New to Umrah? Get our step-by-step Umrah guide to learn how to perform Umrah correctly. Get Umrah Guide
Login
Login

Privacy Policy

Last updated: May 10, 2026

1. Data Controller

UmrahDeals OÜ is the data controller responsible for your personal data. Our registered address is Tornimäe tn 5, 10145 Tallinn, Estonia. Registry code: 17451729.

For privacy-related inquiries, please contact us at [email protected].

2. Information We Collect

We collect the following categories of personal data:

  • Contact information: name, email address, phone number.
  • Booking details: travel dates, package selection, guest information.
  • Passport information: passport number, country of issue, expiry date, and date of birth for visa processing.
  • Payment information: we do not store your full payment card details. Payments are processed securely by Revolut.
  • Technical data: IP address, browser type, and device information collected automatically when you visit our website.

3. How We Use Your Information

We use your personal data for the following purposes:

  • To process and confirm your booking.
  • To apply for your visa on your behalf.
  • To communicate with you about your booking and provide customer support.
  • To comply with legal and regulatory obligations.
  • To improve our website and services.

4. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

  • Performance of a contract: processing necessary to fulfill your booking.
  • Legal obligation: processing required to comply with immigration and travel regulations.
  • Legitimate interests: processing to improve our services and prevent fraud.
  • Consent: where you have explicitly agreed, for example to receive marketing communications.

5. Third-Party Sharing

We share your personal data only with trusted third parties necessary to deliver our services:

  • Duffel: for flight booking and ticketing. Duffel processes passenger data on behalf of airlines.
  • Booking.com: for hotel reservations. Booking.com's privacy policy applies to their processing of your data.
  • Revolut: for secure payment processing.
  • Saudi authorities: for visa application processing as required by law.

We do not sell your personal data to third parties for marketing purposes.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected.

Passport information and visa-related data are deleted within 30 days after the completion of your travel. Booking records and contact details are retained for up to six years to comply with Estonian accounting and tax regulations.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right to access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data in certain circumstances.
  • Right to restrict processing: request limitation on how we use your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests.

To exercise any of these rights, please contact us at [email protected]. We will respond within one month.

8. Cookies

Our website uses essential cookies necessary for the operation of the site and to process your booking. We do not use third-party tracking or advertising cookies.

By continuing to use our website, you consent to the use of essential cookies. You can manage cookie preferences through your browser settings.

9. Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Payment processing is handled by Revolut using industry-standard encryption.

Despite our efforts, no method of transmission over the internet is completely secure. We cannot guarantee absolute security of your data.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on this page. We encourage you to review it periodically.

11. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at [email protected] or via WhatsApp at +372 5395 4280.