Privacy Policy

At Destination Arabia LLC, protecting your privacy is a core professional commitment. This Privacy Policy explains how we collect, use, store, and protect personal information when you engage our destination management (DMC), MICE, corporate event, or incentive travel services across the UAE and the Arabian Gulf.

This Policy applies to all clients, delegates, partners, and website visitors — including corporate clients from the US, EU, Asia, and Latin America engaging us for MICE conferences, incentive travel programmes, corporate gala dinners, and group events in Dubai, Abu Dhabi, Oman, Saudi Arabia, Qatar, and Bahrain.

We comply with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) and, where applicable to our international clients, the EU General Data Protection Regulation (GDPR). Our handling of data from clients in Saudi Arabia also reflects the Saudi Personal Data Protection Law (PDPL) requirements.

Who We Are

The data controller responsible for your personal data under this Privacy Policy is:

Destination Arabia LLC is a licensed Destination Management Company and corporate event agency operating in the UAE. Our managing partners are Jestine Alfred and Devinda Kariyawasam.

Data We Collect

As a boutique DMC delivering corporate events, MICE conferences, and incentive travel programmes across the UAE and Gulf region, we collect only the data necessary to plan and execute your programme effectively. This includes:

• Identity & Contact Data Full name, job title, company name, email address, telephone number, and postal address — provided when you submit an enquiry, sign a service agreement, or communicate directly with our team.
• Travel & Delegate Data Passport number, nationality, date of birth, visa information, dietary requirements (including religious dietary needs), accessibility requirements, rooming preferences, emergency contact details, and flight itineraries — collected solely for the delivery of confirmed travel and event services.
• Health & Special Requirements Where required for your safety during programme activities — including desert safaris, adventure activities, or events in extreme climates — we may collect relevant health information. This data is treated as sensitive and is subject to enhanced protection. It is shared only with directly relevant service providers.
• Financial Data Bank transfer details, billing address, VAT registration number (for B2B clients), and invoice/payment records — used strictly for transaction processing and financial record-keeping under UAE law.
• Communications Data Emails, messages, call records, and correspondence exchanged with our team — retained for service continuity, quality management, and dispute resolution.
• Website & Technical Data IP address, browser type, pages visited, and session duration — collected via standard server logs. We do not use invasive tracking, advertising pixels, or third-party social media scripts on our website.

How We Use Your Data

All personal data — whether for a MICE conference in Dubai, a corporate incentive programme in Oman, a gala dinner in Qatar, or a multi-destination Gulf programme — is used exclusively for:

• Service Delivery Planning, coordinating, and delivering your confirmed event, tour, incentive programme, or group travel arrangement — including all liaison with hotels, venues, transport operators, and activity providers on your behalf across all destination countries.
• Visa & Entry Facilitation Where requested, processing visa application materials for delegate travel into the UAE, Saudi Arabia, Oman, Qatar, or Bahrain. Passport and personal data shared for visa purposes is subject to the immigration authority's own privacy frameworks.
• Contract & Financial Management Issuing proposals, service agreements, invoices, payment schedules, and confirmation documents; processing payments and managing financial records in compliance with UAE tax law.
• Legal & Regulatory Compliance Meeting obligations under UAE federal law, emirate-level regulations, Saudi Arabia's PDPL, GDPR, and any other applicable law — including VAT compliance, event permitting, and immigration documentation.
• Communication & Client Support Responding to enquiries, providing programme updates, issuing pre-travel briefings (including destination-specific cultural and safety information), and offering post-event follow-up.
• Safety & Emergency Management Using emergency contact and health data to manage participant welfare during programmes, including coordination with local emergency services, hospitals, or evacuation providers where necessary.

We do not use your personal data for unsolicited marketing, and we do not sell, rent, or licence your data to any third party under any circumstances.

Data Sharing

Your personal data is shared only where strictly necessary to deliver your confirmed programme:

• Third-Party Service Providers Hotels, airlines, ground transport operators, venue managers, activity providers, and catering companies — only the minimum necessary data (e.g. name, nationality, dietary requirements, rooming list) is shared, under applicable confidentiality obligations or contractual data processing agreements.
• Government & Immigration Authorities Where required by UAE immigration, Saudi Arabia's General Directorate of Passports, Oman's Royal Oman Police, Qatar's Ministry of Interior, Bahrain's General Directorate of Nationality, Passports, and Residence, or any other relevant authority — we share only the data specified and mandated by that authority for visa, entry, or event permit purposes.
• Destination Management Partners In destinations where Destination Arabia works through accredited local ground operators (particularly for Saudi Arabia and Bahrain programmes), we share necessary delegate data with those partners under binding data processing agreements aligned with UAE PDPL and applicable local law.
• Professional Service Advisors Our legal, accounting, and IT service providers — who are bound by professional confidentiality obligations and handle data solely on our instruction and for our legitimate business purposes.
• Emergency Services In the event of a medical emergency, accident, or security incident during a programme, relevant personal and health data may be disclosed to local emergency services, hospitals, or the client's nominated emergency contact without prior consent where the immediate safety of an individual is at risk.

We never sell, rent, or otherwise commercialise your personal data.

International Data Transfers

As a global DMC serving clients from the US, EU, Asia, and Latin America and delivering programmes across multiple Gulf countries, personal data is routinely transferred across international borders. We manage these transfers as follows:

• Transfers to UAE Service Providers UAE-based processors handle data under UAE PDPL principles and our internal data handling standards.
• Transfers to Saudi Arabia Personal data processed in connection with Saudi Arabia programmes is handled in accordance with Saudi Arabia's Personal Data Protection Law (PDPL, Royal Decree No. M/19) and by our approved local partners.
• Transfers to Oman, Qatar & Bahrain Data is shared with accredited local operators and government authorities under applicable GCC country data handling norms and our contractual data processing requirements.
• Transfers Involving EU Residents For personal data of EU-resident clients or delegates, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V requirements — including Standard Contractual Clauses (SCCs) where required, or reliance on applicable adequacy decisions. Our EU clients retain all rights under GDPR including the right to object to transfers.
• Transfers Involving US Clients For US corporate clients, data is handled in accordance with our contractual commitments. Where a US client operates under CCPA or specific state privacy laws, Destination Arabia will honour reasonable data subject rights requests consistent with those frameworks on a best-efforts basis.

Retention & Security

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected or as required by applicable law:

• Active Client & Delegate Records Retained for the duration of the service relationship and for 5 years following the completion of the last programme, to support client queries, dispute resolution, regulatory audits, and repeat event planning.
• Financial & Tax Records Retained for a minimum of 5 years as required under UAE commercial law and Federal Tax Authority requirements (VAT records). Where Saudi Arabia VAT or Qatari excise obligations apply, records are retained per those jurisdictions' requirements.
• Sensitive Travel Data Passport copies, visa documents, and sensitive health data are deleted or returned to the client as soon as they are no longer required for the specific programme, and in any event within 90 days of programme completion unless legally required to retain.
• Enquiry Data (No Booking) Data submitted via website enquiry forms or direct communications where no subsequent booking is confirmed is retained for 2 years, after which it is securely deleted.

Security Measures: We implement appropriate technical and organisational security measures — including access controls, encrypted communications, secure document handling, and staff data protection training — to protect your personal data against unauthorised access, loss, or disclosure. No digital transmission or storage system is entirely infallible, and we cannot guarantee absolute security of data in transit.

Your Rights

Depending on your jurisdiction of residence, you may hold the following rights in relation to your personal data. We are committed to honouring them promptly, without undue formality, and at no cost to you:

• Right of AccessRequest a copy of the personal data we hold about you, including information about how it is used and with whom it is shared.
• Right to RectificationRequest correction of any personal data that is inaccurate, incomplete, or out of date.
• Right to Erasure ("Right to be Forgotten")Request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to our overriding legal obligations to retain certain records.
• Right to Restriction of ProcessingRequest that we pause processing of your data — for example, while the accuracy of data is under dispute.
• Right to Data PortabilityWhere applicable (EU/GDPR and UAE PDPL), receive your data in a structured, commonly used, machine-readable format.
• Right to ObjectObject to processing based on legitimate interests, including the right to object to any use of your data for profiling or direct marketing.
• Rights Under Saudi Arabia PDPLSaudi Arabia-resident data subjects have equivalent rights under the KSA Personal Data Protection Law, including the right to be informed, access, correction, and deletion.

To exercise any of these rights, please contact us at [email protected]. We aim to respond within 30 days. EU residents who are dissatisfied with our response retain the right to lodge a complaint with their local supervisory authority (e.g. the ICO in the UK, CNIL in France, or the relevant EU DPA).

Destination-Specific Data Notes

Each destination in which Destination Arabia operates has its own regulatory context for personal data. Clients and delegates should be aware of the following:

• UAE — Dubai & Abu Dhabi Data processing is governed by the UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection. The competent supervisory authority is the UAE Data Office. Destination Arabia holds a UAE trade licence and operates fully within the UAE PDPL framework.
• Saudi Arabia — Riyadh, AlUla & Region Saudi Arabia's Personal Data Protection Law (PDPL) came into force in 2023. Delegate data shared with Saudi hotel groups, the Saudi Tourism Authority, and event venues is subject to KSA PDPL obligations. Photography and recording at certain government and heritage sites (including AlUla) is subject to Saudi regulations; delegates are briefed accordingly.
• Oman — Muscat & Interior Oman does not yet have a comprehensive dedicated data protection law equivalent to GDPR or UAE PDPL. Data transferred to Omani service providers is governed by our contractual requirements and Omani civil law principles. Destination Arabia applies UAE-equivalent standards to all Oman-based data processing.
• Qatar — Doha Qatar's Personal Data Privacy Protection Law (Law No. 13 of 2016) governs personal data processing in Qatar. Delegate data shared with Qatari hotels and the Qatar Tourism Authority is subject to these provisions. Destination Arabia ensures Qatari-based partner contracts include appropriate data handling terms.
• Bahrain — Manama Bahrain's Personal Data Protection Law (Law No. 30 of 2018) is administered by the Personal Data Protection Authority (PDPA). Delegate data processing for Bahrain programmes aligns with these requirements through our local partners and direct contractual obligations.

Liability, Data Breach & Policy Updates

• Our Liability for Data Handling Destination Arabia's liability in connection with any data protection matter is limited to losses directly caused by our own proven negligence or wilful misconduct in the handling of your personal data. We shall not be liable for any indirect, consequential, special, or punitive loss — including loss of business, reputational harm, or loss of profit — arising from any data handling matter, howsoever caused, except where such exclusion is prohibited by mandatory applicable law (including GDPR or UAE PDPL where they apply).
• Third-Party Processor Responsibility Where personal data is processed by a third-party supplier (hotel, airline, ground operator, venue, or government authority) following disclosure by Destination Arabia in accordance with this Policy, Destination Arabia is not liable for any data breach, loss, or misuse that occurs within that third party's systems or custody. We select processors with reasonable care and include data handling obligations in our contracts where applicable, but cannot guarantee the security practices of independent third parties.
• Data Security Incidents & Breach Notification In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals whose data we hold, Destination Arabia will: (a) take immediate steps to contain and assess the breach; (b) notify the relevant supervisory authority within 72 hours where required under GDPR or applicable UAE PDPL obligations; and (c) notify affected individuals without undue delay where the breach is likely to result in a high risk to their rights, providing details of the nature of the breach and the steps taken. Notification obligations may be limited in circumstances beyond our reasonable control, including cyber-attacks, infrastructure failures, or events constituting Force Majeure.
• Governing Law for This Policy This Privacy Policy is governed by the laws of the Emirate of Dubai and the applicable federal laws of the United Arab Emirates. Any dispute relating to the processing of personal data by Destination Arabia shall be subject to the jurisdiction of the Dubai Courts, without prejudice to EU residents' rights to bring claims before their local supervisory authority under GDPR.

Cookies & Tracking

The Destination Arabia website uses only essential and performance cookies. We do not use advertising cookies, retargeting pixels, or third-party social media tracking scripts.

• Essential CookiesRequired for site functionality including navigation and form submissions. Cannot be disabled without affecting site performance.
• Analytics CookiesWhere enabled, privacy-respecting aggregated analytics (no personally identifiable data) to understand site usage and improve user experience.

You may manage cookie preferences via your browser settings. Disabling non-essential cookies will not affect your use of our services.

Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact us directly:

Please also review our Terms & Conditions, which govern all services provided by Destination Arabia.