Privacy Policy

Last Updated: September 8, 2025

At UmrahDeals, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services. We are a UK registered company serving customers in the United States and Middle East.

Information We Collect

We collect information that you voluntarily provide when booking Umrah packages, including:

• Personal identification information (Name, email address, phone number)
• Passport details and other travel documentation
• Payment information (processed securely through Stripe)
• Travel preferences and requirements
• Location data (IP address to determine local currency and applicable laws)
• Device and browser information for website functionality

Legal Basis for Processing

We process your personal data based on:

• Contract: To fulfill our travel services agreement with you
• Legal Obligation: To comply with visa processing, tax, and regulatory requirements
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For marketing communications (where required)

How We Use Your Information

We use the information we collect to:

• Process and manage your Umrah package bookings
• Communicate with airlines, hotels, and other service providers
• Contact you regarding your booking or account
• Process payments
• Comply with legal obligations
• Improve our services and user experience

Third-Party Service Providers

We may share your information with third-party service providers who perform services on our behalf, including payment processing, data analysis, email delivery, and customer service. These third parties have access to your personal information only to perform these tasks and are obligated to maintain its confidentiality.

Airlines and Hotels

To complete your booking, we share relevant personal information with airlines (through our IATA-accredited partner Duffel) and hotels. These service providers have their own privacy policies governing how they use your information.

Saudi Government Authorities

For visa processing and compliance with Saudi Arabian regulations, we may share your personal information with Saudi government authorities and consulates. This includes passport details, travel dates, and accommodation information required for visa applications.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

• Essential Cookies: Required for website functionality and security
• Analytics Cookies: To understand how visitors use our website
• Functional Cookies: To remember your preferences and settings
• Payment Cookies: To process secure payments through Stripe

You can control cookies through your browser settings. However, disabling essential cookies may affect website functionality.

Data Security

We implement appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. However, no method of transmission over the Internet or electronic storage is 100% secure.

International Data Transfers

As a UK company serving international customers, your data may be transferred to and processed in:

• United Kingdom: Our primary data processing location
• European Union: Our service providers and partners
• United States: Payment processing (Stripe) and other service providers
• Saudi Arabia: Government authorities for visa processing

We ensure appropriate safeguards are in place for all international transfers, including adequacy decisions, standard contractual clauses, or other approved mechanisms.

Data Retention

We retain your personal data for:

• Booking Records: 7 years for tax and accounting purposes
• Payment Information: As required by financial regulations
• Marketing Communications: Until you opt out or we delete inactive accounts
• Website Analytics: 26 months maximum

Your Data Protection Rights

Depending on your location, you may have the following rights:

• The right to access your personal information
• The right to rectify inaccurate personal information
• The right to request deletion of your personal information
• The right to restrict processing of your personal information
• The right to data portability
• The right to object to processing based on legitimate interest
• The right to withdraw consent (where applicable)

US Residents: Depending on your state, you may have additional rights under state privacy laws such as the California Consumer Privacy Act (CCPA) or Virginia Consumer Data Protection Act (VCDPA).

To exercise these rights, contact us at [email protected].

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Jurisdiction and Governing Law

This Privacy Policy is governed by UK data protection laws. For US residents, applicable state privacy laws may also apply. For Middle East residents, we comply with local data protection requirements where applicable.

Contact Us

If you have any questions about this Privacy Policy, please contact us at: [email protected]