Dubai's Leading Licensed Travel Broker
200+ Cryptocurrencies Accepted
190+ Countries Supported
Stay in Touch
© 2026 CoinBooking. All rights reserved.
Last Updated: April 29, 2026
This Privacy Policy ("Policy") describes how COIN LABS TRAVEL AND TOURISM L.L.C (doing business as "CoinBooking", "we", "us", or "our"), a company incorporated and headquartered in Dubai, United Arab Emirates, collects, uses, maintains, protects, and discloses your Personal Information when you access or use the CoinBooking website (the "Website"), the CoinBooking mobile application (the "Mobile Application"), and any related products, features, and services (collectively, the "Services").
This Policy also describes the choices available to you regarding our use of your Personal Information and how you can access, correct, and request deletion of it.
This Policy is a legally binding agreement between you ("User", "you", or "your") and COIN LABS TRAVEL AND TOURISM L.L.C. If you are entering into this Policy on behalf of a business or other legal entity, you represent that you have the authority to bind such entity to this Policy, in which case the terms "User", "you", or "your" shall refer to such entity. If you do not have such authority, or if you do not agree with the terms of this Policy, you must not accept this Policy and may not access or use the Services.
By creating an account and clicking "I Accept" during registration, or by otherwise accessing and using the Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Policy. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage. The Services are available to users globally without geographic restrictions. We encourage you to read this Policy in its entirety before using our Services.
Prior versions of this Policy are available upon request by contacting us at the details provided at the end of this document.
When you open the Website or use the Mobile Application, our servers automatically record information that your browser or device sends. This data may include information such as:
• Your device's IP address and approximate geographic location; • Browser type, name, and version; • Operating system type and version; • Language and locale preferences; • The webpage or application you were using before you navigated to our Services; • Pages and features of the Services that you visit or interact with; • The time spent on those pages and features; • Search queries you submit on the Services; • Access times, dates, and frequency of use; • Other diagnostic and usage statistics.
Information collected automatically is used to identify potential cases of abuse, establish statistical information regarding the usage and traffic of the Services, diagnose technical issues, and improve the performance of the Services. This statistical information is not aggregated in such a way that would identify any particular User of the system.
You can browse certain portions of the Services without revealing any information by which someone could identify you as a specific, identifiable individual. However, in order to use certain features of the Services — such as searching for and booking travel, creating an account, making a purchase, connecting a cryptocurrency wallet, participating in our loyalty program, or contacting customer support — you may be asked to provide certain Personal Information. We receive and store any information you knowingly provide to us when you create an account, make a booking or purchase, publish content, participate in our loyalty or rewards program, connect an external cryptocurrency wallet, communicate with us via in-app messaging or customer support chat, or fill any forms on the Services. When required, this information may include the following:
• Account and authentication details: such as your email address, unique user ID, and account preferences. You may create an account by providing your email address and verifying it via a one-time password ("OTP"), or by signing up through a third-party authentication provider such as Google or Apple. When you sign up using Google or Apple, we receive certain information from the relevant provider, such as your name, email address, and profile identifier, in accordance with the permissions you grant during the sign-up process; • Contact information: such as email address, phone number, and mailing address; • Basic personal information: such as your name, date of birth, nationality, and country of residence; • Travel and booking information: In order to complete bookings for flights, hotels, and other travel services, you will be required to provide certain personal details that are mandated by the relevant travel service provider (such as an airline or hotel). This information may include your full legal name, date of birth, gender, nationality, passport number, passport expiry date, visa details, frequent flyer numbers, travel preferences, dietary requirements, accessibility needs, and details of accompanying travellers. This information is collected by us solely for the purpose of transmitting it to the relevant airline, hotel, or other travel service provider to fulfill your booking and generate the required Passenger Name Record ("PNR") or reservation record. CoinBooking does not use this information for identity verification or know-your-customer ("KYC") purposes; • Payment information: such as credit or debit card details, bank account information, billing address, and transaction history; • Cryptocurrency and wallet information: such as public wallet addresses, blockchain network identifiers, transaction hashes, and token or coin types used for payment. Please note that where your public wallet address is linked to your CoinBooking account, it constitutes Personal Information as it can be used, together with other data we hold, to identify you as a specific individual. We do not collect or store your private keys, seed phrases, or wallet passwords; • Loyalty and rewards program information: such as membership number, points balance, redemption history, and tier status; • Communications data: such as records of in-app messages, customer support chat logs, feedback, and correspondence with us; • Geolocation data: such as the latitude and longitude of your device, only where you grant explicit permission through your device settings; • Any other materials you willingly submit to us: such as reviews, ratings, images, feedback, or survey responses.
We do not access your device contacts, calendar, or photo gallery unless a specific feature requires it and you have granted explicit permission through your device's operating system. Where such access is requested, the purpose will be clearly disclosed to you at the time of the request.
Important clarification: CoinBooking does not perform identity verification, know-your-customer ("KYC"), or anti-money laundering ("AML") checks on its Users. We do not collect identity documents such as government-issued IDs, passports for verification purposes, or biometric data (such as facial recognition or fingerprints). The personal details you provide during the booking process (such as your name, passport number, and date of birth) are collected exclusively because they are required by airlines, hotels, and other travel service providers to issue tickets, confirm reservations, and comply with their own regulatory obligations. We act as an intermediary transmitting this information to the relevant provider on your behalf.
Some of the information we collect is provided directly by you through the Services. However, we may also collect Personal Information about you from other sources, including:
• Travel service providers: such as airlines, hotels, car rental companies, and tour operators, who may share booking confirmations, itinerary changes, or loyalty program data with us; • Third-party authentication providers: such as Google or Apple, if you choose to register or log in using their sign-in services; • Blockchain networks: publicly available transaction data recorded on distributed ledgers in connection with cryptocurrency payments you initiate through the Services; • Our business partners and affiliates: who may share demographic information, referral data, or promotional interaction data; • Publicly available sources: such as public directories, government databases, or open data repositories.
Personal Information we collect from other sources may include demographic information (such as age and gender), device information (such as IP addresses), location information (such as city and state), and online behavioral data (such as information about your use of social media websites, page view information, and search results and links).
You can choose not to provide us with your Personal Information, but then you may not be able to take advantage of some of the features of the Services, including the ability to make bookings or process payments. Users who are uncertain about what information is mandatory are welcome to contact us.
We act as a data controller and a data processor when handling Personal Information, unless we have entered into a data processing agreement with you, in which case you would be the data controller and we would be the data processor. Our role may also differ depending on the specific situation involving Personal Information. We act in the capacity of a data controller when we ask you to submit your Personal Information that is necessary to ensure your access to and use of the Services. In such instances, we are a data controller because we determine the purposes and means of the processing of Personal Information. We act in the capacity of a data processor in situations when you submit Personal Information through the Services for the purpose of transmitting it to a third-party travel service provider to fulfill your booking. In such instances, we process the data on your behalf and in accordance with your instructions, and the travel service provider acts as an independent data controller once it receives your information.
In order to make the Services available to you, to fulfill a booking or travel-related service you have requested, or to meet a legal obligation, we may need to collect and use certain Personal Information. If you do not provide the information that we request, we may not be able to provide you with the requested products or services. Any of the information we collect from you may be used for the following purposes:
• To search, compare, and facilitate bookings for flights, hotels, and other travel-related services on your behalf; • To transmit your personal and travel details (including name, passport information, and PNR data) to airlines, hotels, and other travel service providers as required to fulfill your bookings; • To process payments, including fiat currency and cryptocurrency transactions, and issue confirmations, receipts, and invoices; • To create, manage, and maintain your user account and profile; • To administer and operate the CoinBooking loyalty and rewards program, including tracking points, tier status, and redemption; • To communicate with you regarding your bookings, account, and customer support inquiries via in-app messaging, email, push notification, or other channels; To improve our products, Services, and user experience; • To send marketing and promotional communications, subject to your separate consent where required; • To send product and service updates, including travel alerts, itinerary changes, and fare notifications; • To respond to your inquiries and provide customer support; • To deliver targeted advertising and personalized content; • To administer prize draws, competitions, and promotional offers; • To enforce our terms and conditions and other applicable policies; • To detect, prevent, and address fraud, abuse, and malicious activity; • To comply with legal obligations and respond to lawful requests from public authorities; • To protect the rights, property, and safety of CoinBooking, our Users, and the public; • To run and operate the Services.
Where required by applicable law, consent for the above purposes is obtained on a granular, purpose-specific basis, ensuring you may consent to or decline each processing purpose independently (for example, marketing communications separately from analytics).
We conduct Data Protection Impact Assessments ("DPIAs") where required by applicable law, including in connection with processing that is likely to result in a high risk to your rights and freedoms — such as the linking of cryptocurrency wallet addresses to user accounts, profiling for advertising purposes, and large-scale processing of travel and financial data.5. Legal Bases for Processing (GDPR and Equivalent Frameworks) For Users in jurisdictions that require a specific legal basis for the processing of PersonalI information (including the EU, EEA, UK, Brazil, and other applicable jurisdictions), the following table sets out the legal basis upon which we rely for each processing purpose. Where we rely onlegitimate interests, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms.
For Users in jurisdictions that require a specific legal basis for the processing of Personal Information (including the EU, EEA, UK, Brazil, and other applicable jurisdictions), the following table sets out the legal basis upon which we rely for each processing purpose. Where we rely on legitimate interests, we have conducted a balancing test to ensure that our interests do not override your fundamental rights and freedoms.
Note that under some legislations we may be allowed to process information until you object to such processing by opting out, without having to rely on consent or any other of the legal bases above. In any case, we will be happy to clarify the specific legal basis that applies to the processing upon your request, and in particular whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
In cases where Services require payment via traditional fiat currencies, you may need to provide your credit card details, debit card details, bank account information, or other payment account information, which will be used solely for processing payments. We use third-party payment processors ("Payment Processors") to assist us in processing your payment information securely.
Payment Processors adhere to the latest security standards as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover. Sensitive and private data exchange occurs over SSL-secured communication channels and is encrypted and protected with digital signatures, and the Services are also in compliance with strict vulnerability standards in order to create as secure of an environment as possible for Users.
We will share payment data with the Payment Processors only to the extent necessary for the purposes of processing your payments, issuing refunds, and dealing with complaints and queries related to such payments and refunds. Please note that the Payment Processors may collect some Personal Information from you, which allows them to process your payments (e.g., your email address, address, credit card details, and bank account number) and handle all the steps in the payment process through their systems, including data collection and data processing. The Payment Processors' use of your Personal Information is governed by their respective privacy policies. We suggest that you review their respective privacy policies.
CoinBooking allows Users to make payments using supported cryptocurrencies. When you choose to pay with cryptocurrency, the following considerations apply:
• Public blockchain transparency: Cryptocurrency transactions are recorded on public, distributed blockchain networks. Transaction details — including public wallet addresses, transaction amounts, timestamps, and transaction hashes — are publicly visible and permanently recorded on the relevant blockchain. We have no ability to modify, delete, or restrict access to information recorded on a public blockchain. • Wallet addresses as Personal Information: Where your public wallet address is linked to your CoinBooking user account, it constitutes Personal Information under applicable data protection laws (including GDPR, PIPL, and others), as it can be used — in combination with other data we hold — to identify you as a specific individual. We treat wallet addresses linked to user accounts with the same protections afforded to all other Personal Information under this Policy. • Wallet address collection: When you connect an external cryptocurrency wallet or initiate a cryptocurrency payment, we collect and store your public wallet address and associated transaction identifiers solely for the purposes of processing and confirming the payment, matching payments to bookings, providing receipts, and maintaining records as required by law. • No collection of private keys: We do not collect, store, or have access to your private keys, seed phrases, wallet passwords, or any credentials that control your cryptocurrency holdings. • Third-party payment and exchange services: We may use third-party cryptocurrency payment processors or exchange services to facilitate the conversion, processing, or settlement of cryptocurrency payments. These third parties may collect additional information from you in accordance with their own privacy policies, which we encourage you to review. • Regulatory compliance: We may be required to collect and report certain information related to cryptocurrency transactions in order to comply with applicable tax reporting and financial regulations under the laws of the United Arab Emirates and other applicable jurisdictions.
Depending on the Services you request or as necessary to complete any transaction or provide any Service you have requested, we may share your information with the following categories of third parties:
• Travel service providers: Airlines, hotels, car rental companies, tour operators, travel insurance providers, and other travel-related service providers require your Personal Information (such as your full legal name, date of birth, passport details, contact information, and travel preferences) to issue tickets, confirm reservations, and manage your bookings. This includes the transmission of Passenger Name Record ("PNR") data to airlines, which may in turn be required to share PNR data with government authorities in accordance with applicable aviation security laws and regulations (including EU PNR Directive 2016/681, US CBP requirements, and equivalent laws in other jurisdictions). Once your information is shared with travel service providers, their use of your data is governed by their own privacy policies and their own legal and regulatory obligations, including any KYC, AML, or identity verification requirements that they are independently required to perform. • Payment processors and financial institutions: Including fiat currency payment processors, cryptocurrency payment processors, banks, and exchange services, as necessary to process your payments and issue refunds. • Technology and infrastructure service providers: Including cloud hosting providers, content delivery networks, email and push notification service providers, analytics providers, and customer relationship management platforms, who assist in the operation of the Services. • Advertising and marketing partners: We may share aggregated, anonymized, or non-personally identifiable information with advertising networks and marketing partners to deliver targeted advertising and measure campaign effectiveness. We do not share personally identifiable information with advertisers without your consent. • Loyalty and rewards program partners: If you participate in the CoinBooking loyalty and rewards program, we may share relevant information with partner airlines, hotels, or other service providers to facilitate points accrual, redemption, and tier benefits. • Professional advisors: Including lawyers, auditors, accountants, and insurers, where necessary in the course of the professional services they render to us. • Regulatory and government authorities: Where required by applicable law, regulation, legal process, or governmental request, including to comply with tax reporting, PNR disclosure obligations, and other regulatory obligations in the United Arab Emirates and other applicable jurisdictions. • Business transfer parties: In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your Personal Information may be transferred to the acquiring or successor entity, subject to the terms of this Policy.
Service Providers are not authorized to use or disclose your information except as necessary to perform services on our behalf or comply with legal requirements. Service Providers are given the information they need only in order to perform their designated functions, and we do not authorize them to use or disclose any of the provided information for their own marketing or other purposes. We will not share any information with unaffiliated third parties except as described in this Policy.
A list of our current sub-processors and third-party service providers is available upon request by contacting us at the details provided at the end of this Policy, or at the designated URL published on our Website.
Our Services use "cookies" and similar tracking technologies to help personalize your online experience. A cookie is a small text file that is placed on your hard disk or device by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
In compliance with the EU ePrivacy Directive (2002/58/EC) and other applicable cookie consent laws, we use a Consent Management Platform ("CMP") or cookie banner to obtain your informed consent before placing non-essential cookies on your device. When you first visit the Services, you will be presented with clear information about the types of cookies used and given the ability to accept or decline each category. Strictly necessary cookies do not require consent and are essential for the operation of the Services.
We may use the following categories of cookies and similar technologies:
• Strictly necessary cookies: Required for the operation of the Services, including to authenticate your session, maintain security, process transactions, and remember your preferences. These cookies cannot be disabled. Duration: Session or up to 12 months. • Analytics and performance cookies: To collect statistical information about how Users interact with the Services, monitor performance, and identify areas for improvement. Duration: Up to 24 months. • Functionality cookies: To remember your choices and preferences (such as language, currency, or travel search settings) and provide enhanced, personalized features. Duration: Up to 12 months. • Advertising and targeting cookies: To deliver relevant advertisements, measure advertising effectiveness, and limit the number of times you see an advertisement. Duration: Up to 12 months.
Please note that you have the ability to accept or decline non-essential cookies at any time via the cookie settings on our Website or by modifying your browser settings. If you choose to decline cookies, you may not be able to fully experience the features of the Services.
For detailed information about the specific cookies we use, their purposes, providers, and durations, please refer to our Cookie Policy available on the Website.
Our Services may use third-party analytics tools (such as Google Analytics) that use cookies, web beacons, or other similar information-gathering technologies to collect standard internet activity and usage information. The information gathered is used to compile statistical reports on User activity such as how often Users visit our Services, what pages they visit and for how long, and similar metrics. We use the information obtained from these analytics tools to monitor the performance and improve our Services. We do not use third-party analytics tools to track or collect any personally identifiable information of our Users, and we will not associate any information gathered from the statistical reports with any individual User.
Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from users who use or visit a website or online service as they move across different websites over time. The Services do not track visitors over time and across third-party websites. However, some third-party websites and services may keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.
We will retain and use your Personal Information for the period necessary to fulfill the purposes outlined in this Policy, to comply with our legal obligations, as long as your user account remains active, to enforce our policies, resolve disputes, and unless a longer retention period is required or permitted by law.
The following indicative retention periods apply by data category, subject to applicable legal requirements:
We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the applicable retention period expires, Personal Information shall be securely deleted or anonymized. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.
Please note that certain information associated with cryptocurrency transactions recorded on public blockchains cannot be deleted or modified by us, as blockchain records are permanent and immutable by design. Additionally, personal details transmitted to airlines and other travel service providers in connection with your bookings become subject to those providers' own data retention policies once transmitted, and we cannot control the retention practices of third parties.
CoinBooking operates globally and may transfer, store, and process your Personal Information in countries other than your country of residence, including in the United Arab Emirates and other jurisdictions where our service providers, travel partners, and infrastructure are located. In particular, when you book a flight or hotel, your personal and travel details will be transmitted to the relevant airline or hotel, which may be located in a different country.
Where required by applicable laws, we will ensure that such transfers are based on appropriate legal grounds, including:
• Obtaining your explicit consent; • Implementing Standard Contractual Clauses ("SCCs") approved by the European Commission or equivalent recognized mechanisms; • Transferring data to countries recognized as providing an adequate level of data protection; • Implementing other appropriate safeguards as required by applicable data protection laws, including binding corporate rules, certifications, or codes of conduct; • Relying on applicable derogations under the relevant data protection law (such as where the transfer is necessary for the performance of a contract).
For Users in China, cross-border transfers of Personal Information are conducted in compliance with the PIPL, including obtaining your separate consent, conducting a Personal Information Protection Impact Assessment, and ensuring the overseas recipient meets the protection standards prescribed by the PIPL through contractual or other measures.
For Users in Russia, the initial recording, systematization, accumulation, storage, clarification, and extraction of Personal Information of Russian citizens are carried out using databases located in the Russian Federation, in accordance with Article 18 of Federal Law No. 152-FZ (see Section 14.5 for further details).
You are entitled to learn about the legal basis of such transfers and the measures we take to ensure the security of your Personal Information. If you would like more details, please refer to the relevant sections of this Policy or contact us using the information provided below.
We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in our control and custody. These safeguards include, but are not limited to:
• Encryption of data in transit using industry-standard SSL/TLS protocols; • Encryption of sensitive data at rest; • Access controls and role-based permissions limiting access to Personal Information on a need-to-know basis; • Regular security assessments and vulnerability testing; • Employee training on data protection and information security practices; • Ongoing monitoring for suspicious activity and unauthorized access.
However, no data transmission over the Internet or wireless network can be guaranteed to be completely secure. Therefore, while we strive to protect your Personal Information, you acknowledge that (a) there are security and privacy limitations of the Internet which are beyond our control; (b) the security, integrity, and privacy of any and all information and data exchanged between you and the Services cannot be guaranteed; and (c) any such information and data may be viewed or tampered with in transit by a third party, despite best efforts.
As the security of Personal Information depends in part on the security of the device you use to communicate with us and the security you use to protect your credentials, please take appropriate measures to protect this information, including safeguarding your account password, OTP codes, and any cryptocurrency wallet credentials.
In the event we become aware that the security of the Services has been compromised or Users' Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities.
In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the User as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Services and send you an email. In jurisdictions where required, we will also report the breach to the relevant data protection authorities in accordance with applicable regulations and within the prescribed timeframes (e.g., 72 hours under GDPR, or as otherwise required under applicable local law).
We may use automated processing, including profiling, in connection with certain aspects of the Services, such as:
• Fraud detection and prevention in payment transactions (fiat and cryptocurrency); • Personalization of travel search results and recommendations based on your preferences and browsing behavior; • Delivery of targeted advertising.
Where such automated processing produces legal effects concerning you or similarly significantly affects you, you have the right to:
• Obtain human intervention in the decision-making process; • Express your point of view and contest the decision; • Obtain an explanation of the decision reached after an automated assessment; • Opt out of profiling-based advertising at any time by adjusting your account settings, using the cookie consent controls on our Website, or contacting us directly.
These rights apply regardless of your jurisdiction. Additional rights related to automated decision-making specific to your region are described in Section 14 below.
You are able to access, review, and update certain Personal Information we have about you through your account settings on the Services. You may also request deletion of your Personal Information or permanent deletion of your account by contacting us using the details provided below or through the settings page of your account. When you delete Personal Information, we may maintain a copy of the unrevised Personal Information in our records for the duration necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Please note that deleting your account or Personal Information from CoinBooking does not delete any personal details that have already been transmitted to airlines, hotels, or other travel service providers in connection with completed or pending bookings. Those providers retain and process your data independently under their own privacy policies.
All Users, regardless of jurisdiction, have the right to opt out of the use of their Personal Information for profiling-based advertising. You may exercise this right by adjusting your advertising preferences in your account settings, modifying your cookie consent selections, or contacting us using the details provided at the end of this Policy.
Any requests to exercise your rights can be directed to us through the contact details provided at the end of this Policy. Please note that we may ask you to verify your identity before responding to such requests. Your request must provide sufficient information that allows us to verify that you are the person you are claiming to be or that you are the authorized representative of such person. If we receive your request from an authorized representative, we may request evidence that you have provided such authorized representative with power of attorney or that the authorized representative otherwise has valid written authority to submit requests on your behalf.
You must include sufficient details to allow us to properly understand the request and respond to it. We cannot respond to your request or provide you with Personal Information unless we first verify your identity or authority to make such a request and confirm that the Personal Information relates to you.
You have the right to choose not to have your Personal Information sold or disclosed by contacting us. Upon receiving and verifying your request, we will cease the sale and disclosure of your Personal Information. Be aware, however, that opting out of data transfers to our third parties might affect our ability to provide certain Services you have signed up for. We reserve the right to reject opt-out requests in certain situations as permitted by applicable law, such as when the transfer of Personal Information is required for us to fulfill a booking or comply with legal duties.
Depending on your location, you may have additional rights under applicable data protection laws. The following region-specific disclosures apply.
If you are a resident of the United Arab Emirates, we process your Personal Information in compliance with applicable UAE data protection laws, including UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL") and any implementing regulations issued thereunder. (a) Right to access: You have the right to access the Personal Information we hold about you and to obtain a copy of it. (b) Right to correction: You have the right to request corrections to your Personal Information if it is inaccurate, incomplete, or outdated. (c) Right to deletion: You have the right to request the deletion or destruction of your Personal Information in certain circumstances, such as when the data is no longer necessary for the purpose for which it was collected. (d) Right to restrict processing: You have the right to request that we cease or restrict the processing of your Personal Information in certain circumstances. (e) Right to data portability: You have the right to request a copy of your Personal Information in a structured, commonly used, and machine-readable format. (f) Right to withdraw consent: Where we rely on your consent to process your Personal Information, you have the right to withdraw your consent at any time. (g) Right to object: You have the right to object to the processing of your Personal Information in certain circumstances, including processing for direct marketing purposes. (h) Right to complain: You have the right to lodge a complaint with the UAE Data Office if you believe that your Personal Information is being processed in violation of the UAE PDPL.
DIFC and ADGM: If you interact with us through or in connection with entities operating within the Dubai International Financial Centre ("DIFC") or the Abu Dhabi Global Market ("ADGM"), the DIFC Data Protection Law No. 5 of 2020 or the ADGM Data Protection Regulations 2021 (as applicable) may apply to the processing of your Personal Information in addition to or in place of the UAE PDPL. We comply with such laws to the extent they are applicable to our operations.
If you are a resident of the European Union ("EU"), the European Economic Area ("EEA"), or the United Kingdom ("UK"), you have certain rights in relation to your Personal Information based on the General Data Protection Regulation ("GDPR") and the UK Data Protection Act 2018 ("UK DPA") that we comply with as part of our commitment to your privacy. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the GDPR and the UK DPA.
(a) Right to withdraw consent: You have the right to withdraw consent where you have previously given your consent to the processing of your Personal Information. Withdrawal will not affect the lawfulness of processing before the withdrawal. (b) Right to access: You have the right to learn if your Personal Information is being processed by us, obtain disclosure regarding certain aspects of the processing, and obtain a copy of your Personal Information undergoing processing. (c) Right to rectification: You have the right to verify the accuracy of your information and ask for it to be updated or corrected. You also have the right to request us to complete the Personal Information you believe is incomplete. (d) Right to object to the processing: You have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent. Where Personal Information is processed for the public interest, in the exercise of an official authority vested in us, or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection. Should your Personal Information be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. (e) Right to restrict processing: You have the right, under certain circumstances, to restrict the processing of your Personal Information. These circumstances include: the accuracy of your Personal Information is contested by you and we must verify its accuracy; the processing is unlawful, but you oppose the erasure of your Personal Information and request the restriction of its use instead; we no longer need your Personal Information for the purposes of processing, but you require it to establish, exercise, or defend your legal claims; or you have objected to processing pending the verification of whether our legitimate grounds override your legitimate grounds.
(f) Right to delete: You have the right, under certain circumstances, to obtain the erasure of your Personal Information from us. These circumstances include: the Personal Information is no longer necessary in relation to the purposes for which it was collected; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; or the Personal Information has been unlawfully processed. Exclusions to the right to erasure apply where processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, or for the establishment, exercise, or defense of legal claims. (g) Right to data portability: You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format and, if technically feasible, to have it transmitted to another controller without hindrance from us, provided that such transmission does not adversely affect the rights and freedoms of others. (h) Right not to be subject to automated decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless such processing is necessary for the performance of a contract, authorized by applicable law, or based on your explicit consent. Where such decisions are made, you have the right to obtain human intervention, to express your point of view, and to contest the decision. (i) Right to complaint: You have the right to lodge a complaint with a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the EU, the EEA, or the UK.
If you are a resident of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Utah, Virginia, or any other US state with applicable consumer privacy legislation, you have certain rights under applicable state privacy laws. This supplemental section provides information about your rights and how to exercise them under the California Consumer Privacy Act and the California Privacy Rights Act (collectively, "CCPA"), the Colorado Privacy Act ("CPA"), the Connecticut Data Privacy Act ("CDPA"), the Delaware Online Privacy and Protection Act ("DOPPA"), the Iowa Consumer Data Protection Act ("ICDPA"), the Maryland Personal Information Protection Act ("PIPA"), the Utah Consumer Privacy Act ("UCPA"), the Virginia Consumer Data Protection Act ("VCDPA"), and any and all regulations arising therefrom. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the related state laws.
In addition to the rights explained in this Policy, if you provide Personal Information as defined in the relevant statute to obtain Services for personal, family, or household use, you have the right to submit requests related to your Personal Information once per calendar year. Note that there are circumstances when we may not be able to comply with your request, such as when we are unable to verify your request or find that providing a full response conflicts with other legal obligations or regulatory requirements. You will be notified if this is the case. (a) Right to know and right to access: You have the right to request certain information we have collected about you, including the specific pieces of Personal Information we hold, the categories of sources from which information about you is collected, and the purposes for collecting, selling, or sharing your Personal Information. You have the right to request that the Personal Information is delivered in a format that is both portable and easily usable, as long as it is technically possible to do so. (b) Right to correct: You have the right to request that we correct your inaccurate Personal Information taking into account the nature of the Personal Information and the purposes of the processing. (c) Right to delete: You have the right to request deletion of your Personal Information. (d) Right to opt-out of the sale and sharing: You have the right to opt out of the sale of your Personal Information, which may include selling, disclosing, or transferring Personal Information to another business or a third party for monetary or other valuable consideration. (e) Right to consent to or limit the use of your sensitive personal information: You have the right to consent to the use of your Sensitive Personal Information and to direct us to restrict its use and disclosure solely to what is essential for carrying out or delivering the Services in a manner reasonably anticipated by an average User, or for certain business objectives as specified by law. We do not use Sensitive Personal Information for any purposes other than those legally permitted or beyond the scope of your consent. (f) Right to non-discrimination: You have the right to not be discriminated against in the Services or quality of Services you receive from us for exercising your rights. We will not treat you differently because of your data subject request activity, and we will not deny goods or Services to you, charge different rates, or provide a different level or quality of goods or Services because you exercised your rights. (g) Shine the Light: California residents that have an established business relationship with us have the right to know how their personal information is disclosed to third parties for their direct marketing purposes under California's "Shine the Light" law, or the right to opt out of such practices.
If you are a resident of the People's Republic of China ("PRC"), you have certain rights in relation to your Personal Information based on the Personal Information Protection Law of the People's Republic of China ("PIPL"), the Cybersecurity Law, and the Data Security Law, which we comply with as part of our commitment to your privacy. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the PIPL. (a) Right to know and to decide: You have the right to know about and to make decisions regarding the processing of your Personal Information. You have the right to restrict or refuse the processing of your Personal Information by others, except where otherwise provided by laws or administrative regulations. (b) Right to access and copy: You have the right to access and obtain copies of your Personal Information from us, except where otherwise provided by laws or administrative regulations. (c) Right to correct and supplement: If you discover that your Personal Information is inaccurate or incomplete, you have the right to request that we correct or supplement it. (d) Right to delete: You have the right to request the deletion of your Personal Information where: the purpose of processing has been achieved or is impossible to achieve; we cease providing the relevant products or services; the retention period has expired; you withdraw your consent; or we have processed your Personal Information in violation of laws, administrative regulations, or our agreement with you. (e) Right to withdraw consent: Where we rely on your consent to process your Personal Information, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal. (f) Right to request explanation of processing rules: You have the right to request that we explain our Personal Information processing rules. (g) Right to portability: Where conditions prescribed by the State cybersecurity and informatization department are met, you have the right to request the transfer of your Personal Information to a personal information processor designated by you. (h) Rights of deceased persons: The close relatives of a deceased individual may, for their own lawful and legitimate interests, exercise the rights of access, copying, correction, and deletion with respect to the deceased's Personal Information, except where the deceased made other arrangements during their lifetime.
Cross-border data transfers: Your Personal Information may be transferred outside of the PRC for the purposes described in this Policy (including to airlines, hotels, and payment processors located outside China). Where we transfer your Personal Information outside of the PRC, we will comply with the requirements of the PIPL and other applicable laws, including obtaining your separate consent for such transfers, conducting a Personal Information Protection Impact Assessment ("PIPIA"), and ensuring that the overseas recipient meets the personal information protection standards prescribed by the PIPL through contractual or other measures. Sensitive Personal Information: Where we process sensitive Personal Information (such as financial account information or location tracking), we will obtain your separate consent and inform you of the necessity of such processing and the impact on your rights and interests, as required by the PIPL. We conduct a PIPIA prior to processing sensitive Personal Information, sharing Personal Information with third parties, transferring Personal Information outside the PRC, and engaging in any other processing that significantly impacts individuals, in accordance with Article 55 of the PIPL.
If you are a resident of the Russian Federation, you have certain rights in relation to your Personal Information based on Federal Law No. 152-FZ "On Personal Data" ("152-FZ") and other applicable Russian data protection legislation. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in 152-FZ. (a) Right to access: You have the right to obtain information regarding the processing of your Personal Information, including the purposes and legal grounds for processing, the methods of processing employed, and the details of any third parties to whom your Personal Information has been disclosed. (b) Right to correct: You have the right to request corrections, updates, or supplementation of your Personal Information if it is incomplete, outdated, inaccurate, or unlawfully obtained. (c) Right to withdraw consent: Where we process your Personal Information on the basis of your consent, you have the right to withdraw such consent at any time. Upon withdrawal, we will cease processing your Personal Information, except where continued processing is permitted or required by applicable Russian law. (d) Right to block or delete: You have the right to request the blocking or deletion of your Personal Information if it is incomplete, outdated, inaccurate, unlawfully obtained, or no longer necessary for the stated purpose of processing. (e) Right to object to processing: You have the right to object to the processing of your Personal Information where such processing is carried out for direct marketing purposes or in certain other circumstances provided by law. (f) Right to complain: You have the right to lodge a complaint with the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) if you believe that your Personal Information is being processed in violation of applicable Russian data protection law.
Data localization: In accordance with Article 18 of 152-FZ, we ensure that the recording, systematization, accumulation, storage, clarification (updating, modification), and extraction of Personal Information of Russian citizens are carried out using databases located in the Russian Federation, except where otherwise permitted by applicable Russian law. Consent: Where required by Russian law, we obtain your express written consent (including in electronic form containing the mandatory elements prescribed by 152-FZ, such as your full name, the purpose of processing, the categories of Personal Information, processing actions, term, and withdrawal method) prior to processing your Personal Information. You will be informed of the purposes of processing, the categories of Personal Information being processed, and the parties to whom your Personal Information may be disclosed.
If you are a resident of India, you have certain rights in relation to your Personal Information based on the Digital Personal Data Protection Act, 2023 ("DPDPA") and its implementing rules. We comply with the DPDPA as part of our commitment to your privacy. Unless otherwise expressly stated, all terms in this section have the same meaning as defined in the DPDPA. (a) Right to access information about processing: You have the right to obtain a summary of your Personal Data being processed by us, including the categories of Personal Data processed and the processing activities undertaken. (b) Right to correction and erasure: You have the right to request the correction of inaccurate or misleading Personal Data, the completion of incomplete Personal Data, and the erasure of Personal Data that is no longer necessary for the purpose for which it was collected. (c) Right to grievance redressal: You have the right to submit a grievance regarding our processing of your Personal Data, and we will respond within the timeframe prescribed by the DPDPA and its rules. You may also escalate unresolved grievances to the Data Protection Board of India. (d) Right to nominate: You have the right to nominate another individual to exercise your rights under the DPDPA in the event of your death or incapacity. (e) Right to withdraw consent: Where we rely on your consent to process your Personal Data, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before the withdrawal, but may result in our inability to provide certain Services.
Consent and notice: We provide you with clear notice (in English and, where required, in any scheduled Indian language) at or before the time of collecting your Personal Data, informing you of the Personal Data to be collected, the purpose of processing, your rights, and how to exercise them. Your consent will be obtained in a free, specific, informed, unconditional, and unambiguous manner. Children's data: Under the DPDPA, the processing of Personal Data of children under the age of 18 requires verifiable parental or guardian consent. We do not knowingly process the Personal Data of children in India without such consent. We do not engage in tracking, behavioral monitoring, or targeted advertising directed at children in India. Significant Data Fiduciary obligations: If we are classified as a Significant Data Fiduciary under the DPDPA, we will comply with the enhanced obligations prescribed, including appointing a Data Protection Officer based in India, conducting periodic data protection impact assessments, and undertaking periodic audits by an independent data auditor. Cross-border transfers: We may transfer your Personal Data outside of India in accordance with the provisions of the DPDPA, except to countries or territories restricted by the Central Government of India by notification.
If you are a resident of Japan, you have certain rights in relation to your Personal Information based on the Act on the Protection of Personal Information ("APPI") as amended. We comply with the APPI as part of our commitment to your privacy. (a) Right to disclosure: You have the right to request disclosure of your Personal Information that we retain. (b) Right to correction: You have the right to request correction, addition, or deletion of your Personal Information if it is inaccurate. (c) Right to cease use: You have the right to request that we cease using or delete your Personal Information if it was acquired improperly, is being used beyond the scope of the originally stated purpose, or is no longer necessary for the stated purpose. (d) Right to cease provision to third parties: You have the right to request that we cease providing your Personal Information to third parties. (e) Right to request disclosure of third-party transfer records: You have the right to request disclosure of records of third-party transfers of your Personal Information.
Cross-border data transfers: In accordance with Article 28 of the APPI, where we transfer your Personal Information to a third party located outside of Japan (including airlines and hotels outside Japan to fulfill your bookings), we will do so only with your consent, or where the recipient country has been recognized as having an equivalent level of data protection by the Personal Information Protection Commission ("PPC"), or where we have implemented appropriate safeguards (such as contractual provisions ensuring the recipient's compliance with standards equivalent to the APPI). We will provide you with information about the data protection system of the recipient country upon request.
If you are a resident of the Republic of Korea, you have certain rights in relation to your Personal Information based on the Personal Information Protection Act ("PIPA") and the Act on Promotion of Information and Communications Network Utilization and Information Protection. We comply with PIPA as part of our commitment to your privacy. (a) Right to access: You have the right to access and receive a copy of the Personal Information we hold about you. (b) Right to correct or delete: You have the right to request the correction or deletion of your Personal Information. Where Personal Information is required to be retained by law, deletion may be limited to suspension of processing. (c) Right to suspend processing: You have the right to request the suspension of processing of your Personal Information. Where we have a legitimate basis to refuse such request, we will notify you of the grounds for refusal. (d) Right to withdraw consent: You have the right to withdraw your consent at any time. (e) Right to be notified of data destruction: We will notify you when your Personal Information is destroyed in accordance with PIPA. (f) Right to complain: You have the right to file a complaint with the Personal Information Protection Commission ("PIPC") or the Korea Internet & Security Agency ("KISA") if you believe your privacy rights have been violated.
Data destruction: When your Personal Information is no longer necessary for the purpose for which it was collected, or the retention period has expired, we will destroy it without delay in accordance with PIPA. Where retention is required by other laws, we will store the data separately and securely.
If you are a resident of Singapore, you have certain rights in relation to your Personal Information based on the Personal Data Protection Act 2012 ("PDPA") and its amendments. We comply with the PDPA as part of our commitment to your privacy. (a) Right to access: You have the right to request access to your Personal Data in our possession or under our control, and information about the ways in which your Personal Data has been or may have been used or disclosed within the past year. (b) Right to correction: You have the right to request the correction of an error or omission in your Personal Data. (c) Right to withdraw consent: You have the right to withdraw your consent for the collection, use, or disclosure of your Personal Data at any time by giving us reasonable notice. You understand that withdrawal of consent may result in our inability to provide certain Services to you. (d) Right to data portability: You have the right to request the transmission of your Personal Data to another organization, in a commonly used machine-readable format, in accordance with the PDPA's data portability obligations. (e) Do Not Call Registry: We comply with Singapore's Do Not Call ("DNC") provisions and will not send marketing messages to Singapore telephone numbers registered on the DNC Registry unless we have obtained your clear and unambiguous consent. (f) Right to complain: You may lodge a complaint with the Personal Data Protection Commission ("PDPC") of Singapore if you believe we have violated the PDPA.
If you are a resident of Turkey, you have certain rights in relation to your Personal Information based on Law No. 6698 on the Protection of Personal Data ("KVKK"). We comply with the KVKK as part of our commitment to your privacy. (a) Right to learn whether your data is processed: You have the right to learn whether your Personal Data is being processed. (b) Right to request information: You have the right to request information about the processing if your Personal Data has been processed. (c) Right to learn the purpose of processing: You have the right to learn the purpose of processing and whether your Personal Data is being used in accordance with that purpose. (d) Right to know third parties: You have the right to know the third parties to whom your Personal Data has been transferred, domestically or abroad. (e) Right to correction: You have the right to request the correction of your Personal Data if it is incomplete or inaccurate. (f) Right to deletion or destruction: You have the right to request the deletion or destruction of your Personal Data under the conditions set out in the KVKK. (g) Right to object to automated processing: You have the right to object to any result that is to your detriment and that has arisen through the analysis of your Personal Data exclusively by automated systems. (h) Right to compensation: You have the right to request compensation for damages arising from the unlawful processing of your Personal Data. (i) Right to complain: You have the right to lodge a complaint with the Personal Data Protection Authority ("KVKK Board") if you believe your rights have been violated.
Data Controllers' Registry (VERBIS): Where required, we will register with the Data Controllers' Registry (VERBIS) maintained by the KVKK Board in accordance with applicable law. Cross-border transfers: We will transfer your Personal Data outside of Turkey only in compliance with the KVKK's cross-border transfer requirements, including obtaining your explicit consent or ensuring that the recipient country provides adequate data protection or that sufficient contractual safeguards are in place.
If you are a resident of the Kingdom of Saudi Arabia, you have certain rights in relation to your Personal Information based on the Personal Data Protection Law ("KSA PDPL") issued by Royal Decree No. M/19 and its implementing regulations. We comply with the KSA PDPL as part of our commitment to your privacy. (a) Right to be informed: You have the right to be informed about the legal basis for collecting your Personal Data, the purpose of collection, and the identity of the entity collecting the data. (b) Right to access: You have the right to access your Personal Data that we hold and to request a copy of it. (c) Right to correction: You have the right to request the correction of your Personal Data if it is inaccurate, incomplete, or outdated. (d) Right to destruction: You have the right to request the destruction of your Personal Data where it is no longer necessary for the purpose for which it was collected, or after the expiry of the retention period. (e) Right to withdraw consent: Where processing is based on your consent, you have the right to withdraw your consent at any time. (f) Right to object: You have the right to object to the processing of your Personal Data in certain circumstances, including direct marketing. (g) Right to data portability: You have the right to request your Personal Data in a readable, common, and machine-processable format. (h) Right to complain: You have the right to lodge a complaint with the Saudi Data and Artificial Intelligence Authority ("SDAIA") if you believe your privacy rights have been violated.
Cross-border transfers: We will transfer your Personal Data outside of the Kingdom of Saudi Arabia only in accordance with the conditions prescribed by the KSA PDPL and its implementing regulations, including conducting a risk assessment and ensuring adequate protection standards are met. Data minimization: We collect only the minimum amount of Personal Data necessary to achieve the purposes specified in this Policy, in accordance with the KSA PDPL's data minimization requirements.
If you are a resident of Australia, you have certain rights in relation to your Personal Information based on the Australian Privacy Act 1988 ("Privacy Act 1988") that we comply with as part of our commitment to your privacy. (a) Right to access and correct: You have the right to access Personal Information we hold about you and to request corrections if the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading. (b) Right to restrict processing: You can request that we stop or restrict the processing of your Personal Information in certain circumstances, such as when you contest the accuracy of your data. (c) Right to data portability: You have the right to request the transfer of your Personal Information to a different service provider where technically possible, or directly to you. (d) Right to not be subject to automated decision-making: You have the right to opt out of decisions based solely on automated processing of your Personal Information, particularly when these decisions have legal or similarly significant effects on you. (e) Right to anonymity: You are generally able to use a pseudonym or remain anonymous when interacting with us. However, in some circumstances, such as when making a booking that requires passenger details, you may need to provide certain Personal Information.
If you are a resident of Brazil, you have certain rights in relation to your Personal Information based on the Brazilian General Data Protection Law ("LGPD"). (a) Right to know and access: You have the right to confirm whether we process your Personal Information and, if so, access it. (b) Right to correct: You have the right to correct Personal Information if you find any of it in our possession to be incorrect or outdated. (c) Right to anonymize and block: You can request the anonymization or blocking of Personal Information that is unnecessary, excessive, or not processed in compliance with the LGPD. (d) Right to data portability: You have the right to transfer your data to another service provider or product supplier. (e) Right to delete: If we have processed your data based on consent, you can request its deletion, except where law requires or permits us to retain it. (f) Right to information about third parties: You can ask about the third parties with whom we share your data. (g) Right to information on consent denial: You have the right to be informed about the consequences of not providing consent. (h) Right to withdraw consent: You can withdraw your consent for data processing at any time. (i) Right to review automated decisions: You can request a review of decisions made solely based on automated processing of your data.
If you are a resident of Canada, you have certain rights in relation to your Personal Information based on the Personal Information Protection and Electronic Documents Act ("PIPEDA"). (a) Right to access: You have the right to access the Personal Information we hold about you. (b) Right to correct: We will promptly make necessary corrections when you identify inaccuracies in your data. (c) Right to withdraw consent: You can withdraw your consent regarding the handling of your Personal Information at any time, subject to legal or contractual limitations. (d) Right to complain: You have the right to file a complaint with the Privacy Commissioner of Canada if you feel your Personal Information is being handled in a way that violates PIPEDA. (e) Right to challenge compliance: You can challenge our compliance with PIPEDA, including how we handle your Personal Information, consent, access requests, and correction requests. (f) Right to know about breaches: You have the right to be notified in cases of a security breach involving your Personal Information that poses a real risk of significant harm.
If you are a resident of New Zealand, you have certain rights in relation to your Personal Information based on New Zealand's Privacy Act 2020 ("Privacy Act 2020"). (a) Right to access: You have the right to access your Personal Information that we hold. (b) Right to correction: You have the right to request correction of Personal Information that is incorrect or outdated. (c) Right to make a complaint: You have the right to make a complaint to the Privacy Commissioner if you believe your privacy rights have been breached. (d) Right to object to automated decision-making: You can object to decisions made solely on automated processing of your Personal Information that have significant effects on you. (e) Right to data portability: Where applicable, you have the right to request the transfer of your Personal Information to another service provider where technically possible, or directly to you. (f) Right to anonymity and pseudonymity: Where possible, you have the option to interact with us without revealing your identity or by using a pseudonym. (g) Notification of data breaches: In the event of a data breach that may harm your privacy, we will notify you promptly.
CoinBooking is available to users worldwide without geographic restrictions. If you reside in a country not specifically mentioned in the regional disclosures above — including but not limited to countries in Asia, Africa, the Middle East (outside the UAE and KSA), Latin America, or the Pacific — we are committed to protecting your personal data in accordance with internationally recognized privacy principles and any applicable local data protection laws in your jurisdiction. Users from these regions may have rights similar to those outlined above. These rights may include: • The right to access, correct, or delete your personal data; • The right to restrict or object to certain types of processing; • The right to withdraw consent for data processing; • The right to data portability, where applicable; • The right to opt out of targeted advertising and data sales, where required by law; • The right to file a grievance with a relevant data protection authority; • The right to nominate a representative to exercise your privacy rights on your behalf, if permitted by applicable regulations; • Any other rights granted to you under the data protection laws of your country of residence.
Where your local data protection law provides rights or protections beyond those described in this Policy, we will honor those rights and protections to the extent required by applicable law.
We do not knowingly collect any Personal Information from children under the age of 18. If you are under the age of 18, please do not submit any Personal Information through the Services.
In jurisdictions where a different age threshold applies, we will comply with the applicable local law: • People's Republic of China: Under the PIPL, the processing of Personal Information of minors under the age of 14 requires the consent of the minor's parent or guardian. We will obtain such consent before processing the Personal Information of any individual under 14 in China. • India: Under the DPDPA, the processing of Personal Data of children under the age of 18 requires verifiable parental or guardian consent. We do not engage in tracking, behavioral monitoring, or targeted advertising directed at children in India. • Republic of Korea: Under PIPA, processing of Personal Information of children under the age of 14 requires the consent of a legal representative. • EU/EEA/UK: Under the GDPR and UK DPA, where consent is the legal basis, the processing of Personal Information of children under 16 (or the lower age set by a member state, which may be as low as 13) requires the consent of a parent or guardian.
If you have reason to believe that a child under the age of 18 (or the applicable local threshold) has provided Personal Information to us through the Services, please contact us to request that we delete that child's Personal Information from our Services.
We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through the Services without their permission. We also ask that all parents and legal guardians overseeing the care of children take the necessary precautions to ensure that their children are instructed to never give out Personal Information when online without their permission.
We offer electronic newsletters and marketing communications to which you may voluntarily subscribe at any time. We are committed to keeping your email address confidential and will not disclose your email address to any third parties except as described in this Policy or for the purposes of utilizing a third-party provider to send such communications. We will maintain the information sent via email in accordance with applicable laws and regulations.
In compliance with the CAN-SPAM Act (United States), CASL (Canada), the GDPR (EU/EEA/UK), and other applicable electronic marketing laws, all marketing emails sent from us will clearly state who the email is from, provide clear information on how to contact the sender, and include an easy mechanism to unsubscribe. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us. However, you will continue to receive essential transactional emails related to your bookings, account, and use of the Services.
We offer push notifications to which you may also voluntarily subscribe at any time. To ensure push notifications reach the correct devices, we use a third-party push notifications provider who relies on a device token unique to your device which is issued by the operating system of your device. While it is possible to access a list of device tokens, they will not reveal your identity, your unique device ID, or your contact information to us or our third-party push notifications provider. If, at any time, you wish to stop receiving push notifications, simply adjust your device settings accordingly.
Our Services may include social media features, such as the Facebook, X (formerly Twitter), Instagram, and LinkedIn buttons, share buttons, and similar functionality (collectively, "Social Media Features"). These Social Media Features may collect your IP address, what page you are visiting on our Services, and may set a cookie to enable Social Media Features to function properly. Social Media Features are hosted either by their respective providers or directly on our Services. Your interactions with these Social Media Features are governed by the privacy policy of their respective providers.
We may display online advertisements and may share aggregated and non-identifying information about our Users that we or our advertisers collect through your use of the Services. We do not share personally identifiable information about individual Users with advertisers. In some instances, we may use this aggregated and non-identifying information to deliver tailored advertisements to the intended audience.
We may also permit certain third-party companies to help us tailor advertising that we think may be of interest to Users and to collect and use other data about User activities on the Services. These companies may deliver ads that might place cookies and otherwise track User behavior. If you would like more information about your choices to opt in or opt out of this data collection, please visit the Digital Advertising Alliance website and the Network Advertising Initiative website to learn more about interest-based advertising. You may also download the Digital Advertising Alliance's AppChoices app to opt out in connection with mobile apps, or use the platform controls on your mobile device to opt out.
We may engage in affiliate marketing and have affiliate links present on the Services for the purpose of being able to offer you related or additional products and services, such as travel insurance, car rentals, or travel accessories. If you click on an affiliate link, a cookie will be placed on your browser to track any sales for purposes of commissions.
The Services contain links to other websites and resources that are not owned or controlled by us, including the websites of airlines, hotels, payment processors, and other travel service providers. Please be aware that we are not responsible for the privacy practices of such other resources or third parties. We encourage you to be aware when you leave the Services and to read the privacy statements of each and every resource that may collect Personal Information.
We reserve the right to modify this Policy or its terms related to the Services at any time at our discretion. When we do, we will revise the "Last Updated" date at the top of this page. We may also provide notice to you in other ways at our discretion, such as through the contact information you have provided.
An updated version of this Policy will be effective immediately upon the posting of the revised Policy unless otherwise specified. Your continued use of the Services after the effective date of the revised Policy (or such other act specified at that time) will constitute your consent to those changes. However, we will not, without your consent, use your Personal Information in a manner materially different from what was stated at the time your Personal Information was collected. Prior versions of this Policy are archived and available upon request by contacting us at the details provided below.
You acknowledge that you have read this Policy and agree to all its terms and conditions. By creating an account and clicking "I Accept" during registration, or by otherwise accessing and using the Services and submitting your information, you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to access or use the Services.
If you have any questions, concerns, or complaints regarding this Policy, we encourage you to contact us using the details below:
COIN LABS TRAVEL AND TOURISM L.L.C Email: [email protected] Address: Office 217, Al Shaikh Building 05, Al Khabisi, Dubai, United Arab Emirates
We will attempt to resolve complaints and disputes and make every reasonable effort to honor your wish to exercise your rights as quickly as possible and in any event within the timescales provided by applicable data protection laws.
If you believe your concerns have not been adequately addressed, you may escalate the matter to the appropriate data protection authority in your region, in accordance with applicable privacy laws.