Privacy Policy

1 Introduction

1.1 About Dreamoura

Dreamoura is a travel services platform offering flights, hotels, holiday packages, activities, and ground transportation solutions to travelers across India and GCC countries.
Our mission is to provide safe, transparent, and seamless travel booking experiences supported by modern technology, verified partners, and efficient customer support.

As part of delivering these services, Dreamoura collects and processes certain personal data. We are committed to handling this information responsibly, securely, and in accordance with applicable laws.

1.2 Purpose of This Privacy Policy

The purpose of this Privacy Policy is to explain:

What personal data we collect from you
Why we collect it and how we use it
With whom your data may be shared
How long we retain your data
The rights you have regarding your personal information
How we protect your personal data
How you can contact us for questions or requests

This policy is designed to provide transparency and ensure that travelers understand how their information is handled when using Dreamoura’s platforms, including the website, mobile applications, customer support channels, and partner integrations.

1.3 Scope of Applicability (India & GCC Only)

This Privacy Policy applies exclusively to:

Individuals residing in or accessing Dreamoura services from India and GCC countries, including
United Arab Emirates, Qatar, Saudi Arabia, Oman, Bahrain, Kuwait
All travel-related services provided through the Dreamoura platform such as:
• Flight bookings
• Hotel reservations
• Holiday packages
• Activities & attractions
• Ground transfers and transportation
• Customer support interactions
• Payment and invoicing systems

This policy does not apply to geographies outside India and GCC.
Additionally, this Privacy Policy applies to both registered users and guest users.

Some third-party travel partners may maintain their own privacy policies. When redirected to another provider or completing a booking with them, their privacy practices may also apply.

1.4 Policy Updates & Amendments

a. Dreamoura may update or amend this Privacy Policy periodically to reflect:

Changes in our services or features
Modifications in legal or regulatory requirements
Improvements in data protection and security standards
Updates in technology, security, or operational processes

b. When such updates are made:

The “Last Updated” date will be revised
Significant or material changes will be communicated proactively
Continued use of Dreamoura services after an update indicates acceptance of the revised policy
Dreamoura encourages all users to review this Privacy Policy regularly to stay informed about how their personal data is protected.

2. Key Definitions

To ensure clarity and consistency across this Privacy Policy, the following terms describe how Dreamoura refers to specific roles, services, and processes within the travel ecosystem. These definitions help Travelers understand how their information is used when interacting with the Dreamoura Platform.

2.1 Terms Used in This Privacy Policy

a. Personal Data

“Personal Data” refers to any information that can identify, relate to, describe, or be reasonably linked to an individual. This includes name, email, phone number, passport details (when required), payment details, booking history, device identifiers, IP address, or any information voluntarily shared with Dreamoura during interactions or bookings.

b. Processing

“Processing” refers to any action performed on personal data, whether automated or manual. This includes collecting, recording, storing, organizing, analyzing, using, sharing, transmitting, restricting, or deleting personal data. Any operation Dreamoura performs on personal data falls within this definition.

c. Data Controller

The “Data Controller” is the entity responsible for determining why and how personal data is processed.
For Dreamoura services in India and GCC, the Data Controller is:

Dreamoura
B-307, Joyos Hubtown, Near GSRTC Bus Terminal No.1,
Geeta Mandir, Ahmedabad, Gujarat – 380022, India
Email: privacy@dreamoura.com

Dreamoura ensures that all data processing follows applicable privacy laws and secure practices.

d. Third-Party Processors

“Third-Party Processors” are external, trusted service providers that process personal data on behalf of Dreamoura. These may include airlines, hotels, activity operators, ground transport providers, payment gateways, identity verification partners, marketing platforms, and analytics services. All processors are contractually required to maintain strict confidentiality and security.

e. Platform

The “Platform” includes all Dreamoura-operated digital systems such as websites, mobile applications, booking engines, backend systems, partner integrations, and any other technologies through which Travelers interact with Dreamoura. The Platform enables browsing, comparing, booking, paying for, and managing travel services.

f. Strategic Partner

A “Strategic Partner” refers to any organization—such as airlines, banks, mobile manufacturers, telecom providers, or loyalty programs—that collaborates with Dreamoura to deliver or enhance booking opportunities. Through such partnerships, Travelers can access Dreamoura booking services beyond Dreamoura’s own app or website.

g. Traveler

A “Traveler” is any individual who uses, intends to use, or considers using the Dreamoura Platform to explore, book, or manage travel services. Travelers may book for themselves or for others, and may interact with Dreamoura as registered users or as guest users.

h. Trip

A “Trip” consists of one or more travel products or services selected by a Traveler through the Platform. A Trip may include flights, hotels, transfers, activities, or insurance, provided by one or more Trip Providers. A single Trip can include multiple reservations across different service providers.

i. Trip Provider

A “Trip Provider” is any external company or individual offering a travel-related service that is available for booking through the Dreamoura Platform. This includes hotels, airlines, car rentals, tour operators, insurance companies, and attraction providers. Dreamoura facilitates the transaction but does not directly provide these services.

j. Trip Service

“Trip Service” refers to the suite of online reservation, order management, ticketing, purchasing, and payment facilitation provided by Dreamoura. This service allows Travelers to access Trip Providers’ offerings, check availability, confirm bookings, and complete transactions securely on the Platform.

k. Trip Reservation

A “Trip Reservation” is the confirmed act of booking, purchasing, or paying for a travel service on the Platform. This includes flight tickets, hotel stays, tour packages, attraction entries, transfers, or any other travel-related bookings. A reservation becomes official once the Traveler completes the checkout and receives a confirmation.

3. Personal Data We Collect and Process

Dreamoura collects and processes personal data to fulfill Trip Reservations, provide customer support, improve platform security, and enhance the Traveler experience. This section outlines all categories of data we collect, how we collect them, and why they are necessary.

3.1 Personal Data You Voluntarily Provide to Us

You may choose to provide personal data when browsing, booking, communicating, or creating an account on the Dreamoura Platform. This includes the following:

a. Information Required to Make a Trip Reservation

When completing a Trip Reservation, the following information is necessary:

a1. Basic Identification & Contact Details

Full name
Email address
Home address
Telephone number

These details allow Dreamoura and Trip Providers to issue confirmations, updates, tickets, and support communications.

a2. Payment & Billing Information

Payment card type (masked)
Cardholder name
Billing address
Payment authentication information
Refund details (if applicable)
Payment details are processed securely via PCI-DSS-compliant gateways; Dreamoura does not store full card numbers.

a3. Travel Context & Preferences

Dreamoura may request information such as:

Whether travel is for business or leisure
Names and dates of birth of co-travelers
Dietary preferences, accessibility needs, or special requests
Preferred seats, baggage selections, or room types
This helps personalize and complete your Trip accurately.

a4. Identification for Mandatory Travel Services

For certain services—especially flights, visa-required attractions, government-controlled tours, and international activities—we may collect:

Passport details
National ID information
Visa or permit details
Expiry dates of identification documents
Copies of ID (where required by Trip Providers or law)

This data may also be used to complete online check-in where applicable.

b. Customer Interaction and Feedback

We collect data when you engage with customer support, Trip Providers, or other communication channels.

b1. Customer Service Interactions

This includes:

Your name
Contact details
Conversation metadata (call origin, timestamps, call duration)
Audio recordings (where legally permitted and disclosed)
Chat logs or email content

This ensures service quality, troubleshooting, and accurate follow-up.

b2. Communication Through the Platform

When you message Trip Providers via Dreamoura, we process:

Email exchange content
Chat messages
Attachments you upload (e.g., ID proofs, vouchers)

Dreamoura may also filter communications for security to block spam, malware, or fraudulent messages.

b3. Saved Items & Trip Planning Activities

If you save flights, hotels, or packages to a wish list or favorites:

Saved search results
Watchlist items
Price alerts

This enables personalized trip planning features.

b4. Reviews and Ratings

After completing a Trip, you may submit a review. We store:

Review content
Rating scores
Display name or avatar
Metadata of the review submission

Reviews help Travelers make informed choices.

c. Account Management and Verification

When you create an account on Dreamoura, we collect data required to maintain your profile.

c1. Account Profile Data

Includes:

Login credentials
Saved contact details
Saved travelers (family/friends)
Saved payment cards (tokenized)
Booking history
Uploaded documents (optional)

c2. Identity Verification (If Applicable)

In countries where Dreamoura offers verified profile badges, we may request:

Official ID document (passport, national ID)
A selfie or facial image for authentication
Verification results from trusted partners

This helps prevent fraud and confirm user legitimacy.

d. Location and Device Permissions

When using the Platform on a mobile device or app, you may choose to grant additional permissions.

d1. Location Data (Optional)

Provided if you allow your device to share it:

GPS-based location
Nearby attractions or services
Real-time trip assistance (e.g., pick-up for transfers)

d2. Device Permissions

Depending on interaction, you may grant permissions to:

Access photos (for uploading documents)
Access camera (for ID verification or scanning cards)
Push notifications
App diagnostics

Granting permission is voluntary and can be controlled via device settings.

3.2 Personal Data You Provide About Other Individuals

Travelers may book Trips for others. When doing so, you may provide:

Co-traveler full names
Dates of birth
Contact information
Passport or ID details (where required)
Travel preferences or special requirements

Your Responsibility

You must ensure that:

Each individual is aware you are sharing their personal data
They understand how Dreamoura processes it, as described in this Privacy Notice

Dreamoura assumes you have obtained permission from these individuals.

3.3 Personal Data We Collect Automatically

When interacting with the Platform—whether logged in, browsing, or making a reservation—Dreamoura automatically collects certain technical data.

a. Technical Identifiers

Automatically collected includes:

IP address
Date and time of access
Pages visited
Session duration

This supports security, fraud prevention, and platform optimization.

b. Device & Software Information

We collect details related to your device such as:

Operating system
Browser type and version
Mobile app version
CPU/RAM characteristics (in anonymized form)
Language settings

This allows Dreamoura to display the Platform correctly and maintain compatibility.

c. App Usage Data

For mobile app users, we collect:

Device type
App crash logs
Error diagnostics
Feature usage patterns
Navigation flow

This helps improve app stability and user experience.

d. Referral & Activity Tracking

We record:

Whether you were redirected from a third-party site
Campaign or partner that referred you
Clicks, scroll activity, viewed pages
Search filters applied

This helps us improve marketing relevance and UX design.

3.4 Personal Data and Information We Receive from Other Sources

Dreamoura may receive data about you from external partners to fulfill your Trip, secure payments, resolve issues, or enhance services.

a. Trip Providers

Trip Providers may share:

Booking confirmations
Check-in status
Support inquiries
Cancellations or changes
Complaints related to the reservation

This ensures accurate booking management.

b. Strategic Partners

Partners offering Dreamoura-powered services may share:

Reservation details
Traveler information
Payment confirmation
Usage insights

This occurs when you complete a booking via a third-party interface powered by Dreamoura.

c. Payment Service Providers

Trusted payment partners like Stripe, Razorpay, PayU, Adyen may share:

Payment authorization status
Fraud risk flags
Chargeback information
Refund confirmations

This ensures safe and lawful payment processing.

d. Redirect and Affiliate Partners

If you click a link from another website or app to reach Dreamoura, they may share:

Booking identifiers
Campaign attributes
Click-through data

This allows Dreamoura to confirm reservations and track performance.

e. Communication Services

Dreamoura processes communications exchanged through the Platform between Travelers and Trip Providers.
Dreamoura may also:

Scan messages for malicious content
Block spam or fraudulent messages
Retain communication logs for dispute resolution

f. Marketing & Analytics Partners

We receive aggregated data from:

Social media platforms
Advertising networks
Analytics providers

This helps measure performance, improve personalization, and manage advertising.

g. Identity Verification Services

For users undergoing verification, third-party partners may confirm:

Identity document authenticity
Biometric match accuracy
Fraud risk indicators

This helps secure the Platform for all Travelers.

4. How We Use Your Personal Data

Dreamoura uses your personal data only for specific, lawful purposes. These purposes relate to the provision of travel services, customer support, security, legal compliance, and the improvement of our Platform and products.

4.1 Purposes for Collecting and Processing Your Personal Data

a. Trip Reservations

The primary reason we process your personal data is to complete and manage your Trip Reservation. This is central to our service.

We use your data to send booking confirmations, payment receipts, vouchers, itinerary details, changes or cancellations, and reminders.
We may process your data to support online check-in, coordinate with Trip Providers, or manage security deposits (for example, certain hotels, rentals or cars).
Data used: Contact details (name, email, phone), reservation details (dates, destination, Trip Provider), and payment or transaction-related data.

b. Customer Service

We use your personal data to provide customer support and resolve issues related to your Trip or the use of our Platform.

Our support team may access your reservation details to answer questions, modify bookings, contact the Trip Provider, or assist with cancellations and refunds.
Data used: Reservation details (dates, price, services booked), contact details, and information about your interactions with us or Trip Providers.

c. User Accounts

You can create a Dreamoura account to manage your interactions with our Platform more easily.

Your account allows you to view and manage reservations, save favorite searches or trips, access offers, store traveler profiles, and control preferences such as language, currency and communication settings.
You may create a public profile using your first name or a screen name. In some regions, Dreamoura may offer account verification, which can include confirming details against historical or publicly available data.
For business users (e.g., Dreamoura for Business), you may store corporate contact details, manage business bookings and link other account holders.
Data used: Login credentials, account details, booking history, saved settings, and (where applicable) verification information.

d. Marketing Activities

We use certain personal data to carry out marketing and promotional activities, always in line with applicable law.

Personalized messages: We may send tailored communications such as promotional offers, loyalty benefits, travel ideas, surveys, or product updates via email, SMS, push notifications, or in-app messages. You can unsubscribe at any time using the link in each email or through your account settings.
Personalized advertising: We may display customized content and offers on the Dreamoura Platform or on third-party platforms (for example, via ads or sponsored placements).
Promotional campaigns & events: We may invite you to join contests, referral programs or special campaigns based on your previous interactions.
Data used: Contact data, account information, location data, browsing behavior, preferences, search history and reservation history (sometimes combined across devices).

e. Communicating with You

We use your personal data to communicate with you for non-marketing, service-related and administrative reasons.

Responding to queries from you or from Trip Providers about your reservation.
Reminding you about incomplete bookings so you can easily finish your Trip Reservation.
Requesting feedback or inviting you to review your experience with Dreamoura or the Trip Provider.
Sending important pre-trip information, emergency contact details or destination-related guidance.
Sending security notifications, policy changes, or warnings if misconduct is reported.
Data used: Name, email address, phone number, reservation details, and the content of your previous communications.

f. Market Research

We may invite you to participate in surveys, interviews or studies to better understand customer preferences.

The type of data collected and how it will be used is always explained in the specific research invitation.
Participation is voluntary.

g. Improving Our Services and Platform

We process personal data to improve how our Platform and services function.

Analytics: We analyze how users interact with our website and app, including clicks, searches, and booking flows, to improve performance, usability and relevance.
AI & Machine Learning: We may use data to train and refine algorithms (for example, to improve recommendation quality, detect patterns or optimize pricing visibility). Wherever possible, we use anonymized or pseudonymized data.
Testing & troubleshooting: We use data to test new features, fix errors, and improve stability and reliability.
Data integration: We may combine data from different sessions, devices or channels—even when you are not logged in—to understand general usage patterns, subject to applicable law.
Data used: Search queries, reservations, reviews, technical logs, app usage and other usage metrics, often in summarized or pseudonymized form.

h. Displaying Relevant Pricing

We may use certain data to show applicable and accurate pricing.

For example, prices may vary depending on factors such as your geographic region or applicable taxes/fees.
Data used: IP address, device type, referral source and general location indicators.

i. Customer Reviews and Destination Information

We use personal data to request, host and display reviews and ratings.

You or your co-travelers may be invited to review Trip Providers, destinations or activities.
Reviews help other Travelers make better decisions and help us monitor service quality.
When reviews are displayed, we usually show only limited identifying information (for example, first name or chosen screen name, and possibly a country or profile avatar).
All reviews are subject to our Terms of Service and content moderation policies.

j. Call Monitoring

When you call our customer service:

We may automatically recognize your number to quickly find your reservation, but agents may still verify your identity.
Calls may be monitored or recorded (where legally allowed and disclosed) for training, quality assurance, dispute resolution, fraud prevention and legal purposes.
Recordings are normally kept for a limited period (for example, 30 days) and then deleted unless needed for an ongoing investigation or legal requirement.

k. Promotion of a Safe and Trustworthy Service & Fraud Prevention

We continuously monitor data to maintain a safe and trustworthy environment for all users.

Detecting and preventing fraud (for example, stolen cards, bots, fake accounts or suspicious booking patterns).
Investigating misuse of the Platform or behavior reported as harmful or abusive.
Temporarily holding or cancelling reservations if serious concerns arise about safety, fraud or illegal activities.
Data used: Contact details, IP address, device identifiers, reservation details (including cancellations), reviews, account status, location data, communication records and media shared (images or documents). We may use automated tools, including AI-based systems, to help detect suspicious activity.

l. Legal Purposes

We also process your personal data where necessary to comply with legal and regulatory obligations.

Responding to lawful requests from law enforcement, regulators, courts or government authorities.
Handling and resolving legal claims, disputes or regulatory investigations.
Meeting obligations related to taxation, accounting, reporting, audit or consumer protection laws.
Enforcing our Terms of Service where tied to legal obligations.
Data used: Reservation history, transaction details, communications, and other relevant records.

4.2 Legal Bases for Processing Personal Data

Dreamoura relies on the following legal bases for processing your personal data, depending on the context:

a. Contractual Necessity

We process your personal data when it is necessary to perform the contract between you and Dreamoura.

This includes:

Finalizing and administering Trip Reservations
Providing customer service related to your Trip
Managing your account where it is needed for bookings

If you do not provide the required data, we may not be able to complete your reservation or provide certain services.

b. Legitimate Interests

We process your data when it is necessary for Dreamoura’s or a third party’s legitimate interests, and when those interests are not overridden by your rights and freedoms.

Examples include:

User Accounts:
Managing your account, saved searches, lists, reviews, and business profiles in a convenient and secure way.
Marketing Activities:
Sending relevant, limited marketing communications; showing personalized offers; and measuring campaign performance.
Communications:
Sending non-marketing messages about reservations, security, feedback, and service updates.
Market Research:
Inviting you to participate in surveys and studies to improve our services.
Improving Services:
Using analytics, testing and data integration to enhance the Platform, algorithms and user experience.
Pricing Display:
Showing appropriate prices depending on region or applicable conditions.
Reviews and Content:
Requesting and displaying reviews and ratings to inform other Travelers.
Call Monitoring:
Recording or monitoring calls for training, quality and fraud prevention.
Safety & Fraud Prevention:
Preventing financial loss, misuse, and illegal activities.

Before relying on legitimate interest, Dreamoura carries out a balancing test to ensure your privacy rights are respected.

c. Legal Obligations

We process personal data when required to comply with laws and regulations applicable to Dreamoura.

This includes:

Responding to lawful requests from authorities
Complying with tax, accounting, reporting and regulatory requirements
Supporting investigations and legal processes
Enforcing certain legal aspects of our Terms of Service

d. Consent (Where Required)

In some cases, we rely on your explicit consent to process personal data.

This may include certain types of direct marketing, use of optional cookies/trackers, or specific data processing required by local law.
When consent is the legal basis, you may withdraw it at any time without affecting the lawfulness of processing that took place before withdrawal.

If you wish to object to processing based on legitimate interest or withdraw consent where applicable, you can do so through your account settings or by contacting us as described in the “Your Rights” section.

4.3 How We Share Personal Data Within Dreamoura

Dreamoura operates as a single brand. Your personal data is shared internally only when necessary and always under strict access controls.

We share data internally to:

Provide and manage your reservations
Deliver customer support
Maintain Platform security and detect fraud
Perform analytics and improve services
Execute lawful marketing and personalization
Host, maintain and secure our IT systems
Comply with applicable legal obligations

Legal basis:
For most internal sharing, we rely on legitimate interests (efficient operation and security of the Platform).
For compliance-related sharing, we rely on legal obligations, and when required, we obtain your consent.

4.4 How We Share Personal Data with Third Parties

Dreamoura does not sell your personal data. We share it only with third parties that are necessary for providing our services or fulfilling legal and business obligations.

The main categories are:

a. Trip Providers

We share data with the Trip Provider you have booked so they can deliver the service.

a1. Data shared may include:

Your name and contact details
Names and details of co-travelers
Reservation details (dates, times, preferences, special requests)
Payment-related details (if payment is handled by the Trip Provider)

In some cases, we may also share limited profile summary information, such as:

Whether your account is verified
Whether you have booked with this provider before
Number of completed reservations
Whether any misconduct has been reported
Whether you previously left reviews

Trip Providers then become independent controllers for the data they receive. You should review their own privacy policies to understand how they process your personal data.

b. Strategic Partners

We work with Strategic Partners (such as banks, airlines, loyalty programs, or co-branded platforms) to distribute Dreamoura services.

On co-branded websites, we may share reservation-related data with the partner.
On partner-operated platforms, data you provide to them may be forwarded to Dreamoura to process your reservation.
In some cases, Dreamoura and the partner may act as joint controllers for specific processing. If so, you will be informed which entity to contact for data rights.

We may also share information with partners for fraud detection and security.

c. Connectivity Providers

Some Trip Providers use third-party “Connectivity Providers” to receive booking information from Dreamoura.

These parties act on behalf of the Trip Provider, not on behalf of Dreamoura.
They receive the reservation details needed for the Trip Provider to manage your booking.

d. Third-Party Service Providers

We use external service providers for:

Customer support and call center services
Market and industry research
Fraud detection and security services
Insurance-related claims and support
IT hosting, infrastructure and maintenance

These service providers are contractually bound to use personal data only as instructed by Dreamoura and to maintain appropriate security.

e. Payment Service Providers and Financial Institutions

We share data with payment processors and financial institutions to:

Process payments and refunds
Handle chargebacks and disputes
Prevent fraud and unauthorized transactions

If you or your bank initiates a chargeback, we may share reservation details (including IP address and booking confirmation) with payment providers and banks to support or evaluate the claim.

f. Marketing & Advertising Partners

We may share limited data with marketing and advertising partners to:

Deliver relevant advertisements
Measure and improve campaign performance
Build aggregated audience insights

Techniques such as hashing (turning email/phone into coded values) and aggregation/pseudonymisation are used to reduce direct identification.

g. Verification Providers

For account or identity verification, we may share:

Name, email, phone number
Address
Passport/ID details
Linked social media account details

These providers may use automated systems to confirm authenticity and detect bots. Data is kept only as long as necessary for verification.

4.5 Ground Transportation (Transfer Module)

If you use Dreamoura to book ground transportation (e.g., transfers, car rentals, or public transport), additional data processing may apply.

a. Additional Data You Provide

For car rental or transfers, we may request:

Home and billing address
Phone number
Date and place of birth
Passport and driving licence details
Government-issued identification (if required by law)
Names and ages of additional drivers or passengers
Pick-up and drop-off locations

b. Data From Ground Transport Providers

Ground transportation companies may share with Dreamoura:

Status of your booking
Details of support queries or complaints
Information about disputes related to your Trip

This helps us support you and manage service quality.

c. Data We Share With Ground Transport Providers

We share necessary data with ground transportation providers and their fleets to:

Confirm your booking
Enable vehicle pick-up or ride provision
Support pre-registration (where available) to make pick-up faster

Some providers may request additional data from you directly to comply with local laws or insurance requirements. Any information given directly to them is governed by their own privacy policy.

5. Your Rights and Data Subject Controls

Dreamoura respects your privacy and aims to give you clear and practical control over your personal data. This section explains the rights you may have under applicable data protection laws in India and GCC countries and how you can exercise them.

The availability and exact scope of these rights may vary depending on the laws of the country or region from which you access the Platform, but we will always handle your requests in a fair and transparent manner.

5.1 Overview of Your Rights

Subject to applicable law, you may have some or all of the following rights in relation to your personal data:

a. Right to Access

You have the right to request confirmation of whether Dreamoura processes your personal data and, if so, to obtain a copy of that data and certain related information (such as the categories of data, purposes of processing, and data sharing details).

b. Right to Rectification (Correction)

You have the right to request correction of inaccurate, incomplete or outdated personal data.

If any of your personal details are incorrect (for example, your name, contact information or saved traveler details), you can usually update them directly via your Dreamoura account.
Where that is not possible, you may contact us and we will correct the data for you, where legally permitted.

c. Right to Erasure (Right to be Forgotten)

In certain circumstances, you may request that we delete your personal data.

Typical situations include:

The data is no longer necessary for the purposes for which it was collected.
You have withdrawn consent (where consent was the legal basis) and no other legal basis applies.
You have successfully objected to processing based on legitimate interest.
The data has been unlawfully processed.

Please note that we may retain certain data where we are required to do so by law, for fraud prevention, or for the establishment, exercise, or defense of legal claims.

d. Right to Restriction of Processing

You may request that we restrict the processing of your personal data in specific cases, for example:

While we verify the accuracy of data that you claim is incorrect.
Where processing is unlawful but you prefer restriction instead of deletion.
Where we no longer need the data, but you require it for legal claims.
Where you have objected to processing and we are considering the request.

When processing is restricted, we will store your data but generally not use it for active purposes unless you consent or we are legally allowed to do so.

e. Right to Data Portability

In certain situations, you may have the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format and to request that we transfer it to another service provider, where technically feasible.

This right typically applies when:

Processing is based on your consent or on a contract with you, and
Processing is carried out by automated means.

f. Right to Object to Processing

You may have the right to object, at any time, to the processing of your personal data where such processing is based on our legitimate interests (including profiling based on those interests).

If you object, we will stop processing the data unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms, or where processing is required for legal claims.

You also have the absolute right to object to processing of your personal data for direct marketing purposes, including profiling related to direct marketing. If you object to marketing, we will stop using your data for that purpose.

g. Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you may withdraw your consent at any time.

Withdrawing consent will not affect the lawfulness of processing that occurred before the withdrawal.
If you withdraw consent, we may not be able to provide certain services that rely on that consent (for example, specific marketing programs or optional tracking).

h. Rights in Relation to Automated Decision-Making (Where Applicable)

If Dreamoura uses automated decision-making that produces legal effects or significantly affects you (for example, certain fraud-check systems), you may have the right to:

Request human review of the decision
Express your point of view
Contest the decision

We use automated tools mainly for security, fraud detection, misuse prevention, and marketing optimization, and we aim to keep such systems fair and proportionate.

5.2 How to Exercise Your Rights

You can exercise your rights using the methods below. We may need to verify your identity before processing your request.

a. Through Your Dreamoura Account

Where available, many controls are accessible directly in your account:

Update your profile and contact details
View your past reservations
Manage marketing preferences and communication settings
Delete saved travelers or payment methods
Close your account (where supported)

Using account-level controls is usually the fastest way to apply changes.

b. By Contacting Us

For requests that cannot be completed through your account, or if you do not have an account, you may contact us via:

Privacy Email: privacy@dreamoura.com
Customer Support Email: support@dreamoura.com

When contacting us, please:

Clearly describe which right(s) you wish to exercise (e.g., access, deletion, objection).
Provide enough details for us to verify your identity and locate your data (e.g., full name, email address used for bookings, reservation IDs if applicable).

c. Identity Verification

To protect your personal data, Dreamoura may request additional information to confirm your identity before acting on your request, especially for:

Access, deletion, or portability requests
Requests involving sensitive or high-risk data (e.g., ID documents)

If we reasonably cannot verify your identity, we may be unable to respond fully to your request, as required by applicable laws.

d. Response Timeframes and Conditions

We aim to respond to valid requests within a reasonable time, typically within 30 days, subject to applicable legal timelines.

We may:

Ask you for clarification if your request is unclear or overly broad
Reject requests that are manifestly unfounded or excessive, as permitted under law
Retain certain data where required by law or for legitimate purposes (e.g., fraud prevention or legal claims), even if you request erasure.

Where we are legally permitted or required to decline your request, we will explain the reasons to you, unless we are prohibited from doing so by law or regulation.

5.3 Your Choices About Marketing and Cookies

a. Marketing Communications

You can control how we contact you for marketing purposes:

Email: Use the “unsubscribe” link in marketing emails.
Account Settings: Adjust communication preferences within your Dreamoura account (where available).
Support: Contact us at support@dreamoura.com if you need assistance.

Please note:

Even if you opt out of marketing, we may still send service-related communications, such as booking confirmations, important updates about your Trip, or security alerts.

b. Cookies and Tracking Technologies

You can manage certain cookie and tracking preferences as follows:

Use your browser or device settings to block or delete cookies.
Use any cookie banner or preference center provided on the Dreamoura Platform (where implemented) to adjust non-essential cookies.

Blocking some cookies may affect the functionality or performance of the Platform.

More information is provided in Section 6: Cookies & Tracking Technologies.

5.4 Complaints and Escalation

a. Contacting Dreamoura

If you have concerns or complaints about how Dreamoura handles your personal data, you are encouraged to contact us first so we can attempt to resolve the issue directly:

Privacy Email: privacy@dreamoura.com
Customer Support Email: support@dreamoura.com

We take privacy complaints seriously and will investigate them in good faith.

b. Contacting Supervisory or Regulatory Authorities

Depending on your country of residence, you may also have the right to lodge a complaint with a relevant data protection authority or regulator in your jurisdiction.

We will cooperate with such authorities, in accordance with applicable law, to help resolve any concerns.

6. Cookies & Tracking Technologies

Dreamoura uses cookies, mobile identifiers, and similar tracking technologies to improve platform functionality, enable seamless Trip Reservations, enhance user experience, conduct analytics, and deliver relevant advertising. This section explains how these technologies work, why we use them, and how you can control them.

6.1 What Are Cookies?

Cookies are small text files that are stored on your browser or device when you visit a website or use an app. Cookies enable websites and apps to recognize your device, remember your preferences, and provide tailored content or functionality.

Dreamoura uses both:

First-party cookies – set directly by Dreamoura
Third-party cookies – set by partners such as analytics providers, advertising networks, and payment processors

Cookies may be:

Session cookies – active only during your browsing session and deleted after you close the browser
Persistent cookies – stored for a defined period and retained between sessions

6.2 What Are Mobile Identifiers and Similar Technologies?

In addition to cookies, Dreamoura may use:

• SDKs (Software Development Kits)

Used in mobile apps to enable features such as push notifications, crash reporting, and analytics.

• Pixels / Web Beacons

Tiny graphic images embedded in web pages or emails to track interactions (e.g., when an email is opened).

• Tracking URLs

Special links that measure traffic sources and campaign effectiveness.

• Device Fingerprints

A combination of device attributes (OS, browser type, IP, screen resolution, etc.) used to detect fraud and ensure security.

• Local Storage & IndexedDB

Browser data storage technologies used for performance enhancement, caching content, and maintaining session state.

These technologies serve similar purposes to cookies but may function differently depending on the device or browser.

6.3 Why We Use Cookies & Tracking Technologies

Dreamoura uses cookies and tracking technologies for several key purposes. These purposes fall under four primary categories:

a. Strictly Necessary Cookies (Essential Cookies)

These cookies are required for the essential operation of the Dreamoura Platform. Without them, many features—such as logging in, making a Trip Reservation, or securing your payment—would not function properly.

Examples include:

Maintaining session integrity for logged-in users
Processing Trip Reservations
Enabling secure payment processing
Preventing fraudulent activity
Managing cookie consent preferences

These cookies cannot be disabled through user preferences because they are essential for providing core services.

b. Functional & Preference Cookies

These cookies allow Dreamoura to remember your:

Preferred language
Preferred currency
Previously viewed items/trip searches
Account settings
Region-specific display preferences
Accessibility options

They enhance your user experience by making your interactions faster and more personalized.

Example uses:

Remembering your recent destinations
Saving your browsing filters (e.g., price range, number of guests)
Keeping you logged in (if you choose)

c. Performance & Analytics Cookies

These cookies help Dreamoura analyze how users interact with the Platform and improve performance.

We use analytics tools such as:

Google Analytics
Firebase or Mixpanel (for app behavior tracking)
Internal analytical engines

Data collected may include:

Pages visited
Buttons clicked
Search filters used
Load times and crash reports
Device characteristics (browser type, OS, screen size)
Error logs

We use this data to:

Improve platform reliability
Enhance user experience
Optimize trip search results
Experiment with new features (A/B testing)
Detect technical issues

Where possible, data is aggregated, anonymized, or pseudonymized.

d. Advertising & Marketing Cookies

These cookies help Dreamoura deliver relevant advertising to users and measure advertising effectiveness.

They may:

Track browsing patterns across the Dreamoura website and app
Record whether an advertisement was viewed or clicked
Deliver personalized advertising
Show retargeted ads after you leave the Platform
Limit how often you see an advertisement
Help measure campaign performance

Third-party advertising partners may include:

Google Ads
Meta Ads (Facebook, Instagram)
TikTok Ads
Programmatic ad networks

We may use hashed identifiers (e.g., email addresses transformed into unreadable codes) to match users with their profiles on advertising platforms. This process does not allow partners to identify you directly.

6.4 Third Parties Who Set Cookies

Dreamoura may allow certain trusted third parties to set cookies or tracking technologies when you use the Platform.

These may include:

• Analytics Providers

Help measure traffic, performance, and user behavior.

• Advertising Networks

Display or personalize ads.

• Payment Gateways

Provide secure payment authentication.

• Security & Fraud Prevention Services

Identify suspicious activity, bots, or fraudulent transactions.

• Trip Providers & Strategic Partners

Measure how users reach their platforms or complete bookings.

All such partners are contractually obligated to handle personal data securely.

6.5 How Long Cookies Are Stored

Cookie retention depends on the purpose:

Session cookies: removed when you close your browser
Persistent cookies: stored for a set duration, ranging from a few days to a maximum of 24 months

Retention periods are chosen based on:

Technical needs
Legal requirements
User experience optimizations
Fraud prevention importance

6.6 How You Can Manage or Disable Cookies

You have several options to control cookies and similar technologies. Note that disabling certain types of cookies may affect platform functionality or prevent you from completing Trip Reservations.

a. Browser Controls

Most browsers allow you to:

Block cookies entirely
Delete existing cookies
Block third-party cookies
Set notifications when cookies are being placed

Popular browser help pages:

Chrome: Settings → Privacy → Cookies
Safari: Preferences → Privacy
Firefox: Options → Privacy & Security
Edge: Settings → Cookies & Site Permissions

b. Dreamoura Cookie Preference Center (Where Available)

If implemented, you may find a cookie banner or preference center enabling you to:

Accept all cookies
Reject non-essential cookies
Customize cookie settings

Strictly necessary cookies cannot be disabled.

c. Device-Level Controls (For Mobile Apps)

You can manage permissions through your device settings, e.g.:

Turn off location tracking
Disable ad personalization IDs (Android Advertising ID / Apple IDFA)
Block notification permissions

Examples:

Android: Settings → Privacy → Ads
iOS: Settings → Privacy → Tracking

d. Opt-Out Tools Provided by Third Parties

Some ad networks provide opt-out tools:

Google Ads Preferences: adssettings.google.com
Facebook Ad Preferences: facebook.com/ads/preferences
Network Advertising Initiative (NAI): optout.networkadvertising.org

These tools may not disable all advertising cookies but can reduce personalized tracking.

6.7 Cookies and Personal Data

Cookies may involve the processing of personal data such as:

IP address
Device identifiers
Browsing behavior
Location (approximate)
Search and reservation activity

Where required by law, Dreamoura will:

Seek your consent before setting non-essential cookies
Provide clear explanations of cookie purposes
Allow you to withdraw consent at any time

6.8 Use of Cookies for Security & Fraud Prevention

Dreamoura uses certain tracking technologies to:

Detect fraudulent login attempts
Flag suspicious reservation patterns
Identify bots or harmful scripts
Prevent misuse of promotional codes
Protect payment systems

Such technologies are considered essential for platform safety and are processed under legitimate interests or legal obligations.

6.9 Email Tracking Technologies

Dreamoura may use tracking pixels in emails for purposes such as:

Understanding whether an email was opened
Measuring click-through rates
Improving email design and relevance

You may disable email tracking by choosing to view emails in “plain text” mode or blocking images in your email client.

6.10 Updates to This Cookies & Tracking Section

Dreamoura may update this section periodically to reflect:

Changes in technology
Changes in regulatory requirements
Enhancements to our platform
Updates in third-party tools we use

When required by law, Dreamoura will request renewed consent after updates.

7. Data Storage, Retention, and Security

Dreamoura is committed to safeguarding your personal data through secure storage practices, controlled access, and appropriate retention periods. This section explains where your data is stored, how long it is retained, and the security measures we apply to protect it.

7.1 Where Your Data Is Stored

Dreamoura stores and processes personal data using secure cloud infrastructure and third-party service providers. Depending on the service and legal requirements, your personal data may be stored in:

India
GCC countries (e.g., UAE, Qatar, Saudi Arabia)
Other jurisdictions with adequate or contractually protected safeguards (e.g., Singapore, Europe)

Data may be processed in multiple geographic locations to ensure:

Reliable service performance
Fast platform availability for India & GCC users
Payment processing compliance
Fraud prevention and platform integrity
Redundancy and disaster recovery

All service providers handling your data must comply with strict contractual confidentiality and security requirements.

7.2 How Long We Retain Your Data

Dreamoura retains your personal data only for as long as necessary to achieve the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Below are general retention categories:

a. Reservation and Transaction Data

Includes booking details, payment confirmations, and communication logs.
Retention: 7–10 years (depending on accounting, tax, fraud-prevention, and regulatory requirements).

b. Account Information

Includes profile details, saved travelers, preferences, and trip history.
Retention: As long as your account remains active.
If you delete your account, this data is removed or anonymized unless retention is required for legal reasons.

c. Customer Support Records

Includes call recordings, chat logs, and email correspondence.
Retention: Typically 30–180 days unless extended for dispute resolution or fraud investigation.

d. Marketing and Analytics Data

Includes cookies, browsing patterns, and marketing preferences.
Retention: 6–36 months, depending on the type of data. Cookies are retained based on Section 6.

e. Fraud and Security Data

Includes device identifiers, risk assessments, and investigation logs.
Retention: Up to 5 years or longer when required for fraud detection or legal claims.

f. Legal Compliance Data

Includes information necessary for statutory obligations.
Retention: Based on applicable laws in India and relevant GCC jurisdictions.

Where possible, Dreamoura anonymizes or pseudonymizes personal data for long-term analytical use.

7.3 How We Protect Your Data (Security Measures)

Dreamoura applies robust organizational, technical, and physical safeguards to protect personal data from:

Unauthorized access
Disclosure
Alteration
Loss
Destruction

Key security measures include:

a. Encryption

Data transmitted between your device and our servers is encrypted using SSL/TLS.
Sensitive personal data and payment information are encrypted at rest.

b. Secure Payment Processing

All payments are processed through PCI-DSS-compliant providers.
Dreamoura never stores full credit card numbers.

c. Access Control

Only authorized personnel can access personal data.
Role-based authentication ensures access is granted strictly on a need-to-know basis.

d. Threat Detection & Fraud Prevention

Automated tools are used to detect bots, fraud attempts, and misuse.
Suspicious accounts may be paused or reviewed.

e. Data Minimization Practices

We collect only what is necessary for legitimate business operations.
Non-essential data is deleted or anonymized.

f. Secure Infrastructure

Regular backups
Firewalls and intrusion detection systems
Redundancy and failover systems
Secure server environments with 24/7 monitoring

g. Third-Party Compliance

All vendors processing data for Dreamoura must:

Follow strict confidentiality policies
Implement appropriate security controls
Comply with applicable data protection regulations

7.4 Data Breach Notifications

In the unlikely event of a data breach that affects your personal data:

Dreamoura will take immediate corrective action.
Where legally required, we will notify affected users and relevant authorities within the applicable timeframe.

8. International Transfers

Dreamoura operates in India and GCC markets, but some technical operations and service integrations may require the transfer of personal data outside these regions. This section explains how such transfers are handled lawfully and securely.

8.1 Why International Transfers Occur

Your personal data may be transferred to other countries for the following purposes:

Secure cloud hosting and storage
Payment processing by global financial gateways
Customer service operations
Fraud detection and risk monitoring
Analytics and platform optimization
Services provided by global Strategic Partners and Trip Providers

These transfers are necessary to ensure a consistent, secure, and high-quality travel booking experience.

8.2 Safeguards for International Data Transfers

Dreamoura ensures that any international transfer of personal data adheres to recognized legal and compliance standards. Depending on the jurisdiction, we use one or more of the following safeguards:

a. Contractual Protections

We require service providers and partners to enter into Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) (or equivalent provisions) ensuring adequate protection.

b. Adequacy Decisions / Equivalent Measures

Where data is transferred to countries recognized as having adequate data protection laws (e.g., GDPR-aligned jurisdictions), we rely on those regulatory frameworks.

c. Robust Organizational and Security Measures

Regardless of location, all processors must implement:

Strong encryption
Controlled access
Incident response procedures
Regular security audits

d. Limiting Transfers

We minimize international transfers wherever feasible and ensure they occur only when necessary to fulfill:

Trip Reservations
Operational needs
Legal obligations

8.3 Transfers to Trip Providers

When you make a Trip Reservation:

Your personal data may be sent to Trip Providers located in India, GCC, or other countries relevant to the service.
Providers may operate under their own local laws, which may differ from yours.
You are encouraged to review each Trip Provider’s privacy policy for additional details on their processing practices.

8.4 Transfers to Third-Party Processors

Some third-party processors may be located outside India or GCC, such as:

Cloud hosting companies
Global customer service tools
Payment gateways
Analytics vendors
Verification partners

These processors may store or process your data in multiple jurisdictions but must always comply with Dreamoura’s contractual, technical, and organizational safeguards.

8.5 Your Rights Regarding International Transfers

If applicable under local law, you may request:

Information about the countries where your data is transferred
A copy of the transfer safeguards (e.g., SCCs)
Clarification about the legal basis for such transfers

Dreamoura will provide this information except where disclosure would violate legal obligations or compromise security.

8.6 Ongoing Evaluation

Dreamoura periodically evaluates all international transfer arrangements to ensure:

Compliance with evolving regulations
Adequacy of protection for personal data
Continuous safeguarding of user rights

9: Your Rights (Extended Version for India & GCC Compliance)

Dreamoura is committed to protecting your privacy and empowering you with meaningful control over your personal data. While the data protection laws of India, the UAE, Qatar, Saudi Arabia, and other GCC jurisdictions vary, Dreamoura applies a unified, high-standard privacy rights framework to all users.

These rights may be exercised regardless of your physical location at the time of the request, subject to identity verification and lawful limitations.

9.1 Right to Access

You have the right to obtain confirmation of whether Dreamoura processes your personal data and, where applicable, to request a detailed summary of:

The specific purposes for which the data is being processed
The categories of personal data collected about you
The sources from which data was obtained
The third parties or categories of third parties with whom your data has been shared
The expected retention period or criteria used to determine it
The rights available to you under this Privacy Policy

This information will be provided unless disclosure:

Conflicts with applicable law
Compromises the privacy or rights of another individual
Interferes with legitimate fraud prevention or security operations

9.2 Right to Rectification (Correction)

You may request correction of inaccurate, incomplete, or outdated personal data. Examples include:

Updating your email or phone number
Correcting an incorrect passport or ID number
Updating the spelling of your name
Modifying outdated address details

You may update information directly in your Dreamoura account where available. For corrections that cannot be made manually, Dreamoura’s support team will assist you after verification.

9.3 Right to Deletion (Right to Be Forgotten)

You may request deletion of your personal data under circumstances such as:

The data is no longer necessary for the purpose for which it was collected
You withdraw your consent (where consent was the legal basis)
You successfully object to processing based on legitimate interest
The data has been unlawfully processed

However, Dreamoura may lawfully retain certain data even after a deletion request when necessary for:

Compliance with statutory obligations (taxation, accounting, AML requirements)
Fraud detection and prevention
Establishment, exercise, or defense of legal claims
Transaction verification and audit requirements

Where full deletion is not possible, Dreamoura will ensure that the data is anonymized or restricted.

9.4 Right to Restrict Processing

You may request that Dreamoura temporarily pause processing of your personal data if:

You dispute the accuracy of the data
Processing is unlawful and you prefer restriction over deletion
Dreamoura no longer requires the data for operational purposes but you need it for legal claims
You have objected to processing, and your request is under review

During the restriction period, Dreamoura will store your data securely but will not process it for any purpose other than:

With your explicit consent
For legal claims
For protecting rights of another individual
For reasons of substantial public interest (where applicable)

9.5 Right to Object

a. Objecting to Processing Based on Legitimate Interests

You may object to processing activities such as:

Behavioral analytics
Personalization
Service optimization
Fraud risk scoring

If your objection is valid, Dreamoura will stop processing your data for those purposes unless compelling legitimate grounds override your request.

b. Objecting to Direct Marketing (Absolute Right)

You have an unconditional right to object to the processing of your data for direct marketing, including:

Promotional emails
Personalized offers
Advertising based on browsing behavior

Upon objection:

All marketing communications will cease
Your preference will be stored to prevent future messaging

This right cannot be overridden under any circumstance.

9.6 Right to Data Portability

You may request that Dreamoura provide your personal data in a structured, commonly used, machine-readable format such as JSON, CSV, or XML.

You may also request that Dreamoura transmit your data directly to another service provider, where:

The transfer is technically feasible, and
The data was processed using consent or contractual necessity

This right applies to data you have provided directly, not to derived analytics or internal assessments.

9.7 Right to Withdraw Consent

Where Dreamoura relies on your consent—for example, for:

Marketing communications
Certain cookie categories
Identity verification processes

—you may withdraw your consent at any time.

Withdrawal:

Does not affect the lawfulness of prior processing
May limit your access to certain personalized features
Will be honored without undue delay

9.8 Right to Lodge a Complaint

If you believe Dreamoura has mishandled your personal data, you may:

a. Contact the Dreamoura Privacy Office

privacy@dreamoura.com

b. Escalate to a regulatory authority

Depending on your location, this may include:

India Data Protection Authority (when fully operational)
UAE Data Office
Qatar’s Personal Data Privacy Protection Authority
Saudi Arabia SDAIA

Dreamoura will always attempt to resolve concerns internally before escalation becomes necessary.

10: Children’s Privacy

Dreamoura is designed for use by adults and does not knowingly collect personal data from children under 18 years of age.

We take the safety and privacy of minors seriously and apply strict safeguards when handling any information relating to children.

10.1 Booking for Minors

Adults may enter personal data of minors solely for the purpose of completing a Trip Reservation. In doing so, the adult confirms that:

They are legally authorized to provide the minor’s information
The information submitted is accurate and limited to what is necessary
They acknowledge responsibility for the minor’s data

Dreamoura processes this data exclusively to facilitate:

Airline and hotel reservations
Transfer bookings
Visa checks (where applicable)
Age-based pricing or ticket eligibility

10.2 Improper Submission of Children’s Data

If Dreamoura discovers or is informed that a minor’s personal data has been submitted without proper parental or guardian authorization:

Access to the associated account may be limited
The data may be deleted or anonymized
Attempts may be made to notify the responsible adult

This process is necessary to ensure compliance with child protection expectations across India & GCC.

10.3 Parental Rights

Parents or legal guardians may request to:

Review personal data submitted about their child
Correct inaccurate or outdated information
Request deletion of the child’s data

To protect privacy, Dreamoura may require identity verification or proof of guardianship before acting on such requests.

11: Updates to This Privacy Policy

Dreamoura may revise and update this Privacy Policy periodically to reflect:

Evolving legal frameworks in India and GCC
Changes in data protection standards
Introduction of new travel modules or functionalities
Enhancements to security, fraud prevention, or analytics systems

Privacy Policy

1 Introduction

1.1 About Dreamoura

1.2 Purpose of This Privacy Policy

1.3 Scope of Applicability (India & GCC Only)

1.4 Policy Updates & Amendments

a. Dreamoura may update or amend this Privacy Policy periodically to reflect:

b. When such updates are made:

2. Key Definitions

2.1 Terms Used in This Privacy Policy

a. Personal Data

b. Processing

c. Data Controller

d. Third-Party Processors

e. Platform

f. Strategic Partner

g. Traveler

h. Trip

i. Trip Provider

j. Trip Service

k. Trip Reservation

3. Personal Data We Collect and Process

3.1 Personal Data You Voluntarily Provide to Us

a. Information Required to Make a Trip Reservation

b. Customer Interaction and Feedback

c. Account Management and Verification

d. Location and Device Permissions

3.2 Personal Data You Provide About Other Individuals

Your Responsibility

3.3 Personal Data We Collect Automatically

a. Technical Identifiers

b. Device & Software Information

c. App Usage Data

d. Referral & Activity Tracking

3.4 Personal Data and Information We Receive from Other Sources

a. Trip Providers

b. Strategic Partners

c. Payment Service Providers

d. Redirect and Affiliate Partners

e. Communication Services

f. Marketing & Analytics Partners

g. Identity Verification Services

4. How We Use Your Personal Data

4.1 Purposes for Collecting and Processing Your Personal Data

a. Trip Reservations

b. Customer Service

c. User Accounts

d. Marketing Activities

e. Communicating with You

f. Market Research

g. Improving Our Services and Platform

h. Displaying Relevant Pricing

i. Customer Reviews and Destination Information

j. Call Monitoring

k. Promotion of a Safe and Trustworthy Service & Fraud Prevention

l. Legal Purposes

4.2 Legal Bases for Processing Personal Data

a. Contractual Necessity

b. Legitimate Interests

c. Legal Obligations

d. Consent (Where Required)

4.3 How We Share Personal Data Within Dreamoura

Legal basis: For most internal sharing, we rely on legitimate interests (efficient operation and security of the Platform). For compliance-related sharing, we rely on legal obligations, and when required, we obtain your consent.

4.4 How We Share Personal Data with Third Parties

a. Trip Providers

b. Strategic Partners

c. Connectivity Providers

d. Third-Party Service Providers

e. Payment Service Providers and Financial Institutions

f. Marketing & Advertising Partners

g. Verification Providers

4.5 Ground Transportation (Transfer Module)

a. Additional Data You Provide

b. Data From Ground Transport Providers

c. Data We Share With Ground Transport Providers

5. Your Rights and Data Subject Controls

5.1 Overview of Your Rights

a. Right to Access

b. Right to Rectification (Correction)

c. Right to Erasure (Right to be Forgotten)

Legal basis:
For most internal sharing, we rely on legitimate interests (efficient operation and security of the Platform).
For compliance-related sharing, we rely on legal obligations, and when required, we obtain your consent.