Privacy Notice for Guest Contactless Check-in

We are committed to protecting and respecting your privacy. This Privacy Notice (“Privacy Notice”) governs the processing of your Personal Data (including biometric data) by the Dubai Department of Economy and Tourism and its affiliates (collectively referred to as “DET”). It explains how we collect, use, store, and share Personal Data, and applies to the data that you provide to us directly, or which we may obtain through a secure identity verification process. Please note that if you prefer not to provide your Personal Data (including biometric data), you may choose to identify yourself in person at the establishment upon arrival. 

Please read the following carefully to understand how we handle your Personal Data and ensure its privacy and security.

References to "our," "us," or "we" within this Privacy Notice refer to DET.

DET is an entity established pursuant to Law No. 20 of 2021 having its principal office at P.O. Box 594, Dubai, United Arab Emirates. DET is the principal authority for the economic development of Dubai to be the global center for business, investment and tourism. DET is also responsible for the licensing of all commercial activity in Dubai. You can find out more about DET at: https://www.dubaidet.gov.ae/about-us

For the purpose of seamless and contactless check-in process, DET acts as the Data Controller of your Personal Data.

If you follow a link to a service provided by another government department, agency or other third-parties, that organisation will:

• be the Data Controller
• be responsible for processing any data you share with them
• publish and manage their own privacy notice with details of how to contact them

Process (or “Processed” or “Processing”) shall be as defined by the applicable Data Protection Laws. Where not defined it means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as access, collection, recording, organisation, storage, adaptation or alteration, retrieval, disclosure or otherwise making available, duplication, transmission, combination, blocking, redaction, erasure or destruction.

Personal Data: Any information which you provide to us which directly or indirectly personally identifies you, such as your name, email address, or other data which can be reasonably linked to you, such as information we associate with any accounts you may hold with DET.

Data Controller: A Data Controller is a person, company, or other body that determines the purpose and means of the processing of Personal Data.

When you book an establishment in Dubai, we Process your Personal Data to enable you to create a digital profile and verify your identity conveniently through a custom web portal provided by DET.

We process the following Personal Data as part of the seamless and contactless check-in process:

• Identification Data such as your full name, accompanying guest name, or any government-issued ID and the details contained therein.
• Contact Details such as your email address, phone number. 
• Biometric Data such as data relating to your physical, physiological or behavioural characteristics which allow or confirm your unique identification, particularly the facial image captured during digital check-in or obtained from the photograph in a government issued ID. 
• Children’s Data (if provided by the parent or legal guardian) such as identification data and biometric data. We only process children’s data (ages 12–18) with the explicit consent of a Parent or legal guardian. Consent is obtained through a secure digital interface before collecting any biometric data. Parents or guardians may choose to decline biometric processing and instead complete the child’s identity verification at the establishment upon arrival. 
• Other information such as our arrival time, purpose of visit, accessibility requirements and UAE contact number. 

DET only processes your Personal Data where a legal basis under applicable data protection laws exists. The legal basis for each processing activity is outlined below:

We will retain your Personal Data for a period of 4 years from the last use of your government-issued passport subject to the validity of passport. If your passport expires before the end of this period, we will retain your Personal Data only until the date your passport expires. After the lapse of the 4-year retention period, we will obtain your consent to retain your Personal Data for an additional period of 1 year.

Where necessary to fulfil the purposes described in this Privacy Notice, we shall disclose your Personal Data to the establishment, government bodies and service providers as described below. Whenever we share your Personal Data, we will always make sure this takes place in compliance with applicable privacy laws and in accordance with this Privacy Notice.

With establishments

We transfer certain categories of Personal Data to the establishment that you made a booking with, in order to inform them of the status of digital check-in.  We note that this transfer of Personal Data is necessary to facilitate the digital check-in and is part of the contractual performance between you and the establishment.

With governmental bodies

We might disclose Personal Data when required by any applicable law, or to protect or defend the rights or property of DET, our websites, or their users with other governmental bodies within the UAE. We will fulfil any governmental requests to share Personal Data only where we are permitted to do so in accordance with applicable law or regulation.
Examples of these other governmental bodies are the National Security Department, Dubai Police, Dubai Courts or other governmental bodies.

With service providers 

In order to process your request to check-in digitally, we may provide access to your Personal Data to our authorized service providers, such as our hosting partner and our trusted technology providers that administer our facial recognition technologies.

All Personal Data that we collect from you is stored in Dubai, UAE.

We will take all reasonable steps to protect the Personal Data that we hold from any misuse, loss of access, or unauthorised access, by means of security measures including firewalls, password access and secure servers. In particular, we review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to our systems. We also restrict access to Personal Data to authorized employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.

Under certain circumstances, you have a number of rights with regard to your Personal Data that you may exercise:

DET has procedures in place to ensure that it deals with any requests it receives in an efficient manner. You can exercise any of the above rights by raising a request through our Data Subject Access Request Form or withdraw consent through the Consent Preference Centre. We might need to ask you to provide some Personal Data in order to confirm your identity and to properly identify you throughout our systems.

If you have any questions about this Privacy Notice or our privacy practices, including any requests to exercise your privacy rights, please contact us at privacy@dubaidet.ae or please raise a request through our Data Subject Access Request Form.

If you have any general enquiries, complaints or suggestions, please contact us at info@dubaidet.ae.

We regularly review our compliance with our Privacy Notice. When we receive formal written complaints, we will contact the person who made the complaint to follow up. We work with the regulatory authorities to resolve any complaints regarding the processing of Personal Data.

We keep this Privacy Notice under regular review. In the future, we may revise or amend this Privacy Notice at any time by amending this page. You can always access the most up-to-date version of this Privacy Notice on our website. This Privacy Notice should be read together with our Terms of Use and any other documents referred to in it.