Privacy Policy

Introduction

Red Sea Global Hospitality (“We”, “Our”, “Us”) is committed to protecting and respecting your privacy.

Turtle Bay Hotel is operated by Red Sea Global Hospitality, a closed joint stock company owned by the Public Investment Fund of Saudi Arabia, with offices located at: Red Sea Global Hospitality, Jeddah Yacht Club & Marina, Al Kurnaysh Branch Road, Ash Shati District, Jeddah 23613, Saudi Arabia.

For the purposes of applicable data protection laws, Red Sea Global Hospitality acts as the Data Controller for personal data collected through the Turtle Bay Hotel website.

This Privacy Policy sets out the basis on which we will process any information and data we collect from you, or that you provide to us, in connection with your use of our website at turtlebayhotel.sa  (the “Website”) and in connection with the property information services we provide to you (together, the “Services”). 

Please read this Privacy Policy carefully so that you understand your rights in relation to your information, and how we will collect, use and process your information. This Privacy Policy supplements any other privacy related notices and policies we may provide to you from time to time and is not intended to override them. If you do not agree with this Privacy Policy in general or any part of it, you should not access the Website, use our Services or otherwise provide your information to us.

Our Website and Services are not intended for children, and we do not knowingly collect data relating to children. Children (below 18 years old) must not use the Services.

We change our Privacy Policy from time to time and we will note on our Website when our Privacy Policy has been updated. Please check the Website regularly for notices of changes to our Privacy Policy. Updates to our Privacy Policy will apply only to information collected after the date of the change.

1. How RSG Collects Customer Data

Data Category: Account Profile Data

Data Field: First Name, Last Name, Title, Email, Phone, Country / Region / City of Residence, Nationality, Date of Birth, Gender, Preferred Language.

Purpose for Collection: 

Business Operations:

• Process and store data in our systems for providing our services and to improve our services and for quality and training purposes.
• Follow up on customer enquiries, requests and feedback via phone, email, SMS and WhatsApp.
• Activate essential cookies for website functionality.

• Survey data processing and contact over survey results through phone, email, SMS and WhatsApp.

   

Analytics

• Analyze user behaviour in the website and mobile app and across direct communication channels, like email, phone, chat, SMS, WhatsApp, website and app push.
• Attribute customer interactions and conversions to specific marketing activities or campaigns via URL tracking and/or pixels at the user level.
• Create user profiles and segments based on user behaviour and/or profile information.
• Process survey data for statistical analysis and product & service enhancements.
• Process user personal data for profiling, behaviour analysis purposes and predictive models through the use of AI or algorithms.

Marketing and Advertising

• Send commercial emails, promos or newsletters.
• Communicate promotions or marketing campaigns via SMS or WhatsApp.
• Send push notifications through the website and app.
• Communicate specific offers over the phone.
• Activate customer feedback surveys and collect survey data.
• Share (hashed) personal data with advertising platforms to perform retargeting campaigns on online advertising platforms, for users who already visited the website, provided their personal details or otherwise interacted on other communication channels.
• Create custom advertising audiences based on prospective customers and booking customers for the purpose of look-alike targeting, suppression or custom targeting on online advertising platforms.

Personalization:

• Personalize communications and offers via email, WhatsApp, phone, SMS and mobile/web push notifications.
• Personalize website and mobile app content based on profile and/or behavioural data.
• Personalize advertising campaigns based on profile and/or behavioural data.
• Personalize services based on customer feedback, requests or predictive models.

Data Category

Behavioural data

Data Field

IP Address, MAID (mobile advertising ID), website and app visits and interactions via cookies, website search history, customer rating, survey results, free form textual feedback, spending amount, selected services, interests, preferred resorts and experiences, email preferences, consent preferences, contact method preference.

Purpose for Collection

Analytics

• Analyze user behaviour in the website and mobile app and across direct communication channels, like email, phone, chat, SMS, WhatsApp, website and app push.
• Attribute customer interactions and conversions to specific marketing activities or campaigns via URL tracking and/or pixels at the user level.
• Create user profiles and segments based on user behaviour and/or profile information.
• Process survey data for statistical analysis and product & service enhancements
• Process user personal data for profiling, behaviour analysis purposes and predictive models through the use of AI or algorithms.

Personalization:

• Personalize communications and offers via email, WhatsApp, phone, SMS and mobile/web push notifications.
• Personalize website and mobile app content based on profile and/or behavioural data.
• Personalize advertising campaigns based on profile and/or behavioural data.
• Personalize services based on customer feedback, requests or predictive models.

Data Category

Booking information

Data Field

Booking reference numbers, resort and room selection, amount spent, room preference, experiences reserved, mobility services selected, traveling from airport, arrival and departure dates, additional guest names.

Purpose for Collection

Business Operations:

• Process and store data in our systems for providing our services and to improve our services and for quality and training purposes.
• Follow up on customer enquiries, requests and feedback via phone, email, SMS and WhatsApp.
• Activate essential cookies for website functionality.
• Survey data processing and contact over survey results through phone, email, SMS and WhatsApp.

Analytics

• Create user profiles and segments based on user behaviour and/or profile information.
• Process survey data for statistical analysis and product & service enhancements
• Process user personal data for profiling, behaviour analysis purposes and predictive models through the use of AI or algorithms.

Marketing and Advertising

• Send commercial emails, promos or newsletters.
• Communicate promotions or marketing campaigns via SMS or WhatsApp.
• Send push notifications through the website and app.
• Communicate specific offers over the phone.
• Activate customer feedback surveys and collect survey data.
• Share (hashed) personal data with advertising platforms to perform retargeting campaigns on online advertising platforms, for users who already visited the website, provided their personal details or otherwise interacted on other communication channels.
• Create custom advertising audiences based on prospective customers and booking customers for the purpose of look-alike targeting, suppression or custom targeting on online advertising platforms.

Personalization:

• Personalize communications and offers via email, WhatsApp, phone, SMS and mobile/web push notifications.
• Personalize website and mobile app content based on profile and/or behavioural data.
• Personalize advertising campaigns based on profile and/or behavioural data.
• Personalize services based on customer feedback, requests or predictive models.

2. How RSGH Shares Customer Personal Data

RSGH does not use or share its customers information with others unless as described in this Privacy Policy. In certain circumstances, RSGH will share your information with third parties, as necessary, or as otherwise required or permitted by PDPL. Specifically, RSGH may share your information:

• With service providers and vendors for business purposes in its legitimate interests, or to perform a contract with you. Such third parties include: (i) data analytics vendors; (ii) security vendors; and (iii) website hosting vendors. These service providers assist RSGH with many different functions and tasks, such as providing data storage and disaster recovery services.

• When RSGH’s customer request to share certain information with third parties, with consent or to perform a contract with the customer. With the customer’s permission or upon the customer’s discretion, RSGH will disclose the customer’s information to relevant third parties.

• With professional advisors, in RSGH’s legitimate interests or as required by law. As necessary, RSGH will share its customers’ information with professional advisors functioning as service providers such as auditors, law firms, or accounting firms.

• For legal and security reasons and to protect RSGH’s services and business, in RSGH’s legitimate interests or as required by law. RSGH will share its customers’ information with regulators, law enforcement agencies, public authorities, or any other relevant organizations: (i) in response to a legal obligation; (ii) if RSGH has determined that it is necessary to share customers information to comply with applicable law or any obligations thereunder, including cooperation with law enforcement, judicial orders, and regulatory inquiries; (iii) to protect the interests of, and ensure the safety and security, of RSGH, its stakeholders, a third party or the public; (iv) to exercise or defend legal claims; and (v) to enforce RSGH’s terms and conditions

• With RSGH affiliates, in its legitimate interests. RSGH may share its customers’ information with companies within its corporate group.

• In connection with an asset sale or purchase, a share sale, purchase or merger, bankruptcy, or other business transaction or re-organization, in RSGH’s legitimate interests. RSGH will share customers’ information with a prospective buyer, seller, new owner, or other relevant third party as necessary while negotiating or in relation to a change of corporate control such as a restructuring, merger, or sale of RSGH assets.

• Analyze user behavior on the website and across direct communication channels, like Email, SMS, WhatsApp, Push; (ii) attribute conversions to specific campaigns via URL tracking and/or pixels at user level. (iii) create user profiles and segments based on user behavior; (iv) process survey data for statistical analysis and product enhancements; (v) process user personal data for profiling, behavior analysis purposes and predictive models using AI or algorithms.

• Send marketing and/or commercial emails, promos, or newsletters; (ii) communicate promotions or marketing campaigns via SMS or WhatsApp; (iii) send push notifications through the website and app; (iv) communicate specific offers over the phone; (v) activate customer feedback surveys and collect survey data; (vi) share (pseudonymized) personal data with advertising platforms to perform a retargeting campaign on Paid Media for users who already visited the website or otherwise interacted on other communication channels; (vii) create Lookalike audiences of prospective customers and/or converted customers to activate campaigns on online advertising platforms.

3. Where RSGH Stores Customer Personal Data

As RSGH is based in the Kingdom of Saudi Arabia, the Personal Data that it collects from its customers will be transferred to, stored, and processed within the Kingdom of Saudi Arabia. Where permitted by the PDPL, RSGH may also transfer its customers’ information internationally as necessary for it to provide the services to its customers, including to RSGH’s service providers. 

RSGH will take all reasonable steps necessary to ensure that its customers’ information is treated securely and in accordance with this Privacy Policy and applicable privacy laws.

4. How Long RSGH Retains Customer Personal Data

RSGH will retain your Personal Data as follows:

• Customers information will be retained for as long as needed to provide RSGH Services to the customer.

• If a customer contact RSGH requesting permeant disposition of their information, RSGH will keep the information for 5 years after the customer contacts RSGH or RSGH will also retain and use its customers information to the extent necessary to comply with RSGH’s legal obligations, resolve disputes and enforce RSGH’s terms and conditions, other applicable terms of service, and RSGH policies. After these periods, RSGH may store its customers information in an aggregated and anonymized format, and it may use this information indefinitely without further notice to its customers.

5. Identifying Purposes

RSGH collects, uses, and discloses Personal Data to provide its customers with the product or service they have requested and to offer them additional products or services RSGH believes its customers might be interested in. The purpose for which we collect Personal Data will be identified before or at the time RSGH collects the information. RSGH may collect Personal Data to provide a service, where an individual’s consent may be implied. Implied consent is consent that is not given explicitly, but which can be inferred based on the individual’s actions and the facts of a particular situation as part of the process of delivering the service.

6. Consent

Knowledge and consent are required for the collection, use or disclosure of Personal Data unless otherwise required or permitted by law. Customers always have the choice to provide their Personal Data to RSGH. However, the customer decision not to provide certain information may limit RSGH’s ability to provide them with RSGH’s products, service, or may limit functionality.  However, there are specific cases in which information will be processed even without the data owner’s consent. These cases are specified by the PDPL as per the following:

• If the Processing serves actual interests of the customer, but communicating with the customer is impossible or difficult.

• If the Processing is pursuant to another law or in implementation of a previous agreement to which the customer is a party.

• If the Controller is a Public Entity and the Processing is required for security purposes or to satisfy judicial requirements.

• If the Processing is necessary for the purpose of legitimate interest of the Controller (RSGH in this case), without prejudice to the rights and interests of the customer and provided that no Sensitive Data is to be processed.

7. Limited Collection

The Personal Data collected will be limited to those details necessary for the purposes identified by RSGH. With the customer consent, RSGH may collect Personal Data from them in person, over the telephone or by corresponding with to customers via mail, or the internet. Other possible methods of the collection of Personal Data (not limited to), direct interactions, using RSGH products or services, social media interactions, browsing the website, applying for a job, registering to become a supplier, etc.

8. Limited Use, Disclosure, and Retention

Personal Data may only be used or disclosed for the purpose for which it was collected unless the customer has otherwise consented, or when it is required or permitted by law. 

Personal Data will only be retained for the period required to fulfill the purpose for which we collected it or as may be required by law and as forementioned in section 6 of this policy.

9. Safeguarding Personal Data

Personal Data will be protected by security safeguards that are appropriate to the sensitivity level of the information. RSGH takes all reasonable precautions to protect its customers’ Personal Data from any loss or unauthorized use, access, or disclosure.

10. Openness

RSGH will make information available to its customers about its policies and practices with respect to the management of its customers’ Personal Data.

11. Customer Data Rights

RSGH would like to make sure its customers are fully aware of all their data privacy rights, in which RSGH customers are entitled to the following:

• Right to know / information: A customer has the right to know about RSGH (data controller) contact details, the exact reason the data is being collected, the methods being used for data collection, and whether this collected data will be shared.

• Right to request access or copy: A customer has the right to access their Personal Data from RSGH (data controller) and obtain a copy of it in a clear and readable format, in conformity with the content of the records. In most cases this will be at no cost, however a, ’reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if a customer requests further copies of their data may be assessed at the time of the request.

• The right to request correction / rectification: A customer has the right to request that RSGH (data controller) correct any information they believe is incomplete, inaccurate, or obsolete. The customer also has the right to request RSGH to complete the information they believe is incomplete.

• The right to destruction / erasure: A customer has the right to request that RSGH (data controller) erases their personal data. The reasons can range from rescinding the customer’s consent for data collection to the data no longer serving the purpose for which it was collected.

• The right to limit/restrict processing: A customer has the right to limit or object to the processing of their Personal Data by RSGH (data controller) or any of its contracted data processors.

• The right to data portability: A customer has the right to request that RSGH (data controller) transfer the data that it has collected to another organization, under certain conditions.

• Automated individual decision: A customer has the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects unless it is necessary for entering into, or performance of a contract between the customer and RSGH (data controller), or at the customer’s explicit consent. 

In certain circumstances permitted by regulation, or law, RSGH will not disclose certain information to its owner. For example, RSGH may not disclose information relating to a customer if other individuals are referenced or if there are legal, security or commercial proprietary restrictions.

If a customer makes a request related to any of the above rights to which they are entitled, RSGH will fulfill these requests within 30 calendar days and record all data subject requests received. RSGH will inform its customers of required extensions for fulfillment of raised requests should the resolution of the request require more than 30 calendar days.

12. Cookie Policy

by using this website, you signify your acceptance of the use of cookies on this website, as set out in this cookie policy. If you do not accept the use of cookies on this website as described, please stop using this website or disable the relevant cookies. Your continued use of this web site following the posting of changes to this cookie policy will mean that you accept those changes.

1. What are Cookies?

Cookies are text files generated by a website and placed on your computer or on any other device you are using to access the website. Point 2 of this section and the table below contain further details about the cookies used on this website and their purposes.

No cookies on this website capture a user’s name or other information that would identify the user personally. They merely identify a computer or other device. All information collected by cookies on this website is aggregated and therefore anonymous.

Information collected by the cookies on this website will not be disclosed to third parties.

Session cookies do not store information on the hard disk of your computer or other device and they expire at the end of your browsing session i.e. when you close your browser window the session cookie and information it collected is deleted. Persistent cookies are stored on your computer or other device, and they remain there after you close your session until you delete them manually or until your browser deletes them based on the pre-determined period contained within the persistent cookie’s file. This website uses Session cookies and not Persistent cookies.

This website uses both first party and third-party cookies, see the table below. Section 2 below contains more detailed information about the use of third-party cookies in particular analytics cookies.

“Strictly Necessary Cookies” for functionality of this website’s platform. These cookies are essential in order to enable users to move around this website and use its features.

“Performance Cookies” which collect information about how users navigate this website, for instance which pages users access most frequently.

“Functionality Cookies” which allow this website to remember choices you make.

“Targeting or Advertising Cookies” used to deliver adverts relevant to an identified machine or other device (not a named or otherwise identifiable person) which are tailored to interests associated with the website activity tied to that machine or device. These cookies are also used to limit the number of times a user sees an advertisement as well as to help measure the effectiveness of the advertising campaign. They may also remember that this website has been visited from a device and share that information with marketing organizations.

For more general information about cookies and how to disable them through your browser, visit www.allaboutcookies.org.

To manage your cookie preferences access here

2. This website uses the following cookies:

Cookie Name

_ga

Default Category

Performance Cookies

Default Description

This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners. For more information about Google's processing of your personal data, please consult Google's Privacy & Terms site.

Cookie Name

OptanonAlertBoxClosed

Default Category

Strictly Necessary Cookies

Default Description

This cookie is set by websites using certain versions of the cookie law compliance solution from OneTrust. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice down. It enables the website not to show the message more than once to a user. The cookie has a normal lifespan of one year and contains no personal information.

Cookie Name

_ttp

Default Category

Targeting Cookies

Default Description

This cookie is typically associated with the use of Taptap Digital, a company specializing in digital advertising. It is used for tracking and ad personalization purposes.

Cookie Name

_fbp

Default Category

Targeting Cookies

Default Description

Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers

Cookie Name

__cf_bm

Default Category

Strictly Necessary Cookies

Default Description

The __cf_bm cookie is a cookie necessary to support Cloudflare Bot Management, currently in private beta. As part of our bot management service, this cookie helps manage incoming traffic that matches criteria associated with bots.
This is a CloudFoundry cookie

Cookie Name

AWSALBCORS

Default Category

Functional Cookies

Default Description

This cookie is managed by AWS and is used for load balancing.Used to attribute commission to affiliates when you arrive at the website from an affiliate referral link. It is set when you click on one of our links and used to let the advertiser and us know the website from which you came.

Cookie Name

_screload

Default Category

Targeting Cookies

Default Description

Used by Snapchat to implement advertisement content on the website - The cookie detects the efficiency of the ads and collects visitor data for further visitor segmentation.

Cookie Name

_ttp

Default Category

Targeting Cookies

Default Description

This cookie is typically associated with the use of Taptap Digital, a company specializing in digital advertising. It is used for tracking and ad personalization purposes.

Cookie Name

AWSALB

Default Category

Functional Cookies

Default Description

AWS ELB application load balancerUsed to attribute commission to affiliates when you arrive at the website from an affiliate referral link. It is set when you click on one of our links and used to let the advertiser and us know the website from which you came.

Cookie Name

_ga_xxxxxxxxxx

Default Category

Performance Cookies

Default Description

NAUsed by Google Analytics to identify and track an individual session with your device.

Cookie Name

li_gc

Default Category

Functional Cookies

Default Description

Cookie used by LinkedIn to store user consent regarding the use of cookies on the platform.

Cookie Name

personalization_id

Default Category

Targeting Cookies

Default Description

This domain is owned by X (formerly Twitter). The main business activity is: Social Networking Services. Where X (formerly Twitter) acts as a third party host, it collects data through a range of plug-ins and integrations, that is primarily used for tracking and targeting.

Cookie Name

AWSALB

Default Category

Strictly Necessary Cookies

Default Description

AWS ELB application load balancerUsed to attribute commission to affiliates when you arrive at the website from an affiliate referral link. It is set when you click on one of our links and used to let the advertiser and us know the website from which you came.

Cookie Name

_schn1

Default Category

Targeting Cookies

Default Description

Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers.

Cookie Name

_scid

Default Category

Targeting Cookies

Default Description

Cookie associated with Snapchat. Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates realtime bidding for advertisers.

Cookie Name

guest_id

Default Category

Targeting Cookies

Default Description

This cookie is set by X (formerly Twitter) to identify and track the website visitor.

Cookie Name

_tt_enable_cookie

Default Category

Targeting Cookies

Default Description

This cookie name is associated with TikTok which is used to collect data about behavior and purchases on the website and to measure the effect of advertising. It is also used to track website activity to help optimize advertising efforts.

Cookie Name

X-AB

Default Category

Targeting Cookies

Default Description

This cookie is used by the website’s operator in context with multi-variate testing. This is a tool used to combine or change content on the website. This allows the website to find the best variation/edition of the site.

Cookie Name

guest_id_marketing

Default Category

Targeting Cookies

Default Description

Set by Twitter. Used to personalize advertising content based on user behavior and preferences.

Cookie Name

muc_ads

Default Category

Targeting Cookies

Default Description

Associated with Twitter Ads, used to track user interaction with advertising content on the platform.

Cookie Name

_ScCbts

Default Category

Strictly Necessary Cookies

Default Description

TS

Cookie Name

AWSALBCORS

Default Category

Functional Cookies

Default Description

This cookie is managed by AWS and is used for load balancing.Used to attribute commission to affiliates when you arrive at the website from an affiliate referral link. It is set when you click on one of our links and used to let the advertiser and us know the website from which you came.

Cookie Name

lidc

Default Category

Functional Cookies

Default Description

This is a Microsoft MSN 1st party cookie that ensures the proper functioning of this website.

Cookie Name

OptanonConsent

Default Category

Strictly Necessary Cookies

Default Description

This cookie is set by the cookie compliance solution from OneTrust. It stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identify the site visitor.

Cookie Name

AWSALBCORS

Default Category

Targeting Cookies

Default Description

This cookie is managed by AWS and is used for load balancing.Used to attribute commission to affiliates when you arrive at the website from an affiliate referral link. It is set when you click on one of our links and used to let the advertiser and us know the website from which you came.

Cookie Name

MUID

Default Category

Targeting Cookies

Default Description

This cookie is widely used my Microsoft as a unique user identifier. It can be set by embedded microsoft scripts. Widely believed to sync across many different Microsoft domains, allowing user tracking.

Cookie Name

bcookie

Default Category

Targeting Cookies

Default Description

This is a Microsoft MSN 1st party cookie for sharing the content of the website via social media.

Cookie Name

_scid_r

Default Category

Targeting Cookies

Default Description

Sets a unique ID for the visitor, that allows third party advertisers to target the visitor with relevant advertisement. This pairing service is provided by third party advertisement hubs, which facilitates real-time bidding for advertisers.

Cookie Name

_fbp

Default Category

Targeting Cookies

Default Description

Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers

Cookie Name

guest_id_ads

Default Category

Targeting Cookies

Default Description

Set by Twitter. Used to display relevant advertisements to users based on their interactions and browsing history.

Cookie Name

AWSALB

Default Category

Targeting Cookies

Default Description

AWS ELB application load balancerUsed to attribute commission to affiliates when you arrive at the website from an affiliate referral link. It is set when you click on one of our links and used to let the advertiser and us know the website from which you came.

Cookie Name

_tt_enable_cookie

Default Category

Targeting Cookies

Default Description

This cookie name is associated with TikTok which is used to collect data about behavior and purchases on the website and to measure the effect of advertising. It is also used to track website activity to help optimize advertising efforts.

Cookie Name

NEXT_LOCALE

Default Category

Functional Cookies

Default Description

Used to store user language preferences on the website.

3. Does the policy apply to linked websites?

Our websites may contain links to other websites. This cookie policy only applies to this website so when you link to other websites you should read their own cookie policies.

4. How do we update this Cookie Policy?

We conduct regular reviews of this Cookie Policy, and any updates will be published on this webpage.

13. Contact Information

1. Complaints

If a customer has any complaints about how we process their information, they may contact us at Privacy@RedSeaGlobal.com and we will respond to their request as soon as possible. 

Contact RSG

If a customer has any questions regarding this policy, please do not hesitate to contact RSG at  Privacy@RedSeaGlobal.com 

Contact Appropriate Authority

Should a customer wish to report a complaint or if the customer feels that RSG has not addressed their concern in a satisfactory manner, they may contact The Saudi Data & Artificial Intelligence Authority (“SDAIA”) at Suggestions@sdaia.gov.sa