Last updated: 01.05.2025
Your privacy matters to us. This Policy explains how https://dubaicruises.org/ (“we“, “our“, “us“) collects, uses, shares and protects personal information, and how we deploy cookies and similar technologies. It applies to all visitors worldwide. Capitalised terms not defined here have the meaning given in our Terms & Conditions of Use.
- KEY PRINCIPLES
1.1 Lawfulness, Fairness, Transparency – we process personal data in accordance with global privacy laws including the EU GDPR, UK GDPR, California CCPA/CPRA, Brazilian LGPD, Singapore PDPA, UAE PDPL and other applicable statutes.
1.2 Purpose Limitation – we collect data for specified, explicit and legitimate purposes and do not further process it in a manner incompatible with those purposes.
1.3 Data Minimisation – we only collect data that is adequate, relevant and limited to what is necessary.
1.4 Accuracy – we keep data accurate and up‑to‑date where required.
1.5 Storage Limitation – we retain data no longer than necessary for the purposes set out in this Policy.
1.6 Integrity & Confidentiality – we apply technical and organisational security measures aligned with ISO 27001 and NIST SP 800‑53.
- WHAT DATA WE COLLECT
2.1 Identifiers – IP address, device ID, cookie ID, browser type, operating system, language, country, referral URL, timestamps.
2.2 Contact Information – email address and any details you voluntarily provide when sending us enquiries or feedback.
2.3 Usage Data – page views, scroll depth, clicks on Affiliate Links, exit pages, time spent, error logs.
2.4 Cookie Data & Similar Technologies – see Section 6 for full details.
2.5 We do not intentionally collect special categories of personal data (e.g., health, race, religion) or data from children under 16. If we discover such data, we will delete it promptly.
- LEGAL BASES FOR PROCESSING
3.1 Consent (Art. 6‑1‑a GDPR) – placing analytics/marketing cookies, sending email newsletters.
3.2 Contract (Art. 6‑1‑b GDPR) – responding to user enquiries.
3.3 Legitimate Interests (Art. 6‑1‑f GDPR) – site security, fraud prevention, internal analytics, affiliate revenue tracking.
3.4 Legal Obligation (Art. 6‑1‑c GDPR) – complying with tax, accounting or regulatory requirements.
- HOW WE USE DATA
4.1 Operate, maintain and improve the Site and its content.
4.2 Analyse aggregate traffic patterns to optimise user experience.
4.3 Track referrals to Providers to calculate affiliate commissions.
4.4 Respond to comments, questions and support requests.
4.5 Detect, prevent and address technical issues, fraud or abuse.
- DISCLOSURE OF DATA
5.1 Service Providers & Processors – limited to:
- Cloud Hosting & CDN – AWS, Cloudflare.
- Analytics – Google Analytics 4 (IP anonymisation enabled), Plausible (EU‑hosted).
- Email Service – Postmark, MailerSend.
- Affiliate Networks – Travelpayouts, Tiqets, CJ Affiliate; only receive non‑PII click IDs.
5.2 Business Transfers – data may be disclosed in connection with a merger, acquisition or asset sale subject to this Policy.
5.3 Legal Requirements – when mandated by subpoena, court order or similar legal process, or to defend legal claims.
5.4 We never sell personal data for monetary consideration as defined under CCPA/CPRA §1798.140.
- COOKIES & SIMILAR TECHNOLOGIES
6.1 Cookies are small text files stored on your device. We categorise them as:
- Strictly Necessary – core site functionality, load balancing, fraud prevention.
- Preferences – remember language or region settings.
- Statistics – measure site usage (first‑party GA4, anonymised IP).
- Marketing / Affiliate – track conversions after clicking an Affiliate Link.
6.2 You can manage cookie preferences via our Cookie Banner & Preference Centre or through your browser. For EU/UK visitors, non‑necessary cookies are disabled by default until you opt‑in.
6.3 Cookie Table (Illustrative) – full, dynamically generated table is accessible at /cookie‑declaration.html and updated monthly.
| Cookie | Provider | Purpose | Expiry | Category |
|---|---|---|---|---|
| cookieConsent | Cookiebot | Stores consent state | 12 months | Strictly Necessary |
| _ga | Google Analytics | Analytics ID | 24 months | Statistics |
| aflt | Travelpayouts | Affiliate click ID | 30 days | Marketing |
- INTERNATIONAL DATA TRANSFERS
7.1 Because we operate globally, data may be stored and processed outside your country. Where we transfer personal data from the EEA/UK to a third country not subject to an adequacy decision, we rely on Standard Contractual Clauses (SCCs 2021/914), UK IDTA or other approved safeguards.
7.2 Data transferred to the United States is protected by service‑provider certifications to ISO 27001 and commitments to the SCCs.
- DATA RETENTION
8.1 Contact emails – 12 months after last correspondence.
8.2 Server logs – 90 days, then anonymised.
8.3 Analytics data – 26 months (GA4 retention setting).
8.4 Affiliate click IDs – up to 36 months per network policy.
8.5 We periodically review data and delete or anonymise when no longer needed.
- SECURITY MEASURES
9.1 TLS 1.3 encryption in transit; AES‑256 at rest.
9.2 WAF & DDoS protection via Cloudflare Enterprise.
9.3 Role‑based access control (RBAC) and least‑privilege IAM.
9.4 Quarterly vulnerability scans and annual penetration testing.
9.5 Encrypted off‑site backups retained 30 days.
- YOUR RIGHTS
Depending on your jurisdiction, you may have the right to:
- 10.1 Request access to personal data we hold about you.
- 10.2 Request correction of inaccurate or incomplete data.
- 10.3 Request deletion (“right to be forgotten”).
- 10.4 Request restriction of processing.
- 10.5 Object to processing or direct marketing.
- 10.6 Data portability (receive data in machine‑readable format).
- 10.7 Withdraw consent at any time when processing is based on consent.
How to exercise rights: email [email protected] or use the self‑service portal linked in the cookie banner. We respond within 30 days (45 days for CCPA requests) unless extension is justified.
- CHILDREN’S PRIVACY
11.1 The Site is not directed to children under 16. We do not knowingly collect their data. If a parent believes a child has provided data, contact us to delete it.
- DO NOT TRACK & GLOBAL PRIVACY CONTROL
12.1 We honour browser “Do Not Track” (DNT) signals and Global Privacy Control (GPC) flags by disabling non‑essential cookies for that session.
- CHANGES TO THIS POLICY
13.1 We may update this Policy periodically. Changes take effect when posted on this page with a revised “Last updated” date. Material changes will be announced via a banner for at least 30 days.
- CONTACT INFORMATION
Data Protection Officer (DPO) – Global Travel Guide Ltd.
Level 15, Trinity Tower, Wickhams Cay I
Road Town, Tortola, VG1110, British Virgin Islands
E‑mail: [email protected]
Phone: +1 284‑555‑0199 (Mon–Fri 09:00–17:00 AST)
If you are an EU/UK resident, you may lodge a complaint with your local supervisory authority; our lead authority is the BVI Information Commissioner’s Office.