PRIVACY POLICY

Last Updated: May, 2025

This Privacy Policy (the "Policy") may be amended or updated from time to time to reflect changes in our practices with respect to the processing of Personal Data, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Policy.

INTRODUCTION

The Policy is provided by Westay Ltd(hereinafter referred to as "Westay", "Westay Ltd", "Westay.com", "we", "us" or "our") of Unit 913, Level 9, Liberty House, Dubai International Financial Centre ("DIFC"), Dubai, United Arab Emirates. Westay values your security and privacy and may for certain types of Personal Data processing, be subject to the DIFC Data Protection Law No. 5 of 2020 (as amended)and its implementing regulations (the "DIFC Data Protection Law"), or laws from other jurisdictions.

Personal Data is defined in the DIFC Data Protection Law as any information referring to an identified or Identifiable Natural Person.

This Policy clarifieshow we at Westay collect,use, share and otherwise process Personal Data supplied to us (collectively referred to as "processing") in respect of data subjects ("data subject(s)" or "you" or "your"), which may be our prospective customers, existing customers, suppliers, contractors, employees and consultants.

We may provide additional privacy notices on specific occasions when collecting or processing Personal Data about you. These supplemental notices are intended to ensure transparency and should be read together withthis Policy. All terms used in this Policy, such as "processing," "transferring," "Personal Data," and "special categories of Personal Data,"shall be interpreted in accordance with the DIFC Data Protection Law.

We are deeply committed to ensuring the privacy and protection of your personal information and are dedicated to maintaining the trust and confidence you place in us. Should you have any inquiries, concerns, or requestsregarding this notice or how we manage your Personal Data, please contact us at support@westay.com.

Please read this Policycarefully as it will help you make informed decisions about sharing your personal information (i.e. Personal Data) with us.

Guiding Principles

1.1. This Policy aims to inform data subjects (Clients, customers, employees, Third Parties) associated with Westay, on how Westay deals with the Personal Data that we collect, process, and maintain. All individuals whose Personal Data we collect, or process will be considered data subjects and there are encouraged to read and review this Privacy Policy.

1.2. Westay seeks to limit our collection of Personal Data from our customers, suppliers, contractors, consultants, and employees (i.e. data subjects) to such data as is reasonably necessary, for legitimate business purposes. Westay will not disclose Personal Data except in accordance with our policies and procedures, as permitted or required by law, or as affirmatively authorized in writing by the applicable data subject (as such term is defined in the DIFC Data Protection Law).

1.3. With respect to Personal Data, Westay strives to: (a) ensure the security and confidentiality of the data; (b) protect against anticipated threats and hazards to the security and integrity of the data; and (c) protect against unauthorized access to, or improper use of, the data.

1.4. Westay shall not discriminate in any way against any data subject on the basis of sex, race, color, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation.

1.5. Although these principles and procedures apply specifically to Personal Data, Westay representatives will exercise caution in protecting all of Westay's proprietary information.

Who Is the Data Controller?

For the purposes of the DIFC Data Protection Law, we are a Controller in respect of your Personal Data. This means that we are responsible for ensuring that we use your Personal Data in compliance with this Privacy Policy. We are required under the DIFC Data Protection Law to notify you of the information contained in this Policy.

What Information Do We Collect?

3.1. Personal information you disclose to us

We collect Personal Data that you voluntarily provide to us during interactions including, but not limited to:

  • Creating or registering your customer accounts on our website or mobile applications.
  • Making reservations (hotel, travel, private jet, etc.), inquiries, purchases, or service requests on your behalf.
  • Participating in surveys, promotional campaigns, or feedback initiatives.
  • Communicating with us via email, social media, phone, or other customer support channels.

The types of Personal Data we collect include, but are not limited to:

  • Full name, title, and contact details, such as email address, phone number, date of birth and/or residential or business address.
  • Identification documents (e.g., passports, Emirates IDs) when required, for example by private jet operators, accommodation providers, other tourism agencies, or by applicable laws.
  • Other Personal Data you choose to provide to us, such as guest preferences, travel details, and accessibility needs (e.g., dietary restrictions or mobility assistance).

3.2. Personal Data of Others

When providing Personal Data of others (e.g., for group bookings or shared reservations), you are responsible for ensuring those individuals are informed and aware of this Policy, as well as how their information will be processed by Westay.

3.3. Special Categories of Personal Data (i.e., Sensitive Data)

Given the nature of our services, Westay does not generally collect Special Categories of Personal Data (i.e., sensitive data), as defined under the DIFC Data Protection Law, which includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, or data concerning an individual's sex life or sexual orientation.

However, we may collect limited health-related information to accommodate specific requests, such as accessibility needs, dietary preferences, or other guest requirements. Such data will only be collected with your explicit consent and will be subject to additional safeguards to ensure its confidentiality and security.

Where the collection of sensitive Personal Data is strictly necessary for regulatory purposes (e.g., anti-money laundering compliance), it will be handled in accordance with the DIFC Data Protection Law and other applicable laws and protected with appropriate security measures.

Notwithstanding the foregoing, to the extent that we have a business need to collect any of the above special categories of Personal Data for the purposes set out above, and are permitted to do so by law, we will identify the appropriate legal basis for that processing and identify or notify you beforehand, as applicable.

How Do We Collect and Process Information?

4.1. Means of Collection

We collect Personal Data by various means, e.g., WhatsApp, email, the Westay online platform, telephone, in person, at events, or through any other means of electronic or personal communication.

If you are a Westay corporate client or prospective client, we may also collect information about you from company and trade registers and other publicly available sources.

We will:

  • Process your Personal Data in a lawful, fair, transparent, and secure way.
  • Collect your Personal Data only for specific, explicit, and legitimate purposes as explained to you when collecting your Personal Data.
  • Not use your Personal Data in a way that is incompatible with those purposes.
  • Process your Personal Data in a manner that is adequate and relevant to the purposes for which we have collected it and limited only to those purposes.
  • Keep your Personal Data accurate and, where necessary, up to date.
  • Keep your Personal Data in a form that identifies you only as long as necessary for the purposes we have informed you or as permitted by law.

4.2. Information Collected Automatically

When you interact with our website, applications, or digital platforms, certain information is collected automatically to enhance your experience and ensure operational efficiency. This data includes:

  • Device details, including IP address, browser type, and operating system.
  • Location data (collected only with explicit consent) to provide location-specific services.
  • Browsing and usage behavior, such as duration of visits, clicked links, and viewed pages.
  • Cookie identifiers and tracking information for analytics and tailored advertising.

We will take all steps that are reasonably necessary to ensure your data is processed fairly and lawfully, in accordance with the DIFC Data Protection Law, other applicable laws, and this Policy.

How Do We Use Your Information?

We process your Personal Data solely for the legitimate purposes outlined below and to the extent applicable law provides a legal basis for us to do so, strictly adhering to the DIFC Data Protection Law and other applicable regulations. The legal basis and purposes are categorized as follows:

5.1. To Fulfil Our Contractual Obligations

  • Facilitating bookings, reservations, and purchases as part of organizing travel arrangements for you.
  • Facilitating or processing payments securely and managing refunds or cancellations.
  • Communicating necessary details, confirmations, and updates regarding reservations or inquiries.
  • As necessary for our (or a third party's) legitimate interest, which is not overridden by your interests or fundamental rights and freedoms, including the provision of services by us, administrative or operational processes, and direct marketing.

5.2. For Legitimate Business Interests

  • Enhancing and personalizing customer experiences across our platforms and services.
  • Conducting performance analytics, customer behavior assessments, and service improvement strategies.
  • Sending transactional communications to ensure operational continuity (e.g., changes to terms of service).
  • Maintaining a directory of contacts.
  • General business marketing.
  • Sending you periodic updates about Westay's business, events, sales, and opportunities by email.

5.3. Marketing Purpose

You may receive marketing communications from Westay about our services. Data subjects may request to stop receiving marketing messages at any time by following the 'unsubscribe' links on any marketing message and withdrawing their consent. Alternatively, data subjects may unsubscribe from marketing communications by contacting the Westay Data Protection Officer at any time using the contact details mentioned in Section 22 of this Policy. When you withdraw your consent to receiving marketing messages, this will not apply to the continued processing of your Personal Data provided to us for other legitimate purposes. Even after opting out, you may still receive service-related communications from Westay that are necessary for the administration and use of your customer account, or for other legitimate purposes, as outlined above.

5.4. To Comply with Legal and Regulatory Obligations

  • Meeting requirements for regulatory reporting and compliance, including anti-money laundering and fraud prevention.
  • Responding to government, judicial, or regulatory authority requests as mandated by applicable laws.
  • Retaining documentation as required under financial or operational legal frameworks.

5.5. With Your Consent

  • Sending promotional communications tailored to your preferences and interests.
  • Sharing testimonials, feedback, or customer stories (when explicitly approved by you).
  • Enabling optional features, such as geolocation-based services or social media integrations.

Please note that we may use or disclose Personal Data if we are required by law to do so (even without your consent), or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order, or other legal process.

Should you have any questions with respect to the legal basis which we rely on in relation to a particular processing activity, please do not hesitate to contact us using the methods described in Section 22 of this Policy.

Change of purpose. We will only use your Personal Data for the purposes for which we collected it, or as otherwise described in this privacy notice, unless we reasonably consider that we need to use it for another legitimate reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, if required by applicable law, we will notify you and explain the legal basis which allows us to do so. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How Do We Share Your Information?

Processing Personal Data is necessary for discharging our duties as outlined in Section 5 of this Policy above, as well as for undertaking business development and promotion, and for other purposes as contemplated herein or as otherwise permitted under applicable law.

We ensure that the processing and sharing of Personal Data aligns strictly with the DIFC Data Protection Law and maintains transparency about recipients of such data. Your Personal Data may be shared with:

  • Trip Providers and Operators: To facilitate your bookings and reservations, we share relevant reservation details (e.g., name, contact information, payment details, guest names, and preferences) with the trip provider or accommodation/transportation operator you have booked. In cases of disputes, we may share reservation confirmation details to resolve issues.
  • Third-Party Service Providers: Vendors assisting us with:
    • Customer support and market research.
    • Travel fraud detection and prevention services, including anti-fraud screening (to protect our customers from scams or deceptive activities targeting the travel industry).
    • Payment services (payment processing, chargeback handling, and billing collection).
    • Marketing services (including sharing hashed email addresses for targeted advertisements).
    • Analytics, hosting, maintenance, management, and technical support (e.g., infrastructure optimization, website testing, and mobile analytics).
    • Accountants, lawyers, and other professional service providers.

    Your Personal Data may be accessed and used by these third-party service providers only to the extent necessary to fulfil their functions.

    When a service provider is engaged to perform an activity, Westay will take steps to ensure that the activity is conducted in accordance with reasonable policies and procedures designed to detect, prevent, and mitigate the risk of identity theft. Westay will make a good faith effort to require the service provider by contract to have policies and procedures in place to detect relevant red flags that may arise in the performance of the service provider's activities, and either report the red flags to Westay, or take appropriate steps to prevent or mitigate identity theft.

  • Social Logins: If you choose to log in via third-party accounts (e.g., Google or Apple), we share authentication details as necessary to facilitate this functionality.
  • Competent Authorities: Personal Data may be shared with law enforcement or regulatory bodies when:
    • Required by applicable laws.
    • Strictly necessary for the prevention, detection, or prosecution of criminal activities.
    • Necessary to protect our legal rights, property, or those of our partners.
    • There is a case of non-payment including a monetary penalty or court-ordered costs. If the debt remains outstanding after the specified timeframe for payment, no payment plan is in place, or an agreed payment plan is not being adhered to, we may initiate formal proceedings to recover the full amount of the unpaid penalty. As a result, Westay will share Personal Data with the litigation and recovery specialists it instructs in order for them to identify assets and undertake recovery action through the courts.
  • Business Partners: Partners that distribute or promote Westay services, including co-branded services with our trip providers.
  • Corporate Transactions: In the event of mergers, acquisitions, or other business restructuring, your Personal Data may be shared with relevant stakeholders under appropriate safeguards.
  • With Your Consent: Where required, we will only disclose your Personal Data for purposes not described in this Privacy Policy with your explicit consent, in accordance with Article 26 of the DIFC Data Protection Law.
  • International Transfers: Where Personal Data is shared with third parties outside the DIFC, such transfers will comply with Articles 27 and 28 of the DIFC Data Protection Law, including reliance on adequate jurisdictions, appropriate safeguards, or explicit consent, as applicable.

All third parties are contractually obligated to safeguard your Personal Data, including security measures and restrictions on the use of Personal Data, and to process it only for the specified purposes. Westay will review such service providers' privacy policies to help ensure that Personal Data is not used or distributed inappropriately.

Retention of Data

Your Personal Data is retained only for the duration necessary to fulfil the purposes outlined in this privacy notice, including for the purposes of satisfying any accounting, tax, auditing, or reporting requirements and to comply with any legal obligations to which we may be subject.

This retention period takes into account:

  • The amount, nature, and sensitivity of the Personal Data, and the potential risk of harm from unauthorized use or disclosure of your Personal Data.
  • The purposes for which we process your Personal Data and whether we can achieve those purposes through other means.
  • Compliance with statutory and regulatory retention requirements.
  • The resolution of disputes, enforcement of contractual obligations, or protection of legal rights.
  • Security and archival purposes, ensuring that data no longer required is securely erased (deleted) or anonymized. Electronic and hard copy media containing Personal Data are destroyed or permanently erased before being discarded.

In general, we may retain your Personal Data for any minimum retention period stipulated by applicable laws or regulations (in accordance with the DIFC regulatory framework, the applicable retention period is at the end of a customer relationship), and for any further period necessary for the designated purpose, and subject to any legal hold, in which case a new retention period will apply for the duration of that legal hold.

This is also subject to any earlier valid and accepted exercise of your rights as a data subject; however, such rights may be superseded by Westay's obligations under the applicable DIFC regulatory framework.

Destruction of Data

Upon the cessation of the purpose for which your Personal Data was collected and retained, and once all legal, regulatory, or contractual obligations have been fulfilled, Westay will securely destroy or permanently anonymize such data in accordance with its internal data retention and destruction policies, and subject to applicable laws and regulatory requirements.

If you wish to request the deletion of your Personal Data prior to the end of the applicable retention period, you may do so by contacting us at support@westay.com or +9714 5464488. Please note, however, that such requests are subject to applicable legal and regulatory limitations, including Westay's obligations under the DIFC Data Protection Law, the wider UAE regulatory framework, and other applicable laws such as the UAE Commercial Companies Law and the UAE Corporate Tax Law and implementing regulations, which may require the continued retention of certain records for statutory or audit purposes for a period of up to 7 years.

Cookies and Other Tracking Technologies

Do we use cookies and other tracking technologies? Yes. A cookie is a small text file that is unique to the web browser on your computer or mobile device, which is used to retain user preferences and enhance your browsing experience (a "Cookie").

Westay may use Cookies and similar tracking technologies (like web beacons and pixels) to track overall website/application usage in order to enable us to provide a better user experience. We do not use Cookies to see other data on your computer or determine your email address.

Westay may use the following types of Cookies:

  • Essential Cookies: These cookies are used for technical reasons to enable the website to work efficiently.
  • Functional Cookies: These cookies are used to remember the choices you make when using our website/application, to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our website.

You can manage and disable Cookies through the settings of your preferred browser, such as:

Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. Please note that removing or rejecting cookies may affect certain features or services of our platforms. To opt out of interest-based advertising, visit aboutads.info/choices.

Alternatively, you may wish to visit an independent source of information, aboutcookies.org, which contains comprehensive information on how to alter settings or delete Cookies from your computer as well as more general information about Cookies. For information on how to do this on the browser of your mobile phone, please refer to your mobile phone manual or network operator for guidance and advice.

Your Rights

As a data subject under the DIFC Data Protection Law, you are entitled to exercise the following rights concerning your Personal Data:

  • Information: Be informed about the lawful basis for the collection and use of your Personal Data and the purposes for which it is processed.
  • Access: You may request access to a copy of the Personal Data we hold about you and details of its processing.
  • Rectification: You may request us to amend or update your Personal Data where it is inaccurate or incomplete. We are not responsible for the accuracy of the information you provide and will modify or update your Personal Data upon your request.
  • Erasure: You may request the deletion of Personal Data where it is no longer necessary for the purposes for which your information was collected, provided it is not subject to mandatory retention obligations. We will erase or archive from active use your Personal Data upon request, unless we are required to retain it in accordance with DIFC or other applicable laws or to perform agreed services.
  • Restriction: You may request us to temporarily or permanently stop processing all or some of your Personal Data, under certain conditions.
  • Portability: Obtain and transfer Personal Data to another entity in a structured, commonly used format. We may, based on such a data portability request, either receive or transmit your Personal Data in machine-readable and structured format to another organization.
  • Objection: You may, at any time, object to us processing your Personal Data where it is based exclusively on our legitimate interests or for direct marketing purposes.
  • Withdraw Consent: Revoke consent for data processing activities reliant on prior approval (i.e., where we have asked for your consent to use your information for that particular purpose).
  • Not to Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects concerning you.

To exercise any of these rights, you may contact our Data Protection Officer using the contact details provided in Section 22 of this Policy. For assistance with exercising your rights, please contact support@westay.com.

What we may need from you. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

You also have the right to make a complaint at any time to the Data Protection Commissioner of the DIFC, who is the individual appointed by the President of the DIFC and responsible for administering and ensuring compliance with data protection laws.

No fee usually required. You will, in general, not have to pay a fee to exercise any of your individual rights mentioned in this Privacy Policy. However, we may charge a reasonable fee if your request to exercise your individual rights is manifestly unfounded or excessive (for example, for repeat copies). Alternatively, we may refuse to comply with the request in such circumstances. We will always inform you of any decision in writing.

How Do We Protect Your Information?

Westay employs a combination of advanced technical, administrative, and organizational measures to ensure the confidentiality, integrity, and availability of your Personal Data. These measures include:

  • Use of industry-standard encryption protocols for sensitive data to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction, in accordance with the DIFC Data Protection Law.
  • Secure storage environments with controlled access mechanisms.
  • Regular security audits and penetration testing to identify and mitigate vulnerabilities.
  • Contractual safeguards with all service providers and sub-processors, requiring them to comply with applicable data protection laws and to process Personal Data only under Westay's instructions, subject to confidentiality obligations.
  • Mandatory training for staff on privacy and data protection practices.
  • Access and authentication controls: access to Personal Data is restricted to authorized personnel only and is governed by strong password policies, multi-factor authentication, and logging mechanisms.

While we take all reasonable precautions, no method of data transmission or storage is entirely secure. Therefore, we cannot guarantee the absolute security of Personal Data transmitted to us via the internet, and any such transmission is at your own risk.

We have established incident response procedures to address any suspected data breach. Where required by law, we will promptly notify affected individuals and the Commissioner of Data Protection at the DIFC of any Personal Data breach in accordance with our legal obligations.

How Can You Protect Your Own Privacy

While Westay takes all reasonable measures to protect your Personal Data, we also encourage you to take steps to safeguard your own privacy and security. We recommend the following precautions:

  • Notify us immediately if you suspect that your password, user ID, or other confidential information may have been compromised. You can reach us via our toll-free number [insert number] or by email at support@westay.com.
  • Do not share your login credentials (including password or user ID) with anyone and avoid writing them down or storing them in unsecured locations.
  • Ensure that your antivirus and security software is up to date.
  • Avoid accessing our services from unsecured or public devices and networks.

Access to Westay's Premises

Westay's premises are locked both during and outside of regular business hours and are only accessible via a secure access card and/or key during regular business hours.

Do We Collect Information from Minors?

Westay does not knowingly collect Personal Data from individuals under the age of 18. Our services are intended for individuals who can legally enter into contracts. If we become aware that Personal Data from a minor has been provided without parental consent, we will take steps to delete such data promptly. If you believe we have collected such information, please contact us at support@westay.com.

Review, Update, or Delete Your Data

If your Personal Data changes, or if you no longer wish to receive our services, please let us know and we will correct, update, or remove your details as applicable and as permitted by law and regulation.

If you would like to review, update, or terminate your account with Westay, you may:

  • Contact us using the contact information provided in this Policy (last page).
  • Log into your account settings and update your user account (if you have access to our customer portal).

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use, or comply with legal requirements.

Transferring Personal Data Internationally

The information you share with us may be transferred, stored and hosted outside the DIFC and the UAE, and may be transferred to countries which do not have data protection laws or to countries where your privacy and other fundamental rights will not be protected as extensively. We will implement, to the extent possible, appropriate measures to ensure that your Personal Data remains protected and secure for as long as it remains under our control. Notwithstanding the safeguards we put in place, given the nature of Westay's business which requires us to share your Personal Data with a variety of third-party data processors (travel agencies, hotels, flight carriers, transportation providers), and to finalize travel arrangements for our customers, at times, on short notice, Westay may not be able to always have standard contractual clauses in place with these processors. Should you have any questions with respect to safeguards we employ when transferring your Personal Data out of the DIFC, please do not hesitate to contact us using the methods described in Section 22 of this Policy.

Opting Out of Marketing Emails

You can unsubscribe from our marketing email list at any time by clicking the unsubscribe link included in our emails or by contacting us using the details provided below. Even after opting out, you may still receive service-related communications that are necessary for the administration and use of your account.

To update your preferences, you may:

  • Note your preferences when registering an account.
  • Access your account settings to update preferences.
  • Contact us using the information provided in this Policy or email support@westay.com.

Data Breach

A privacy breach occurs when there is unauthorized access to, or collection, use, disclosure, or disposal of Personal Data.

If Westay becomes aware of an actual or suspected breach, we will promptly investigate the matter and take the necessary steps to address the situation. This includes identifying the nature and scope of the breach, containing the issue to prevent further harm, and taking action to mitigate any potential impact.

If the breach poses a risk to the rights and freedoms of individuals, Westay will notify the applicable Supervisory Authority (i.e., DIFC Commissioner of Data Protection) within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in such a risk. Where there is a likelihood of significant harm, such as financial loss or harm to your mental or physical well-being, we will also notify you promptly and provide information about the breach, including steps you can take to protect yourself.

In responding to a privacy breach, Westay may:

  • Identify the affected data and any unauthorized recipients.
  • Take steps to secure systems and prevent further unauthorized disclosures.
  • Consult legal counsel and regulatory authorities as necessary.
  • Assess whether notifications to affected individuals or authorities are required.
  • Review our privacy practices and implement changes to prevent future incidents.

All incidents will be documented, including details of the breach, our response, and the steps taken to resolve the issue.

Privacy Protection Training

Westay management will ensure that all new employees and representatives have received, reviewed, and understand their obligations to protect Personal Data.

Westay management also reminds all employees and representatives of their privacy protection obligations during the fourth quarter of each year. If the privacy protection program appears to be functioning well and has not undergone material changes, this reminder may take the form of a broadly distributed annual email.

Management (with the assistance of external data protection experts) may provide training more frequently and/or in person to individuals or groups if:

  • Westay's policies and procedures, or the threats to Personal Data, change in a material way.
  • Westay experiences a privacy breach.
  • One or more employees or representatives do not appear to understand their obligations regarding privacy protection.

Data Security and Cybersecurity Practices

Westay makes every effort to ensure that your Personal Data is secure on its systems. Westay has implemented appropriate technical and organizational measures to protect your Personal Data in accordance with applicable law. We take all reasonable steps to make sure your Personal Data is accurate and to protect it from unauthorized access and against unlawful processing, accidental loss, and damage.

Westay has staff dedicated to maintaining our data protection and security policies, periodically reviewing them, and making sure that our employees are aware of our data protection and security practices.

Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, Westay cannot warrant or guarantee the security of any Personal Data you transmit to us, and you do so at your own risk. We have established policies and procedures for securely managing information and protecting Personal Data against unauthorized access. We continually assess our data privacy, information management, and security practices. We do this in the following ways:

  • Establishing policies and procedures for securely managing information.
  • Limiting employee access to viewing only necessary information in order to perform their duties.
  • Protecting against unauthorized access to Personal Data by using data encryption, authentication, and virus detection technology, as required.
  • Requiring service providers with whom we do business to comply with relevant data privacy legal and regulatory requirements. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
  • Monitoring our websites through recognized online privacy and security organizations.
  • Conducting background checks on employees and providing training for our employees.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Do We Make Updates to This Policy?

This privacy notice may be amended periodically to reflect updates in operational practices or legal requirements. Changes will be communicated via prominent notifications on our platforms or through direct communications, where applicable. The latest version will always include an updated "Effective Date" at the top of the notice.

Westay customers are deemed to have acknowledged receipt of this Privacy Notice when signing contracts or signing up to become a Westay customer.

How Can You Contact Us About This Policy?

We value your privacy and welcome your feedback. For any inquiries, complaints, or requests related to this privacy notice or our data practices, please contact us at:

WeStay Ltd
PO Box 413281
Unit 913, Level 9, Liberty House, DIFC, Dubai, United Arab Emirates

Email: support@westay.com

Next

START YOUR JOURNEY WITH US.

MAKE YOUR ENQUIRY &
WE'LL TAILOR THE
EXPERIENCE FOR YOU.