Privacy Policy

Last updated: January 15, 2025

GranMuse Digital Tourism LLC ("GranMuse," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website granmuse.lat and use our services. This policy applies to all users, including those in the European Economic Area (EEA), the United Kingdom, and the United Arab Emirates.

1. Data Controller

The data controller responsible for your personal data is:

GranMuse Digital Tourism LLC
Dubai Internet City, Building 1, Office 305
Dubai, United Arab Emirates
Email: privacy@granmuse.lat
Phone: +971 4 580 6200

2. Information We Collect

2.1 Information You Provide

  • Contact Form Data: Name, email address, subject, and message content when you submit our contact form.
  • Newsletter Subscription: Email address when you subscribe to our museum discovery newsletter.
  • Audio Guide Purchases: Name, email, and payment information when you purchase digital audio guides.

2.2 Automatically Collected Information

  • Device Information: Browser type, operating system, device type, and screen resolution.
  • Usage Data: Pages visited, time spent on pages, referral source, and click patterns.
  • IP Address: Your IP address is collected for security, analytics, and geographic content delivery.
  • Cookies: See our Cookie Policy for detailed information.

3. How We Use Your Data

We use your personal data for the following purposes:

  • To respond to your contact form inquiries and provide customer support.
  • To send our newsletter (only with your explicit consent).
  • To process audio guide purchases and deliver digital products.
  • To improve our website, content, and user experience through analytics.
  • To ensure the security and integrity of our platform.
  • To comply with legal obligations under UAE law and applicable international regulations.

4. Legal Basis for Processing (GDPR)

For users in the EEA and UK, we process your personal data on the following legal bases:

  • Consent: Newsletter subscriptions and cookie usage (Article 6(1)(a) GDPR).
  • Contract Performance: Processing purchases and delivering digital products (Article 6(1)(b) GDPR).
  • Legitimate Interest: Website analytics and security (Article 6(1)(f) GDPR).
  • Legal Obligation: Tax and regulatory compliance (Article 6(1)(c) GDPR).

5. Data Sharing

We do not sell your personal data. We may share your data with:

  • Payment Processors: Stripe and/or PayPal for secure transaction processing.
  • Analytics Providers: Google Analytics (anonymized) for website performance insights.
  • Email Service Providers: For newsletter delivery and transactional emails.
  • Legal Authorities: When required by law, court order, or governmental request.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Contact form submissions: 12 months from the date of inquiry.
  • Newsletter subscriptions: Until you unsubscribe.
  • Purchase records: 7 years (as required by UAE commercial law).
  • Analytics data: 26 months (anonymized).

7. Your Rights

Under GDPR and UAE PDPL, you have the following rights:

  • Access: Request a copy of your personal data.
  • Rectification: Request correction of inaccurate data.
  • Erasure: Request deletion of your data ("right to be forgotten").
  • Restriction: Request limitation of processing.
  • Portability: Request your data in a machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@granmuse.lat. We will respond within 30 days.

8. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the UAE. We ensure appropriate safeguards are in place as required by applicable data protection laws, including Standard Contractual Clauses (SCCs) for transfers from the EEA.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including SSL/TLS encryption for all data transmissions, secure server infrastructure, access controls, and regular security audits.

10. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. Any material changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy regularly.

12. Contact Us

For privacy-related inquiries, please contact our Data Protection Officer:

GranMuse Digital Tourism LLC
Dubai Internet City, Building 1, Office 305
Dubai, United Arab Emirates
Email: privacy@granmuse.lat
Phone: +971 4 580 6200