Table of Contents 1. Introduction & Who We Are 2. Our Commitment to Your Privacy 3. Applicable Laws & Regulations 4. What Personal Data We Collect 5. How We Collect Your Personal Data 6. Why We Process Your Personal Data (Legal Bases) 7. Passport, Visa & Sensitive Data – Special Care Explained 8. Sharing Your Data with Third Parties 9. International Data Transfers (UAE, Pakistan, Saudi, Schengen, etc.) 10. How Long We Keep Your Data 11. Data Security Measures 12. Your Rights Under UAE PDPL, Pakistan Laws & GDPR (if applicable) 13. Cookies & Tracking Technologies on Our Website 14. Children’s Privacy 15. Marketing & Opt-Out Options 16. Changes to This Privacy Policy 17. Contact Us & Data Protection Officer 18. Frequently Asked Questions (FAQs)
Introduction & Who We Are
Assalam Alaikum and welcome!
City Holidays Travel & Tours is a fully licensed, family-oriented travel agency with offices in Dubai (UAE) and Faisalabad (Pakistan). We are proudly registered with the Dubai Department of Economy and Tourism (DET), hold a valid IATA accreditation, and are members of the Pakistan Association of Tour Operators (PATO) and the Travel Agents Association of Pakistan (TAAP).
For over a decade, families from Jumeirah, Defence Housing Authority, Gulberg, Clifton, Bahria Town, Islamabad, Sharjah, Abu Dhabi, and beyond have trusted us with their holiday packages, Umrah & Hajj journeys, Azerbaijan & Georgia visas, Turkey e-visas, Schengen appointments, Thailand & Malaysia landings, and custom northern Pakistan adventures to Hunza, Skardu, and Swat.
Your trust is everything to us. This is why we have built one of the most detailed, transparent, and locally compliant Privacy Policies in the entire UAE and Pakistan travel industry.
Our Commitment to Your Privacy
We treat your personal information the way we treat our own family’s – with utmost care, respect, and protection. We only collect what we genuinely need to deliver your dream holiday or seamless visa service, and we never sell your data.
Applicable Laws & Regulations
We comply with:
- UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data (PDPL) and upcoming Executive Regulations
- Dubai DET tourism licensing requirements on client data
- Pakistan’s Personal Data Protection Bill (as enacted or draft provisions in force 2025) and Prevention of Electronic Crimes Act
- Saudi Arabia Personal Data Protection Law (PDPL) – Royal Decree M/19 as amended, especially for Umrah & Hajj clients
- EU General Data Protection Regulation (GDPR) – whenever we process data of EU residents (e.g., Schengen visa applicants living in or visiting UAE/Pakistan)
- IATA Passenger Name Record (PNR) governance rules
- Relevant sectoral laws in Azerbaijan, Georgia, Turkey, Malaysia, Thailand, etc.
What Personal Data We Collect
| Category | Examples | Why It’s Needed (Typical Use) |
|---|---|---|
| Basic Contact Info | Full name, mobile/WhatsApp, email, home address | Booking confirmation, visa delivery, emergency contact |
| Identity & Travel Documents | Passport copy, Emirates ID, CNIC, photo, visa pages | Visa applications, airline/hotel check-in requirements |
| Travel Companions | Names, dates of birth, passport numbers of family members or group | Group bookings, Umrah Muharram lists, child discounts |
| Payment Information | Card last 4 digits (never full card – processed via secure gateway), bank transfer details | Secure payment & refunds |
| Special/Sensitive Data | Religious belief (for Umrah/Hajj), health info (COVID vaccines, disabilities for wheelchair requests), dietary preferences | Saudi e-visa/Umrah portal, hotel & airline requirements |
| Itinerary Preferences | Preferred airlines, hotel star rating, destinations (Baku, Tbilisi, Istanbul, Phuket, etc.) | Tailored holiday packages |
| Communication History | WhatsApp chats, emails, call recordings (if you consent) | Service quality & dispute resolution |
How We Collect Your Data
- Directly from you (WhatsApp, email, website forms, in-office)
- From your employer or group organizer (corporate travel)
- Automatically via cookies when you browse cityholidaystravel.com
- From trusted partners (e.g., Saudi Nusuk platform returns Muharram data to us)
Why We Process Your Data – Legal Bases
| Purpose | Primary Legal Basis (UAE PDPL / GDPR equivalent) |
|---|---|
| Booking flights, hotels, transfers, tours | Contract performance |
| Visa & Umrah applications | Contract performance + Legal obligation (embassy rules) |
| Sending itineraries & updates | Contract performance + Legitimate interest |
| Processing payments & refunds | Contract performance + Legal obligation |
| Direct marketing (new Umrah 2026 packages) | Consent (you can withdraw anytime) |
| Fraud prevention & security | Legitimate interest + Legal obligation |
| Compliance with court or embassy orders | Legal obligation |
Passport, Visa & Sensitive Data – We Take Extra Care
We know passport copies and Umrah details are extremely sensitive.
- We encrypt them at rest and in transit (AES-256)
- Access is strictly limited to the visa team member handling your file
- We delete passport copies within 30 days after travel completion (unless you ask us to keep for future visas)
- Religious data for Umrah is only shared with Saudi Ministry of Hajj & Umrah systems
Who We Share Your Data With (And Why)
| Recipient | Data Shared | Country | Safeguard Used |
|---|---|---|---|
| Airlines (Emirates, FlyDubai, PIA, Saudi, Turkish, etc.) | Name, passport, contact | Various | IATA standards + secure API |
| Hotels & Transfers | Name, arrival details | Destination | Encrypted booking vouchers |
| Embassies / VFS / BLS | Full visa application set | Various | Secure portal upload |
| Saudi Nusuk / Ministry of Hajj | Umrah visa & Muharram data | Saudi Arabia | Official government gateway |
| Payment Gateways (PayTabs, JazzCash, etc.) | Tokenized card data only | UAE/Pakistan | PCI-DSS compliant |
| Government Authorities (upon legal request) | Only what is legally required | UAE/Pakistan/KSA | By law |
We never share your data with third-party marketers.
International Data Transfers
Your data may travel to countries outside UAE/Pakistan (e.g., Saudi for Umrah, Azerbaijan embassy in Abu Dhabi, Georgia e-visa system).
We only transfer where:
- The country has adequacy (e.g., EU countries under GDPR)
- We have Standard Contractual Clauses + additional safeguards
- It is strictly required by the embassy or airline
How Long We Keep Your Data
| Data Type | Retention Period |
|---|---|
| Booking & travel records | 7 years (tax & legal requirements in UAE/Pakistan) |
| Passport copies | 30 days after travel (or longer only with consent) |
| Umrah/Hajj records | 3 years (Saudi regulations) |
| Marketing consent | Until you withdraw |
After that – securely deleted or anonymized.
Data Security Measures
- End-to-end encryption for WhatsApp Business & emails
- Secure cloud storage in UAE & EU data centers
- Two-factor authentication for all staff accounts
- Regular penetration testing
- Staff training every 6 months
Your Rights – You Are in Control
You have the right to:
- Access your data (free copy within 30 days)
- Correct inaccurate data
- Delete your data (“right to be forgotten” where applicable)
- Restrict or object to processing
- Withdraw marketing consent anytime
- Data portability (receive in CSV/JSON)
- Lodge a complaint with UAE Data Office or Pakistan authorities
Just WhatsApp or email us – no complicated forms.
Cookies & Website Tracking
We use only necessary & performance cookies (Google Analytics with IP anonymization). No targeted advertising cookies without your explicit consent.
Children’s Privacy
We do not knowingly collect data from children under 16 without parental consent (common for family Umrah packages).
Marketing Communications
You’ll only receive offers if you opt-in. Unsubscribe with one click or reply “STOP”.
Changes to This Policy
We will email/WhatsApp you if we make material changes
Frequently Asked Questions (FAQs)
- Do you sell my passport copy? Never. Not even for a million dirhams.
- What happens if my visa is rejected – do you keep my data? We keep only what is needed for potential re-application or refund proof.
- Is my Umrah religious data safe? 100%. It only goes to official Saudi systems.
- Can I ask you to delete everything today? Yes – just say the word and it’s gone (except where law requires us to keep for tax/refund).