Zameera L.L.C-FZ ("Zameera", "we", "us", "our") is incorporated in the Meydan Free Zone, Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba, Dubai, U.A.E. (licence 2539167.01). We operate a luxury experiences platform at www.zameera.com. This Privacy Policy explains how we collect, use, share and retain your personal data and what rights you have in relation to it.
This Policy is governed by UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. Where you are located in the EEA or UK, the GDPR or UK GDPR also applies. Questions about this Policy should be sent to contact@zameera.com.
1. DATA WE COLLECT
We collect personal data in the following categories. We collect only what is relevant to the purpose in question.
Data you give us directly
- Identity: name, title, nationality, date of birth, and — where required by a supplier or authority for a specific booking — passport or travel document details.
- Contact: email address, telephone number, postal address.
- Account: username, encrypted password, saved preferences, wishlist, and communication preferences.
- Booking and travel: experience selections, travel dates, group size, participant details, special requests, dietary requirements, accessibility needs, and related correspondence.
- Payment identifiers: billing name and address. Card transactions are processed entirely by Stripe, Inc. Zameera receives only: transaction confirmation, card brand, last four digits of card number, billing address, and where applicable fraud signals. Full card data is never held by Zameera.
- Communications: messages, enquiry form responses, feedback, survey responses, and any other correspondence with us.
- Professional and membership data: company name, job title, and business contact details for Enterprise users and Members.
Data we collect automatically
- Device and technical data: IP address, browser type and version, operating system, device type and identifiers, screen resolution, and time zone.
- Usage and behavioural data: pages visited, experiences viewed and saved, search queries, filters applied, booking journeys initiated or abandoned, time on page, scroll depth, click paths, and referring URLs.
- Location data: country and city-level location inferred from IP address. Precise location data where you grant permission through your device.
- Inferred preference data: interests, travel preferences, and likely intent derived from your behaviour on the Platform.
- Marketing engagement data: email open rates, link clicks, content interaction, and campaign response behaviour.
- Cookies and tracking data: see Section 6.
Data we receive from third parties
- Partner referral data: a referral identifier and limited profile data where you arrive via an integration partner such as beOnd airline, consistent with the consent you gave that partner.
- Analytics providers: aggregated and segmented behavioural data from analytics services we operate.
- Payment processor: transaction confirmation and payment identifiers from Stripe as described above.
- Social and public data: publicly available information relevant to fraud prevention, customer verification, or due diligence.
2. HOW WE USE YOUR DATA
We use your personal data for the following purposes. Where we rely on legitimate interests, those interests are: operating and improving a commercial platform, understanding our users, preventing fraud, and growing the business.
- Delivering the service: creating and managing accounts, processing and fulfilling bookings and enquiries, communicating about bookings, and providing customer support. Legal basis: contractual necessity.
- Processing payments: facilitating payment transactions and detecting or preventing fraud. Legal basis: contractual necessity; legitimate interests.
- Analytics and product improvement: understanding how the Platform is used, identifying what works and what does not, improving features, content, and the overall experience. Legal basis: legitimate interests.
- Personalisation: tailoring the experiences, content, destinations, and recommendations shown to you based on your behaviour, preferences, and inferred interests. Legal basis: legitimate interests; consent where cookies are the mechanism.
- Marketing and editorial communications: sending curated recommendations, editorial content, promotional offers, and news about Zameera by email or other channels where you have opted in or where we have a legitimate interest to do so as an existing or prospective customer. Legal basis: consent; legitimate interests.
- Research and development: conducting internal research into customer behaviour, preferences, and market trends to inform product, commercial, and editorial strategy. Legal basis: legitimate interests.
- Advertising and retargeting: we do not currently use behavioural advertising or retargeting. If this changes, we will update this Policy and obtain consent where required.
- Partner and supplier coordination: sharing booking-relevant data with suppliers and partners to fulfil experiences. Legal basis: contractual necessity.
- Safety, fraud, and compliance: detecting and preventing fraudulent or abusive activity, protecting users and the Platform, and meeting legal and regulatory obligations. Legal basis: legal obligation; legitimate interests.
- Business development: evaluating and pursuing commercial partnerships, investment discussions, and corporate transactions. Legal basis: legitimate interests.
Where we collect personal data for one purpose and later use it for a related but different purpose, we will assess compatibility before doing so. If the new purpose is not compatible with the original, we will seek fresh consent or establish a separate legal basis.
3. WHO WE SHARE YOUR DATA WITH
We do not sell your personal data. We share it only with the following categories of recipient, and only to the extent necessary for the stated purpose.
- Suppliers and experience operators: the personal data required to fulfil a booking, including name, contact details, travel dates, group composition, and any dietary or accessibility requirements.
- Payment processor (Stripe, Inc.): billing name and address to initiate payment. Stripe acts as an independent data controller for card data. Stripe's privacy policy: stripe.com/privacy.
- Cloud and infrastructure providers: including Google LLC (Firebase / Google Cloud) for platform hosting and data storage. These providers act as processors under our instruction.
- Analytics providers: usage and behavioural data for platform analytics and improvement, typically in pseudonymised or aggregated form.
- Marketing and advertising technology: contact and engagement data shared with email delivery services and, where deployed, advertising platforms to facilitate campaigns.
- Integration partners: limited data shared with referral or booking integration partners (such as beOnd) consistent with the purpose of the integration.
- Legal and regulatory authorities: where required by law, court order, or competent authority.
- Acquirers and investors: in the context of a financing, merger, acquisition, or sale of business assets. We will notify you of any such transfer.
4. INTERNATIONAL TRANSFERS
Your data may be transferred to and processed in countries outside the UAE, including the United States (Stripe, Google). We rely on appropriate safeguards including standard contractual clauses, adequacy mechanisms, and processor agreements. EEA and UK residents may request details of specific transfer safeguards by writing to contact@zameera.com.
Zameera is assessing whether its current activities require appointment of an EU or UK representative under Article 27 GDPR or UK GDPR. If required, representative details will be published here before Zameera materially targets EEA or UK customers.
5. RETENTION
We retain personal data for as long as necessary for the purpose for which it was collected and to meet our legal obligations. Our general approach:
- Account data: 5 years from account closure, to support any claims or compliance obligations.
- Booking and transaction records: 7 years from the transaction date, in accordance with UAE commercial and tax law.
- Special category data (dietary, accessibility): deleted within 90 days of the relevant experience unless legal proceedings require otherwise.
- Identity document data: deleted within 30 days of the relevant experience completion.
- Marketing preference records: duration of consent plus 5 years for compliance purposes.
- Suppression records (unsubscribes): retained indefinitely to ensure opted-out individuals are not contacted again.
- Usage analytics (pseudonymised): up to 24 months, after which personal identifiers are removed.
- Anonymised or aggregated data: indefinitely. Once genuinely anonymised, data falls outside the scope of data protection law.
- Fraud and compliance records: up to 6 years or longer where required by law.
6. COOKIES AND TRACKING
We use cookies and similar tracking technologies, including pixels, web beacons, and local or session storage. We deploy or may deploy the following categories:
- Strictly necessary: essential for platform operation. No consent required.
- Functional: remember your preferences and settings. Requires consent.
- Analytics: measure how the Platform is used to inform improvements. Data pseudonymised where possible. Requires consent.
- Marketing and retargeting: we do not currently use behavioural advertising or retargeting cookies. If this changes, we will update this Policy and obtain consent before any such cookies are activated.
- Social media and partner tracking: facilitate integrations with partner platforms and social channels. Requires consent.
Until our consent management system is live, we will not activate non-essential analytics, marketing, or retargeting cookies. When the system launches, a consent banner will be presented on your first visit. You will be able to accept all cookies, reject all non-essential cookies, or set preferences by category, and update them at any time via the cookie settings link in the Platform footer. Contact contact@zameera.com with any cookie queries in the meantime.
7. YOUR RIGHTS
Under the UAE PDPL and, where applicable, the GDPR or UK GDPR, you have the right to: access your personal data; correct inaccurate data; request deletion in certain circumstances; restrict processing while a complaint is resolved; receive your data in a portable format; object to processing based on legitimate interests; and withdraw consent at any time without affecting prior lawful processing.
To exercise any right, contact contact@zameera.com. We will respond within 30 days. EEA residents may also complain to their national data protection authority. UK residents may contact the ICO at ico.org.uk.
8. SECURITY AND BREACH
We implement appropriate technical and organisational measures to protect your data including TLS encryption in transit, encryption at rest, role-based access controls, and PCI DSS-compliant payment processing via Stripe. In the event of a breach likely to affect your rights, we will notify the UAE Data Office and, where required, you directly, in accordance with applicable law.
9. CHANGES TO THIS POLICY
We may update this Policy at any time. Material changes will be communicated by email or prominent notice on the Platform. This Policy is not a contract. An updated Policy applies to future processing from its effective date.
10. CONTACT
Zameera L.L.C-FZ
Meydan Grandstand, 6th Floor, Meydan Road, Nad Al Sheba
Dubai, United Arab Emirates | Licence 2539167.01
contact@zameera.com


