Seyaha Corp., a Delaware corporation with its operational headquarters located at Al Imam Saud Ibn Faysal Rd, Hittin, Riyadh 13518, Saudi Arabia, together with its subsidiaries and corporate affiliates (“we,” “us,” “our,”) respect your right to privacy and we take our responsibility to safeguard your private information very seriously. Seyaha Corp. is the operator of Seyaha websites (collectively, our “Service Sites'') and the Seyaha mobile applications (collectively, the “App”), is the data ‘controller,’ as defined by the General Data Protection Regulation (“GDPR”).
You can contact us at info@seyaha.net and our data protection officer at contactus@seyaha.net. If the Service Sites or the App connect you with third-party online services, you should carefully review the privacy policies of such third-party sites as they are not governed by our privacy policy.
We want to inform you about the way we collect and process your personal data in accordance with the GDPR Act.
I. What kind of data do we collect?
1. Automatically generated website visitor information
We collect information and data that is automatically transmitted or generated by your browser each time you visit our website. Such information includes the IP address, the URLs of the site you visited before accessing our Service Sites (“referrer”), the browser used, the browser language, the operating system and user interface, the access device used, date and time of your access, the pages viewed on our website, and the time you spend on the Service Sites. Such data is stored for a period of two years and deleted automatically thereafter. We may use this information to investigate errors, to improve the stability and functionality of the Service Sites and the App, and to assist you in completing any interrupted bookings.
2. Data provided by you / user accounts
Furthermore, we also collect and use the information you provide to us about yourself, your travel companions, and about the planning of your trip by using the Service Sites or the App:
a) When you book a travel product through our Service Sites, we ask you to provide personal data, e.g. your name, your email address, phone number, government-issued identification numbers, emergency contact information, billing address, payment method or credit card information. We will ask you for the data that the respective transportation provider requires to complete the booking process. Our forms show what kind of data is required for each respective booking. We cannot process your booking without provision of the required data. Credit card information will be immediately passed on to the respective payment provider. We only store truncated credit card data (e.g. “511111******1111”) for reporting purposes and fraud analysis. When you make a booking for someone else (e.g. your travel companion, business travel) through the Service Sites or the App, we will request personal information about such companions or such business. You should obtain the consent of all such individuals before providing their information to us as those individuals may not be able to independently view their information themselves if it is provided to us under your account. To the extent that your companion(s) may need to amend or delete their information, they can reach out to us using contactus@seyaha.net.
We store booking-related data for a period of 10 years and thereafter keep the information required by trade and tax law for the statutory retention periods (usually ten years after the conclusion of the contract / booking).
b) Should you opt to additionally register for a personal profile with Seyaha by creating a user account, this data will be stored with us for your future bookings.
We keep your account data as long as you keep up your user account with us. If you decide to delete your account, we delete the associated data. However, potential booking data and related basic data (e.g. your name and address) will be kept as described above.
c) If you contact us or our customer support (e.g. by email, telephone or contact form on the Service Sites), we use the data you provided (usually your contact information and your inquiry) to respond. We keep your inquiries for a period of five years after answering except, where required by trade or tax law, we keep such correspondence for the statutory retention periods (usually six years).
d) Call recording: When you make calls to our customer service team, you may be required to confirm that you have an existing reservation with us. Calls to our customer service team may be recorded for quality control and training purposes, which includes using the recordings to process claims and for fraud detection purposes. Though not every call is recorded, call recordings are kept for a limited amount of time and automatically deleted after six (6) months, unless we have a legitimate interest to keep such recording for a longer period, including for fraud investigation or another legal purpose. You can opt-out from the call recording at any time during your conversation with our customer service team by notifying one of our agents.
e) We may invite you to take part in surveys from time to time. These surveys may help us conduct market research, analyze how to improve your experience on the Service Sites and the App, and improve the functionality and quality of our Products. We will collect the data provided by you when you submit any such survey responses.
If you object to our data processing set out under this section, and no opt-out mechanism is available to you directly (for instance in your account settings), please send your objection to us at Contactus@seyaha.net.
The Service Sites and App are intended to be used by adults only. We do not knowingly collect personal information from children under the age of 13. In the event that we have knowledge that a child under the age of 13 has submitted any personal information to us via the Services Sites or the App, we may use the email address or other contact information provided by the child for the sole purpose of responding to the child’s question or carrying out his or her request on a one-time-only basis. We will not use the email address provided by such a child for any other purpose, and we will delete such information from our records once their question has been answered or the request has been fulfilled. If we become aware that we have unknowingly collected personal contact information other than an email address from a child under the age of 13, we will delete the information immediately.
3. Newsletter and marketing emails
If you opt into our newsletter subscription (e.g. by subscribing via the Service Sites or when creating a user account), we will send you newsletters and marketing emails, including information about Seyaha, together with promotions for offers and services whether provided by us or third-parties (e.g. travel, accommodation).
If you have opted to receive our newsletter subscription, you can withdraw your consent by using the “unsubscribe” link included in each of our newsletter and marketing emails.
Upon the withdrawal of your consent or unsubscribing from the newsletter, we delete your contact information, unless the contact information remains stored for another reason described elsewhere in this privacy policy, such as part of your user account or in relation to your bookings, as described above.
4. Cookies, web beacons and similar technology
Like most other website operators, we use cookies, web beacons, and similar technology (collectively “Tracking Facilities”) when you visit or use our Service Sites.
Cookies are small text files that are stored by your browser on your computer or mobile device and which allow re-identification of your computer or mobile device, potentially across numerous websites, including the Service Sites. These cookies contain no personal data. Some of the cookies we use are automatically deleted upon expiry of your session, that is, when you close your browser (these are referred to as session cookies). Other cookies remain stored on your device and allow us, or our business partners, to recognize your browser during subsequent visits (persistent cookies).
Our use of Tracking Facilities allows us to collect information about our users in order to provide simpler and more convenient access to our Service Sites, or to enable us to provide certain services at all.
We use Tracking Facilities for the following purposes:
To save your user settings such as language and currency while on using the Service Sites, and between visits.
To store your login status as a registered user (optional), so you do not have to log in again when returning to the Service Sites later.
For the technical assignment of your visit to certain servers to ensure a safe transition between pages and search queries.
To monitor the performance of our systems (no user-based evaluation of data).
Service providers for website analysis, retargeting, and conversion tracking may also use Tracking Facilities
If you click a link on the Service Sites that takes you to the website of a provider (for example when making a booking or to buy a ticket), it is possible that such other websites also store cookies on your computer. We have no control over these providers’ cookies and the data collected in this way and we cannot accept any responsibility for our providers’ websites or their tracking practices. We encourage you to carefully review the privacy policies of any website that you visit.
How do we use cookies?
We use different categories of cookies for different purposes (see below)
Mandatory for Use: We use strictly necessary cookies that are essential for You to browse the website properly and use its core features. As such they do not require Your consent. These cookies will generally be first-party cookies.
Category: Infrastructure
Purpose: Infrastructure cookies are first-party cookies that are necessary for you to browse the website properly and use its core features. They are essential for Us to provide You with the services You expect, such as using our platform to search and book travel services.
Category: Security
Purpose: Security cookies are necessary to ensure an adequate level of security of our website such as user authentication for secure payment and fraud prevention. These may include third-party cookies, e.g. security cookies from the payment provider You selected when You are redirected to the payment page.
Category: Functionalities
Purpose: Core functionality cookies are necessary to ensure the proper functioning of our website and its essential features, such as travel service bookings and ticket issuance. These may include third-party cookies from our transportation providers when you are redirected to their website to finalize your booking.
Non-necessary cookies: We also use cookies and similar technologies that help us understand how you use our website and to improve your user experience. As such they may include third-party cookies for marketing and personalization purposes. These cookies will be stored in your browser only with your consent. You can choose to reject such cookies under "Settings", which might affect your experience with our website.
Category: Performance and Statistics
Purpose: Performance & Statistics cookies are used to help understand personal and statistical use of our website to improve your user experience. As such they may include third-party cookies and similar technologies like analytics services. It allows us to gain important insights about the use of our websites and how different settings affect your user experience.
Category: Marketing
Purpose: Marketing cookies are used to assist our marketing efforts and improve online advertising performance. They allow us to track your online activity in order to place personalized and relevant advertisements from third-party Ads partners. We may upload your user identifiers received from these cookies to our Ads partner platform such as Facebook, Google and others to help improve the personalization of the advertisements.
6. Retargeting
Our Service Sites may use what are known as retargeting tags for presentation of interest-related advertising on third-party websites.
A retargeting tag is the name for a JavaScript element that is placed in our Service Site’s source code. If you visit a page on our Service Site that contains a retargeting tag, a provider of online advertising services (each a “Retargeting Provider”, e.g. Google, Facebook, etc.) places a cookie on your computer and allocates it to the corresponding retargeting target group lists. The Retargeting Provider uses the cookie to gather data related to your interests (e.g. the pages visited on the Service Sites or search queries), using pseudonymous identities. Based on that information, the Retargeting Provider displays interest-based ads on third-party websites. No directly personally identifying data is stored or transmitted, and the usage profiles will not be merged with your personal data. However, the Retargeting Provider can potentially identify you and track your visits on our website, in particular, if you are a registered user of the particular Retargeting Provider (e.g. if you have a Google or Facebook account).
7. Conversion tracking
We use advertising partners to advertise our offers on third-party websites. We also use marketing tools to determine the success of our advertising measures (“Conversion Tracking”). We intend to show you advertising relevant to your interests, to optimize our website, and to achieve a fair calculation of advertising costs.
To that end our advertising partners use cookies and web beacons (see above) to measure certain parameters related to the success of an advertising campaign, e.g. display of an ad or user clicks. The cookies are not intended to personally identify you. For the lifetime of the cookie the advertising partner can identify your clicks on an ad and your redirection to a certain landing page (e.g. form input, confirmation page, newsletter subscription). Based on this information, the advertising partner generates conversion statistics. These statistics show e.g. the number of users that have clicked on one of our ads. In addition, the statistics show the number of users that have reached a certain target page that has been marked with a “conversion tag” (remarketing tag, see above). The statistics do not include data that allows us to personally identify you.
We do not collect or use personal data in the advertising campaigns ourselves. Our advertising partners only provide us with statistical data, which allows us to identify effective advertising campaigns. We do not receive additional data, in particular no data that would allow us to identify our users.
Due to the Conversion Tracking tools, your browser automatically connects to the server of the advertising partners. We have no influence on the scope and further use of data collected by the Conversion Tracking tools of our advertising partners. The advertising partners receive the information that you have visited certain pages on the Service Sites or clicked on one of our ads. If you are a registered user of the advertising partner (e.g. if you have a Google or Facebook account), the advertising partner can relate your visits to such account data. Even if you are not a registered user with the advertising partner, or are not logged into your account, the advertising partner may collect and store your IP address.
8. Web analytics and statistics / Google Analytics
The Service Sites use Google Analytics, a web analytics service provided by Google LLC. (“Google”). Google uses cookies (see above), which are stored on the user's computer and allow us to analyze the use of the Service Sites. The information generated by the cookie about the use, including the user’s current, but truncated EU IP addresses are transmitted to a Google server in the USA and stored there. Since we have activated IP anonymization, your IP address will be truncated by Google within a European Union member state or a member state of the European Economic Area before transmission to the USA. Only in exceptional circumstances will the full IP address be transferred from the EU and truncated in the USA. Google will use this information on our behalf to evaluate the use of the Service Sites, compiling reports on the activities of users of our services, and to provide other services associated with internet use. In addition, Google may also transfer this information to third-parties if required to do so by law or where such third-parties process the information on Google's behalf. The IP address sent by your browser to Google Analytics will not be merged with other Google data.
You can prevent the installation of cookies by changing the settings of your browser. Please note, however, that this may prevent some of our services’ features from working correctly. Alternatively, you can prevent the collection of cookie data and your website usage data (including your IP address) by Google and the processing of such data by Google by downloading and installing a browser plugin available at: http://tools.google.com/dlpage/gaoptout.
9. Social Plugins
The Service Sites use what are referred to as social plugins by the following social media providers:
We use the so-called 2-click solution. If you visit the Service Sites, no personal data is transferred to the plugin provider. You can recognize the plugin provider by the label or logo on the button. We permit you to communicate directly with the plugin provider via the button.
Only if you click the button and activate the plugin, the plugin provider receives the information that you have visited the respective page of the Service Sites. In addition, the information mentioned under Sec. 1 above is transferred by your browser to the plugin provider. If you have an account with the plugin provider, and are logged in, the provider may relate your visit to the Service Sites and your additional interaction with the social plugin (e.g. clicking on the “Like” button) to your user account (e.g. your Facebook account).
We have no influence on the data collected and processed by the plugin provider, nor do we know the full extent of the data processing, purposes, retention terms and deletion of data by the plugin provider. Please find additional information regarding data processing by the plugin provider in their respective privacy policies linked above. These policies also include information regarding your rights and privacy-related configuration options.
10. Data Breaches
In the unlikely event of any unauthorized access or acquisition of your personal data, or if we experience a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data, where such breach poses a significant risk of harm to your rights and freedoms, we will promptly notify you without undue delay and, where feasible, not later than 72 hours after having become aware of it. In such case, we will also inform governmental authorities of such breach as required by applicable law.
II. Seyaha / seyaha app
The Seyaha or seyaha applications (collectively referred to as the “App”) are alternative ways to access offers and services provided by Seyaha. The App records, processes and utilizes data in the same way as the Service Sites, for the same purposes and on the same legal basis. The contents of this portion of the privacy policy apply to the App.
1. Additional use of app-specific data
When using the App, Seyaha can access additional data relating to the App and your mobile device, e.g. the device name, device manufacturer, model, operating system version, app version or SDK version and the device number (IMEI), advertising identifiers (e.g. Android’s Advertising ID, Apple’s Identifier for Advertisers). If you are using an Android device, the App can also detect what Google services you have subscribed to and can prevent your device from going into standby while the App is running.
The App, for both Android and iOS, requires your permission in order to function properly. Once you grant such permission, the App may record your device’s geolocation to use it for processing your query (e.g., filling in your location in the search form, to provide location-based services, or to suggest relevant content based on your location). Your location data is transmitted through an encrypted connection. If you use GPS, the App will detect your precise location. The data is used to fill in the search form and will not be stored otherwise. You may use your device’s settings menu to disable location data collection at any time.
2. Statistics and analytics
We use data analytics services to create statistics and analytics regarding your use of the App, the Service Sites, and our services. Data analytics services also assist when transitioning to our partner’s websites or services. We use the IP address and device identifier of your mobile device for such purposes. In addition, we may use such information to create cross-device, pseudonymous usage profiles (“cross-device-tracking”). You can disable the analytics functionality at any time in the App preferences.
In our apps, we use "Google Analytics" and “Firebase Analytics” as analytics services provided by Google LLC. (“Google”). Google provides SDKs (software development kits), which are stored on the user's device and allow us to analyze their use of the App. The information generated by the SDKs about such use, including the user’s current, but truncated IP address, are transmitted to a Google server in the USA and stored there.
Since we have activated IP anonymization, your IP address, if collected in the EU, will be truncated by Google within a European Union member state or a member state of the European Economic Area before transmission to the USA. Only in exceptional circumstances will the full IP address be transferred and truncated in the USA.
Google will use this information on our behalf to evaluate the use of the App, compile reports on the activities of users of our services, and to provide other services associated with internet use. In addition, Google may also transfer this information to third-parties if required to do so by law or where such third-parties process the information on Google's behalf. The IP address sent by your App to Google Analytics or Firebase will not be merged with other Google data.
If you are using the App, you can disable data processing by Google Analytics or by Firebase by using the switch at the bottom of this page.
This app utilizes Google Analytics with the extension “_anonymizeIP()”. This ensures processing of truncated IP addresses, so that no direct personal identification via IP addresses is possible.
Google has incorporated the EU Standard Contractual Clauses https://policies.google.com/privacy/frameworks?hl=en-US.
3. Push messages
If you have configured your mobile device accordingly, the App may send you push messages, e.g. to provide updates on Seyaha, status updates, marketing campaigns and other news, or to notify you of new services, products, and features. Push messages may also include advertising for Seyaha or seyaha or third-party offers (e.g. travel, accommodation).
You can withdraw your consent to receive marketing push messages at any time, free of charge, by disabling marketing push messages in the App settings or by deactivating push messages in your device’s operating system preferences.
If you are using the app, you can prevent data transfer to all retargeting providers at any time by using the switch at the bottom of this page.
When clicking the opt-out switch at the bottom of this page, we will disable the SDKs that allow us to recognize you. Your opt-out will take effect upon your first subsequent use of our App (i.e., after you restart the App). The opt-out switch prevents tracking when you use the App. To prevent tracking or retargeting on the Service Sites, you must set the opt-out cookie by clicking the opt-out button in your browser settings.
2. Data transmission related to bookings
a) Our providers
When you make a booking on the Service Sites or the App, we will transmit any personal data required to execute such booking to the respective provider (e.g. tour operator, tour guide, location) so that the transportation provider can process your booking and produce any personalized tickets that may be required. Such a third-party will then process your personal data under its own responsibility and in accordance with its own privacy policies. We therefore strongly recommend that you carefully review the privacy policy for each such transportation service provider prior to making your booking.
To the extent that we participate in a corporate transaction, divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy, we will inform the buyer that it shall only use your personal information for the purposes disclosed in this privacy policy. From time to time, we may also share aggregate or anonymous information with third-parties, including advertisers and investors. For example, we may tell our investors the number of visitors that the Service Sites receive on a monthly basis, or we may tell advertisers where the most popular tours and destinations are each month.
When you make a booking on the Service Sites or the App, we will transmit any personal data required to execute such booking to the respective provider (e.g. tour operator, tour guide, location) so that the transportation provider can process your booking and produce any personalized tickets that may be required. Such a third-party will then process your personal data under its own responsibility and in accordance with its own privacy policies. We therefore strongly recommend that you carefully review the privacy policy for each such transportation service provider prior to making your booking.
b) Payment providers
The payment details (credit card information) for bookings made directly on the Service Sites or through the App are processed by a trusted internet payment processor, who will transmit your data directly to the relevant credit card company.
In order to ensure that the credit card is being used by its legitimate owner, and to prevent cases of online fraud, encrypted credit card information is transferred to an external payment security service for auditing purposes. This transfer may also include additional personal data.
Your credit card data is processed by trusted and reliable internet payment processors. Your credit card details are encrypted (usually using the SSL protocol) before transmission to the payment processor. Your credit card data will not be disclosed to us by the payment processors.
c) Accommodation providers
In addition, the basic information of your query (such as destination and travel dates) could be forwarded to the accommodation service providers displayed in the search window - but only if you have explicitly included the respective service provider in the search query by selecting a checkbox. The service provider will then present you with non-binding offers matching your search query in a new window or tab. A transfer of personal data (except for the IP address) does not take place on our side.
3. Other service providers
We may use third party service providers, in particular for technical and business services, tax advisors and legal counsel. This may include hosting providers, including a content delivery network to cache and provide content, statistics and analytics, providers to handle service desk and support data, provision of CRM systems, sending of newsletters/mailings, spam and fraud prevention, IT service and development providers.
These service providers receive personal data solely for the performance of their services for us on our behalf. They are contractually obliged not to use personal data for other purposes.
