chevron_left Back home
LEGAL

Privacy Policy

Effective 1 Jan 2025 · Last reviewed 12 Mar 2026
Plain-English summary: We collect only what we need to run the platform — agent profiles, booking records, payment metadata. We don't sell your data, and we keep it inside ISO-certified data centres.

Scope and definitions

This policy explains how Rawana FZ-LLC ("Rawana", "we", "us") collects, uses, and protects information when travel agencies, suppliers and corporate users access the Rawana B2B platform.

Throughout this document, "You" refers to the partner agency or supplier organisation, and any individual user acting on its behalf. "Platform" means our web application, mobile applications, APIs, and any related services.

What we collect

We collect information in three buckets:

  • Account data: company name, IATA / TIDS, address, primary contact details, and the names and roles of users your administrator invites.
  • Operational data: search queries, bookings, voucher metadata, customer manifest details required to fulfil a booking, and supplier-side rate and inventory feeds.
  • Technical data: IP addresses, device and browser details, session timing, and a small set of analytics events used to improve product reliability.

We do not collect special-category personal data unless a supplier explicitly requires it for fulfilment (e.g. a passport scan for a visa-on-arrival booking).

How we use it

Information is used to run your account, fulfil bookings, settle payments, comply with the law, and improve the service. We do not sell your data, and we do not share booking details with third parties beyond the supplier needed to fulfil the trip.

Who we share with

  • Suppliers — only the data necessary to fulfil a specific booking.
  • Payment processors — for card capture and settlement, under PCI-DSS scope.
  • Cloud infrastructure providers — under data-processing agreements that mirror this policy.
  • Authorities — when compelled by valid legal process. We will notify you unless prohibited from doing so.

Retention

Account records: kept for the duration of your contract plus seven years for tax purposes. Booking records: kept for seven years from travel date. Technical logs: rolled up after 90 days, with anonymised summaries kept for trend analysis.

Your rights

You can ask us to access, correct, or delete personal data we hold on individual users. Submit a request from the partner portal or write to privacy@rawana.com. We respond within 30 days.

International transfers

Our primary data centres are in the UAE and the EU. Where data leaves these regions, transfers are governed by Standard Contractual Clauses or equivalent safeguards.

Contact our DPO

Data Protection Officer · privacy@rawana.com · Sheikh Zayed Road, Dubai. We aim to acknowledge in 48 hours and resolve within 30 days.