SEARCH NOWSEARCH NOWSEARCH NOWSEARCH NOW
Terms & Conditions
  • Home
  • Registration Terms & Conditions

@TermConditionsTex

Introduction Please read the following Privacy Policy carefully to understand how and why we use your personal data in order for you to access and browse our websites or mobile apps and use our services.

This Privacy Policy is issued for Miral Experiences LLC ('Miral', 'we', 'us', 'our') Miral regularly collect and use personal data about individuals who visit our attractions, browse our websites or mobile apps and use our services. Personal data is any information that can be used, directly or indirectly, to identify you as an individual.

Your privacy is very important to us and we understand our responsibilities to protect your personal data in an appropriate and lawful manner and in accordance with applicable data protection regulations. This Privacy Policy should be read in conjunction with our Cookie Policy , which together provide you with details of how and why we collect and process your personal data when you are using Miral’s websites, mobile apps or WiFi services.

For any privacy queries, you can contact us at any time at: privacy@miralexperiences.com
Miral Experiences LLC
P.O. Box 128717
Abu Dhabi
UAE
License Number: CN-1147824
Personal Data

1. Who is responsible for protecting your personal data?
Miral currently manages and operates Ferrari World Abu Dhabi, Warner Bros World™ Abu Dhabi, Seaworld, Yas Waterworld, CLYMB™ Abu Dhabi and Qasr Al Watan leisure facilities in Abu Dhabi with new leisure facilities planned for the future (the “Attractions”).

Websites

In connection therewith, Miral operates the following websites:



WiFi and MyPass

Miral also operates WiFi services and a centralised authentication service called ‘MyPass’, which allows you to seamlessly connect to various online, application and WiFi services. For further information on WiFi and MyPass, please review sections 3 and 5 below.

As the entity responsible for collecting your information when you use our services, Miral is a Data Controller of your personal data, along with our affiliates and partners where you use MyPass to engage with their services (please review sections 3 and 5 below). In certain circumstances (for example, where you use MyPass as part of our affiliates’ or partners’ services and your information is solely hosted within our digital platform as part of providing the MyPass service), vmay also be acting as a Data Processor for your personal data.

This Policy is additional to and is not intended to override other notices or policies we may provide to you or the terms of any contract that you have with us (for example, specific Attraction or ticket terms and conditions), or any rights you may have.


2. What personal data do we collect, and how do we collect it?

Information we collect directly from you

Miral collects three types of information about you: personal data, special categories of personal data and aggregated/anonymous data (as outlined in this Policy).

  • Information that you personally provide to us when: registering for an account, purchasing our products and services, creating a MyPass, enrolling FacePass, subscribing to our mailing lists, registering for WiFi at our Attractions, making a telephone booking or enquiry, completing a survey, competition or taking part in promotional activities, applying for a job with us, engaging with us in our Attractions, or contacting us via a contact us form, livechat or other means available on our websites or mobile apps.
  • Depending on the Attraction, website or mobile app you are visiting and the activity you are undertaking, this information may include:
    • your first name, last name, date of birth, proof of your identity or age, nationality, gender, country of residence, city of residence, e-mail address, telephone number;
    • your chosen marketing preferences and objections;
    • your preferred language and information about your preferences or interests;
    • general enquiry details and any other information or messages you decide to provide to us;
    • if availing yourself of a special offer, a copy of the relevant ID required to demonstrate eligibility;
    • if purchasing certain services at gate, or an annual pass to one of our Attractions, this will also include photograph/s and a copy of your emirates ID or passport;
    • if taking part in one of our driving experiences at Ferrari World Abu Dhabi, a copy of your driving license;
    • details of your activity history or proficiency for certain activities (for example, if you have completed indoor skydiving before and your perceived skill level);
    • first name, last name and date of birth for your family members, and their relationship to you, where you have chosen to add your family members’ details to your profile (where this option exists on a particular website or mobile app);
    • credit or debit card and transaction details, if you make a payment for our products and services, which are not stored by Miral and are provided directly to our payment solution provider via a secured connection. All credit and debit card and transaction processing adheres to global data security standards to protect cardholder data;
    • for certain services, this may include special categories of personal data. For example:
      • where you are seeking to participate in physical activity (such as indoor skydiving and climbing at CLYMB™ Abu Dhabi), this may include information about your health (for example, your height and weight) and any medical conditions. For some activities we require completion of a medical waiver form, which includes a confirmation that you do not have certain medical conditions, in order to take part. We collect as little information as is necessary and this typically involves a simple confirmation that you do not have certain medical conditions as opposed to us collecting specific additional information about your medical history. However, if you disclose certain medical conditions, including a history of neck, back or heart problems, you will be required to evidence that you have been specifically cleared to participate in the activity by providing a valid doctor’s note;
      • where you consent to use FacePass at our designated attractions this may also include your biometric information. The photo taken or uploaded for FacePass is used only to convert your face into a unique numerical identifier (your FacePass). For further information on the use of your personal data in connection with your FacePass, please review sections 3 and 5;
      • biometric information: as used in this Policy, biometric data includes “biometric identifiers” and “biometric information”. “Biometric identifier” means a scan of face geometry (Miral uses facial recognition for FacePass, please review section 3). Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. “Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.

Information we collect indirectly

We collect information you give us, information from your use of our products and services and information we get from third parties:

  • In some cases, information about you may be provided to us by a third party verbally or in writing. For example, this could include if a family member or friend has purchased a group pass or tickets on your behalf, entered you into a competition or makes a complaint. This may also include: our affiliated companies or partners (for example, your chosen travel agent or other entities where you use MyPass to access their site or service), or where you engage with services that we provide in conjunction with other companies (for example, rewards or loyalty points programs or FacePass), or social media or internet platforms (for example, by using your Facebook or Google account login details to sign into our website, mobile app, MyPass, or WiFi service, where such facility is available).
  • Depending on the Attraction, website or mobile app you are visiting and the activity you are undertaking, this information may include the same information as which you may provide directly (as detailed within this section 2 above).

Information we collect automatically

  • Information that we may collect automatically via cookies and other location based tracking mechanisms when you visit our sites and applications (as outlined above) or use our applications on third-party sites or platforms. More information on the use of cookies is at section 8 below and in our Cookies Policy.
  • This information includes traffic data, location data, weblogs, communication data and the resources you access; for example, your IP address, device ID, device type, referrer URL, operating system and version, geolocation, browser type and browsing history.
  • Information may also be collected through campaign performance and engagement, including but not limited to information such as email opens, push notifications and SMS clicks.
  • For security and public safety CCTV is in place in certain designated areas of the Attractions (only for security and safety reasons and to help prevent fraud or crime).

3. How do we use your personal data?

We will use your personal data for the following reasons:

To respond to you and perform the contract

  • We will use your information to process and respond to your requests, reservations or queries, when you register, subscribe or contact us, and to provide access to restricted parts of our websites or mobile apps if required. Where you purchase our services or products we use your information to enter and perform our contract with you.

To improve our products and services

  • We use your information to provide content on our websites and mobile apps in the most effective way. Your information allows us to identify you as a user, remember your preferences and deliver an enhanced digital experience. Such data is not retained beyond your visit of the respective website page or mobile app, but may be kept in log files to allow us to maintain and improve our website or mobile app.

To keep our services secure

  • Your information may be used to detect, investigate, prevent fraud and rectify potential errors in our Attractions, technology and against potential cyber-attacks or other abuse of our technology, and to prevent or mitigate any damages that may have been caused by such abuse.
  • While we take steps to maintain the security of your information, you should be aware of the many information security risks that exist and take appropriate care to help safeguard your information.

To provide WiFi services

  • Some of our Attractions have a complimentary WiFi service which is provided by Ipera Solutions, a third party service provider who act as a Data Processor on behalf of Miral . This Privacy Policy explains how we use your information; for information on how Ipera Solutions handle your data, please visit www.iperasolutions.com/privacy-policy.
  • Your information is used to provide the WiFi service and to carry out analytics, and a log of all service usage activity is maintained for system performance, maintenance and security purposes. Please note that we do not correlate the user of the WiFi service with the websites or content viewed.
  • To use our WiFi service, we ask you to create a MyPass (please review the MyPass section below) and when you connect to the service we collect your mobile ID, device type and other location based data (where you have permitted collection of this in your chosen device settings) to enable us to provide these services to you in the most effective way. For example, this information allows your device to automatically connect to the WiFi and MyPass services without you having to manually connect to the network or service each time. In order to disable the automatic authentication, you can select ‘Forget this network’ from your WiFi or mobile device settings.

To provide your MyPass (Unique Customer Identity)

  • Most of our websites, mobile apps or WiFi services have the MyPass facility. If MyPass is available then when you choose to register for an account with us, we will collect your information to create a unique identifier for you called your MyPass, which is then used to authenticate you across the different services and enable you to enjoy a digital experience.
  • MyPass is a centralised authentication service provided by Miral that allows you to seamlessly connect to various services throughout Abu Dhabi. This means that once you have created a MyPass at an available location or service in Abu Dhabi, you can use your MyPass to login at other available locations and services (for example, at the Attraction websites or mobile apps where available, or at the www.yasisland.ae website and mobile app), without you having to register again at each location or service.
  • In certain cases, we might use your location and activities for which you have used your MyPass for the purpose of creating a unique customer profile. For example, if you have connected to the Wi-Fi in an Attraction using your MyPass and bought a ticket online for one of the Attractions, we will associate these activities to your MyPass.
  • Further, as detailed at section 5, where you use MyPass your information may be shared with the other entities making use of MyPass.
  • Where you log in to MyPass with your Facebook or Google account details, Facebook and Google will receive information about your activity on our websites or mobile apps. For more details on the information that Facebook and Google receives and how they use this, please review their respective Privacy Policies at www.facebook.com/policy and www.policies.google.com.

FacePass and contactless services

  • FacePass services, including contactless access and contactless payment services, are provided by Miral at certain designated attractions on Yas Island (such as Ferrari World Abu Dhabi, Warner Bros. World™ Abu Dhabi and Yas Waterworld).
  • Contactless access involves the processing of your FacePass to identity you when entering the designated attractions; once your FacePass is enrolled you can enjoy easier and safer contactless entry to the attraction using your FacePass and without the need to scan your ticket or physically touch assets. The way this works is that you (or a parent or legal guardian, if the FacePass relates to a person under 18 years of age or a person of determination) can consent to enrol your FacePass. Enrolment may be done online through the Yas Island mobile app or website (where available), by uploading a photo of your face. Alternatively, enrolment may be done offline by completing the necessary requirements with guest relations at our designated Attractions and thereafter allowing the camera at the turnstiles to capture your photo.
  • Contactless payment involves the processing of your FacePass to identify you when making payments at operating food and retail outlets (where available) inside the designated attractions. The way this works is that (provided you are 18 or older) you can choose to link a debit or credit card to your FacePass through the Yas Island mobile app or website (where available). Once this link is made you can enjoy making payments using your FacePass without the need to physically use the debit or credit card.
  • The photo taken or uploaded for FacePass is used only to convert your face into a unique numerical identifier (your FacePass) for means of facial recognition. Once authentication is confirmed the photo is not stored beyond this purpose and cannot be reused or regenerated for any means. Due to different factors such as picture quality of device used, shading and lighting, your photo may be stored securely on systems within Miral's premises for up to a maximum of four weeks to ensure authentication and accuracy of the photo. When this process is completed the photo is then removed. The unique numerical identifier is encrypted and the encrypted value is stored securely on systems within Miral's premises and linked to your customer profile.
  • Contactless wristbands are being provided by Miral in conjunction with some of our affiliates or partners (for example, certain hotels in Abu Dhabi). Where such wristbands are issued, you can use these to access your hotel room and the designated attractions. Such wristbands may also be linked to your MyPass profile and may be used to access other services where available (for example, lockers at the Attractions). Contactless wristbands do not involve the processing of any biometric information.
  • The encrypted values are stored and processed solely for authentication purposes; in other words, when you are next making a contactless entry or contactless transaction your FacePass will be authenticated against the stored encrypted value and once matched the entry or transaction will be completed. Your FacePass and the encrypted values are not processed for any other reasons.
  • You can withdraw your consent for processing your FacePass and disable your payment information at any time by selecting the ‘Remove FacePass consent’ or ‘Manage your card’ options on the mobile app or website (where available). You can also contact us at privacy@Miralexperiences.com. Where you withdraw your consent, such services will no longer be provided to you.

Marketing

  • If you have provided your consent by opting in to receive personalised updates and offers, we may send you such updates and offers by email, SMS, mobile app notifications (only available via the mobile app where you have opted in to receiving them), WhatsApp, social media and post, or occasionally contact you by telephone. You may withdraw your consent to receiving such communications at any time by using the [‘unsubscribe’] link in any communication received, by contacting us at privacy@miralexperiences.com or where the particular website or mobile app has the facility to create an account, by changing your marketing preferences within the account management function on the website or mobile app.
  • Our servers automatically protocol the consent gathering process to enable us to evidence that you have consented. For this purpose we will store the following information: email address, details of how and when consent was given, details of confirmation email sent and confirmation email clicked; including the date, time and IP address relating to the consent and clicked confirmation link, the wording of the consent and the information about the right to withdraw your consent at any time.
  • If you have opted in to hear from other companies in our group or our partners, you may also receive personalised updates and offers from such companies. You may withdraw your consent at any time by using the unsubscribe link in any communication received, by contacting us privacy@miralexperiences.com, or where the particular website or mobile app has the facility to create an account, by changing your marketing preferences within the account management function on the website or mobile app.

Personalised content, advertisements and services

  • Your personal information may be used to understand your customer journey and to provide you with personalised offers or advertisements. These offers or advertisements may be shown to you on our websites or mobile apps or the websites of third parties (for example, your chosen social media platforms).
  • Where we have permission to send marketing materials (as set out under Marketing in this section), these personalised offers and advertisements may be included within those updates and will be in accordance with your chosen marketing preferences.
  • Please note we do not carry out any automated decision making based on your information.

Promotional or other activities

  • If (at your discretion) you decide to take part in any promotional activities such as competitions, surveys or interactive features of our services, your personal data may be processed to administer the activity or enable participation.

Notifications

  • We may notify you of any changes or updates to your current services or subscriptions. For example, security alerts or important support or administration messages about your services or notices of when annual passes are due to expire.

Legal obligations

  • We may have to process your information to comply with legal or regulatory obligations, where required by applicable laws. Information may be used to:
    • enforce our terms and conditions and other agreements, policies, and standards, including investigation of any potential violation thereof;
    • detect, prevent or otherwise address security, fraud or technical issues;
    • protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law;
      • (including exchanging information with other companies and organisations for such purposes).

Business analysis

  • We may use your information for our business purposes; for example, to carry out data analytics to assess consumer demands and trends.

Aggregated or anonymised data

  • We may use your information to compile aggregated or anonymised data (data which does not identify you as an individual, such as statistical or demographic data), so that we can analyse and improve our products and services. However, if we combine aggregated data with your personal data so that it can identify you in any way, we treat the combined data as personal data and it will be used in accordance with this Privacy Policy.

4. What is the legal basis for processing your personal data?

In most cases, we process your data at your request in order to enter into a contract with you and to perform our contract obligations (for example, to process your booking and issue your tickets). If the processing is not related to a contract, we will process your information on one of the following basis:


  • based on your explicit consent for us to do so (for example, when you use FacePass, or opted in to our mailing lists or promotions);
  • as required to comply with relevant legal or regulatory obligations (for example, to resolve disputes or enforce contracts);
  • where processing is mandatory for the establishment, exercise or protection of a right;
  • where data is publicly available;
  • as required to support the legitimate interests that we have as a business (for example, to carry out market research and analytics, use CCTV at our Attractions, protect against unlawful behaviour or online services (such as prevent fraud by ensuring tickets are in the hands of the purchaser), create a profile regarding your interactions, purchases and interests (such as to inform you of new services or attractions that may be of interest to you) and to further improve and market our products and services), provided always that such processing is carried out in a way that does not violate your fundamental privacy rights.

With regard to special categories of personal data, such as the biometric or health and medical information outlined at section 2, we require your explicit consent (or the consent of your parent or legal guardian) to process such information. Such consent can be withdrawn; however, this is likely to mean that the services that require consent (for example, FacePass) can no longer be provided to you. We will advise of such consequences of withdrawing your consent if you take this action. Please note that we will only rely on consent as a legal basis when we strictly require consent for processing. We will not rely on this legal basis in circumstances where we may rely on one of the other legal bases, as outlined above.


5. Who do we share your personal data with?

Service providers

We may share your information with third parties who provide a service to us. We do this where it is necessary for the service provider to have access to your information and solely for the purpose of them delivering that service to us. An example of this is when you purchase a service from us your payment details are processed by a third party payment solution provider.
Our service providers include:

  • IT companies (e.g. hosting providers);
  • WiFi providers;
  • Payment solution providers;
  • Marketing or communication providers;
  • Developers;
  • Data analytics providers;
  • Survey or market research providers;
  • Professional advisers or auditors;
  • Regulators;
  • Insurers.

Affiliates and partners

Where you use your MyPass to access services provided by our affiliates or partners (for example, by using MyPass to sign into their website, mobile app or WiFi service), we share your information with these entities for those services to be delivered, and those entities will have access for the purpose of data analytics.

If you opt-in to receiving marketing communications from our affiliates or partners when selecting your marketing preferences on our websites or mobile apps, we will share the information required in order for those affiliates and partners to contact you in the ways you have chosen.

Where you enrol for FacePass through our website or mobile apps or those of our affiliates, we may need to share your information with our affiliates who operate such websites or mobile apps or the respective operator of any attraction or outlet where such services are available, in order that such services can be provided to you.

We also share information in connection with services we provide in conjunction with affiliates or partners; for example, to provide rewards or loyalty points programs and other benefits or services that you may wish to make use of.


Other third parties

We may also disclose your personal data:

  • internally, including any of the intra-group companies, our holding company and its subsidiaries where it is necessary to perform certain responsibilities efficiently as part of the service provided to you (for example, data may be accessible to certain types of persons involved within the operation of our services from our administration, IT, marketing or legal teams);
  • if required by applicable laws or regulations;
  • to government or supervisory bodies or agencies in response to their legitimate requests, or where it is in our legitimate interests to do so, even if such disclosure is not mandatory under law;
  • if you explicitly requested or authorised us to do so;
  • in the event we sell or merge whole or part of any business or assets, we would need to transfer your information to the acquiring company.

We only share the information that is necessary for the required purpose so we do not disclose all of the information you provide to us and we do not sell, rent or lease your personal information to third parties under any circumstances.

Aggregated or anonymised data may be shared with our service providers, affiliates or other third parties for the purpose of analytics and to improve products and services.

The categories of third parties to whom we disclose your information may change from time to time. We will update this Privacy Policy before any such changes take effect.


6. Links to third party websites

You may have accessed one of our websites by clicking a link on a third party website; for example, you may have clicked a link on one of our partners’ websites so that you could view package holiday options and were then redirected to our website. Similarly, our websites contain links to our partners’ websites.

We also integrate our websites or mobile apps with third party products (for example, Google Analytics, Facebook, Twitter) to enable us to measure the performance of our websites and website content, present personalised offers and enable you to share, like and recommend pages to others via social media.

We are responsible for protecting your personal data when you visit our websites but are not responsible for the websites of any third parties, and this Privacy Policy does not govern any third party websites. You are responsible for understanding how your personal data is used by third party websites and we recommend that you review the privacy policy on the relevant website.


7. Transfers outside of the EEA

As a business located outside of the European Economic Area (“EEA”), we process your information outside of the EEA and in some cases (as described in section 5), your information may be transferred to and processed by third parties who are also located outside of the EEA.

We will only transfer your information to such third parties where we have made arrangements to ensure that your data is treated securely in accordance with this Privacy Policy and applicable law.


8. Cookies

Our websites use cookies which help us provide you with a better website and browsing experience, by enabling us to monitor which pages you find useful and which you do not. You can choose to accept or decline cookies; most web browsers will automatically accept them but you can usually modify your browser settings to decline cookies if you wish to; however, this may prevent you from taking full advantage of the website.

More detailed information on our use of cookies and the options available to you is contained within our Cookies Policy.


9. Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical and organisational security measures to safeguard and secure the information we collect. Whilst we have implemented such measures, we cannot completely guarantee the security of your information; any transmission by you is at your own risk.

We store your personal data in a centralised database hosted in the cloud, and affiliates or partners might have access to this database where such entities make use of MyPass. You are responsible for maintaining the confidentiality of any password or account details. Where you chose to click a link to any of the websites of our partners, advertisers and affiliates, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for their policies or their security of your personal data. Please check their policies before you submit any personal data to those websites.


10. Retention

Unless otherwise required by applicable law, we will retain your information for as long as is necessary for the relevant purpose outlined in this Privacy Policy. If you register for an account with us, your information will be retained for as long as your account is active and after closure for an additional period to administer any requests concerning your account, or in accordance with our legal obligations including where it is necessary for the establishment, exercise or defence of legal claims. If you wish to delete your account or any data related to it, please contact us at privacy@miralexperiences.com.and we will execute your request.


11. How you can control your personal data

You have certain rights in relation to your personal data as determined by applicable data protection laws.

If you benefit from the rights of a data subject under the European Union General Data Protection Regulation 2016/679, or the Dubai International Financial Centre Data Protection Law No. 5 of 2020, you will have certain additional rights in relation to our handling of your personal information, including:

You have the right at any time to:

  • be informed of the use of your personal data;
  • access, rectification or erasure of your personal data;
  • restrict and/or object to the processing of your personal data;
  • data portability;
  • not be subject to any decision based solely on automated processing of your personal data.

You can exercise some of these rights when providing data to us at registration or purchase or when contacting us, by reviewing and selecting or deselecting the boxes on the forms you are required to complete. Where the particular website or mobile app has MyPass or the facility to register for an account, you can also exercise some of these rights via the account management tools on our website or mobile app.

If at any time you wish to unsubscribe or opt-out from any communications we have sent you based upon your selected preferences, you may do so by using the one click unsubscribe link on those communications.

You can also contact us at privacy@miralexperiences.com.

If you wish to discuss how we have handled your personal data, you can contact us at any time and we will investigate this. If you are not satisfied with the response or believe we are not processing your data in accordance with the applicable law you can refer the matter to any competent data protection authority.


12. Contacting us

For any privacy related queries, you may contact us at any time at privacy@miralexperiences.com.

Please note, for your safety and to allow us to make sure that we do not disclose any of your personal data to any unauthorised third parties, we may need to verify your identity and guarantee the adequate exercise of your rights. In doing so, we may request specific information and/or documents from you before we can properly respond to any request received concerning your data. All data and documents received from you in the process of responding to your requests will be used strictly for the purposes of analysing your request, authenticating your identity, and responding to your request in full.


13. Updates to this Privacy Policy

We may change this Privacy Policy in whole or part at any time by updating this page and without prior notification to the extent permitted by applicable law. Please ensure you review this page from time to time to take notice of any such changes. Most changes are likely to be minor but for substantive changes, we may provide additional notice to you by either providing a pop up notice or similar statement on our website or by sending you an email. Your further use of our services after a change to our Privacy Policy will be subject to the updated policy. We indicate at the bottom of the Privacy Policy when it was last updated.

 

Last updated 25 April 2021