YAP Privacy Policy
Thank you for visiting our website (and/or facilities, referred to herein below). Your privacy, Personal Data, together with the protection hereof are of paramount importance to us.
1. Important Information:
- This Privacy Policy, as amended or otherwise changed from time to time, explains the manner in which YAP Holding Limited (including any subsidiaries and/or any affiliated entities: hereinafter collectively referred to as “YAP”, “we”, “us”, “our” or “YAP entity”) collects, uses, maintains, stores, transfers and discloses User information obtained through the YAP websites, mobile application and platforms or portals (all collectively termed “YAP Facilities”, “Facilities”, or “Services” for purposes of this Privacy Policy).
This Privacy Policy should be read and interpreted together with the Terms and Conditions of YAP Facilities. - We respect your privacy and aim to promote trust and confidence on the internet. As such, we feel it is necessary to disclose to you what data our Facilities collect and track, and further, what we do with the data that we collect or receive.
- Terms which are not defined in this Privacy Policy shall have the meanings ascribed to them in the Terms and Conditions of YAP Facilities.
- User Consent: refers to when you the visitor (hereinafter referred to as “User”, “you”, “your”) access and use any facility or content we own or operate in reference to the YAP Facilities, which is owned, operated, maintained or mandated under service by YAP, you as the User consent to the data practices prescribed in this Privacy Policy. This is further supported in your application for the creation of a User account, if applicable.
- Data Subject: means any person whose confidential and personally identifiable User data is being collected, processed, used, maintained, stored, transferred, disclosed, erased, or destroyed. For ease of understanding: You, as the User of the Facilities are the Data Subject.
- Data Processor: means any person (other than an employee of the data controller) who processes Personal Data of a Data Subject, on behalf of the Data Controller. Again, we reiterate that YAP may process your Personal Data (defined below) directly, or through authorized agents, vendors third parties and service providers of YAP, who may be chosen by us for the purposes of furthering the individual and entities’ business of YAP.
- Data Controller: means a person who (either alone or jointly with other persons) determines the purposes for and the manner in which any Personal Data is to be processed. YAP is the data controller of your Personal Data as well as the Data Processor. Data protection is important to us and we adhere to all applicable data protection laws and regulations globally, which includes, but is not limited to: the United Kingdom Privacy and Electronic Communications Regulations, the United Kingdom Data Protection Act 2018, as amended, the Data Protection Law No. 5 of 2020, Data Protection Regulations and privacy requirements of the Dubai International Financial Center (“DIFC”) and where applicable to individuals in the European Union, the United Kingdom and the member states of the European Free Trade Association (“EFTA”), the General Data Protection Regulation (“GDPR” which had commenced on 25 May 2018) for the purposes mentioned in this policy and only as applicable.
We may also process your Personal Data and you consent to the processing thereof, to satisfy all legal obligations, if it is necessary to carry out any obligations arising from any contracts entered into with you or to carry out any services to you, by any YAP entity, or to take steps at your request prior to entering into a contract with you, or for our legitimate interests to protect our property, rights or safety of either YAP entity, it’s Users, customers, clients, other persons or other entities. - Our European representative: Pursuant to Article 4 (7) of GDPR, the controller of your data whom we have appointed as the Data Protection Officer can be reached at dpo@yap.com
- We have also appointed a Data Protection Officer (“DPO”), together acting as a designated Data Protection Controller, who shall be responsible for overseeing data-related matters to address any questions in relation to this Privacy Policy. If you have any questions about the Privacy Policy, including requests to exercise your rights related to data, please contact us: dpo@yap.com
- If you are based in Europe or the EEA region, be advised that you have the right to make a complaint at any time to a supervisory or regulatory authority, in particular within the Member State in the European Union or EEA where you are habitually resident, where we are based, or where an alleged infringement of the Data Protection law has taken place, however, we would appreciate the opportunity to address your concerns before you approach any such Authority (as appropriate), and so, please contact us in the first instance so that we may try to resolve your complaint amicably.
- If you are based in the United Kingdom, be advised that you have the right to make a complaint at any time to a supervisory or regulatory authority, within the United Kingdom where you are habitually resident, where we are based, or where an alleged infringement of the Data Protection law has taken place. You can access the portal here: https://ico.org.uk/for-organisations/report-a-breach/, however, we would appreciate the opportunity to address your concerns before you approach any such Authority (as appropriate), and so, please contact us in the first instance so that we may try to resolve your complaint amicably.
- Since your Personal Data may also be processed from within the DIFC, be advised that you have the right to make a complaint at any time to the Commissioner of Data Protection at DIFC, in respect of an alleged infringement of the Data Protection law and/or your rights as a Data Subject under the Data Protection Law, however, we would appreciate the opportunity to address your concerns before you approach any such Authority (as appropriate), and so, please contact us in the first instance so that we may try to resolve your complaint amicably.
- If you are based elsewhere globally, you have the right to make a complaint at any time to an appropriate regulatory or supervisory authority within the appropriate locality, as per the law of the region. In respect of any complaints, however, we would appreciate the opportunity to address your concerns before you approach any such Authority (as appropriate), and so, please contact us in the first instance so that we may try to resolve your complaint amicably.
- Changes to this Privacy Policy: From time to time, YAP may revise, amend or supplement this Privacy Policy to reflect necessary changes, i.e. changes in law, our Personal Data collection and usage practices, the features of YAP Facilities, or certain advances in technology. If any material changes are made to this Privacy Policy, the changes will be prominently posted on the relevant YAP Facilities. YAP, however, requires that you (the User) occasionally familiarize yourself with the contents of this Privacy Agreement, for your own information. Changes to this Privacy Policy shall be communicated to you through a plain language summary 60 (sixty) days prior to their enforcement. If you disagree with any of the changes thereof, we suggest that you stop using the Facilities immediately.
- Please be advised that this Privacy Policy does not convey any information that we may receive about you through channels external to YAP’s Facilities, communication and data infrastructures, networks and/or systems.
- Please be advised that, Users data collected and processed through the DIFC, Europe and/or EEA, is done so in accordance with the relevant data minimization and purpose limitation principles, among others of the applicable laws and regulations.
- Please further be advised that, User data processed through the DIFC, Europe and/or EEA, is done so fairly, lawfully, securely, accurately, transparently, with the data being retained for no longer than is necessary and being processed only in accordance with your rights.
2. Information that YAP Collects:
- YAP collects Personal Data and Anonymous Data of Data Subjects; and only in a manner as described below.
- Personal Data means data that allows someone to identify or contact you, including, for example: your name, address, telephone number, e-mail address, as well as any other non-public information about you that is associated with or linked to any of the foregoing data.
- Anonymous Data means data that is not associated with or linked to your Personal Data. Anonymous Data (i.e. encrypted data) does not, by itself, permit the identification of individual persons.
- Please note that: You will, generally, not be required to pay a fee to access your Personal Data (or to exercise any of the other rights), however, that we may charge a reasonable fee (determined at our sole discretion and which is payable by you, the User and/or Data Subject) if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request under the aforementioned circumstances.
- Information which may be further required from you: We may need to request specific information from you to help us to confirm and verify your identity, so as to ensure that your rights to access your Personal Data or to exercise any of your other rights, as determined by contract, the law or otherwise. This is a security measure to ensure that Personal Data is not disclosed to any authorised person, who has no right to receive it. We may also contact you to ask you for further information in relation to your request, in order to speed up our response to any request received from you, when you exercise your rights.
- Information about criminal convictions or activities: When you register for or otherwise use our Services or acilities, we may receive information about your criminal convictions, when we perform certain necessary verification or compliance checks. We carry out these checks in order to detect and/or prevent any unlawful or fraudulent acts, as well as to comply with our legal obligations. Also, in the event of a violation of our Terms and Conditions in the use of our Facilities, or a violation of any restrictions on use of materials and information provided in or through our Facilities, we may disclose personal user information to our affected members and business partners, affected service agents, other affected third parties or legal authorities.
- If you fail, neglect and/or refuse to provide us with your Personal Data: Where we need to collect Personal Data by law, or under YAP’s Terms and Conditions, in contracting with you and if you fail to provide that data when requested, we may not be able to perform the services. In this case, YAP shall have the right to discontinue the User Services and/or may close your User account, however, we will notify you if this is the case at the time.
- Be advised that in usage of our Facilities, you consent to the following:
- We may collect Personal Data from you, such as your first and last name, e-mail and mailing addresses, date of birth, government issued identification, (including but not limited to address, employment, etc.
- We may also collect other Personal Data supplied by third-party entities (including Governmental authorised or mandated entities) and service providers / agents in the outsourcing of services, including, but not limited to third party identity verification services.
- If you tell us where you are (i.e. by allowing any of your devices, mobile device or computer to send us your geo-location), we may store that information.
- Certain services, such as two-factor authentication may require collection, use, processing, transfer and storage of your phone number and possibly other data. We may associate that phone number to your mobile device identification information.
- If you provide us feedback or contact us, we will collect your name and e-mail address, as well as any other content included in form in which it was received (i.e. the details and content of an email), in order to send you a reply or in to contact you.
- We also collect other types of Personal Data that you voluntarily provide to us when contacting us – i.e. in seeking support services via email, or calling us via the contact center, support chat room, or other information provided to support services staff.
- We may collect other data, including but not limited to referral Uniform Resource Locators (URLs), your location and analytics information related to the usage of our Facilities.
- Some information is collected automatically by our Facilities, including, but not limited to our websites, application, platform, networks and servers:
- Our servers (which may be hosted by a third-party service provider) collect information from you automatically, including your browser type, Internet service provider (ISP), referring/exit pages, operating system, Internet Protocol (IP) address, domain name, and/or a date and time stamp for your visit to our Facilities, as well as clickstream data.
- We use Cookies to collect information. Cookies are selected pieces of information that a website or platform (included as our Facilities) sends to your device or computer’s hard drive, while you are viewing or using our Facilities.
- We retain information on your behalf, including customer data, transactional data and other session data, linked to your User account.
3. Your legal rights (User rights) and information that YAP collects:
- Under the European Union General Data Protection Regulation (GDPR) number 2016/679, read together with the provisions of the United Kingdom Privacy and Electronic Communications Regulations, the United Kingdom Data Protection Act 2018, as amended, each Data Subject and you, the User (in so far as these laws have application) has eight (8) rights. These include:
- Right to be informed: This means that anyone processing your Personal Data must make clear what they are processing, why, and who else the data may be passed/transferred to or shared with. You have the right to know who, why and how your Personal Data is processed or shared.
- Right of access: this is your right to see what data is held about you by a Data Controller. You have the right to see what kind of data is held by us.
- Right to rectification: this is your right to have your data corrected or amended if what is held is incorrect / inaccurate in some way. You have the right to correct, amend and rectify any incorrect or inaccurate data held by us.
- Right to erasure: this is your right, under certain circumstances, whereby you can ask for your Personal Data to be deleted. This is also referred to ‘the Right to be Forgotten’. This would apply if the Personal Data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been expressly withdrawn, or where Personal Data has been unlawfully processed. Your right to ask for your Personal Data to be deleted (only under certain circumstances, especially if that data is no longer required by us for the purposes it was collected for processing the data you had expressly withdrawn or if we have unlawfully processed your Personal Data.
- Right to restrict processing: this is your right to ask for a temporary halt or pause in processing of Personal Data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected. You right to request temporary halt or pause in processing of Personal Data, such as in the case where a dispute or legal case has to be concluded or the data has to be corrected.
- Right to data portability: this is your right to ask for any of your Personal Data supplied directly to the Data Controller to be provided to you in a structured, commonly used, and machine-readable or electronic format. Your right to request any of your Personal Data collected by us, in a structured, commonly used and machine-readable or electronic format.
- 3.1.7.Right to object: this is your right to object to the further processing of your data which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation and direct marketing. Your right to object to further processing of your Personal Data which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation and direct marketing.
- Rights in relation to automated decision making and profiling: Your right not to be subject to a decision based solely on automated processing.
- Under the Office of the Commissioner of Data Protection of the DIFC, responsible for administering the DIFC Data Protection Law, each Data Subject (in so far as these laws have application) broadly has the following rights:
- Right to be informed: This means that any DIFC registered company processing your Personal Data must make clear what they are processing, why, and who else the data may be passed/transferred to or shared with. You have the right to know who, why and how your Personal Data is processed or shared.
- Right to withdraw consent: If you wish for a DIFC registered company to stop processing your Personal Data, it is your right to withdraw consent, preventing the DIFC registered company from further processing the same Personal Data.
- Right to rectification: If you have provided your Personal Data to a DIFC registered company you have the right to request that the company corrects, rectifies or erases your personal information at any time.
- Right of access: this is your right to see what data is held about you by a DIFC registered company. You have the right to see what kind of data is held by us.
- Right to erasure: this is your right, under certain circumstances, whereby you can ask for your Personal Data to be deleted. This is also referred to ‘the Right to be Forgotten’. This would apply if the Personal Data is no longer required for the purposes it was collected for, or your consent for the processing of that data has been expressly withdrawn, or where Personal Data has been unlawfully processed. Your right to ask for your Personal Data to be deleted, only under certain circumstances, especially if that data is no longer required by us for the purposes it was collected for processing the data you had expressly withdrawn or if the DIFC registered company has unlawfully processed your Personal Data.
- Right to object to processing: this is your right to object to the further processing of your data which is inconsistent with the primary purpose for which it was collected, which includes profiling, automation and direct marketing.
- Right to restrict processing: this is your right to ask for a temporary halt or pause in processing of Personal Data, such as in the case where a dispute or legal case has to be concluded, or the data is being corrected. You right to request temporary halt or pause in processing of Personal Data, such as in the case where a dispute or legal case has to be concluded or the data has to be corrected.
- Right to data portability: this is your right to ask for any of your Personal Data supplied directly to the Data Controller to be provided to you in a structured, commonly used, and machine-readable or electronic format. Your right to request any of your Personal Data collected by us, in a structured, commonly used and machine-readable or electronic format.
- Rights in relation to automated decision making and profiling: Your right not to be subject to a decision based solely on automated processing.
- Right not to be discriminated against: This right refers to your right not to be discriminated against by Us. This right ensures that your Personal Data will not influence or affect Us and you are not denied any of our Services, charged a different rate for the Services, provided with a different quality of Service simply because of your Personal Data.
If you wish to exercise any of the rights set out above or any other laws concerning Personal Data (in so far as same is applicable), please contact us at dpo@yap.com
- Automated decisions: You may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
- Time limit to respond to User requests in exercising the aforementioned rights: We aim respond to all legitimate requests without undue delay and within one (1) month calendar of receipt of any request from you. Occasionally it may take us longer than one (1) month if your request is particularly complex, or if you have made duplicated or numerous requests, but it shall in no scenario take us more than three (3) calendar months to respond to your legitimate data access requests. In this case, we will notify you of receipt of such request(s) and keep you updated as to the status of progress concerning such request(s).
- Children’s Privacy: If you’re under the age required to manage your own User account, you must have your parent or legal guardian’s permission to use a User account. Please have your parent or legal guardian read this Privacy Policy, together with the Terms and Conditions with you.
- If you’re a parent or legal guardian, and you allow your child to use the YAP services or access the YAP Facilities, then this Privacy Policy, together with the Terms and Conditions applies to you and you’re responsible for your child’s activity on the Facilities and/or Services.
- Be advised: Some of YAP’s Facilities and services will have additional age requirements and will not be available to minors. This will be specified in respect of each such service or Facility in YAP’s procedure of obtaining the required consent and permissions from Users. YAP does not and will not knowingly solicit or collect information from anyone whom is not of legal age. Should we retrospectively become aware that a minor has provided us with personal information where such Services and / or Facilities are unavailable to minors, we will erase such information it immediately and close the related User account.
4. YAP’s Use of the information it collects:
- We will only use your Personal Data when and how the applicable laws allow us to. Most commonly, we will use your Personal Data in the following circumstances:
- Where we need to perform the services applicable under this Privacy Policy and Terms and Conditions;
- Where it is necessary for our legitimate interests but where such interests do not override your fundamental rights; and/or
- Where we need to comply with a legal or regulatory obligation.
- Marketing: We provide you with choices regarding the Personal Data that YAP uses, particularly concerning marketing and advertising. We have established the following Personal Data control mechanisms:
- Promotional offers from YAP: We may use your Personal Data to determine what may be of interest to you. This is how we decide which products, services, and offers may be relevant and of interest to you. By using our Facilities, using our services, registering a User account, in contacting us, in requesting information from us, you expressly opt-in to receive marketing communications from YAP.
- Right to be informed and to object: Please note, prior to disclosing such Personal Data to third parties for the purposes of marketing and advertising, we shall inform you and offer you the right to object to such disclosures.
- You can ask us to stop sending you marketing related material and/or communications at any time by following the opt-out links on any marketing message sent to you or by contacting us, at help@yap.com or by calling on 600551214.
- YAP may be compelled to surrender User information to legal authorities without express User consent, if presented with a Court Order or similar legal or administrative Order, or as required or permitted by the laws, rules, and regulations of any nation, state, or other applicable jurisdiction.
- Please be advised that we may process your Personal Data without your knowledge or consent where this is required or permitted by law. In general, the Personal Data which you submit to us is used either to respond to requests that you make, or to aid our service to you, the User.
- Please be advised that we may store and process your Personal Data for a period as required for you to be able to avail our Services, and for a reasonable period of time thereafter.
- We use your Personal Data in the following ways:
- To facilitate the creation of and to secure your User account on YAP Facilities and integrated facilities (where applicable).
- To prudently identify you and perform the necessary identity verification through our own efforts or through our partners or service providers.
- To provide improved administration of our Facilities.
- To improve the quality of your User experience when you interact with YAP Facilities.
- To send you a one-time password (OTP) to verify ownership of the e-mail address or the mobile number provided when your User account is created.
- To send you administrative notifications or other communications: i.e. User activity, security, support and maintenance or other advisory services, sent via In-App, Mobile SMS and/or Email.
- To identify, prevent, and report potentially suspicious, fraudulent, or illegal activities.
- To notify you about important changes or updates to YAP Facilities, and
- To respond to your inquiries or other requests received.
- All data collected automatically will be used to administer or improve our services, including the following:
- All automated data collected is used for administration purposes, as well as to improve services and user experience.
- We use IP address information to make our Facilities and Services more useful to you, and to perform identity verification.
- We use information from log files to analyse trends; operate, administer and maintain the Facilities; track Users’ movements and activity around and within the Facilities, gather demographic information about our User base as a whole, and better tailor our Services to our Users’ needs. Except as noted in this Privacy Policy, we do not link this automatically collected data to Personal Data.
- We use your Emirates ID Information provided and the data available on your Emirates Chip to verify your identity in your submitted form of identification during the onboarding and User registration or User account creation process. This technology collects information from your biometric data, and it shares this information with us. We use that information to verify your identity. We will store your biometric data for as long as is necessary to perform the services, and as long as the User account exists and will comply with applicable law relating hereto. By using the YAP Facilities and/or services you agree that YAP may collect your biometric data to perform identity verification.
- We may use both session / transient Cookies (which expire once you close your device web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on and in using our Facilities. This type of information is collected to make our Facilities more useful to you and to tailor the experience with us to meet your special interests and needs. Please further refer to our Cookies Policy.
- Data Retention: YAP adheres to all applicable legislative provisions and Data Protection laws of each jurisdiction it operates in; hence YAP shall retain and store a written Record of Processing Activities (“ROPA”) of how it processes all User specific data as recommended by the regulations. Such a ROPA shall include the purpose of our processing, what data types we process, the different parties who are recipients of such Personal Data, time limits of retention of Personal Data and a description of our security measures. Should any further information be required, please contact us at dpo@yap.com.
- Data protection impact assessment: In adhering to all applicable legislative provisions and data protection laws of each jurisdiction it operates in, YAP may carry out an assessment of the impact of the proposed processing operations on the protection of User Personal Data, considering the risks to your rights (“DPIA”). In accounting for the protection of commercial interests we shall seek a User’s input on the intended processing, if and where applicable. The outcome of such DPIA’s may result in the alteration and update of this Privacy Policy, at which point, we shall notify you. Should any further information be required, please contact us at dpo@yap.com.
5. How YAP shares Users’ personal information:
- We disclose your Personal Data, as described in this Privacy Policy.
- It may be necessary to disclose your information to law enforcement agencies, regulators, government/public officials, or other relevant third parties to comply with any law, subpoenas, court orders, government requests, to defend against legal claims, investigate or bring legal action against illegal or suspected illegal activities, to enforce our Terms and Conditions, or to protect the rights, safety, and security of YAP, our Users, other persons or the public.
- We may share your Personal Data with third parties and/or service providers, in so far as it may be necessary and in order to provide you with the services that we offer you through our Facilities and to conduct quality assurance testing; to facilitate the creation of User accounts; to provide technical support, operational support and maintenance services; to verify your identity; and/or to provide other services to YAP and any Facilities of YAP. These third-party service providers are required not to use your Personal Data for any purpose, other than to provide the services mandated by us.
- We may use social plugins, widgets and other features (“social networks” or “social features”) that are made available by and/or accessed through third party social networks. These social features allow these social networks to place Cookies on your browser and to collect certain information, which may be associated with your name, personal details and personal social network account. These social features are operated solely by the respective social networks, and their service providers, and we recommend that you carefully read their privacy policies before you decide to use them. We have no control over or access to the information collected, stored or used by such social networks, and the information practices of such social networks are not covered by this Privacy Policy. If you do not wish to associate any information collected via the plugins, widgets and/or other features with your personal social network account information, you should refrain from using these social features and logout from your social network account before any visit to or use of our facilities, or using our services.
- We may share some or all of your Personal Data with third parties (i.e. if YAP is acquired by a new owner) in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset forming part of YAP’s good will. If another company acquires YAP, its business or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations held by YAP regarding your Personal Data, as described in this Privacy Policy.
- YAP’s facilities or communications may contain links to other third-party websites which are not owned or operated by YAP and too, which are regulated by their own privacy policies. If you click on a third-party link, you will be directed to that third party’s site. YAP strongly advises you to review the privacy policy of every site you visit. YAP is not responsible for the privacy policies of these third-party websites, regardless as to whether they were accessed using the links from our facilities. YAP has no control over and assumes no liability for the content, privacy policies or practices of any third-party sites or services.
- YAP specifically herein mandates that you, as the User (as per this Privacy Policy) to visit, familiarize, understand the below entity policies, being partners of YAP in providing services under the facilities to you, however – even if not done as mandated herein, you as the User accepts that through the application for the creation of a User account, the terms of their individual privacy policies, cookies policies, as well as terms and conditions, as third-party service providers to YAP (albeit, not to be construed as a closed list) and too which should include all third party vendors:
- IBAN: https://www.iban.com/privacy & https://www.iban.com/terms
- RAK Bank: https://rakbank.ae/wps/portal/footer/terms-and-conditions & https://rakbank.ae/wps/portal/footer/privacy-policy & https://rakbank.ae/wps/portal/footer/cookie-policy
- Financial Software and Systems (FSS): https://www.fsstech.com/terms-of-use & https://www.fsstech.com/privacy-statement/ & https://www.fsstech.com/themes/fss/pdf/fss-csr-policy.pdf
- Be advised: Other than as stated in this Privacy Policy, YAP does not disclose any of your personal information to any third parties, unless required to do so by law enforcement, court order, or in compliance with legal reporting obligations.
6. Extraterritorial data storage and data transfers:
- User Personal Data is stored and transferred in compliance with the applicable legislation or regulations of every applicable jurisdiction.
- We store and process your Personal Data in data centers located within the country in which YAP operates, or where we have our premises, or wherefrom we provide services or where YAP’s service providers are located, and we comply with the data protection regulations of these jurisdictions insofar as they apply to YAP.
- We may share your Personal Data within the YAP group of associated companies which are based in various locations globally.
- If you are based in the United Kingdom, Europe or the European Economic Area (EEA), this will involve storing and transferring your data outside the with adherence to relevant legal requirements – where applicable.
- Subject to the Regulations of DIFC, this may involve storing and transferring your data outside of the DIFC, with adherence to relevant legal requirements – where applicable.
- If you are based in the United Arab Emirates (“UAE”), this may involve storing and transferring your data outside of the United Arab Emirates, with adherence to relevant legal requirements – where applicable.
- If you are based anywhere else globally, this may involve storing and transferring your data globally, with adherence to relevant legal requirements, wherever and however applicable.
- In addition, hereto, many of our external third parties are also based outside of the aforementioned geographical regions and globally, so, their processing of your Personal Data will involve the transfer and storage of data outside the aforementioned territories. We reiterate that you, as the User, accepts that through the application for the creation of a User account, the terms of their individual privacy policies, cookies policies, as well as terms and conditions, as third-party service providers to YAP. Further we will take your express consent before sharing your Personal Data with any Data Processor located outside the DIFC.
- Some of the countries to which your Personal Data may be transferred do not benefit from an appropriate protection regulation. For such international countries, we shall have specific data-protection clauses in our agreements and arrangements with them, which adhere to those as adopted by the Commissioner of Data Protection at DIFC or other appropriate regulators.
- Whenever we transfer your Personal Data outside of the DIFC, the UAE or any other territory, we will ensure that a suitable degree of protection is afforded to it by ensuring that at least one (1) of the below listed safeguards is implemented:
- We will only transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data.
- In respect of GDPR compliance (if applicable): we may use specific contracts approved by the European Commission which give Personal Data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- In respect of GDPR compliance (if applicable): In respect of transfers to entities in the United States of America (US), we may transfer Personal Data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
- In respect of the DIFC Data Protection Law and Regulations relating to the transfer of Personal Data, transfers will be conducted in accordance with the applicable provisions of such Law and Regulations.
- Please contact us at dpo@yap.com if you want further information on the specific mechanism used by us when transferring your Personal Data.
7. How to update your information:
- Whenever possible, you can update your Personal Data directly within your User account settings section, subject to verification by YAP. If you are unable to change your Personal Data, please contact us to make the required changes.
- If you wish for YAP to update your information, please contact us in making such a request.
- We will retain your information for as long as may be needed to provide you access to your User account and or Services of YAP, or for a reasonable period after you close your User account with YAP.
- If you wish to close your User account, you can do so from your User account setting session or you can contact us. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our Terms and Conditions.
8. YAP’s use of Cookies and Persistent Local Data:
- Data collected automatically includes, but is not limited to Cookies, webpage counters and other analytics tools.
- Cookies are small data files that are collected automatically and stored on your device / computer’s hard drive.
- YAP collects web browser Information in order to enhance your User experience on our Facilities, as well as to track how the Facilities and Services are being used.
- We further use Cookies to identify and prevent fraudulent or illegal activity. The information collected by us can include, but is not limited to: your IP address, referral URLs, the type of device you use, your operating system, the type of browser you use, your geographic location, and other session data.
- Cookies are not permanent and will expire after a short time period of inactivity. Data collected via technical means, such as Cookies, webpage counters and other analytics tools, are normally kept for a period of up to one (1) year from expiry of the Cookie.
- You may opt to deactivate your Cookies, but it is important to note that you may not be able to access or use some features of our Facilities, should you do so, as such Cookies may enable certain functions thereon.
- Please note that YAP is not responsible and will not be held liable for any loss resulting from your decision or inability to use Cookies.
- Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third-parties. At this time, we do not respond to DNT signals.
- For more information about the Cookies we use, please see our Cookie Policy.
9. Security precautions exercised by YAP for protection of your data:
- We take the protection of your personal information seriously and in so doing, we use industry-standard data encryption technology and have implemented restrictions related to the storage of and the ability to access your personal information.
- All your personal information and sensitive data is stored in servers located within the country.
- YAP’s facilities are scanned on a regular basis for security holes and known vulnerabilities, in order to best ensure its security.
- Your Personal Data is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the information confidential.
- Please note that no transmission over the Internet or any method of electronic storage can be guaranteed to be absolutely 100% secure, however, our best endeavours will be made to secure data and the ability to access your personal information.
- Without prejudice to our efforts on protection of your Personal Data, nothing contained in this Privacy Policy constitutes a warranty of security of the facilities, and you agree to transmit data at your own risk. Please note, that YAP and the facilities do not guarantee that your data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
- We would like to draw your attention on the fact that YAP will never send you email or SMS or call you to ask for financial or payment information, such as your credit card number, passcode, User account number or pin number, in an e-mail, text or any other communication that we send to you. Please, always check that any website on which you are asked for financial or payment information in relation to our reservations or services is in fact legitimately owned or operated by YAP. The risk of impersonating hackers exists and should be taken into account when using our Facilities and/or Services.
- If you do receive any suspicious communication of any kind or request, do not provide your information and report it us by contacting our offices immediately. Please also immediately notify us if you become aware of any unauthorised access to or use of your User account.
- Since we cannot guarantee against any loss, misuse, unauthorised acquisition, or alteration of your data, please accept that you play a vital role in protecting your own Personal Data, including the adoption of sufficient safety measures such as your choosing of an appropriate password of sufficient length and complexity and to not reveal this password to any third-parties.
- Furthermore, we cannot ensure or warrant the security or confidentiality of information you transmit to us, or receive from us by Internet or wireless connection, including: email, phone, or SMS, since we have no way of protecting that information once it leaves and until it reaches us. You can contact us if you have reason to believe that your data is no longer secure.
- Lastly, please note that should the security of your Personal Data be breached and the security of your rights be at high risk, we shall promptly and immediately communicate to you the nature of the breach which has taken place, the likely consequences of such a breach and shall describe thoroughly the measures we have implemented to address the breach and to mitigate any and all adverse effects to you and your rights. In the unlikely event of a breach occurring, please reach out to our DPO at dpo@yap.com for further information and for further advise on how to mitigate the potential adverse effects of such a breach.
10. Contacting Us
If you have any questions about our Privacy Policy as outlined above, or if you have any complaints, please contact us at help@yap.com or by calling on 600551214.
YAP Cookies Policy
This Cookies Policy, as amended or otherwise changed from time to time, explains the manner in which YAP Holding Limited (including any subsidiaries and/or any affiliated entities: hereinafter collectively referred to as “YAP”, “we”, “us”, “our” or “YAP entity”) uses Cookies (explained below). This Cookies Policy also explains what Cookies are, what information we collect using Cookies and how we use Cookies in respect of the YAP websites, mobile application and platforms or portals (all collectively termed “YAP Facilities”, “Facilities”, or “Services” for purposes of this Cookies Policy).
For further information on how we use, store and keep your personal data secure and what your rights as a data subject are, please see our Privacy Policy.
If you have any questions about this Cookie Policy, please contact:
- Phone: 600551214
- Email: help@yap.com
1. What is a Cookie
- A “Cookie” is a small piece of encrypted text saved on the browser or hard drive in your computer or mobile device when you visit a website. Cookies are selected pieces of information that a websites or platform (included as our facilities) sends to your device or computer’s hard drive, while you are viewing or using our Facilities, as permissioned. It allows us to recognise you and make your next visit easier and the experience of the YAP Facilities more useful to you. Cookies can be stored for varying lengths of time on your browser or device.
- We use both session / transient Cookies (which expire once you close your device web browser) and persistent Cookies (which stay on your computer until you delete them) to collect information in order to provide you with a more personal and interactive experience in using our Facilities. This type of information is collected to make our Facilities more useful to you and to tailor the experience with us to meet your special interests and needs. Cookies work to make your experience browsing our sites as smooth as possible and they remember your preferences, so you don’t have to insert your details again and again.
- Be advised that: The cookie file is set on a particular browser on a particular device, so when you use a different device, that cookie will not exist.
- Cookies cannot be used to obtain data from your hard drive, get your e-mail address or steal sensitive or personal information about you and computer viruses are not passed through the setting or use of cookies. The only way that any private information could be part of your Cookie file would be if you personally gave that information to a web server. Also, each Cookie can only be read by the server that set it, so strange servers cannot view or steal the information in a cookie that you have previously accepted.
2. How YAP uses Cookies?
When you use and access the YAP Facilities, we may place a number of Cookies on your device’s web browser. We use Cookies to enable certain functions of the websites i.e. to provide analytics, to prevent fraudulent or illegal activity, to store your preferences, to enable advertisements delivery, including behavioral advertising. We also use Cookies to enhance your browsing experience by:
- Recognizing when you log in and any preferred settings.
- Giving you a browsing experience that is unique to you and to serve you content which we believe improves your sites experience.
- Analysing how you use our Facilities which helps us to troubleshoot any problems and to monitor our own performance.
YAP may share any information and data with third parties based on your specific permission obtained and you hereby explicitly agree to the collection and use of the said data by YAP for the purpose described. Please see our Privacy Policy. YAP and or third parties may use such information or data to identify you on social media platforms in order to provide you with the latest products, offers or incentives offered by YAP or such third parties.
3. What Cookies do we use?
YAP uses the following four type of cookies,
- Essential Cookies: are essential to let you move around the websites or mobile application and use its features, such as accessing secure areas of the Facilities. These Cookies allow our mobile application to provide services at your request. YAP uses essential Cookies to authenticate users and prevent fraudulent use of User accounts.
- Performance Cookies: may be used to collect information about how you use YAP, for instance, which pages you visit most often, and if you experience any error messages. They also allow us to update our websites and mobile application to improve performance and tailor it to your preferences. These Cookies do not collect any information that could identify you – all the information collected is anonymous.
- Functionality Cookies: are used to remember the choices you make, e.g. your username, log in details and language preferences. They also remember any customizations you make to give you enhanced, more personal features of your YAP experience.
- Advertising & Targeting Cookies: are used to collect information about your visit to our Facilities, the content you viewed, browsing habits to deliver adverts which are more relevant to your interest, links you followed and information about your browser, device and your IP address. They also measure the effectiveness of advertising campaigns.
As per our Privacy Policy, we may use social plugins, widgets and other features (“social networks” or “social features”) that are made available by and/or accessed through third party social networks. These social features allow these social networks to place Cookies on your browser and to collect certain information, which may be associated with your name, personal details and personal social network account. These social features are operated solely by the respective social networks, and their service providers, and we recommend that you carefully read their privacy policies before you decide to use them. We have no control over or access to the information collected, stored or used by such social networks, and the information practices of such social networks are not covered by our Privacy Policy. If you do not wish to associate any information collected via the plugins, widgets and/or other features with your personal social network account information, you should refrain from using these social features and logout from your social network account before any visit to or use of our Facilities.
4. Third-party cookies
In addition to our own Cookies, YAP may also use various third-party Cookies to report usage statistics of our sites deliver advertisements on and through our Facilities, and so on. Please see our Privacy Policy for more information.
5. How do you access or change your cookie preferences?
- To check if Cookies are enabled on your device, please view your browser’s help pages or information on how to manage cookies at www.allaboutcookies.org which contains comprehensive information on cookies, on a wide variety of browsers. Different browsers make different controls available to you. You will find details on how to delete Cookies from your computer. Within your browser, you can choose whether you wish to accept Cookies or not. Generally, your browser will offer you the choice to accept, refuse or delete Cookies at all times, or those from providers that websites owners use i.e. third-party Cookies, or those from specific websites. Each browser’s websites should contain instructions on how you can do this.
- Please note, however, that if you delete Cookies or refuse to accept them, you might not be able to use all of the features we offer of our Facilities, you may not be able to store your preferences, and some of our pages might not display properly. YAP is not responsible and will not be held liable for any loss resulting from your decision or inability to use Cookies.
- Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding tracking by advertisers and other third parties. Currently, we do not respond to DNT signals.
- Unless you have adjusted your browser setting so that it will refuse Cookies, YAP will use the enabled Cookies when you log on to our Facilities. Please note that our advertisers may also use Cookies over which we have no control.
6. Changes to the Cookies Policy:
We may update this policy from time to time. If we make significant changes, we will let you know but please regularly check this policy to ensure you are aware of the most updated version. Changes to this Cookies Policy shall be communicated to you through a plain language summary 60 (sixty) days prior to their enforcement. If you disagree with any of the changes thereof, we suggest that you stop using the Facilities immediately.