Legal notice

Gamra Mountain Resort by Mantis is committed to providing the highest level of protection in relation to processing its customers’ personal data, in accordance with global data protection laws and regulations. This policy addresses how the company may collect, use, store, disclose, or process your personal data, including the personal data and information provided when using our electronic services, including our website “https://gamramountainresort.com“.

Personal data and information include all details that the company collects and processes directly or indirectly concerning you as an individual customer or as a company representative. This includes information about your identity, contact details such as name, email, contact number, transactions, financial information, interactions or dealings with the company, including information from third parties, and information collected through the company’s website, cookies, or other similar tools and our electronic services.

The use of the company’s electronic platforms, including the company’s website, and any products and services provided, is subject to our terms and conditions as approved on the website.

If you have any questions regarding the privacy policy or about the protection of your personal data, please contact the Data Protection Officer at Gamra Mountain Resort by Mantis as follows:

Gamra Mountain Resort by Mantis
Al Baha, Kingdom of Saudi Arabia
Email: [email protected]

For more information on our use of cookies, please refer to the cookie policy available on the company’s website.

Processing of Personal Data

The company may process your personal data as an individual customer or company representative for the following purposes:

  1. Processing applications for products and services, including assessing customer suitability, conducting necessary checks, and risk evaluations.
  2. Providing products and services, including but not limited to electronic services, processing transactions, and fulfilling requests.
  3. Monitoring and improving our services, the website, and its content.
  4. Establishing and managing relationships and accounts.
  5. Conducting market research and surveys to improve our products and services.
  6. Sharing information with customers about our products and services for marketing and promotional purposes.
  7. Sharing, transferring, archiving, and processing data with companies that provide the company with infrastructure and cloud computing services within the framework of applicable data protection laws.
  8. Preventing, detecting, investigating, and prosecuting crimes (including but not limited to money laundering, terrorism, fraud, and other crimes) in any jurisdiction, locally or internationally, and verifying identities, government sanctions checks, and due diligence checks.
  9. Complying with applicable local or foreign law within the company, the Kingdom, regulations, policies, voluntary codes, directives or judgments, or court orders, as well as any contractual obligations according to agreements between any company member and any regulatory authority, enforcement agency, or any requests from such entities that have authority over the company.
  10. Exercising or defending legal rights in connection with legal proceedings (including any future legal proceedings) and seeking professional or legal advice regarding such legal proceedings.
  11. Using cameras and monitoring the company’s buildings.

The company processes your personal data to fulfill the contract(s) entered into with you as a customer, comply with applicable legal or regulatory obligations, or for the company’s legitimate interests in providing you with adequate and quality products and services while minimizing risks as much as possible. Typically, the personal data requested by the company is necessary. If not provided, the company may not be able to comply with legal or regulatory obligations or provide you with the required products and services.

Access to Personal Data

A limited list of the company’s employees or contracted companies will have access to your personal data for processing purposes, with access based on the need-to-know principle or where required by law:

  1. Employees of the business line(s) concerned with the products and services provided.
  2. Marketing department employees.
  3. Risk, legal, and compliance department employees.
  4. Accounting department employees.
  5. IT department employees.
  6. Selected service providers supporting the company in providing adequate and quality products and services.

Our policy does not apply to third-party services such as websites where our advertisements are displayed online, nor to third-party websites or entities that the company does not operate or control.

Retention of Personal Information

Your personal data processed by the company will be retained in a manner that allows you to be identified as a customer for no longer than necessary for the purposes for which the personal data is processed, in line with applicable legislation and laws. At the end of these periods, your personal data will be deleted or archived to comply with legal obligations or based on applicable statutory limitation periods.

Monitoring

To the extent permitted by law, the company may record and monitor your communications with it to ensure compliance with our legal and regulatory obligations and internal policies, which may include recording telephone or electronic conversations.

Customer Rights

Subject to applicable laws and regulations within the company, you may have the right to object to the processing of your personal data by the company. This law may allow the company, subject to applicable conditions and particularly if the customer requests unnecessary or excessive services, to charge fees for fulfilling the customer’s request. Among the rights you may assert concerning your personal data and privacy are:

  1. Right of Access

You have the right to obtain confirmation from the company as to whether or not your personal data is being processed and, if so, to access information about the following:

    • The purposes of data processing.
    • The categories of personal data processed.
    • The employers, categories of employees, persons, or companies to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations.
    • Where possible, the storage period of personal data or, if not possible, the criteria used to determine that period.
    • The right to request rectification or erasure of your personal data or to restrict the processing of this data held by the company or to object to this processing insofar as it does not conflict with the company’s adopted laws and regulations.
    • The right to lodge a complaint with a supervisory authority.
    • The right to automated decision-making, including profiling, and to obtain meaningful information regarding the logic behind the processing of your personal data.
    • Where applicable, the right to be informed of the appropriate safeguards regarding the transfer of personal data outside the organization.

The company must provide a copy of the personal data undergoing processing upon request, and for any additional copies requested, please note that the company may charge a reasonable fee based on administrative costs.

  1. Right to Rectification

You have the right to obtain from the company, without undue delay, confirmation of the rectification of inaccurate personal data relating to you upon a documented request from you.

  1. Right to Erasure

Except in specific cases provided by law, upon your documented request, you have the right to obtain from the company confirmation of the erasure of your personal data without undue delay where one of the following grounds applies:

  • Personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You have withdrawn your consent on which the processing of your personal data is based, provided there is no other legal basis for processing.
  • You object to the processing in the absence of any overriding legitimate grounds for processing your personal data.
  • The personal data has been unlawfully processed.
  • You request the erasure of personal data to comply with a legal obligation to which the company is subject.
  • You request the erasure of personal data that was collected for direct service offerings to a minor.
  1. Right to Restrict Processing

You have the right to obtain a restriction on the processing of your personal data from the company if one of the following applies:

  • The accuracy of your personal data is contested (in which case, the restriction will apply for a period enabling the company to verify the accuracy of the data).
  • The processing is unlawful.
  • The company no longer needs the personal data for processing purposes, and the data is required by you for the establishment, exercise, or defense of legal claims.
  • You object to the processing, pending verification of whether the company’s legitimate grounds override yours.
  1. Right to Data Portability

Without any hindrance from the company, you have the right to obtain and transfer your personal data, which you provided to the company, to another company or entity in a structured, commonly used, and machine-readable format, provided that the processing of your data is based on consent, contract, or your approval for automated processing.

  1. Right to Object to Processing

The use of your personal data by the company is subject to the confidentiality principle dictated by applicable legislation at all times, and you have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data relating to you. The company will only process the personal data in question if it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. This right may be exercised at any time when your personal data is processed for direct marketing purposes.

  1. Right to Object to Automated Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you, except in cases provided by law.

The company must inform you about the actions taken on the request you submitted concerning your exercise of any of the above rights without undue delay, and in any case, within one month of receiving the request. This period may be extended by a further two months if necessary, considering the complexity and number of requests. The company must inform you of any such extension within one month of receiving the request, stating the reasons for the delay.

To exercise your rights as mentioned above, you may contact the company through the email mentioned above.

Finally, please note that you have the right to lodge a complaint with the competent data protection authority where applicable, concerning the company’s compliance with the applicable data protection laws and regulations.

Security

The security and confidentiality of your personal data are important to us. The company has invested significant resources to protect your personal data and maintain its confidentiality. When using external service providers to process some of your personal data, the company ensures that these providers comply with the regulations and laws issued by official and legal authorities. The commitment of these external service providers to these standards is documented to protect your rights as a customer. Regardless of where your personal information is transferred or stored, we take all reasonably necessary steps to ensure that personal data is kept secure.

Social Media

The company operates channels, pages, and accounts on various social media platforms to inform, assist, and interact with customers. The company also monitors and records comments and posts made on these channels to improve its products and services. Please note that as a customer, you should not share the following information via social media:

    • Personal and confidential data, including any information related to your financial situation, account details, transactions, etc.
    • Sensitive personal data, including:
      • Special categories of personal data, which include any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (such as fingerprints or iris scans), data concerning health, or data concerning sexual orientation or sexual life.
      • Other sensitive personal data such as criminal convictions, offenses, national ID numbers, etc.
      • Information that is excessive, unnecessary, inappropriate, offensive, or insulting towards individuals.

The company’s management is not responsible for any information posted on websites other than that published by its employees on its behalf. The company is only responsible for its use of personal data that has been legitimately received through these platforms and for ensuring its secure access.

Changes to the Privacy Policy

From time to time, it may be necessary for the company to modify the privacy policy in the interest of the company and its customers.