Privacy Policy
1 POLICY
This Policy applies to Websites, mobile applications, products, and services, which will provide links navigating to this Policy, and which will be displayed to Customers for their acceptance.
KHRC is committed to respect privacy and secure Personal Information with compliance to all applicable data protection and privacy laws and regulations in the Emirate of Abu Dhabi and the Federal Laws of the United Arab Emirates.
This Policy describes how KHRC collects, discloses, and processes Personal Information, including, but not limited to, the user’s name, address, credentials and/or Biometrics Data.
A Visitor’s landing on or use of a Website, any KHRC webservice, mobile application and customized solution may require accessing the Visitor’s Personal Information. Visitors will be notified by the Website of any product- and/or service-specific information collection in advance and will request the Visitor’s if the information request falls outside of the scope of this Policy the Website will provide the Visitor with a link to the applicable supplementary policies and request the Visitor’s acceptance of the same.
Websites, products and services may contain links to, or may be embedded in another organization’s or agency’s website which have their own privacy policies. In this case the Visitor to the extent he or she is no longer on a Website and is not providing KHRC with his or her Personal Information will become subject to the privacy policy of the accessed external site and KHRC will have no liability for any Personal Information provided to the third-party information gatherer through the website controlled or operated by that third party.
2 PERSONAL/BIOMETRICS DATA COLLECTION AND USE
KHRC collects information (including Personal Information) on Visitors when they interact with the visited Website (including user account creation and submission of contact forms), uses a KHRC mobile application, uses a KHRC product, or uses a KHRC service. As permitted by law, KHRC may also obtain data from public and commercial third-party sources, including, without limitation, purchasing statistics from third party providers. The Personal Information KHRC may collect includes, without limitation, the Visitor’s or Customer’s name, gender, job position, Emirates ID, passport, email address(es), phone/mobile number(s), login information (account and password), and photos, depending on how the Visitor interacts with the visited Website and the products or services being purchased or viewed by a prospective Customer.
In order to use KHRC services, the Customers or Visitors may be requested to provide Personal Information. Customers and Visitors have the right to opt not to disclose personal and Biometric Data to KHRC. However, not providing KHRC with some of the Personal Information may limit a user’s/prospective Customer’s experience or accessibility to some products and services.
Personal Information will be used for, without limitation, the following purposes:
- Account
- Transitions and services requests fulfillments of bookings, applications, orders, deliveries, activities, products verifications or
- To add the Customer or Visitor contact (with Customer or Visitor consent) to a mailing list in order to send him or her information about events, services, products, participation invitations of activities (including, without limitation, promotional activities), market surveys, or satisfaction surveys; or sending Customer or Visitor marketing information, that might be of interest to In case Customer or Visitor does not wish to receive these types of information, they can opt out at any time.
- Providing a Customer or Visitor with customized user experience and content, enabling KHRC services and products to remember the Customer or Visitor’s preferred settings for later visits to
- Providing a Customer or Visitor with personalization user experience and content, to display subjects related to his or her personal interest based on browsing
- Sending important notices to Customer or Visitor, including, without limitation, prompts to install updates/upgrades to his or her operating system or web application.
- Qualifying and managing suppliers and business partners, and communicating or working with suppliers and business
- Improving KHRC products and services through internal audits, data analysis, and
- Analyzing the efficiency of KHRC’s business operations and evaluating market
- Troubleshooting when a Customer or Visitor sends KHRC error
- Synchronizing, sharing, and storing the data which the user uploads or downloads and the data needed for the uploading and
- Ensuring the security of KHRC products, services and Customer or Visitor, executing and improving KHRC loss prevention and anti-fraud
- Complying with the laws or regulation of the Emirate of Abu Dhabi and the Federal laws of the United Arab Emirates applicable in the Emirate of Abu Dhabi, and any legal requirements, industry standards and other KHRC
Biometric Data will be used for, without limitation, the following purposes:
- To carry out obligations of KHRC or the user in the field of social protection and accessibility to buildings and security; and
- If required by
KHRC may also collect and use Non-PII data to understand how Customers and Visitors use its Websites, products, and services in order to improve its services and better satisfy its Customer and Visitor needs. KHRC may collect, use, process, transfer, or disclose Non-PII for other purposes at its own discretion.
KHRC will process Personal Information following the requirements of applicable laws on an appropriate legal basis, including, without limitation:
- Processing Biometric Data and/or Personal Information to fulfill the contract when responding to a transaction or service
- Processing Biometric Data and/or Personal Information with Customer and Visitor consent.
- Processing based on the legitimate interests of KHRC or a Third Party when using Personal Information to contact the Customer and Visitor, conduct marketing or market surveys, improve KHRC products and services, execute and improve its loss prevention and anti-fraud programs, and other purposes. Legitimate interests include, without limitation, enabling KHRC to more effectively manage and operate its business and provide its products and services; protecting the security of its businesses, systems, products, services, and Customer and Visitor; internal management; complying with internal policies and processes; and other legitimate interests described in this
- Processing Biometric Data and/or Personal Information as necessary to comply with and fulfill legal
3 COOKIES AND RELEVANT TECHNOLOGIES
4.1 COOKIES
KHRC uses Cookies to identify the Customer or Visitor using its Websites and services. The text in a Cookie often consists of identifiers, site names, and some numbers and characters. Cookies are unique to the browsers or mobile applications used by an individual, and enable Websites to store data including, without limitation, Customer and Visitor preferences or items in shopping carts.
The Visitor’s browser will return the Cookie information only to the domain where the Cookie originated and its content can be retrieved or read only by the server that created the Cookie.
Like many other websites and internet service providers, KHRC uses Cookies on its Websites to improve the user experience. Session Cookies are deleted after each visit, while persistent Cookies remain in place across multiple visits. Cookies allow Websites to remember user settings including, without limitation, language, font size on user computer or mobile device, and other browser preferences. This means that a user does not need to reset preferences for every visit. If Cookies are not used Websites will treat the user as a new Visitor every time user loads a web page.
KHRC will not use Cookies for any purposes other than those stated in this Policy. The Customer and Visitor can manage or delete Cookies based on their own preferences. The Customer or the Visitor can clear all the Cookies stored on their devices, and most web browsers provide the option of blocking Cookies. However, by doing so, the Customer or Visitor must change the user settings every time they visit the Websites or services.
4.2 WEB BEACONS AND PIXEL TAGS
In addition to Cookies, KHRC may also use other similar technologies on its Websites and web-services such as web beacons and pixel tags. For example, when a Customer or Visitor receives an email from KHRC webservices, it may contain a
click-through URL that links to a Website. If a Customer or Visitor clicks the link, KHRC will track their visit to help learn about their preferences for products and services and improve its customer service. A web beacon is a transparent graphic image embedded in a website or in an email. KHRC uses pixel tags in emails to find out whether an email has been opened. A Customer or Visitor can unsubscribe from the KHRC mailing list at any time if they do not want to be tracked in this manner.
By using the Websites, the Customer or Visitor consents to the use of Cookies, web beacons and pixel tags as described above.
4 PERSONAL/BIOMETRICS DATA DISCLOSURE
KHRC may, when services are provided by third parties authorized by KHRC, share Personal Information with that third party in the manner described in this Policy. For example, when a Customer or Visitor makes an online purchase of services or products from KHRC, KHRC may share their Personal Information with a logistics provider to arrange shipment of the product or a third party to provide to the Customer the purchased service. In addition, as a tourism organization, immigration application processing, KHRC may share Personal Information with its affiliates, subsidiaries, stakeholders and other government entities based on need-to-know basis.
To comply with applicable laws or respond to valid legal procedures, KHRC may also disclose the Biometrics Data and Personal Information to law enforcement or other government agencies. If KHRC is involved in a restructuring or lawsuit in a given jurisdiction, the Personal Information may be disclosed. KHRC may also disclose Customer or Visitor data when appropriate, including, without limitation, to execute the Terms and Conditions, when KHRC believes disclosure is necessary or appropriate to prevent physical harm or financial loss, or when it is in connection with an investigation of suspected or actual illegal activity.
5 ACCESS CONTROL AND PERSONAL / BIOMETRICS DATA PROTECTION
It is the responsibility of the each Customer and Visitor to ensure that all Personal Information submitted to KHRC is correct. KHRC is dedicated to maintaining the accuracy and completeness of Personal Information, keeping the data up- to-date and secure.
To the extent required by applicable law, Customer or Visitor may:
- have the right to request access to his or her Personal Information that KHRC has on file;
- request that KHRC updates or corrects inaccuracies in his or her Personal Information;
- object to KHRC’s use of his or her Personal Information; and
- submit a written request to KHRC asking it to delete his or her Personal Information from its . KHRC may decline the request if it believes that the request is fraudulent or unfeasible, or may jeopardize the privacy of others.
If allowed by applicable laws, Customers and Visitors have the right to withdraw their consents given under this Policy at any time. Notwithstanding a withdrawal of consent, KHRC will have no liability for any processing of Personal Information up to the time the withdrawal of consent is processed by KHRC and KHRC will be permitted to continue processing Customer and Visitor data and Personal Information if there is sufficient justification under applicable law and will have no liability for acting in accordance with that justification.
6 PROTECTION AND RETENTION OF PERSONAL/BIOMETRICS DATA
KHRC is committed to protecting Biometric Data and/or Personal Information providing the maximum possible level of security measure to mitigate the risks of data leakage. KHRC uses appropriate physical, management, and technical measures to protect Biometric Data and/or Personal Information from unauthorized access, disclosure, usage, modification, damage, or loss. For example, KHRC uses protection mechanisms to prevent attacks, and access control mechanisms to permit only authorized access to Biometric Data and/or Personal Information. KHRC also provides security, privacy and protection trainings and campaigns for employees to raise their awareness level of Biometric Data and/or Personal Information protection.
KHRC will retain Biometric Data and/or Personal Information for no longer than is necessary for the purposes stated in this Policy, unless otherwise extending the retention period is required or permitted by applicable laws. The data storage period may vary with scenario, product, and service. The standards KHRC uses to determine the retention period are, but not limited to:
- the time required to retain Biometric Data and/or Personal Information to fulfill business purposes, including providing products and services;
- maintaining corresponding transaction and business records;
- controlling and improving the performance and quality of products and services;
- ensuring the security of systems, products, and services;
- handling possible user queries or complaints and locating problems;
- whether the Customer of Visitor agrees to a longer retention period; and
- whether any applicable laws, contracts, and other equivalencies have special requirements for data
KHRC will maintain user registration information as long as the account details are necessary for service provision. A Customer of Visitor may choose to deregister their account. After an account deregistration, KHRC will stop providing the Customer of Visitor with products and services and delete their Biometric Data and/or Personal Information, provided that deletion is not restricted or prohibited by applicable law or regulation.
7 PERSONAL INFORMATION OF MINORS
Some of the Websites, products and services are intended for adults and minors must not create a KHRC account without the consent of a parent or guardian. If the Personal Information of a minor is collected with prior parental consent, KHRC will only use or disclose the data as permitted by law, with the explicit consent of the minor’s parent or guardian, or when necessary for the protection of the minor. If KHRC accidentally collects a minor’s Biometric Data and/or Personal Information without verified prior consent from the minor’s parent or guardian, KHRC will attempt to delete the data as soon as possible and will not be responsible for the negligence of providing the minor’s data for registration.
8 THIRD PARTY PROVIDERS SERVICES
To ensure a positive user experience, a user may receive from Websites content or web links to Third Parties’ websites. KHRC does not control Third Parties and a Customer’s or Visitor’s decision to use the links, view the content and/or access the products or services provided by Third Parties will be his or her personal responsibility.
KHRC does not control the privacy practices and data protection policies of Third Parties. Customers and Visitors who visit Third Parties’ websites are encouraged to read their privacy and data protection policies. Any Personal Information provided to a Third Party by KHRC’s under the terms of this Policy will be further subject to the Third Party’s privacy and data protection policy which KHRC accepts no liability for.
9 INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
Personal Information collected by KHRC may be processed or accessed in the country/region where the user uses KHRC products and services or in other countries/regions where KHRC or its affiliates, subsidiaries, service providers or business partners have a presence. These jurisdictions may have different data protection laws. In such circumstances, KHRC will take measures to ensure that data is processed as required by this Policy and applicable laws and regulations.
10 POLICY UPDATE
KHRC reserves the right to update or change this Policy at any time. KHRC will notify Customers and Visitors of material changes to this Policy by posting a notice on its Websites and/or sending a direct notification through email.
11 CONTACT US
A user with any privacy complaint or issue may contact the Information Governance and Security Team at [email protected]