PRIVACY POLICY

Introduction

We are committed to safeguarding your privacy.

This policy applies where we are acting as a Data Controller with respect
to your personal data; in other words, where we determine the purposes and
means of the processing of that personal data.

We use cookies on our website. Insofar as those cookies are not strictly
necessary for the provision of our website and services, we will ask you to
consent to our use of cookies when you first visit our website.


In this policy, “we”, “us” and “our” refer to Nomad Advisors Ltd, for “the
Hotel” Zanzibar White Sands Luxury Villas & Spa.


  1. How we use your personal data.

    1. In this Section 1 we have set out:

      1. the general categories of personal data that we may
        process;

      2. the purposes for which we may process personal
        data; and

      3. the legal bases of the processing.

    2. We may process data about your use of our website and
      services (“usage data“). The usage data
      may include your IP address, geographical location, browser
      type and version, operating system, referral source, length
      of visit, page views and website navigation paths, as well
      as information about the timing, frequency and pattern of
      your service use. The source of the usage data is our
      analytics tracking system. This usage data may be processed
      for the purposes of analysing the use of the website and
      services.

    3. We may process your service data (” service data“). The service data may
      include your email address, first name, last name, title,
      phone number, address, state, province, postal code, and
      city. The source of the account data is your booking. The
      account data may be processed for the purposes of operating
      our website, providing our services, ensuring the security
      of our website and services, maintaining back-ups of our
      databases and communicating with you.

    4. We may process information contained in any enquiry you
      submit to us regarding goods and/or services (” enquiry data“). The enquiry data may be
      processed for the purposes of offering, marketing and
      selling relevant goods and/or services to you.

    5. We may process information relating to transactions,
      including purchases of goods and services, that you enter
      into with us and/or through our website (” transaction data“). The transaction data
      may include your contact details, your card details,
      payment details and the transaction details. The
      transaction data may be processed for the purpose of
      supplying the purchased goods and services and keeping
      proper records of those transactions. The legal basis for
      this processing is the performance of a contract between
      you and us and/or taking steps, at your request, to enter
      into such a contract and our legitimate interests, namely
      the proper administration of our website and business and
      your booking.

    6. We may process information contained in or relating to any
      communication that you send to us (” correspondence data“). The correspondence
      data may include the communication content and metadata
      associated with the communication. The correspondence data
      may be processed for the purposes of communicating with you
      and record-keeping.

    7. In addition to the specific purposes for which we may
      process your personal data set out in this Section 1, we
      may also process any of your personal data where such
      processing is necessary for compliance with a legal
      obligation to which we are subject, or in order to protect
      your vital interests or the vital interests of another
      natural person.

    8. Please do not supply any other person’s personal data to
      us, unless we prompt you to do so.


  2. Providing your personal data to others.

    1. We may disclose your personal data to any member of our
      group of companies this means our subsidiaries, our
      ultimate holding company and all its subsidiaries insofar
      as reasonably necessary for the purposes, and on the legal
      bases, set out in this policy.

    2. We may disclose your personal data to our insurers and/or
      professional advisers insofar as reasonably necessary for
      the purposes of obtaining or maintaining insurance
      coverage, managing risks, obtaining professional advice, or
      the establishment, exercise or defence of legal claims,
      whether in court proceedings or in an administrative or
      out-of-court procedure.

    3. We may disclose Email Contact data to Mailchimp insofar as
      reasonably necessary for email purposes.

    4. Financial transactions relating to our website and services
      may be handled by our payment services providers, Direct
      Pay Online We will share transaction data with our payment
      services provider only to the extent necessary for the
      purposes of processing your payments, refunding such
      payments and dealing with complaints and queries relating
      to such payments and refunds.

    5. We may disclose your enquiry data to one or more of those
      selected third party suppliers of goods and services
      identified on our website for the purpose of enabling them
      to contact you so that they can offer, market and sell to
      you relevant goods and/or services. Each such third party
      will act as a data controller in relation to the enquiry
      data that we supply to it; and upon contacting you, each
      such third party will supply to you a copy of its own
      privacy policy, which will govern that third party’s use of
      your personal data.

    6. In addition to the specific disclosures of personal data
      set out in this Section 2, we may disclose your personal
      data where such disclosure is necessary for compliance with
      a legal obligation to which we are subject, or in order to
      protect your vital interests or the vital interests of
      another natural person. We may also disclose your personal
      data where such disclosure is necessary for the
      establishment, exercise or defence of legal claims, whether
      in court proceedings or in an administrative or
      out-of-court procedure.


  3. International transfers of your personal data.

    1. In this Section 3, we provide information about the
      circumstances in which your personal data may be
      transferred to countries outside the European Economic Area
      (EEA).

    2. We have offices and facilities in Gibraltar. Transfers to
      each of these countries will be protected by appropriate
      safeguards, namely the use of standard data protection
      clauses adopted or approved by the European Commission.

    3. The hosting facilities for our website are situated in
      Gibraltar. Transfers to each of these countries will be
      protected by appropriate safeguards, namely the use of
      standard data protection clauses adopted or approved by the
      European Commission.

    4. You acknowledge that personal data that you submit for
      publication through our website or services may be
      available, via the internet, around the world. We cannot
      prevent the use or misuse of such personal data by others.


  4. Retaining and deleting personal data.

    1. This Section 4 sets out our data retention policies and
      procedure, which are designed to help ensure that we comply
      with our legal obligations in relation to the retention and
      deletion of personal data.

    2. Personal data that we process for any purpose or purposes
      shall not be kept for longer than is necessary for that
      purpose or those purposes.

    3. We will retain your personal data as follows for a minimum
      period of one year following the transaction date .

    4. Notwithstanding the other provisions of this Section 4, we
      may retain your personal data where such retention is
      necessary for compliance with a legal obligation to which
      we are subject, or in order to protect your vital interests
      or the vital interests of another natural person.


  5. Third-party service providers.

    1. We work with third party service providers (“Service
      Providers”) to provide application development, hosting,
      maintenance, payment and other services for us. These third
      parties may have access to or process your information as
      part of providing those services for us. Generally, the
      information provided to and gathered by these Service
      Providers are limited to that which is reasonably necessary
      for them to perform their functions, and we require them to
      agree to maintain the confidentiality of such information.


  6. Data Controller and Data Processor.

    1. We do not own, control or direct the use of any of the
      information stored or processed by the Service Providers.
      Only they are entitled to access, retrieve and direct the
      use of such information depending on the service that they
      provide. A service provider is not aware of what
      information is actually being stored or made available by
      another third-party service provider, and does not directly
      access such information or data except as authorized by you
      or as necessary to provide the services.

    2. Because we do not collect or determine the use of any
      personal data by the Service Provider, and because we do
      not determine the purposes for which such personal data is
      collected, the means of collecting such personal data, or
      the uses of such personal data, we are not acting in the
      capacity of data controller in terms of the GDPR and do not
      have the associated responsibilities under the GDPR. We
      should be considered only as a processor on behalf of our
      Service Providers and users as to any information
      containing personal data that is subject to the
      requirements of the GDPR. Except as provided in this
      Policy, we do not independently cause information
      containing personal data stored in connection with the
      Services to be transferred or otherwise made available to
      third parties, except to third party subcontractors who may
      process such data on our behalf in connection with our
      Services. Such actions are performed or authorized only by
      you.



    3. The Service Provider is the data controller under the GDPR
      for any information containing personal data. This means
      that you or the relevant user controls the manner such
      personal data is collected and used as well as the
      determination of the purposes and means of the processing
      of such personal data.

    4. A user who seeks to access, correct, amend, delete
      inaccurate data or withdraw consent for further contact
      should direct his query to the Service Provider.

  7. Amendments.

    1. We may update this policy from time to time by publishing a
      new version on our website.

    2. You should check this page occasionally to ensure you are
      happy with any changes to this policy.

    3. We will notify you of changes to this policy by email or
      through the private messaging system on our website


  8. Your rights.

    1. In this Section 8, we have summarised the rights that you
      have under data protection law. Some of the rights are
      complex, and not all of the details have been included in
      our summaries. Accordingly, you should read the relevant
      laws and guidance from the regulatory authorities for a
      full explanation of these rights.

    2. Your principal rights under data protection law are:

      1. the right to access;

      2. the right to rectification;

      3. the right to erasure;

      4. the right to restrict processing;

      5. the right to object to processing;

      6. the right to data portability;

      7. the right to complain to a supervisory authority;

      8. the right to prevent automated decision-marking and
        profiling; and

      9. the right to withdraw consent.

    3. You have the right to confirmation as to whether or not we
      process your personal data and, where we do, access to the
      personal data, together with certain additional
      information. That additional information includes details
      of the purposes of the processing, the categories of
      personal data concerned and the recipients of the personal
      data. Providing the rights and freedoms of others are not
      affected, we will supply to you a copy of your personal
      data. The first copy will be provided free of charge, but
      additional copies may be subject to a reasonable fee.

    4. You have the right to have any inaccurate personal data
      about you rectified and, taking into account the purposes
      of the processing, to have any incomplete personal data
      about you completed.

    5. In some circumstances, you have the right to the erasure of
      your personal data without undue delay. Those circumstances
      include: the personal data are no longer necessary in
      relation to the purposes for which they were collected or
      otherwise processed; you withdraw consent to consent-based
      processing; you object to the processing under certain
      rules of applicable data protection law; the processing is
      for direct marketing purposes; and the personal data have
      been unlawfully processed. However, there are exclusions of
      the right to erasure. The general exclusions include where
      processing is necessary: for exercising the right of
      freedom of expression and information; for compliance with
      a legal obligation; or for the establishment, exercise or
      defence of legal claims.

    6. In some circumstances, you have the right to restrict the
      processing of your personal data. Those circumstances are:
      you contest the accuracy of the personal data; processing
      is unlawful but you oppose erasure; we no longer need the
      personal data for the purposes of our processing, but you
      require personal data for the establishment, exercise or
      defence of legal claims; and you have objected to
      processing, pending the verification of that objection.
      Where processing has been restricted on this basis, we may
      continue to store your personal data. However, we will only
      otherwise process it: with your consent; for the
      establishment, exercise or defence of legal claims; for the
      protection of the rights of another natural or legal
      person; or for reasons of important public interest.

    7. You have the right to object to our processing of your
      personal data on grounds relating to your particular
      situation, but only to the extent that the legal basis for
      the processing is that the processing is necessary for: the
      performance of a task carried out in the public interest or
      in the exercise of any official authority vested in us; or
      the purposes of the legitimate interests pursued by us or
      by a third party. If you make such an objection, we will
      cease to process the personal information unless we can
      demonstrate compelling legitimate grounds for the
      processing which override your interests, rights and
      freedoms, or the processing is for the establishment,
      exercise or defence of legal claims.

    8. You have the right to object to our processing of your
      personal data for direct marketing purposes (including
      profiling for direct marketing purposes). If you make such
      an objection, we will cease to process your personal data
      for this purpose.

    9. You have the right to object to our processing of your
      personal data for scientific or historical research
      purposes or statistical purposes on grounds relating to
      your particular situation, unless the processing is
      necessary for the performance of a task carried out for
      reasons of public interest.

    10. To the extent that the legal basis for our processing of
      your personal data is:

      1. consent; or

      2. that the processing is necessary for the
        performance of a contract to which you are party or
        in order to take steps at your request prior to
        entering into a contract,

      3. and such processing is carried out by automated
        means, you have the right to receive your personal
        data from us in a structured, commonly used and
        machine-readable format. However, this right does
        not apply where it would adversely affect the
        rights and freedoms of others.

    11. If you consider that our processing of your personal
      information infringes data protection laws, you have a
      legal right to lodge a complaint with a supervisory
      authority responsible for data protection. You may do so in
      the EU member state of your habitual residence, your place
      of work or the place of the alleged infringement.

    12. To the extent that the legal basis for our processing of
      your personal information is consent, you have the right to
      withdraw that consent at any time. Withdrawal will not
      affect the lawfulness of processing before the withdrawal.

    13. You may exercise any of your rights in relation to your
      personal data by written notice to us in addition to the
      other methods specified in this Section 8.

  9. About cookies.

    1. A cookie is a file containing an identifier (a string of
      letters and numbers) that is sent by a web server to a web
      browser and is stored by the browser. The identifier is
      then sent back to the server each time the browser requests
      a page from the server.

    2. Cookies may be either “persistent” cookies or “session”
      cookies: a persistent cookie will be stored by a web
      browser and will remain valid until its set expiry date,
      unless deleted by the user before the expiry date; a
      session cookie, on the other hand, will expire at the end
      of the user session, when the web browser is closed.

    3. Cookies do not typically contain any information that
      personally identifies a user, but personal information that
      we store about you may be linked to the information stored
      in and obtained from cookies.

  10. Cookies that we use.

    1. We use the following cookies for the following purposes:

LOCAL COOKIES

#

Key

Value

Domain

1

all_RyEgsSBXVzZXJzGICAoI_Xgp4IDA-visit_count

%7B%22website_count%22…

www.whitesandvillas.com

2

all_RyEgsSBXVzZXJzGICAoI_Xgp4IDA-site_visit_time

1527664738506

www.whitesandvillas.com

3

cluster

R2881596201

www.whitesandvillas.com

4

clusterBAK

R1564864936

www.whitesandvillas.com

THIRD-PARTY COOKIES

#

Key

Value

Domain

1

YSC

yRpZl8cIo-U

.youtube.com

2

PREF

f1=50000000

.youtube.com

3

GPS

1

.youtube.com

4

VISITOR_INFO1_LIVE

p8BNBtB4has

.youtube.com

      1. Security
        – we use cookies as an element of the security measures
        used to protect user accounts, including preventing
        fraudulent use of login credentials, and to protect our
        website and services generally;

      2. Analysis
        – we use cookies to help us to analyse the use and
        performance of our website and services; and

      3. Cookie consent
        – we use cookies to store your preferences in relation to
        the use of cookies more generally.

  1. Cookies used by our service providers.

    1. Our service providers use cookies and those cookies may be stored on your computer
      when you visit our website.

    2. We use Google Analytics to analyse the use of our website.
      Google Analytics gathers information about website use by
      means of cookies. The information gathered relating to our
      website is used to create reports about the use of our
      website. Google’s privacy policy is available at:

      https://www.google.com/policies/privacy/

      .

  2. Managing cookies.

    1. Most browsers allow you to refuse to accept cookies and to
      delete cookies. The methods for doing so vary from browser
      to browser, and from version to version. You can however
      obtain up-to-date information about blocking and deleting
      cookies via these links:



      1. https://support.google.com/chrome/answer/95647?hl=en


        (Chrome);



      2. https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences


        (Firefox);



      3. http://www.opera.com/help/tutorials/security/cookies/


        (Opera);



      4. https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies


        (Internet Explorer);


      5. https://support.apple.com/kb/PH21411

        (Safari); and



      6. https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy


        (Edge).

    2. Blocking all cookies will have a negative impact upon the
      usability of many websites. If you block cookies, you will
      not be able to use all the features on our website.


  3. Special note regarding children.

    1. Our services are not intended for children or minors under
      the age of 18 years without the permission of a parent or
      guardian. Children under such age must not use the services
      offered on it to submit any individually identifiable
      information about themselves without the permission of and
      direct supervision by their parents or legal guardians.

    2. If you believe that a child has submitted personally
      identifiable information on or through the services without
      the consent and supervision of a parent or guardian, please
      contact us so that we can take appropriate action.


  4. Governing law and jurisdiction.

    1. This Privacy Policy and our legal obligations hereunder are
      subject to the laws of Gibraltar, regardless of your
      location. You hereby consent to the exclusive jurisdiction
      of and venue in the courts located in Gibraltar, in all
      disputes arising out of or relating to the services.

    2. If you are visiting from any other region with laws
      governing data collection and use, please note that you are
      agreeing to the transfer of your information to the Great
      Britain and processing globally. By providing your
      information you consent to any transfer and processing in
      accordance with this Privacy Policy.

  5. Our details.

    1. This website is owned and operated by Nomad Advisors Ltd..

    2. We are registered in Gibraltar under registration number
      106047, and our registered office is at Hadfield House,
      Library Street, Suite 7

    3. Our principal place of business is at Paje beach, Zanzibar,
      Tanzania.

    4. You can contact us:

      1. by post, to Hadfield House, Library Street, Suite
        7;

      2. using our website contact form at
        https://www.whitesandvillas.com/contact/;

      3. by telephone, on +44 207 193 2716; or

      4. by email, using

        contact@whitesandvillas.com

        .