know the number of tickets), we do not disclose it.

Where you use your MyPass to access services provided by our affiliates or partners (for example, by using MyPass to sign into their website, mobile app or WiFi service), we share your information with those entities in order for those services to be delivered, and those entities will have access for the purpose of data analytics.

Where you enrol for FacePass through our website or mobile apps or those of our affiliates, we may need to share your information with our affiliates who operate such websites or mobile apps or the respective operator of any attraction or outlet where such services are available, in order that such services can be provided to you.

We also share information in connection with services we provide in conjunction with affiliates or partners; for example, to provide rewards or loyalty points programs and other benefits or services that you may wish to make use of, or if you specifically request us to share information with third parties.

Other third parties

We may also disclose your personal data:

• internally, including any of the intra-group companies, our holding company and its subsidiaries where it is necessary to perform certain responsibilities efficiently as part of the service provided to you (for example, data may be accessible to certain types of persons involved within the operation of our services from our administration, IT, marketing or legal teams);

• if required by applicable laws or regulations;

• to government or supervisory bodies or agencies in response to their legitimate requests, or where it is in our legitimate interests to do so, even if such disclosure is not mandatory under law;

• if you explicitly requested or authorised us to do so;

• in the event we sell or merge whole or part of any business or assets, we would need to transfer your information to the acquiring company.

We only share the information that is necessary for the required purpose so we do not disclose all of the information you provide to us and we do not sell, rent or lease your personal information to third parties under any circumstances.

Aggregated or anonymised data may be shared with our service providers, affiliates or other third parties for the purpose of analytics and to improve products and services.

The categories of third parties to whom we disclose your information may change from time to time. We will update this Privacy Policy before any such changes take effect.

6. Links to third party websites

You may have accessed one of our websites by clicking a link on a third party website; for example, you may have clicked a link on one of our partners’ websites so that you could view package holiday options or theme park tickets and were then redirected to our website. Similarly, our websites contain links to our partners’ websites.

We also integrate our websites or mobile apps with third party products (for example, Google Analytics, Facebook, Twitter) to enable us to measure the performance of our websites and website content, present personalised offers and enable you to share, like and recommend pages to others via social media.

We are responsible for protecting your personal data when you visit our websites but are not responsible for the websites of any third parties, and this Privacy Policy does not govern any third party websites. You are responsible for understanding how your personal data is used by third party websites and we recommend that you review the privacy policy on the relevant website.

7. Transfers outside of the EEA

As a business located outside of the European Economic Area (“EEA”), we process your information outside of the EEA and in some cases (as described in section 5), your information may be transferred to and processed by third parties who are also located outside of the EEA.

We will only transfer your information to such third parties where we have made arrangements to ensure that your data is treated securely in accordance with this Privacy Policy and applicable law.

8. Cookies

Our websites use cookies which help us provide you with a better website and browsing experience, by enabling us to monitor which pages you find useful and which you do not. You can choose to accept or decline cookies; most web browsers will automatically accept them but you can usually modify your browser settings to decline cookies if you wish to; however, this may prevent you from taking full advantage of the website.

More detailed information on our use of cookies and the options available to you is contained within our Cookies Policy.

9. Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical and organisational security measures to safeguard and secure the information we collect. Whilst we have implemented such measures, we cannot completely guarantee the security of your information; any transmission by you is at your own risk.

We store your personal data in a centralised database hosted in the cloud, and affiliates or partners might have access to this database where such entities make use of MyPass.

You are responsible for maintaining the confidentiality of any password or account details.

Where you chose to click a link to any of the websites of our partners, advertisers and affiliates, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for their policies or their security of your personal data. Please check their policies before you submit any personal data to those websites.

10. Retention

Unless otherwise required by applicable law, we will retain your information for as long as is necessary for the relevant purpose outlined in this Privacy Policy. If you register for an account with us, your information will be retained for as long as your account is active and after closure for an additional period to administer any requests concerning your account, or in accordance with our legal obligations including where it is necessary for the establishment, exercise or defence of legal claims. If you wish to delete your account or any data related to it, please contact us at privacy-me@miral.ae. and we will execute your request.

11. How you can control your personal data

You have certain rights in relation to your personal data as determined by applicable data protection laws.

You have the right at any time to:

• be informed of the use of your personal data;

• access, rectification or erasure of your personal data;

• restrict and/or object to the processing of your personal data;

• data portability;

• not be subject to any decision based solely on automated processing of your personal data.

You can exercise some of these rights when providing data to us at registration or purchase or when contacting us, by reviewing and selecting or deselecting the boxes on the forms you are required to complete. Where the particular website or mobile app has MyPass or the facility to register for an account, you can also exercise some of these rights via the account management tools on our website or mobile app.

If at any time you wish to unsubscribe or opt-out from any communications we have sent you based upon your selected preferences, you may do so by using the one click unsubscribe link on those communications.

You can also contact us at privacy-me@miral.ae.

If you wish to discuss how we have handled your personal data, you can contact us at any time and we will investigate this. If you are not satisfied with the response or believe we are not processing your data in accordance with the applicable law you can refer the matter to any competent data protection authority.

12. Contacting us

For any privacy related queries, you may contact us at any time at privacy-me@miral.ae.

Please note, for your safety and to allow us to make sure that we do not disclose any of your personal data to any unauthorised third parties, we may need to verify your identity and guarantee the adequate exercise of your rights. In doing so, we may request specific information and/or documents from you before we can properly respond to any request received concerning your data. All data and documents received from you in the process of responding to your requests will be used strictly for the purposes of analysing your request, authenticating your identity, and responding to your request in full.

13. Updates to this Privacy Policy

We may change this Privacy Policy in whole or part at any time by updating this page and without prior notification to the extent permitted by applicable law. Please ensure you review this page from time to time to take notice of any such changes. Most changes are likely to be minor but for substantive changes, we may provide additional notice to you by either providing a pop up notice or similar statement on our website, or by sending you an email. Your further use of our services after a change to our Privacy Policy will be subject to the updated policy. We indicate at the bottom of the Privacy Policy when it was last updated.

Last updated [19-04-2024]