Delta Wings Travel Agency LLC, registered in Dubai, United Arab Emirates, is committed to protecting the privacy of its clients and their personal data. This policy covers the collection, use, and sharing of personal data for both our websites and digital advertising, as well as related devices. Delta Wings primarily serves customers inside and outside the United Arab Emirates, including citizens of the European Union; therefore, this policy has been designed to meet the requirements of the European General Data Protection Regulation (GDPR) as well as the UAE Personal Data Protection Law (2021 PDPL). The policy focuses on: the company's identity and contact details; the types of data it collects (such as name, address, email, nationality, payment details, and passports); how it is collected (website forms, ads, Facebook Pixel, Google Analytics, payment gateway, email, WhatsApp); the legal basis for processing it (consent, contract performance, legal obligation, and legitimate interests); cookies and tracking tools (with a detailed cookie table); data sharing with third parties (airlines, hotels, technical and marketing service providers); international data transfers; data retention schedules; user rights (access, rectification, erasure, restriction of processing, objection, data portability, withdrawal of consent, and complaint filing); technical and organizational security measures; children's policy; use of artificial intelligence/automated decisions; cookie-consent pop-up wording; and the update/version procedure. Our privacy department contact details and version amendment policy appear at the end of this policy: com.dubaiemirates@support.
· Personal data: any information relating to an identifiable natural person. This includes name, email address, phone number, address, nationality, travel data (such as a passport), and payment details.
· Processing: any operation performed on personal data, such as collection, storage, use, sharing, or deletion.
· Controller: Delta Wings, as the entity that determines how and why client data is processed.
· Processor: any party that processes data on behalf of Delta Wings (such as an email service provider, payment platforms, partner companies).
· Legitimate interests: exceptional cases in which the law permits data processing without explicit consent if this is necessary and consistent with individuals' rights (Article 6(f) of the GDPR)【51†L1-L4】.
· Third countries: countries outside the European Union/European Economic Area; any processing that transfers data to them is considered an international transfer.
Delta Wings Travel Agency LLC is a UAE-based travel company headquartered in Dubai, specializing in package tours (including Socotra Island), ticket booking, and the organization of integrated travel programs (camping or hotels according to the client's choice). Our official booking and tour website is d-w.ae. You may contact us at com.dubaiemirates@support for support or privacy inquiries. The company is subject to the UAE legal framework (Personal Data Protection Law No. 45 of 2021【1†L51-L1】) and we also strive to comply with the European General Data Protection Regulation (GDPR) for data belonging to EU residents【4†L207-L198】【59†L79-L87】.
This policy applies to all personal data collected by Delta Wings through the d-w.ae website, our advertising forms and marketing campaigns on Facebook and Google, or through direct communication (email/WhatsApp), as well as data we receive from partners (hotels, airlines, service providers) while delivering services to the client. The policy also covers our use of digital marketing and analytics tools such as Facebook Pixel, Google Analytics, Google Tag Manager, Microsoft Clarity, or Hotjar, and any future tools. We do not collect personal data through unlawful means, and we do not share sensitive data (such as health, political opinion, or religion) except in accordance with legal limits. This policy is intended for clients and visitors of all nationalities, and explains their rights and our obligations, while ensuring they understand how we collect and use their personal information.
We collect the following types of personal data in order to provide our services and fulfill bookings:
· Identification details: full name, date of birth (if needed for matching), nationality, and address (residence).
· Contact details: email address, phone number (for communication and notifications).
· Trip and booking details: booking information (destination, dates, choice of camping or hotel), type of travel program.
· Payment data: payment card details or bank transfer information (collected through a secure off-site payment gateway).
· Travel documents: copies of passports and travel visas, which are requested to be sent by email or WhatsApp after the booking is agreed.
· Marketing data and preferences: any information the client voluntarily provides about their travel interests or preferred programs.
· Technical and analytical data: such as the visitor's IP address, browsing history (when visiting the website), analytics cookies data (from Facebook and Google), and optional CRM data (such as post-travel client feedback).
We do not collect sensitive data (such as religious affiliation or health status) unless it is necessary and covered by the client's explicit consent within the agreement.
· Website forms and advertising forms: when users interact with our ads on Facebook or Google, we may present forms to collect initial data (such as name and phone number) so that we can contact the client later. The website itself may also display contact or quote-request forms.
· Facebook Pixel (Meta Pixel): Delta Wings uses Facebook Pixel to monitor visitor interactions with the website and our advertising campaigns. The pixel collects information such as IP addresses and interaction events (clicks on the booking button, page views)【33†L249-L240】【59†L79-L87】. This helps us measure ad effectiveness and tailor promotional content later.
· Google Analytics and Google Tag Manager: we use Google services for web analytics. Google Analytics collects visitor information (encrypted IP addresses, device type, pages visited, session duration, source of visit) in order to review website traffic and improve performance. We also use Google Tag Manager to make it easier to manage tracking tools without changing code too often.
· Electronic payment gateway: when paying online, payment information (credit cards or bank account data) is processed directly through a secure external payment provider. Delta Wings does not retain full card details; it only receives confirmation that the transaction was successful.
· Email and WhatsApp: after the booking is completed, we often ask the client to send a copy of their passport or additional documents by email or through the company's secure WhatsApp. This is because these are safer channels for carrying sensitive documents.
· Video camera recordings: if our team is working in the field (for example, receiving tourists at an airport or hotel), surveillance cameras may capture visitors' faces for security reasons (subject to local legislation). Such recordings are kept for a short period in line with local security laws.
To ensure transparency, we clarify that all the above data is collected with explicit notice to the user, and we obtain the necessary consent depending on the case. The company maintains a Records of Processing Activities (ROPA) system that details each data-processing operation, as recommended by the European Data Protection Board.
【40†embed_image】 Figure (1): A simplified diagram showing the flow of personal data within Delta Wings, from collection through the website and advertisements to internal processing and sharing with external partners. Data-flow mapping is recommended to understand how personal data moves and to reduce the risk of breaches【59†L79-L87】【51†L1-L4】.
Delta Wings is subject to the UAE Data Protection Law (PDPL 2021) and the GDPR for residents of the European Union. The law requires a clear legal basis for every processing activity involving personal data. We rely on the following bases:
· Contract necessity: processing of data collected during a trip booking or service purchase that is necessary to perform the contract with the client (GDPR Article 6(b)). Example: processing passport details and issuing tickets to facilitate travel.
· Legal obligation: processing data to comply with legal duties (Article 6(c)), such as retaining documents for customs inspection or tax compliance (for example, keeping travel invoices).
· Consent: in cases not covered by contract or law (such as marketing messages and newsletters), we request the client's explicit consent (Article 6(a)). The client may withdraw consent at any time with ease【54†L1-L4】.
· Legitimate interests: we use this basis cautiously, only when there is a justified need. For example, storing contact information in a controlled manner to prevent fraud and secure the payment system, or performing service-performance analytics for improvement purposes. However, we do not use this basis for marketing purposes without specific consent. Note that the UAE law does not include an explicit provision on "legitimate interests" as in the GDPR, but it is implicitly recognized within the lawful categories allowed under UAE law when the purpose is legitimate.
We confirm that we do not rely on unlawful processing, and all lawful-basis provisions comply with the GDPR "legal basis" requirement (Article 6) and UAE law standards【51†L1-L4】. This processing includes explaining the purpose in each case (marketing, booking, analytics), which aligns with our duty to inform data subjects under the transparency principle (also consistent with the UAE Data Protection Law)【51†L1-L4】【59†L79-L87】.
We use the collected data for the following purposes:
· Delivery of travel services: completing travel bookings, hotel reservations, ticket issuance, and coordinating services provided to clients (airport reception and tours, tours, etc.).
· Communicating with the client: sending notices about travel dates, booking updates, answers to inquiries, and confirmations by email or phone.
· Legal compliance: keeping transaction and invoice records for tax inspection, or providing information required by authorities (such as customs or security agencies) when legally requested.
· Analytics and service improvement: analyzing website performance and visitor behavior using tools such as Google Analytics and Meta Pixel to improve the user experience and personalize offers in the future. These analyses are performed on aggregated data (partially anonymized) and are not used to identify a specific person without consent.
· Marketing and promotion: sending customized travel package offers and newsletters to those who have shown interest or subscribed to the mailing list. This is done with explicit consent (the client may be asked to provide consent at registration or at any later time) in accordance with Article 6(a).
· Security and fraud prevention: reviewing financial transactions and the proper use of services to verify any unlawful or fraudulent activity.
In all cases, we adhere to the principle of transparency: we explain the reason for collecting each type of data, as required by Article 5(1)(b) of the GDPR【57†L85-L94】. For example, payment information is used only to complete the purchase and is not disclosed to others except by proper arrangement, and your consent is required for marketing contact. We also apply the principle of data minimization【4†L1-L54】【4†L1-L51】, meaning we request only the data necessary to achieve a specific purpose and do not retain unnecessary information【36†L315-L323】.
We use cookies and similar technologies to improve website performance and provide relevant content. The cookies used are divided into:
· Strictly Necessary cookies: enable core website features (for example, keeping users signed in, or remembering shopping cart contents). These cookies do not require user consent under the law, because they are necessary for the website to function and for the user's request.
· Analytics/Performance cookies: collect summarized information about how visitors use the website (such as number of visits and session duration). Example: Google Analytics uses cookies (_ga, _gid, _gat) to analyze website performance【57†L123-L130】. These cookies usually last from one day to two years depending on the type.
· Marketing/Advertising cookies: used to provide personalized advertising content based on your previous behavior. For example, Meta Pixel places cookies such as (_fbp and fr) to connect your visits across more than one site and measure the effectiveness of Facebook ads【30†L22-L25】【249†L240-L33】. These cookies last for several months and require your explicit consent under GDPR and ePrivacy rules.
· Payment gateway cookies: data may be collected through third-party cookies provided by the payment gateway (such as PayPal/Stripe) to ensure transaction security. We redirect you to a known and secure payment gateway and do not directly control those cookies, but they are subject to the service provider's privacy policy.
· Future-tool cookies: if we later use tools such as Hotjar or Microsoft Clarity to analyze visitor behavior (for example, heatmaps or session recordings), we will explain their details in this section later. For example, Hotjar uses cookies such as _hjSessionUser_* that remain for 365 days to track sessions anonymously【L109†L27】【L117】.
The table below summarizes the main cookies used:
Retention period
Service Provider
Purpose
Duration
Type
Opt-out Options
_ga, _gid, _gat
Google Analytics
Track website visits and analyze performance
2 years, 1 day, 1 minute
Performance/Analytics
Opt out of Google Analytics【57†L123-L130】
_fbp, fr, _fbc
Meta Platforms (Facebook)
Personalize ads and measure advertising campaigns
About 2 months
Marketing/Targeting
You can disable Facebook ads through your browser settings or your Facebook account.
CookieConsent (example)
Delta Wings
Store the cookie-consent preference (for example, date and consent settings)
365 days
Necessary
Can be deleted from your browser or through the "Reject cookies" option in the pop-up window.
_hjSessionUser_*
Hotjar
Identify the user and associate them with future visits (user-interface analytics)
365 days
Analytical/Functional
Hotjar can be blocked through ad blockers or browser cookie settings.
(Gateway cookies)
Stripe/PayPal
Improve checkout experience and security (for example, completing incomplete transactions)
1 day - 1 year
Necessary/Security
Cannot be disabled while you continue paying through the service.
(Browser session)
Delta Wings
Track session status (for example, continuing form completion)
End of session
Necessary
Delete all cookies from the browser.
Note: you can manage cookie preferences through the pop-up window on the website, where you may accept all cookies or disable non-essential types (marketing and analytics)【101†L93-L23】【182†L174-L23】. For example, you can enable the browser's "Do Not Track" function or use ad-blocking extensions to prevent marketing analytics.
Electronic communications governance rules require clear user consent before non-essential cookies are activated【182†L174-L23】【101†L93-L23】. Therefore, when you first enter the site, we display a cookie-consent banner stating: "We use cookies to improve your experience and analyze the site. By continuing or clicking 'Accept,' you acknowledge your consent to our use of cookies in accordance with this policy." The "Accept" button must be optional and we do not activate cookies before you give explicit permission【129†L23-L129】. If you refuse non-essential cookies, the website will operate only with the necessary functions【182†L174-L23】【138†L...】.
We use Facebook Pixel (Meta Pixel) and Google Analytics 4 to track website performance and our ad campaigns. Facebook Pixel collects limited data (such as page visits and clicks) and sends it to Facebook servers in the United States, where its algorithms help improve ad targeting【249†L240-L33】. Legal sources state that Meta Pixel captures information from HTTP headers and user interactions and is legally considered a "cookie," so explicit consent is required to use it【249†L240-L33】. We ensure that the data sent to Facebook is aggregated and as minimally identifying as possible, and we do not give Facebook sensitive data beyond what is necessary (such as a partially encrypted IP address).
As for Google Analytics 4, it is an analytics tool provided by Google LLC, which collects information about users (IP address and on-site events) and stores it on Google servers, often in the United States. Following a series of European data-protection decisions, it is now clear that use of Google Analytics involves a transfer of data to countries outside the European Union【47†L343-L47】. Accordingly, we adopt protective measures such as IP anonymization and enabling advanced data controls for GA4【352†L...】. Nevertheless, experts acknowledge that transferring EU users' data is an "international transfer" under GDPR Articles 44-46 and requires additional safeguards. We explain in the International Transfers section which methods are used (such as standard contractual clauses) to protect your data in this case.
We fully satisfy transparency requirements by clearly informing you in this policy about the tools we use【183†L175-L21】【101†L93-L23】. If at any time you want to withdraw consent for data analysis, you can disable the related cookies or request assistance from customer support.
We may share your data with other parties for purposes related to service delivery or legal compliance:
· Airlines and hotels: to complete bookings, we provide airlines and hotels only the necessary details (name, trip information, passport if needed). These parties work with us in this context as joint controllers. We always operate under the agreed standards with them (express data-processing agreements) to ensure that your data is used only for the agreed purposes.
· Payment service providers: we use an electronic payment provider such as Stripe or PayPal. The provider shares the data needed for processing (such as part of the card number and transaction details) to carry out the payment securely. Under our contracts, we retain only the minimum information (payment confirmation), while the provider keeps additional data such as the IP address for security purposes; Stripe notes that it uses personal data to improve its services, including fraud detection and loss prevention【780†L772-L49】.
· Technical service providers: such as website hosting providers, digital marketing consultants, database management companies (CRM), and email systems. These entities are treated as processors under contracts that define their responsibilities for protecting data.
· Marketing and analytics partners: when external tools are used (such as Google Analytics, Facebook, or any third-party cookies), data is sent to those companies (which act as processors or separate controllers) under clear contracts and terms of use. For example, we mentioned earlier that Google and Facebook each have policies governing how data is used and protected; we continuously review those policies to ensure compliance.
· Government authorities: in rare cases, we may need to share your data with government or legal bodies (such as security investigations, tax requests, or court cases), but only where there is a legal basis or a binding court order. This is within the obligations mentioned in UAE law (Article 33)【52†L1-L4】.
We confirm that your data will not be sold or rented to any outside party for direct advertising unless we have your prior explicit consent. All the above-mentioned sharing takes place under a binding legal framework and without violating the original purpose of processing. Where processing is carried out by third parties outside Delta Wings, those parties are obliged to keep the data confidential and use it only in line with our instructions and the rights of data subjects.
Because we target international clients, especially from the European Union, personal data may be transferred to entities outside the UAE and the EU (such as Google servers in the United States, Facebook servers in the United States, or other service providers)【49†L...】. Article 44-49 of the GDPR states that any transfer to a country not classified as safe requires appropriate safeguards.
· Adequacy decisions: to date, the European Commission has not issued a specific adequacy decision for the UAE. Therefore, we rely on other legal tools to cover such transfers.
· Standard contractual clauses: we use the European Commission's standard data-protection clauses to ensure your protection when your data is transferred to third countries【21†L152-L161】. These clauses are signed between us and service providers (such as Google or Facebook) and require them to apply data-protection standards comparable to the GDPR.
· Technical measures: where possible, we use measures that reduce transfer risks (such as encryption during transit or storing the data in anonymized form).
· Right to information: we always explain that we may transfer your data to service providers in third countries and we aim to provide a copy of the relevant standard agreements or terms upon request.
In short, you have the right to know how your data is transferred and what safeguards are included. We inform you that the use of American tools (Google, Facebook, and similar services) requires these measures. Since Delta Wings is based in the UAE, transfers between Dubai and any regional office or external data center are subject to the above procedures. We also undertake to notify you if such a transfer is based on an adequacy decision from the Commission (if one is issued in the future) or otherwise follows the appropriate protection protocols【152†L21-L161】【47†L343-L352】.
We retain each category of personal data for no longer than is necessary to achieve the purpose for which it was collected【36†L315-L323】. As a general rule, once there is no longer any legal or practical reason to keep the data, we securely delete it. The criteria we use to determine retention periods include: contract requirements (for trips), legal obligations (tax/financial evidence), and legitimate interests (such as possible legal claims). We review your data periodically to ensure the retention periods remain appropriate. The following table shows approximate retention periods:
Data Category
Recommended Retention Period
Justification
Booking data and travel contracts
7 years after the trip or contract ends
Tax requirements and legal standards (supporting contract records)
Travel documents (passports, visas)
1 year after the trip is completed (or less if the need ends earlier)
May be requested by authorities or kept as evidence when needed (temporary secure storage)
Contact and transaction data (email/WhatsApp)
3 years after the last contact
Customer-service planning, future request tracking, technical support
Payment data (invoices, receipts)
7 years (in accordance with company and accounting procedures)
Financial record-keeping and tax-audit requirements
Cookie records and ad transactions
Up to 2 years (depending on tool settings)
Analytics-tool requirements (for example, Google recommends 26 months)
Data-subject requests (such as DSR logs)
1 year after the transaction ends
For internal audit and legal compliance purposes
Backups and internal systems
Depends on the backup system (usually 30-90 days)
Data restoration in emergencies
If we do not have a specific period for deleting a given data category, we explain the criteria used (for example, account age or last activity date). The European Commission confirms that data should be stored for the shortest possible period consistent with the purpose【36†L315-L323】. If there is a need for us to retain additional data (for future research or public archiving), we will then apply additional measures (such as minimization and encryption).
Delta Wings gives its users the following rights (as set out in the GDPR):
· Right of access: you have the right to request a copy of your personal data that we process.
· Right to rectification: you may request correction of any inaccurate data immediately.
· Right to erasure ("the right to be forgotten"): in certain cases, you may request deletion of your data (for example, if there is no longer a lawful basis for processing it, or if you have withdrawn consent and no other basis exists for processing)【15†L241-L249】.
· Right to restriction of processing: you may request that processing of your data be frozen (while retaining it) in certain circumstances (such as a dispute about accuracy or an objection to processing)【15†L241-L249】.
· Right to object: you have the right to object to the use of your data for public-interest or legitimate-interest purposes (such as direct marketing or certain analytics)【15†L241-L249】【21†L175-L183】. If you object, we will stop processing the data for those purposes unless there is a compelling reason that overrides your rights.
· Right to data portability: you may request a copy of your personal data in a portable format (for example, if you wish to move to another service provider), provided that this is technically possible and that our processing is based on contract or consent【21†L175-L183】.
· Right to withdraw consent: if you have given consent for the processing of your data (for example, for marketing), you may withdraw that consent at any time as easily as you gave it【54†L1-L4】. Withdrawal of consent will not affect the lawfulness of processing before the withdrawal.
· Right to complain: if you believe your data has been identified or processed unlawfully, you may file a complaint with the competent data-protection authority. (For most users in the European Union, this will be the national supervisory authority; if your complaint concerns data protection in Europe, you may contact the relevant authority in your country.)【21†L198-L207】. We first welcome an attempt to resolve disputes internally before proceeding to judicial authorities.
To exercise any of these rights, the client may send a written request to support@dubaiemirates.com or contact our designated phone number, stating the type of request (for example, "request for access to personal data"). In accordance with legal requirements, we will ask for proof of identity before providing any information (to protect your privacy). We undertake to respond to rights requests without undue delay, and no later than 30 days from receipt (this period may be extended to 60 days in complex cases, with notice to you of the extension and the reasons for it)【176†L168-L21】. You also have the right to come back to us for clarification if our company does not respond within the legal period.
Delta Wings applies strong technical and organizational measures to protect your data from unauthorized access, disclosure, or loss. These measures include:
· Encryption: modern encryption protocols (such as HTTPS/TLS) are used to protect your data in transit over the internet. We also consider encrypting stored data (especially sensitive data) when needed. According to the recommendations of the UK Information Commissioner's Office, encryption is an appropriate security measure and should be used where there is a high risk【57†L85-L94】【130†L123-L57】.
· Restricted access: only authorized employees are allowed access to personal data, and only on a need-to-know basis. Employees receive regular security training and we use access-rights management to ensure separation of duties.
· System and network protection: we perform regular security updates on servers and network devices, and we use firewalls and intrusion-detection systems.
· Training and awareness: employees are trained on best security practices (such as recognizing phishing emails), and we educate them about the importance of maintaining data privacy.
· Incident management: we have an information-security incident response plan that includes detecting, handling, and reporting breaches (as described below).
We confirm that the GDPR does not require mandatory encryption for all data, but notes that it may be appropriate to reduce risks【57†L113-L122】. When processing financial, health, or sensitive data (if any), we increase the level of safeguards (such as protected backups and additional restrictions). We continuously update our security controls and perform data-protection impact assessments (DPIAs) where required.
Under UAE and European law, Delta Wings must notify both the relevant authorities and affected individuals of any personal-data breach that creates a risk to individual rights. If a security breach occurs (for example, a hack or data leak), the following steps will be taken:
It should be noted that data-breach notification is a clear legal obligation【15†L255-L259】. Compliance with this strengthens our clients' trust and confirms our credibility in protecting their data.
Delta Wings does not target children under 16 (the default age of consent in the GDPR) in its advertising campaigns or data collection. We do not knowingly collect children's data. If we discover that a user under 16 has sent us their data, we will request parental consent before any further processing. If such consent is not obtained, we will immediately delete the data from our records. We encourage parents and guardians to monitor their children's use of our services and to inform us immediately if they believe any data has been collected inappropriately.
Delta Wings does not rely on core automated decisions (such as automatic loan approval or profiling of individuals) that have legal or similarly significant effects on users. All assessments related to our services (such as booking approval) are made by staff or through clear standard procedures and are not based on purely commercial algorithms.
However, we use limited artificial-intelligence technologies in marketing (such as ad personalization through Facebook and Google systems). These systems may infer visitors' interests based on their activity, but we do not make any discriminatory or legally significant decisions on that basis. Any future use of machine learning (such as travel-recommendation models) will be covered by a separate notice, with simplified explanations of how it works and its effects, as required by the GDPR if it becomes a decision with legal or similarly significant effects. At present, our systems perform no automated processing beyond ordinary marketing and commercial tracking.
When you first visit the website, a pop-up appears explaining the cookie policy, for example:
"The Delta Wings website uses cookies to improve your experience and analyze our use of the website. By using the website or clicking 'Accept,' you allow us to store cookies on your device. You can click 'Cookie Settings' to choose which cookies you consent to or refuse. Click 'More information' to read the full privacy policy."
The pop-up must include at least two buttons: Accept (accept all cookies) and Reject non-essential cookies. The third option, "Cookie Settings," lets the user control cookie types (for example, disabling marketing and analytics cookies while allowing necessary ones) without disabling the essential cookies. The consent banner must remain displayed on the first visit for each device until the user chooses an option. If the user rejects non-essential cookies, we configure the site so that only the necessary cookies are activated, while still providing a basic browsing experience【23†L93-L101】【23†L174-L182】.
For users in the European Union, we recommend the following steps for optimal privacy:
· Accept only necessary cookies: in the consent box, choose to disable analytics and marketing cookies if you want to reduce ad tracking.
· Browser settings: you can adjust your browser to block third-party cookies or disable them by default, then allow them as needed.
· Protection tools: use ad-blocking and cookie-blocking extensions or tools (such as Ghostery or uBlock) to prevent general third-party tracking.
· Private browsing mode (Incognito): this limits the storage of cookies when the windows are closed.
· Monitor your ad activity: use ad-control portals (such as YourAdChoices) to opt out of advertising-interest profiling externally.
· Follow the privacy policy: review the privacy policy from time to time (especially before giving new consent) to stay aware of updates.
These recommendations help you manage your privacy level without preventing you from using the website altogether.
We may refer in this policy to website-specific terms of use. It is recommended that the privacy policy be separate and clear, with a link to the "Terms of Use" so that the client has full understanding. For example: "For the applicable service terms, please review our Terms of Use," while clearly noting any legal differences between the terms and the privacy policy. (This does not conflict with the privacy policy itself; it supports it legally.)
The relationship between clients and Delta Wings is governed primarily by UAE laws and local Dubai laws, including the applicable UAE Data Protection Law. However, individuals in the European Union still retain the rights and remedies available under the GDPR.
· International scope: if you are an EU citizen or resident and you believe your rights under the GDPR have been violated, you have the right to file a complaint with the competent authority in your country【21†L198-L207】. For example, you may contact the national data-protection authority in your country of residence, or the UAE Data Protection Commissioner's office if the breach occurred in Dubai.
· Competent court: any dispute arising from the interpretation of this privacy policy will be referred to the UAE courts unless international laws provide otherwise. UAE law is considered the primary governing law of the relationship (especially Article 82 of the UAE Data Protection Law or its equivalent), while European GDPR rights remain preserved when dealing with us.
We are not legally required to appoint an internal Data Protection Officer, but support@dubaiemirates.com may be considered the designated privacy contact point. We are pleased to receive any privacy inquiry or complaint through it. We are training our team to handle data-rights inquiries in line with international standards【21†L175-L183】.
This policy was issued in July 2026. We will review it periodically (at least annually) or whenever there is a change in our services or relevant laws. If any material amendment is made, we will notify clients with an appropriate notice on the website or by email to the registered address. Please check the "Last Updated" date at the bottom of this document regularly to ensure you are viewing the latest version. When the policy is updated, the version number and amendment date, along with a summary of the changes, will be stated to make tracking revisions easier.
Copyright: this privacy policy text is owned by Delta Wings and may not be copied or used for any commercial purpose without written permission from Delta Wings management.
In short, we fully commit to protecting your personal data and providing complete transparency about it. We handle your data carefully and responsibly in accordance with the highest global standards【15†L251-L259】【36†L315-L323】. If you have any further questions about our privacy policy or wish to exercise any of your rights, please do not hesitate to contact us at support@dubaiemirates.com.