1. Introduction
Welcome to The Ice House Recreation Club Ltd (“Company,” “we,” “us,” or “our”). We are committed to protecting your privacy and ensuring that your personal data is handled in a safe and responsible manner. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you visit our website www.theicehouse.ae, use our services, or interact with us in any way.
This Privacy Policy is designed to comply with the UAE’s Personal Data Protection Law (Federal Decree Law No. 45 of 2021) and the GDPR. By accessing or using our Website and services, you consent to the practices described in this policy.
2. Definitions
In this Privacy Policy:
- “Personal Data” refers to any information relating to an identified or identifiable natural person. This may include, but is not limited to, names, addresses, email addresses, phone numbers, date of birth, payment details, and IP addresses.
- “Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, or destruction.
- “Data Controller” refers to the entity that determines the purposes and means of processing personal data. For the purposes of this policy, The Ice House Recreation Club Ltd is the Data Controller.
- “Data Subject” refers to the individual whose personal data is being processed.
- “GDPR” refers to the General Data Protection Regulation (EU) 2016/679.
- “Cookies” are small files stored on a user’s device by a web browser that hold data specific to a particular user and website.
3. Data Collection
We collect personal data from you in a variety of ways when you interact with us, including but not limited to:
- Directly Provided Data: Information you provide to us directly, such as when you book a session, sign up for our newsletter, fill out a form, or contact us via email or phone. This may include your name, email address, phone number, payment information, date of birth and other details necessary to fulfill your requests.
- Automatically Collected Data: Information that is automatically collected when you visit our Website, such as your IP address, browser type, operating system, referring URLs, and information on your use of our Website through cookies and other tracking technologies.
- Third-Party Data: Information we may receive about you from third-party sources, such as social media platforms, payment processors, and marketing partners, which we may combine with data we already have.
4. Legal Basis for Data Processing
We process your personal data based on one or more of the following legal grounds:
- Consent: Where you have given us explicit consent to process your personal data for specific purposes, such as subscribing to our newsletter or receiving promotional communications.
- Contractual Necessity: To fulfill our contractual obligations to you, such as processing your booking and providing the services you have requested.
- Legal Obligations: Where processing is necessary for compliance with legal and regulatory obligations, such as tax reporting and anti-fraud measures.
- Legitimate Interests: Where processing is necessary for our legitimate business interests, such as improving our services, conducting marketing, or securing our Website, provided that these interests are not overridden by your rights and freedoms.
5. Purpose of Data Processing
We use your personal data for the following purposes:
- Service Provision: To manage your bookings, process payments, provide personalized ice bath and sauna sessions, and otherwise carry out our contractual obligations.
- Customer Support: To respond to your inquiries, provide technical support, and ensure a high level of customer service.
- Marketing and Communications: To send you newsletters, promotional offers, and other communications related to our services, provided you have given your consent or as otherwise permitted by law.
- Website Improvement: To analyze how you use our Website, to improve our services and user experience, and to monitor the effectiveness of our marketing efforts.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes, and to protect our rights, privacy, safety, or property, as well as those of our users and the public.
6. Data Sharing and Disclosure
We may share your personal data with third parties in the following circumstances:
- Service Providers: We may share your data with third-party service providers who assist us in operating our Website, conducting our business, or servicing you, such as payment processors, hosting providers, and marketing agencies. These service providers are bound by confidentiality agreements and are only permitted to use your data in accordance with our instructions.
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred to the new owner as part of the transaction.
- Legal and Regulatory Requirements: We may disclose your personal data when required to do so by law, such as in response to a court order, subpoena, or other legal processes, or when we believe disclosure is necessary to protect our rights or comply with a judicial proceeding, court order, or legal process.
7. User Rights
As a data subject, you have certain rights regarding your personal data under GDPR and UAE privacy laws. These rights include:
- Right to Access: You have the right to request access to the personal data we hold about you and to receive information on how we process it.
- Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
- Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected, or if you withdraw your consent.
- Right to Restrict Processing: You have the right to request that we limit the processing of your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another data controller, where technically feasible.
- Right to Object: You have the right to object to the processing of your personal data where we are relying on legitimate interests or performing a task in the public interest, and you believe that this impacts your fundamental rights and freedoms.
- Right to Withdraw Consent: Where we are processing your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact us using the contact details provided in this Privacy Policy. We will respond to your request in accordance with applicable laws and regulations.
8. Data Security Measures
We are committed to ensuring the security of your personal data. We implement a variety of security measures to protect your personal information from unauthorized access, use, disclosure, alteration, or destruction. These measures include:
- Encryption: We use industry-standard encryption protocols to protect your personal data during transmission and storage.
- Access Controls: Access to personal data is restricted to authorized personnel who need the information to perform their job duties. These individuals are subject to strict confidentiality obligations.
- Regular Security Audits: We regularly review our security practices to identify potential vulnerabilities and implement improvements as necessary.
- Incident Response Plan: In the event of a data breach, we have an incident response plan in place to mitigate the impact, notify affected individuals, and comply with legal obligations.
While we take reasonable steps to protect your personal data, please be aware that no security measures are completely foolproof. We cannot guarantee the absolute security of your personal information.
9. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this Privacy Policy, and to comply with our legal obligations. Specifically:
- Service-Related Data: We retain data related to your bookings, transactions, and interactions with our services for as long as necessary to provide our services and fulfill our contractual obligations.
- Marketing Data: If you have consented to receive marketing communications, we retain your personal data until you opt-out or unsubscribe from these communications.
- Legal Compliance: We may retain personal data for longer periods where required by law, such as for tax, accounting, or regulatory compliance purposes.
- Data Deletion: Once personal data is no longer necessary for the purposes for which it was collected, we will securely delete or anonymize it in accordance with applicable laws and regulations.
10. Data Host
Your personal data will be hosted and processed exclusively within the United Arab Emirates (UAE). We do not transfer your data outside the UAE. In compliance with the UAE’s Personal Data Protection Law (Federal Decree Law No. 45 of 2021), we ensure that your data is managed and protected according to strict standards.
The provisions of the UAE’s Personal Data Protection Law apply to the processing of personal data, whether in full or part through electronic systems, inside or outside the country. We adhere to this law by securing your personal data, maintaining its confidentiality, and preventing unauthorized processing or access.
The data we collect from you will be stored on secure servers within the UAE, and we take all necessary precautions to ensure that your data remains safe and confidential. By using our services and providing your personal data, you consent to the storage and processing of your data within the UAE, in accordance with the UAE’s Personal Data Protection Law.
11. Cookies and Tracking Technologies
Our Website uses cookies and other tracking technologies to enhance your user experience, analyze website traffic, and understand where our visitors are coming from. Cookies are small data files that are placed on your device when you visit a website.
- Types of Cookies Used:
- Essential Cookies: These cookies are necessary for the basic functionality of the Website, such as enabling secure logins and booking processing.
- Performance Cookies: These cookies collect information about how you use our Website, such as which pages you visit most often. This data helps us optimize our Website and improve user experience.
- Functional Cookies: These cookies remember your preferences and choices, such as language settings, to provide a more personalized experience.
- Marketing Cookies: These cookies are used to deliver relevant advertisements to you and measure the effectiveness of our marketing campaigns.
- Managing Cookies: You can control and manage cookies through your browser settings. However, please note that disabling certain cookies may affect the functionality of our Website and your ability to use certain features.
- Third-Party Tracking: We may use third-party analytics and advertising services that use cookies and similar technologies to collect information about your online activities across different websites. This information may be used to provide you with targeted advertisements and analyze trends.
12. Marketing Communications
We may use your personal data to send you marketing communications about our services, promotions, and events that we believe may be of interest to you.
- Consent: We will only send you marketing communications if you have provided your consent, or if you have previously purchased or shown interest in similar services from us, in accordance with applicable laws.
- Opting-Out: You can opt-out of receiving marketing communications at any time by following the unsubscribe instructions included in our emails or by contacting us directly.
- Preferences: You may also have the option to select your preferences for receiving marketing communications through your account settings on our Website.
We will not share your personal data with third parties for their own marketing purposes without your explicit consent.
13. Children’s Privacy
Children between the age of 13-18 can use our services with parental consent or guardian. We do not knowingly collect personal data from children without parental consent.
- Parental Consent: If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us. We will take steps to delete such data from our systems.
If we become aware that we have inadvertently collected personal data from a child without parental consent, we will take immediate steps to delete that information.
14. Automated Decision-Making and Profiling
We do not use your personal data for automated decision-making processes that have a legal or significant impact on you without your explicit consent.
- Automated Decision-Making: Automated decision-making refers to decisions made solely by automated means without any human involvement. If we engage in such processing, we will inform you of the logic involved, as well as the significance and potential consequences of the decision.
- Profiling: Profiling involves the automated processing of personal data to evaluate certain aspects of an individual, such as their preferences, interests, or behavior. If we conduct profiling, it will be for the purpose of providing you with personalized services or marketing, and we will obtain your consent where required by law.
You have the right to object to automated decision-making and profiling, and to request human intervention, where applicable.
15. Payment Processing with Stripe
We use Stripe, a third-party payment processor, to handle payments for our services. Stripe processes your payment information securely and in accordance with its own privacy policies and legal obligations.
- Data Collected by Stripe: When you make a payment on our Website, Stripe may collect certain personal data from you, including your payment method information (such as credit or debit card number), billing address, email address, and transaction details.
- Data Sharing: We share your payment data with Stripe to process your transactions. Stripe may also use aggregated data to analyze transaction trends and improve its services.
- Security: Stripe complies with industry standards for payment processing, including PCI-DSS (Payment Card Industry Data Security Standard) compliance, which ensures that your payment information is handled securely.
- International Transfers: As Stripe operates globally, your payment information may be transferred to and processed in countries other than your own. Stripe ensures that appropriate safeguards are in place for international data transfers.
- Your Rights: You have the right to access, correct, and delete your payment information stored with Stripe. For more information on how Stripe handles your personal data, please refer to Stripe’s Privacy Policy.
16. Third-Party Websites and Services
Our Website may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to these third-party sites and services, and we are not responsible for their privacy practices.
- Third-Party Links: When you click on a link to a third-party website, you will be directed to that site. We strongly encourage you to review the privacy policy of every site you visit.
- Third-Party Services: If we integrate third-party services into our Website (such as social media plugins or analytics tools), these services may collect information about your use of our Website, including your IP address and the pages you visit.
We are not responsible for the content or privacy practices of any third-party websites or services. Please review their respective privacy policies before engaging with them.
17. Data Controller and Data Processor Roles
The Ice House Recreation Club Ltd acts as the Data Controller for the personal data collected and processed in connection with our services.
- Data Controller: As the Data Controller, we determine the purposes and means of processing your personal data. We are responsible for ensuring that your data is processed in accordance with applicable laws and this Privacy Policy.
- Data Processors: We may engage third-party service providers to act as Data Processors on our behalf. These Data Processors are only authorized to process your personal data according to our instructions and are required to adhere to strict confidentiality and security measures.
18. Data Subject Requests
You have the right to make requests regarding your personal data. These rights include accessing, correcting, or deleting your data, as well as objecting to or restricting its processing.
- How to Submit a Request: To exercise your rights, please contact us using the details provided in the “Contact Information” section of this Privacy Policy. We may need to verify your identity before fulfilling your request.
- Response Time: We will respond to your request within the time frame required by applicable laws, typically within 30 days.
- Fees: In most cases, you will not be charged for submitting a request. However, if your request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.
19. Changes to the Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors.
- Notification of Changes: If we make material changes to this Privacy Policy, we will notify you by posting the updated policy on our Website and revising the “Last Updated” date at the top of this page. In some cases, we may also provide you with additional notice, such as sending you an email notification.
- Your Responsibility: It is your responsibility to review this Privacy Policy periodically to stay informed about our data processing practices.
20. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
- Email: contact@theicehouse.ae