LEGAL
Last updated November 2023
I. ICETRAVEL360 - Al Thuraya Holdings™ (ATH) Group Legal Notice
IDENTIFICATION DATA
In compliance with the provisions of Article 10 of Law 34/2002 of 11 July, on information society services and electronic commerce (LSSI), we hereby provide the necessary details of the owner of the website and provider of the service www.althurayaholdings.com:
– Company name: Al Thuraya Holdings
– Company ID: B72918014
– Address: Calle Alfonso XII, 30, Madrid Spain 28001
– Email address: corporate@althurayaholdings.com
– Contact phone: +3491060184
GENERAL TERMS AND CONDITIONS OF USE
The present general conditions of use and browsing have the objective of regulating the relationship between the owner of the website, as the provider of the service, and the Users who access, browse and enjoy the service offered.
If the User continues to browse and make use of the services we offer through our Website he or she accepts without reservation of any kind the present Terms and Conditions of Use.
As it is a professional site, its content is not addressed to Users who are minors.
The owner of the Website reserves the right to modify these Conditions at any time and at its sole discretion, so we advise the User to review them frequently.
ACCESS AND REGISTRATION ON THE WEBSITE
Access to most of the contents of the Website is completely free and does not require prior registration, notwithstanding the fact that there may be particular sections or services that require prior registration, of which the user will be informed in advance.
The user must be over eighteen (18) years old. Access to the website by minors is prohibited. However, in the event of access to the Website by a minor, it will be presumed that such access has been made with the prior and express authorization of the minor’s parents, guardians or legal representatives, notwithstanding the fact that the Provider reserves the right to make any and all verifications it deems appropriate.
Under no circumstances will the Provider be responsible for the veracity of the registration data provided by the Users, so that the individual User will be the only one responsible for the possible consequences, errors and failures that may arise from the lack of quality of the data.
INTELLECTUAL AND INDUSTRIAL PROPERTY
Legal protection of contents
The owner of the Website is also the owner of the rights of exploitation of the intellectual and industrial property rights of the Website including all the Contents and elements of the same (by way of illustration, texts, images, audio and videos) available from the Website, as well as those that are hosted on third-party sites either because they are its property or because it has obtained the pertinent rights for their use.
Likewise, the owner has obtained the appropriate authorizations regarding image rights from those who appear on its Website.
The total or partial reproduction, copying or distribution of the Content is prohibited without the express authorization of the owner. In no case shall it be understood that the User’s access and browsing implies a waiver, transmission, licence or total or partial assignment of such rights by the owner of the Website. Likewise, it is prohibited to modify, copy, reuse, exploit, reproduce, publicly communicate, transmit, use, process or distribute in any way all or part of the Content and elements of the Website for public or commercial purposes, without the express written
authorisation of the owner of the Website.
Therefore, in accordance with the previous paragraph, the User may, in addition to viewing the Contents and elements of the Website, make prints, copies or downloads of them provided that such actions are intended solely for their personal and private use.
It is also forbidden to use the holder’s contact details (postal address, telephone number, email address) to send any type of commercial communication, unless the necessary authorisations have been obtained beforehand in accordance with the applicable regulations.
Associated trademarks and logos
The trademarks that appear on the Website belong to ATH. Those who browse the Website are prohibited from using such trademarks, logos and distinctive signs without an authorisation from the owner or a licence to use them.
RESPONSIBILITIES
Suspension of the Website
The operation of the Website is supported by servers of service providers, connected by public and private communication infrastructures.
The owner of the Website will do everything possible to ensure the proper functioning of the Website, however, it cannot ensure the absence of interruptions for technical reasons in order to perform repair work, and / or maintenance or lack of coverage or failures in equipment and / or networks necessary for data transmission, which are beyond its control.
Thus, access to the Website may be suspended for reasons of force majeure (unforeseeable or unavoidable causes) as for instance, but not limited to failures in the electrical supply or telephone network; Virus attacks to the servers that host the Website; User errors in accessing the Website; Fires, floods, earthquakes or other natural events; Strikes or labour disputes; Armed conflicts or other force majeure situations.
The owner of the Website is exonerated from any responsibility if any of the circumstances indicated in this stipulation should arise.
User’s responsibility
The User shall use the Website at his own risk. By accessing it, the User agrees to use it in accordance with the applicable legislation and codes of ethics, as well as the conditions contained in these Terms of Use.
Failure to comply with any of the rules included in these Conditions or with the legislation under which they are protected will give rise to the responsibility of the User towards the owner of the Website and/or towards third parties, for any damage or harm that may be caused as a result of such failure, regardless of whether this involves an illicit act, an administrative sanction, a misdemeanour or a crime, and will entitle the owner of the Website to, where appropriate, demand that the User be held responsible in the civil, administrative, labour or criminal field that may correspond.
Owner’s responsibility
The owner of the Website is not responsible for any damage caused to the User or third parties as a result of a breach attributable to the User, nor for the alteration of the User’s equipment.
Likewise, it does not assume any responsibility for illegitimate intromissions through the use of computer or other viruses, whatever their origin, the improper use of the Website by the User or security errors caused by the incorrect functioning of the terminal equipment used by the User.
User’s obligations
The User may not, at any time, modify, alter or delete any data, information, content or element that is included on the Website.
The User must use the services made available to them in a diligent, correct and lawful manner. Under no circumstances may he or she disseminate content or propaganda of a racist, pornographic or xenophobic nature, or in general any that justifies criminal, violent or degrading acts against people and fundamental rights.
The User may not introduce software, viruses, malware or any other agent harmful to computer systems that may damage or alter the devices or terminals of the owner of the Website or other Users.
The User shall be solely responsible for any damages that may be caused by a breach of the conditions and obligations set out in these Conditions.
The User is prohibited from transmitting, including or disseminating advertising of themselves or third parties through any means available on our Website, if they have not obtained the express authorization of the owner of the same.
PROTECTION OF PERSONAL DATA
The owner of the Website undertakes to treat the User’s personal data in accordance with the provisions of current legislation on the subject.
Specifically, it undertakes to apply the provisions of the Organic Law 3/2018 of 5 December on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD) as well as the General Data Protection Regulation 679/2016 of 27 April 2016 (GDPR).
Complete information on this matter is contained in our Privacy Policy.
APPLICABLE LEGISLATION
The relations established between the User and the owner of the Website will be governed by the Spanish Laws and for those cases in which it is possible to submit voluntarily to a specific jurisdiction, the owner of the Website and the User, expressly renouncing any other jurisdiction, will submit to the Courts and Tribunals of Madrid (Spain).
II. ICETRAVEL360 (Al Thuraya Holdings) Privacy Policy
INTRODUCTION
1. Al Thuraya Holdings (referred to as ‘ATH’, ‘we’ or ‘Data Controller’) comprises a group of companies providing a variety of services and products – details can be found at www.althurayaholdings.com. All companies within Al Thuraya Holdings (ATH) are committed to protecting and respecting your privacy; this privacy policy outlines what personal data may be processed within the Group, why it is held, how it is protected and what your rights are. Accordingly, Al Thuraya Holdings aspires to comply fully with the European Union’s General Data Protection Regulations (GDPR) 2016/679 of 27 April and the Organic Law 3/2018 of 5 December (LOPDGDD).
Al Thuraya Holdings reserves the right to amend this privacy policy. You are advised to visit this website section periodically in order to keep up to date with any amendments.
2. Al Thuraya Holdings is registered in Calle Alfonso XII, 30, Madrid Spain 28001 and its contact details are: Please use the following email address for any issue concerning GDPR related issues:GDPR@althurayaholdings.com
PERSONAL DATA
3. Scope (Who?). Al Thuraya Holdings (ATH) and its companies may process personal data belonging to anyone who has expressed an interest in or made contact with the Group, or one of its companies; these may include (but are not restricted to) the following interested parties (often referred to as ‘you’) – employees, contractors, consultants, directors, beneficiary owners, recruitment candidates, clients, and suppliers.
4. What? The data which Al Thuraya Holdings (ATH), (or its related companies) process depends upon the nature of the relationship with the interested party concerned but is likely to include (but is not restricted to) the following:
a) Personal and Contact Details: Title, Name, Address, Telephone and Electronic contact details (examples are: Email address, Skype, Facebook, WhatsApp, Twitter, Linked-in);
b) Date of Birth and Gender;
c) Passport details plus Nationality and citizenship;
d) Next of Kin (NOK) details;
e) Financial information (such as bank, tax and insurance details);
f) Medical data including psychometric test results;
g) Criminal record checks (for example, CRB);
h) CV with employment, experience, education and qualifications records – with appropriate verifications, including details of references and referees plus information provided by them;
i) Marketing engagements and surveys;
j) Records of communications with interested parties;
5. Why is this Data Processed? The overarching purpose for processing personal data is to facilitate, manage and, whenever possible, enhance the services provided by Al Thuraya Holdings (ATH) to our interested parties. More specifically the reasons vary, again dependent upon the nature of your relationship with us, but include (not restricted to) the following:
a) To enable us to fulfil contractual requirements;
b) To ensure that recruitment process is efficient and provides appropriately qualified staff in terms of aptitude and attitude;
c) To ensure that you are properly insured, paid correctly, and that your NOK can be informed in the event of an incident;
d) To meet requirements of public interest and management standards;
e) Compliance with legal and regulatory obligations;
f) To manage marketing information effectively;
g) To facilitate swift responses to the above;
6. What is the Legal Basis for Processing Data? Under GDPR the lawful reasons for processing data are the following:
a) Consent;
b) Contractual;
c) To meet public interests;
d) Legitimate interests;
The data, which Al Thuraya Holdings (ATH) and its component companies process is deemed to be the minimum necessary and is justified by one or more of the aforementioned legal criteria.
7. How do we source data? There are three main ways in which Al Thuraya Holdings (ATH) source personal data, all are legal, transparent and fair:
a) Information You Give Us. Information which you give us when completing registration forms and the recruitment process or requested through our due diligence procedure.
b) Information We Collect. Al Thuraya Holdings (ATH) collects information about you from our websites, email and telephone contacts plus our due diligence procedures.
c) Third Parties. We may collect information from third parties – in particular, we may use third party organizations to conduct background checks and verifications. Additionally, we may use the web and social media sources, all of which are publicly available and strictly open source.
8. How is Data Stored? Security Measures The vast majority of personal data that is processed by Al Thuraya Holdings (ATH) is stored electronically, predominantly in cloud-based systems, which are protected through encryption (both when static and in transit). Access is carefully managed and restricted appropriately. Any data that is held on servers or on hard drives is subject to restricted access and most of it is encrypted. Any hard copies of processed data are held in secure cabinets with restricted access. It must be noted that information received over the internet or from personal emails may not always be secure; Al Thuraya Holdings (ATH) is not liable for corrupted information received from such sources.
As a consequence, the Data Controller guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the GDPR and the LOPDGDD in order to protect the rights and freedoms of the Users.
9. How Long is Data Stored for? In short, for the minimum time necessary, which will vary but can be defined as follows:
a) For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations.
b) For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us.
c) Retention periods in line with legal and regulatory requirements and guidance.
10. Do we share data? In certain circumstances, we shall share your personal information with:
a) Other Entities with Al Thuraya Holdings (ATH). Where the Al Thuraya Holdings (ATH) entity lies outside the EEA, we would only transfer data where appropriate safeguards were in place or restrict the information being given.
b) Selected third parties with whom we work – for example, clients or potential clients, insurers, solicitors, travel agents and sub-contractors.
c) Any Al Thuraya Holdings (ATH) entity or third party that you consent to giving your information to for marketing purposes (such consent will be sought prior to our sharing this data).
d) Legal Requirement. Any other third parties where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
YOUR RIGHTS
11. All interested parties have the following rights under GDPR and AL Thuraya Holdings (ATH) fully respects them:
a. Right of access: Any person has the right to obtain from the Data Controller confirmation of whether or not personal data concerning him/her are being processed and, if so, the right of access to personal data.
b. Right of correction: This is the right to obtain rectification of personal data held by us concerning him/her.
c. Right of deletion: This is the right to obtain the deletion of your personal data.
d. Right to limitation of processing: This is the right to have your data cease to be subject to the corresponding processing operations when any of the following conditions are met:
· When you have exercised the rights of rectification or opposition and the Data Controller is in the process of determining whether the request proceeds.
· If the data processing is unlawful, which implies the deletion of the data, but you do not want your data to be deleted by the Data Controller.
· When the data is no longer necessary for the processing, which implies the deletion of the data, but you want the Data Controller to limit the processing of the data and to keep them in order to formulate, exercise or defend claims.
e. Right to portability: This is the right to obtain from the Data Controller, in the event of automated processing of your data, a copy of the data in a structured, commonly used and machine-readable format or to have such copy transmitted directly to the Data Controller indicated by you. Please note that this right does not apply to:
· The data of third parties that you have provided to the Data Controller.
· The data concerning you, but which have been provided to the Data Controller by third parties.
f. Right of opposition: This is the right to object to your personal data being processed. As far as the processing carried out by the Data Controller is concerned, you may object to the sending of commercial communications both own and third parties.
If you would like more information about your rights, we suggest that you visit the website of the Spanish Data Protection Agency (AEPD).
These rights can be exercised by sending an email to GDPR@althurayaholdings.com clearly indicating which right you wish to exercise and providing a copy of your identity card to prove your identity. You may also send a letter to the address of the Data Controller as per point 1 of this Privacy Policy.
In addition, we inform you about the possibility of filing a complaint with the competent Control Authority, in this case, the Spanish Data Protection Agency, in particular if you have not obtained satisfaction in the exercise of your rights. You can contact the Spanish Data Protection Agency by telephone on 901 100 099 and 912 663 517 or by visiting them at their address C/ Jorge Juan, 6. 28001 Madrid.
Please note that there may be occasions where you object to, or ask us to restrict, or stop, processing of your personal information, or erase it, but we shall be unable to comply with such requests for legal reasons.
III. ICETRAVEL360 (Al Thuraya Holdings) Cookies Policy
We make available to the User the present cookie policy, where you can find all the details about the use of cookies on our website. We advise Users to visit this cookie policy frequently, as it can be updated at any time.
Who? Al Thuraya Holdings (referred to as ‘ATH’, ‘we’ or ‘Data Controller’) with their registered office at Calle Alfonso XII, 30, Madrid Spain 28001.
What? Cookies are small files that are installed on the User’s computer when they access a website. Cookies make it possible, among other things, to store and retrieve information about the browsing habits of a user or his/her computer and, depending on the information they contain and the way he/she uses his/her computer, depending on the type of cookie and the information they collect, they can be used to recognize the user. They are used by nearly all websites and do not harm your system.
What kind?
According to the time of storage:
Session cookies: are those that collect and store data when the user accesses the website and
cease once the user leaves the website.
To whom will your data be communicated?
In certain circumstances, we shall share your personal information with:
- Other Entities with Al Thuraya Holdings (ATH). Where the Al Thuraya Holdings (ATH) entity lies outside the EEA, we would only transfer data where appropriate safeguards were in place or restrict the information being given.
- Selected third parties with whom we work – for example, clients or potential clients, insurers, solicitors, travel agents and sub-contractors.
- Any Al Thuraya Holdings (ATH) entity or third party that you consent to giving your information to for marketing purposes (such consent will be sought prior to our sharing this data).
- Legal Requirement. Any other third parties where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
Profiling?
We also inform you that the data controller does not plan to create profiles with the data collected through the cookies used on the website.
If that were to be done in the future, users would be informed in advance and asked for their consent.
When? Your personal data will be kept for as long as necessary to achieve the purpose for which it was collected. In the case of those cookies that require your prior consent, the data will be kept for as long as you do not revoke the consent given.
More information
If you have any questions about how we use cookies and they are not answered in this Cookie Policy, please send us your queries to GDPR@althurayaholdings.com.
If you need more information about the use of cookies, you can refer to Law 34/2002, of 11 July, on information society services and electronic commerce and the Guide to the Use of Cookies published by the Data Protection Agency (AEPD).
You can also go to the Your Online Choices portal where, in addition to finding useful information, you can set, provider by provider, your preferences about third-party advertising cookies.
