Zameera Customer Privacy Policy

Last updated: 1st December 2025

1. Introduction

This Customer Privacy Policy explains how Zameera L.L.C-FZ ("Zameera", "we", "us", "our") collects, uses, shares, and protects personal data about individuals who use the Zameera platform to browse or book experiences, or who otherwise interact with us as customers ("you").

We are committed to handling your data in a transparent, lawful, and secure way that reflects the premium standard of service you expect from Zameera.

If you do not agree with this Policy, you should not use the Zameera platform or provide us with your personal data.

2. Who we are and how to contact us

The controller responsible for your personal data is:

Zameera L.L.C-FZ

Meydan Grandstand, 6th floor

Meydan Road, Nad Al Sheba

Dubai, United Arab Emirates

If you have any questions about this Policy or how we process your data, you can contact us at:

Email: contact@zameera.com

Where required by law, we may appoint representatives or data protection contacts in specific jurisdictions. Details, where applicable, will be provided in local versions or annexes to this Policy.

3. Relationship to other documents

This Customer Privacy Policy forms part of Zameera's broader legal framework and should be read together with:

  • the Zameera Customer Terms & Conditions, which govern your use of the Zameera platform and your bookings as a customer
  • the Zameera Supplier Terms & Conditions, which govern relationships with suppliers
  • the Zameera Supplier and Business Partner Privacy Policy, which explains how we process data relating to our suppliers and partners
  • any cookie notice or local privacy notices that may apply in specific countries or channels

If there is any conflict between this Policy and local mandatory data protection law, the local law prevails.

4. What personal data we collect

4.1 Data you provide to us

We collect personal data that you provide to us directly, for example when you:

  • create or update a Zameera account
  • search, browse, or book experiences
  • contact us for support or concierge assistance
  • join mailing lists or marketing communications
  • participate in surveys, feedback, or promotions

This may include:

Identity data

  • full name
  • title
  • date of birth (where required)
  • nationality (where required, for example for aviation or regulatory reasons)

Contact details

  • email address
  • phone number
  • country of residence

Booking and experience data

  • details of experiences you view, shortlist, and book
  • travel dates, destination preferences, group size
  • special requests you choose to provide, for example dietary preferences, room preferences, logistics needs

Payment and billing data

  • partial payment card details and payment method information (processed primarily by our payment providers)
  • billing address
  • transaction history and receipts

Communications

  • messages you send to us through email, chat, or forms
  • communications you send to suppliers via the Zameera platform where applicable
  • feedback and complaints

Marketing preferences

  • consent to receive newsletters or offers
  • preferences regarding destinations, experience types, or themes

We do not request or require you to provide sensitive personal data such as health information, religion, or biometric data. If you choose to share such information voluntarily, for example health information relevant to experience safety, we will process it only where necessary and lawful, and we may encourage you to share it directly with the supplier where appropriate.

5. Data we collect automatically

When you use our website, apps, or digital channels, we automatically collect certain data, mainly through cookies and similar technologies, including:

Technical data

  • IP address
  • browser type and version
  • device identifiers
  • operating system and platform
  • approximate location based on IP

Usage and interaction data

  • pages and screens you view
  • time and duration of visits
  • clicks, scrolls, and navigation paths
  • search queries and filters used
  • referral sources, such as links from third party sites or campaigns

Cookie and tracking data

  • identifiers placed through cookies, pixels, and similar technologies
  • data about which emails you open or links you click in our communications

For more detail on cookies and how to manage them, see section 9 and any cookie notice we provide on the Zameera platform.

6. Legal bases for processing

Where data protection laws such as the EU or UK General Data Protection Regulation apply, we process your personal data on one or more of the following legal bases:

Performance of a contract

  • to create and manage your Zameera account
  • to process bookings and payments
  • to provide confirmations, updates, and customer support

Legitimate interests

  • to operate, secure, and improve the Zameera platform
  • to understand how customers use our services and develop new features
  • to personalise content and recommendations
  • to prevent fraud and misuse
  • to manage our relationships with suppliers and partners in relation to your bookings

Compliance with legal obligations

  • to comply with tax, accounting, anti money laundering, and regulatory requirements
  • to respond to lawful requests from public authorities

Consent

  • to send certain marketing communications by email or similar channels where consent is required
  • to use certain cookies and similar technologies where consent is required
  • to process any sensitive data that you choose to provide where this cannot be based on another legal basis

Where we rely on consent, you can withdraw it at any time as described in section 11. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.

7. How we use your personal data

We use your personal data for the following purposes:

7.1 To provide and manage your account

  • creating and managing your Zameera account
  • keeping your account data accurate and up to date
  • enabling secure authentication and account access

7.2 To manage bookings and payments

  • allowing you to search, compare, and select experiences
  • processing bookings as merchant of record and sending confirmations
  • managing changes, cancellations, and refunds according to applicable policies
  • allocating payments between you, suppliers, and Zameera through our payment providers

7.3 To provide customer support

  • responding to enquiries, requests, and complaints
  • supporting you before, during, and after your experiences
  • liaising with suppliers on your behalf where appropriate

7.4 To personalise and improve the Zameera platform

  • understanding how customers use our site and app
  • analysing trends, demand patterns, and destination preferences
  • improving navigation, content, and recommendations
  • developing new functionality and services

7.5 To prevent fraud and ensure security

  • detecting and investigating suspicious activity
  • protecting accounts and transactions
  • enforcing our Customer Terms & Conditions and preventing misuse

7.6 To send service communications

  • sending booking confirmations, updates, and reminders
  • informing you of changes to bookings, experiences, or terms
  • sending important security or privacy notifications

These service communications are not primarily promotional and you cannot usually opt out of them while maintaining an active account and bookings.

7.7 To send marketing communications

  • sending newsletters, offers, and curated content where permitted
  • tailoring marketing to your preferences and behaviour where lawful
  • measuring the effectiveness of our campaigns and channels

You can control marketing communications as described in section 11.

7.8 To comply with legal and regulatory obligations

  • maintaining records for tax and accounting purposes
  • complying with tourism, aviation, maritime, or other regulatory requirements where relevant to bookings
  • responding to lawful requests from courts, regulators, or law enforcement authorities

8. How we share personal data

We treat your personal data with care and share it only where necessary and lawful.

8.1 Sharing with suppliers

When you book an experience, we share the necessary personal data with the relevant supplier so they can deliver the experience and manage the booking. This may include:

  • your name and contact details
  • booking details such as dates, times, and group size
  • special requests or preferences you choose to provide and that are relevant to service delivery

Once the supplier receives your data, they use it as an independent controller for their own purposes, such as managing the experience, complying with their legal obligations, and maintaining their records. Their use of your data is governed by their own privacy policies and legal obligations. We encourage you to review the supplier's privacy information where available.

Zameera does not control supplier systems and is not responsible for how suppliers comply with their own data protection obligations.

8.2 Payment providers and financial institutions

We share personal data with payment service providers, such as Stripe, and with banks or card schemes where necessary to:

  • process payments and refunds
  • prevent fraud and unauthorised transactions
  • comply with financial regulations

These providers act either as independent controllers or as processors, depending on the context and local law.

8.3 Service providers acting on our behalf

We engage carefully selected third party service providers to support our operations, for example:

  • hosting and cloud infrastructure
  • analytics and business intelligence
  • customer relationship management and support tools
  • email and communication platforms
  • IT security and monitoring

Where these providers act as processors on our behalf, they may only process personal data according to our instructions and under contractual obligations to protect your data.

8.4 Zameera group companies and corporate transactions

We may share your data with other entities within the Zameera group (if and when such entities exist) where necessary for internal administrative purposes, centralised services, or consistent customer experience.

In the event of a merger, acquisition, restructuring, or sale of assets, your data may be transferred to the relevant acquiring or successor entity, subject to appropriate safeguards and continued protection consistent with this Policy.

8.5 Legal and regulatory disclosures

We may disclose personal data where required to:

  • comply with applicable laws and regulations
  • respond to lawful requests and legal processes
  • protect the rights, property, or safety of Zameera, our customers, suppliers, or the public

Where possible and lawful, we aim to notify you of such disclosures.

We do not sell your personal data.

9. Cookies and similar technologies

We use cookies and similar technologies on the Zameera platform to:

  • enable core site and app functions
  • remember your preferences, such as language and currency
  • understand how visitors use our services
  • personalise content and recommendations
  • measure and improve our marketing and performance

Where required by law, we will ask for your consent to the use of certain cookies, especially those used for analytics and advertising. You can:

  • manage cookie preferences through our cookie banner or settings page where available
  • adjust your browser or device settings to block or delete cookies, noting that some functions may not work properly as a result

For more detailed information on the cookies we use, please refer to any cookie notice published on the Zameera platform.

10. International data transfers

Zameera operates in the luxury travel space with suppliers, partners, and infrastructure in multiple countries. As a result, your personal data may be transferred to and processed in countries outside your country of residence, including countries that may not offer the same level of data protection as your home jurisdiction.

Where we transfer personal data from the EU, the UK, or other regions with data transfer restrictions, we will:

  • rely on adequacy decisions where available, or
  • put appropriate safeguards in place, such as standard contractual clauses approved by the European Commission or equivalent mechanisms, or
  • rely on permitted derogations where applicable in specific situations

You can contact us for more information about the safeguards used for international transfers.

11. Marketing and your choices

You are in control of how we use your data for marketing:

  • You can opt in or opt out of email marketing through your account settings or by using the unsubscribe link in our emails.
  • You can adjust preferences for specific types of content or destinations where such options are available.
  • You can withdraw consent for marketing or certain cookies at any time.

Even if you opt out of marketing, we may still send you service communications relating to bookings, security, or legal notices, as these are necessary for the operation of your account and our services.

12. Data retention

We retain your personal data only for as long as necessary for the purposes described in this Policy, including:

  • for as long as you maintain an active Zameera account
  • for the duration needed to manage bookings, provide customer support, and handle any disputes or complaints
  • for the period required to comply with legal, tax, and regulatory obligations
  • for a limited period after account closure or last interaction, to maintain records, enforce our rights, and respond to potential claims

The specific retention periods depend on the type of data, the purpose of processing, and legal requirements. When data is no longer required, we will delete or irreversibly anonymise it.

13. Your rights

Depending on your location and applicable law, you may have some or all of the following rights in relation to your personal data:

Right of access

to obtain confirmation whether we process your data and to receive a copy of that data

Right to rectification

to have inaccurate or incomplete data corrected

Right to erasure

to request deletion of your data in certain circumstances, for example where it is no longer needed or you withdraw consent and there is no other legal basis

Right to restriction of processing

to request that we limit how we process your data in certain situations

Right to data portability

to receive certain data in a structured, commonly used, machine readable format and to have it transmitted to another controller where technically feasible

Right to object

to object to processing based on legitimate interests, including profiling, and to direct marketing at any time

Right to withdraw consent

where processing is based on your consent, you can withdraw it at any time

Right to complain to a supervisory authority

to lodge a complaint with a data protection authority if you believe your rights have been infringed

To exercise your rights, you can contact us at contact@zameera.com. We may need to verify your identity before responding to your request.

Some rights may be limited in certain circumstances, for example where fulfilling your request would conflict with legal obligations or the rights of others.

14. Security

We take appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

  • access controls and authentication
  • encryption and secure transmission where appropriate
  • network and infrastructure security
  • regular monitoring and testing of systems
  • staff training and internal policies on data protection

No system is completely secure, and we cannot guarantee absolute security. However, we aim to ensure a level of security appropriate to the risks.

If you believe that your account or data may have been compromised, contact us immediately.

15. Children

The Zameera platform and the experiences we facilitate are not intended for independent use by children under 18 years of age.

  • Bookings must be made by adults with legal capacity.
  • Children may participate in experiences only in line with supplier policies and under the supervision of parents, guardians, or responsible adults.

We do not knowingly collect personal data directly from children without appropriate consent. If you believe we have collected data from a child inappropriately, please contact us so we can take appropriate action.

16. Changes to this Policy

We may update this Customer Privacy Policy from time to time, for example to reflect changes in our services, legal requirements, or best practices.

When we make material changes, we will:

  • update the "Last updated" date at the top of this Policy, and
  • where appropriate, notify you through the Zameera platform or by email

Your continued use of the Zameera platform after updated terms take effect will signify your acceptance of the revised Policy.

17. How to contact us

If you have questions, concerns, or requests regarding this Policy or our handling of your personal data, you can contact us at:

Zameera L.L.C-FZ

Meydan Grandstand, 6th floor

Meydan Road, Nad Al Sheba

Dubai, United Arab Emirates

Email: contact@zameera.com

We will handle your query with discretion and aim to respond within a reasonable period, taking into account the nature of your request and applicable legal requirements.