Privacy Policy

Saraya Aqaba for Supporting Services Company PSC Privacy Policy

Introduction

Please read the following Privacy Policy carefully to understand how and why we use your personal data in order for you to access and browse our websites and use our services.

About this Policy

This Privacy Policy is issued for Saraya Aqaba for Supporting Services Company PSC (“Saraya”, “we”, “us”, “our”) and the domain name ‘www.sarayaaqabawaterpark.com, (this “website”), is operated by Saraya for Supporting Services Company PSC. Personal data is any information that can be used, directly or indirectly, to identify you as an individual. Your privacy is very important to us and we understand our responsibilities to protect your personal data in an appropriate and lawful manner and in accordance with applicable data protection regulations. For any privacy queries, you can contact us at any time at : [email protected]

Saraya Aqaba for Supporting Services Co.PSC. 13 Rafiq Al Hariri Ave Al Abdali Amman Jordan

1. Who is responsible for protecting your personal data?

Saraya manages and operates Saraya Aqaba Waterpark (the “Park”).

Website

In connection therewith, Saraya operates the following website:

• www.sarayaaqabawaterpark.com

2. What personal data do we collect, and how do we collect it?

Information we collect directly from you

• Information that you personally provide to us when you voluntarily enter your details into our ‘SIGN UP’ form and click ‘Submit’. This is information that personally identifies you; for the purpose of this website that is first name, last name, email address and telephone number.

3. How do we use your personal data?

We use your information for the following reasons:

Marketing

• If you have provided your consent by opting in to receive communications and offers, we may send you such updates and offers by email. You may withdraw your consent to receiving such communications at any time by using the [‘unsubscribe’] link in any communication received or by contacting us at [email protected]

Notifications

• We may notify you of any changes or updates to your current services or subscriptions. For example, security alerts or important support or administration messages about your services or notices of when the Park is opening.

Legal obligations

• We may have to process your information to comply with legal or regulatory obligations, where required by applicable laws. Information may be used to:

• enforce our terms and conditions and other agreements, policies, and standards, including investigation of any potential violation thereof;

• detect, prevent or otherwise address security, fraud or technical issues;

• protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law

(including exchanging information with other companies and organisations for such purposes).

To keep our services secure

• Your information may be used to detect, investigate, prevent fraud and rectify potential errors in our technology and against potential cyber-attacks or other abuse of our technology, and to prevent or mitigate any damages that may have been caused by such abuse. • While we take steps to maintain the security of your information, you should be aware of the many information security risks that exist and take appropriate care to help safeguard your information.

Aggregated or anonymised data

• We may use your information to compile aggregated or anonymised data (data that does not identify you as an individual, such as statistical or demographic data), so that we can analyse and improve our products and services. However, if we combine aggregated data with your personal data so that it can identify you in any way, we treat the combined data as personal data and it will be used in accordance with this Privacy Policy.

4. What is the legal basis for processing your personal data?

In most cases, we process your data at your request in order to enter into a relationship with you for communications purposes (as stated in section 3). If the processing falls outside this scope, we will process your information on one of the following basis:

• based on your explicit consent for us to do so (for example, mailing lists or promotions);

• as required to comply with relevant legal or regulatory obligations (for example, to resolve disputes);

• where processing is mandatory for the establishment, exercise or protection of a right;

• as required to support the legitimate interests that we have as a business (for example, to carry out market research and analytics, prevent or detect unlawful behaviour or to inform you of new services or attractions that may be of interest to you and to further improve and market our products and services), provided always that such processing is carried out in a way that does not violate your fundamental privacy rights.

5. Who do we share your personal data with?

Service providers

We may share your information with third parties who provide a service to us. We do this where it is necessary for the service provider to have access to your information and solely for the purpose of them delivering that service to us.

Our service providers include:

• IT companies (e.g. hosting providers);

• Marketing or communication providers;

• Developers;

• Market research providers;

• Professional advisers or auditors;

• Regulators;

• Insurers.

Other third parties

We may also disclose your personal data:

• internally, including any of the intra-group companies where it is necessary to perform certain responsibilities efficiently as part of the service provided to you (for example, data may be accessible to certain types of persons involved within the operation of our services from our administration, IT, marketing or legal teams);

• if required by applicable laws or regulations;

• to government or supervisory bodies or agencies in response to their legitimate requests, or where it is in our legitimate interests to do so, even if such disclosure is not mandatory under law;

• if you explicitly requested or authorised us to do so;

• in the event we sell or merge whole or part of any business or assets, we would need to transfer your information to the acquiring company.

We only share the information that is necessary for the required purpose so we do not disclose all of the information you provide to us and we do not sell, rent or lease your personal information to third parties under any circumstances.

Aggregated or anonymised data may be shared with our service providers or other third parties for the purpose of analytics and to improve products and services.

The categories of third parties to whom we disclose your information may change from time to time. We will update this Privacy Policy before any such changes take effect.

6. Links to third party websites

Google Maps: you will be redirected to Google Maps when you click on ‘View on Google Maps’. Google Maps will be processing your data in their own right as data controllers and their data protection policies and processes shall be become applicable. For further information please read www.policies.google.com/privacy. We are responsible for protecting your personal data when you visit our websites but are not responsible for the websites of any third parties, and this Privacy Policy does not govern any third party websites. You are responsible for understanding how your personal data is used by third party websites and we recommend that you review the privacy policy on the relevant website.

7. Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

8. Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical and organisational security measures to safeguard and secure the information we collect. Whilst we have implemented such measures, we cannot completely guarantee the security of your information; any transmission by you is at your own risk.

9. Retention

Unless otherwise required by applicable law, we will retain your information for as long as is necessary for the relevant purpose outlined in this Privacy Policy. If you ‘SIGN UP’ with us, your information will be retained for as long as your wish to receive communications and after, if you request to delete your details or ‘unsubscribe’, for an additional period to administer any requests concerning your account, or in accordance with our legal obligations including where it is necessary for the establishment, exercise or defence of legal claims. If you wish to delete your account or any data related to it, please contact us at [email protected] and we will execute your request.

10. How you can control your personal data

If you believe that any information we are holding on you is incorrect or incomplete, please notify us and we will promptly correct any information found to be incorrect.

You have certain rights in relation to your personal data as determined by applicable data protection laws.

You have the right at any time to:

• be informed of the use of your personal data;

• access, rectification or erasure of your personal data;

• restrict and/or object to the processing of your personal data;

• data portability;

• not be subject to any decision based solely on automated processing of your personal data.

You can exercise some of these rights when providing data to us, by reviewing and selecting or deselecting the boxes on the form you complete.

You can also contact us at [email protected]

11. Contacting us

For any privacy related queries, you may contact us at any time at [email protected] Please note, for your safety and to allow us to make sure that we do not disclose any of your personal data to any unauthorised third parties, we may need to verify your identity and guarantee the adequate exercise of your rights. In doing so, we may request specific information and/or documents from you before we can adequately respond to any request received concerning your data. All data and documents received from you in the process of responding to your requests will be used strictly for the purposes of analysing your request, authenticating your identity, and responding to your request in full.

12. Updates to this Privacy Policy

We may change this Privacy Policy in whole or part at any time by updating this page and without prior notification to the extent permitted by applicable law. Please ensure you review this page from time to time to take notice of any such changes. Most changes are likely to be minor but for substantive changes, we may provide additional notice to you by either providing a pop up notice or similar statement on our website, or by sending you an email. Your further use of our services after a change to our Privacy Policy will be subject to the updated policy. We indicate at the bottom of the Privacy Policy when it was last updated.

Last updated 25th March 2021.