personal data protection and privacy policy

We consider you a valuable Member and our priority is to offer you exceptional stays and experiences; therefore, we have prepared a Personal Data Protection and Privacy Policy (hereinafter the "Policy") as part of our commitment to describe to you how and why we use your personal data, as well as your rights accordingly.

All personal data collected on the website www.infiniavacationclub.com (the "Website") are collected by Infinia Worldwide Travel LLC with the address of Rixos Premium JBR, The Walk, King Musabah Rashid Al Fattan Building, Dubai Marsa, United Arab Emirates, and operating under the name of Infinia Vacation Club (hereinafter "Infinia Vacation Club" or "We") acting as the data controller in accordance with legal requirements, including but not limited to United Arab Emirates Federal Decree Law No.45 of 2021 regarding the Protection of Personal Data, as well as other applicable law(s).

The purpose of this Policy is to inform you regarding the commitments made by us to ensure the protection of your personal data we collect while you browse the Website, log in to your member account, fill in the forms offered by us or our Website, and/or during/in relation with any of your actions and/or your consent in relation to Infinia Vacation Club.

In this Policy, we particularly provide you with information regarding the personal data we collect from you, how we use, disclose, and protect such data, and finally, how you may exercise your rights over this data.

1. Who We Are

In this Policy, Infinia Vacation Club means and includes;

• (i) Infinia Worldwide Travel LLC with the address of Rixos Premium JBR, The Walk, King Musabah Rashid Al Fattan Building, Dubai Marsa, United Arab Emirates, and
• (ii) Subsidiaries and parent company of Infinia Vacation Club,
• (iii) Hotels operated under the Infinia Vacation Club Program. (This list of hotels may regularly be updated and may be viewed on www.infiniavacationclub.com).

2. What Personal Data is Collected

We may collect personal data or sensitive personal data about you and/or the persons accompanying you (such as secondary guests or children) when you create an account through our website, purchase the Infinia Vacation Club Program, become a member with us, or during your experience as a guest. Such information may include but not limited to the following:

• 2.1. Personal identity and contact details (full name, date of birth, phone number, ID card, passport etc.),
• 2.2. Other relevant personal information (gender, age, signature, country of residence etc.),
• 2.3. Information relating to your family (their full name, date of birth, phone number, ID card, passport etc.),
• 2.4. Information regarding your booking and preferences (arrival and departure dates, smoking or nonsmoking room, food and beverages preferences, type of bedding, type of newspapers/magazines, sports, cultural interests etc.),
• 2.5. Your membership details for Infinia Inner Circle loyalty program, Infinia exchange program or another partner program and information related to your activities within the context of the Infinia Vacation Club Program,
• 2.6. Health data as sensitive data (dietary requirements, allergies, medical information forms etc.),
• 2.7. Personal data in relation to incidents and accidents,
• 2.8. Financial data for billing and payment purposes (credit card number, billing address, purchase history etc.),
• 2.9. Technical data generated via your visit to our Website and other information related to your browsing on our Website (cookies, user activity logs, IP address etc.), You may find our Cookies Policy on www.infiniavacationclub.com
• 2.10. Any and all questions/comments during or following a stay in one of our participating hotels or regarding your Membership,
• 2.11. Images (CCTV footage or publicly taken photographs during your stay(s)),
• 2.12. Web data including social media profile(s), directly or indirectly collected by us
• 2.13. Any other information you directly and voluntarily provide to us while using the Website or during your membership to Infinia Vacation Club Program.

In order to meet your requirements or provide you with a specific service (such as dietary requirements), we may have to collect sensitive personal data, such as information concerning race, ethnicity, political opinions, religious and philosophical beliefs or details of health or sexual orientation. In this case, we will only process this data upon your express prior consent.

You agree that the personal data you provide about yourself to Infinia Vacation Club will be current, accurate, complete and unequivocal.

3. Our Purpose of Collecting and Processing your Personal Data

The main objective of collecting personal data and sensitive personal data is to offer you a secure, optimal, effective and personalized experience. Infinia Vacation Club undertakes to collect and process your personal data lawfully and fairly. The processing implemented by Infinia Vacation Club pursues specified, explicit and legitimate purposes. Your data may be processed for the following purposes in particular:

• 3.1. to provide you product(s) and service(s) regarding your membership based on your selections, preferences and requests,
• 3.2. to facilitate check-ins or check-outs,
• 3.3. for invoicing purposes,
• 3.4. to create a member profile for you and input the necessary details into our customer database,
• 3.5. to communicate with you regarding your membership, your stay(s) and experience(s) within Infinia Vacation Club,
• 3.6. To provide you medical care, in case necessary,
• 3.7. to handle any questions or requests and deal with any complaints you may have,
• 3.8. to remember your log-in information, as well as your account details or preferences to personalize and improve your experience with us,
• 3.9. to conduct surveys or questionnaires for your feedback to provide an improved service to you,
• 3.10. to personalize your experience with us and improve the quality of service and customer experience,
• 3.11. to customize the commercial offers and promotional messages we send you,
• 3.12. to inform you of special benefits and any new services created by Infinia Vacation Club or one of its subsidiaries or commercial partners.
• 3.13. for the purpose of health and safety,
• 3.14. to optimize your browsing and provide you an enhanced experience, (for such purposes we may issue cookies on our Website, please see our Cookies Policy for a better understanding)
• 3.15. to send you commercial information for marketing and advertising purposes,
• 3.16. to identify or investigate incidents, such as if a personal data breach occurred,
• 3.17. for security purposes and to ensure secure backup and archival of our IT systems,
• 3.18. for the internal management of possible inappropriately behaved customers during their stay at the hotel,
• 3.19. for the exercise or defense of legal claims or proceedings,
• 3.20. to conform to any applicable legislation (for example, storing of accounting documents), (including those from the Governments of United Arab Emirates, Turkey and Croatia for guest(s) check-in at the participating hotels)
• 3.21. for any and all other purposes disclosed at the time you provide your personal data or as otherwise set forth in this Notice.

4. Legal bases For Using Your Personal Data

Our sole legal basis of the processing your personal data and sensitive personal data is either (i) the performance of the contract if the request concerns the contractual relationship between Infinia Vacation Club and you, or else (ii) the legitimate interest of us to satisfy your questions and ensure a quality customer service. Therefore, we use the above mentioned personal information of yours;

• 4.1. to perform our obligations according to the agreement executed between you and Infinia Vacation Club,
• 4.2. for legitimate interests such as for business interest, provision of administration and IT services purposes, to improve our business,
• 4.3. since we collect and process your personal information only and in accordance with your consent,
• 4.4. for security purposes,
• 4.5. for financial interest purposes,
• 4.6. to comply with legal and regulatory obligations
• 4.7. for advertising/marketing service purposes,
• 4.8. necessary for our legitimate interests in running our business and to prevent fraud and the abuse of our property and staff.

5. Storage of your Personal Data

We will keep your personal data for a time period necessary based on the member’s membership duration to achieve the purposes for which they are collected and processed, or required/permitted by law in the country in which it is stored. We will delete your personal data once it is no longer necessary for us or the purpose described in this Policy.

We may, however, keep your personal data for a longer period (in archives) whenever there is a legal obligation for us or to take into account the applicable statute of limitation period to assert, exercise or defend legal claims.

We may need to keep your personal information regarding a legal investigation or legislation involving Infinia Vacation Club.

6. Communication of your Personal Data

Your personal data may be shared with the affiliates, parent company, subsidiaries of Infinia Vacation Club; to meet our obligations to you, to carry out necessary processes in order you to benefit from the products services offered by such entities, to perform a contract, and to manage reservations and hotel stays, for the management of Infinia Vacation Club’s loyalty program, to process customer complaints and claims, to ensure effective communication by managing customer relations and ensuring customer satisfaction, to carry out accommodation services, to carry out post accommodation support services, to carry out transfer processes for the accommodation services, to conduct marketing activities related to the services provided, to conduct campaign and promotion activities prepared by affiliates, to execute, control and report financial transactions, to conduct activities in compliance with the legislation. In this context, Infinia Vacation Club and the following entities will act as data controllers for their own, for separate purposes:

• Participating hotels in Infinia Vacation Club Program; as listed below;

Rixos Premium Belek

Kingdom Hotel, The Land of Legends

Nickelodeon Hotel, The Land of Legends

Rixos Park Belek

Rixos Downtown Antalya

Rixos Sungate

Rixos Premium Bodrum

Rixos Premium Gocek

Rixos Tersane Istanbul

Rixos Premium Dubrovnik

Rixos Premium JBR, Dubai

Rixos The Palm, Dubai

Rixos Premium Saadiyat Island, Abu Dhabi

• Luxury Concepts Investments LLC,

• Fine Otel Turizm Işletmecilik A. Ş.,

• Haliç Altın Boynuz Marina Tur. Gay.İns.Yat.Tic. A.Ş.,

• Ekopark Inşaat Tur. San. ve Tic. A.Ş.,

Infinia Vacation Club may also share your data to comply with its legal obligations, to prevent, detect, investigate and take action against any prohibited or illegal activities, any situation threatening the security or any other right and interest of customers, members and guests, Infinia Vacation Club or any individual and any violation of the program. Infinia Vacation Club may also transmit your personal data to respond to legal or administrative proceedings of any kind, court orders or enforcement measures requested by the competent authorities. Moreover, we may share your data in the context of a merger or acquisition of all or part of Infinia Vacation Club by a third party, as is hereby accepted by you.

We may provide access to your personal data to carefully selected third parties such as (cloud) service providers, and/or affiliates or other third parties to provide concierge services, laundry services, marketing communications, to optimize your experience or to perform services related to the Website (including hosting, maintenance, risk and fraud protection, Site optimization) and to perform data analysis and marketing campaign services. These service providers will only have access to your data to perform these services and are bound to the same security and confidentiality obligations as Infinia Vacation Club which remains responsible for the processing of your data.

We may share your personal data with the participating hotels (as listed above) included in the Infinia Vacation Club Program, for booking purposes and to provide you the best stay and experience. These hotels may be operated under a franchise or management agreement between Infinia Vacation Club (or one of its subsidiaries or affiliate across the world) and the hotel’s owner. When staying in one of the participating hotels, your personal data will be dealt with by Infinia Vacation Club and the hotel, both acting as data controllers for their own and for separate purposes. Your personal data is used to improve the quality of service and your experience in each of these hotels.
In such a scenario:

• Infinia Vacation Club will process your personal data because it manages the Website, which allows Infinia Vacation Club to collect the data necessary to organize your stay in one of the participating hotels and to communicate this data to the concerned hotel.
• The Hotel, on the other hand, will process your data to manage its contractual relationship with you (invoicing, payment, booking management etc.), to provide you a comfortable experience during your stay(s) to perform marketing activities and to comply with its legal obligations.

We will do our upmost to ensure that all hotels comply with the applicable data protection laws and this Policy in relation to the processing of your personal data.

7. Transfer of your Personal Data/ Protection of your Personal Data During International Transfers

For the purposes set out in this Policy, your data may be sent, in particular as part of the reservation process and membership necessities, to the participating hotels located in Turkey, Croatia or United Arab Emirates, or we or our third party service providers may transfer your personal data to internal or external recipients who may be domiciled in countries or regions offering different levels of personal data protection equivalent to the laws in your home country.
In case such personal data protection law is not equivalent to the laws in your home country, Infinia Vacation Club will require them to take, in accordance with the applicable legislation on the protection of personal data, all organizational and technical measures to ensure an adequate level of protection of your personal data and transmit such data in compliance with applicable law(s).

8. Your Rights

You have the following rights over your personal data, unless otherwise provided by law or administrative regulations:

(We would like to inform you that depending on the applicable local law(s), these rights may differ depending upon the country in which you are located. That country’s law will determine which rights apply and in what instances.)

8.1. Right to request access to information

You may wish to access the Personal Data we have collected from you, as well as to request copies of such personal data in a structured, commonly used and machine-readable format. You furthermore have the right to be informed on how we process your personal data. Additionally, you have the right to data portability and to issue instructions on how your data is to be treated after your death.

8.2. Right to request correction and deletion of your personal data

You have a right to request any correction or deletion on your personal data. You may as well as request us to complete your incomplete personal information with us. Deletion of such personal data will be possible, unless we are required to store such data or such deletion will affect the services to be provided by us under the Infinia Club Membership Agreement between you and Infinia Vacation Club.

8.3. Right to ask regarding the processing your personal information

You have the right to ask us to explain to you the rules of processing your personal information.

8.4. Right to restrict the processing of your personal data

You have the right to ask us, on grounds relating to your particular situation, to restrict, suspend or deny us processing of your personal data.

8.5. Right to object to automated decision making

You may object to decisions made regarding your personal data based on automated means. You also have the right to obtain human intervention to review decisions made which were based on automated processing.

8.6. Right to withdraw consent for your personal data

For the personal data you have provided your consent to us, you may always exercise your right to
withdraw your consent at any time. The withdrawal of consent will not affect any processing that was based on consent before its withdrawal.

8.7. Right to refuse any communications for marketing purposes

In case you would like not to receive any offers or electronic marketing communications such as emails or text messages, you may always exercise such right of yours.

8.8. Right to request transfer of your personal data

You have the right to have your personal information transferred to another entity that you designate, whenever it is technically feasible. In the event that you have any questions about your personal information or wish to exercise any of your rights, please contact the **Infinia Vacation Club **data privacy department directly by sending an email to dataprivacy@infiniavacationclub.com.

9. Contact Us

In the event that you have any questions about your personal information or wish to exercise any of your rights mentioned in this Policy, please contact the Infinia data privacy department and our appointed directly by sending an email to dataprivacy@infiniavacationclub.com.

10. Changes to this Policy

We may amend this Policy, as well as add or remove sections of this Policy, from time to time, at our discretion. Consequently, we recommend that you consult it regularly. In case we decide to amend this Policy, the changes will be available on the privacy link at the bottom of our Website. In the event of a substantial change, we will inform you by any means, if required by data protection laws.

11. Data Security

Infinia Vacation Club takes appropriate technical and organizational measures, in accordance with applicable legal provisions, to protect your personal data against illicit or accidental destruction, alteration or loss misuse and unauthorized access, modification or disclosure. To this end, we have taken technical measures (such as firewalls) and organizational measures (such as a user ID/password system, means of physical protection etc.) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services. In relation to the submission of credit card data when making a reservation, SSL (Secure Socket Layer) encryption technology is used to guarantee a secure transaction. Organizational measures ensure the security of the processing.