Last Updated: September 7, 2025
Owner & Operator: Imkan Tourism Platform, owned by Bee Global Group and operated by Bee Global Bahrain W.L.L (referred to in this document as "the Platform" or "we").
The Platform is committed to protecting personal data in accordance with:
- The Personal Data Protection Law of the Kingdom of Bahrain (Law No. 30 of 2018), including its implementing regulations and guidelines issued by the competent regulatory authority.
- The EU General Data Protection Regulation (GDPR), where applicable (e.g., targeting or tracking individuals within the European Economic Area).
By using the Platform, you acknowledge that you have read, understood, and agreed to this Policy.
- Personal Data: Any information relating to an identified or identifiable natural person.
- Sensitive Data: Information revealing racial/ethnic origin, political opinions, religious beliefs, health or biometric data, or any category classified as sensitive under Bahraini law.
- Data Controller: Bee Global Bahrain W.L.L, as the entity that determines the purposes and means of processing Platform user data.
- Data Processor: Any third party that processes data on behalf of the Controller and under its instructions.
- User/Customer: Any natural or legal person using the Platform's services.
This Policy applies to all services provided by the Platform across its website, mobile applications, and connected systems. It covers users inside and outside Bahrain, including individuals, companies, agents, and service providers.
- Identity & Contact: Name, ID/passport number, nationality, email, phone, address.
- Account Data: Username, encrypted passwords, language preferences.
- Travel & Booking Data: Destinations, dates, number of travelers, accommodation and activity preferences.
- Payment & Transactions: Transaction IDs, payment status, billing details. (We do not store card numbers on our servers—payments are processed through accredited providers.)
- Technical Data: IP address, browser/OS type, device identifiers, browsing history within the Platform.
- Geolocation Data: If enabled by the user.
- Interactions: Support communications, reviews, "Contact Us" forms.
- Sensitive Data (when necessary and with explicit consent): Travel-related health requirements, dietary preferences tied to beliefs, or copies of visas/official documents required for booking or travel.
- Directly from the user when creating an account, submitting requests, or making bookings.
- Automatically through cookies and similar technologies (see Cookies section).
- From third parties we partner with (hotels, airlines, agents, payment/hosting providers), under written data protection agreements.
We process data for the following purposes, relying on one or more lawful bases under Bahraini law and/or GDPR (where applicable):
- Service Delivery & Booking Management – to perform the contract
- Payments, Billing & Fraud Prevention – to perform the contract, comply with legal obligations, or pursue legitimate interests
- Account Creation, Customer Relations & Support – to perform the contract or pursue legitimate interests
- Improving Experience, Personalization & Analytics – based on legitimate interests, while respecting users' right to opt out of marketing
- Direct Marketing & Promotions – only with explicit consent, which can be withdrawn at any time
- Legal & Regulatory Compliance – e.g., accounting, tax, and anti–money laundering requirements
- Security & Platform Protection – monitoring for intrusions and managing incidents, based on legitimate interests
We may share your data—only to the extent necessary—with the following categories:
- Tourism Service Partners: Hotels, airlines, transport/activity providers to fulfill your booking.
- Technology & Infrastructure Providers: Cloud hosting, information security, analytics.
- Payment Providers: Such as accredited payment gateways; card data is processed in compliance with PCI DSS standards.
- Authorized Platform Agents: To deliver services locally, within the scope of your request.
- Regulatory or Judicial Authorities: Where required by binding legal obligations.
Strict Commitments: We sign Data Processing Agreements (DPAs) with all processors. We do not sell your data and do not share it with third parties for marketing purposes without your explicit consent.
Your data may be transferred and stored outside Bahrain to enable service delivery. In all cases, we ensure that:
- The destination country provides a level of protection no less than Bahrain's standards; or
- Adequate safeguards are in place (e.g., Standard Contractual Clauses / approved mechanisms); or
- Any approvals/notifications required under Bahraini law are obtained.
If additional consent is required before a transfer, we will notify you and request your approval in advance.
We apply advanced technical and organizational controls, including:
- Data encryption during transmission and storage, where applicable.
- Access rights based on the principle of least privilege, with multi-factor authentication for sensitive roles.
- Firewalls, intrusion detection/prevention systems, and periodic audit logs.
- Secure backups, business continuity, and disaster recovery plans.
- Regular testing, risk assessments, and adherence to best practices aligned with ISO/IEC 27001 (without implying certification unless explicitly stated).
Payment Note: The Platform does not store full payment card details; processing is handled by accredited PCI DSS–compliant providers.
We retain data only for as long as necessary to fulfill the purposes of collection or as required by law, after which it is securely deleted or anonymized. As a guideline:
- Account, identity, and contact data: For the active period of use + up to 24 months after account closure, unless longer retention is legally required.
- Booking, transaction, and invoice data: Up to 10 years for accounting and regulatory compliance.
- Support records and correspondence: Up to 24 months.
- Cookies: Depending on their type (see Cookies section).
Once the purpose or legal timeframe ends, data is either deleted or irreversibly anonymized.
Under Bahraini law—and where GDPR applies—you have the right to:
- Access your data and obtain a copy.
- Correct or update inaccurate information.
- Erase data when no longer needed or when processing is unlawful.
- Restrict processing under certain circumstances.
- Object to processing, including objection to direct marketing.
- Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.
- Avoid automated decisions that produce legal or similarly significant effects, without appropriate human review.
How to Exercise Your Rights: Contact us through the channels listed below, clearly stating your request and providing proof of identity. We will respond within a reasonable timeframe and in accordance with the law.
- We send marketing communications only with your consent. You may unsubscribe at any time via the unsubscribe link in the message or by contacting us directly.
- Offers may be personalized based on your preferences within the Platform. You may object to such personalization for marketing purposes.
We may use analytical models to improve recommendations and offers within the Platform. We do not make decisions that have legal or similarly significant effects on you without human involvement. You have the right to object to the use of your profile for marketing purposes.
Our services are not directed at individuals under 18 years of age. If we become aware that we have collected data from a minor without clear parental consent, we will delete it without delay. We may request proof of parental/guardian consent where necessary.
We use cookies to enhance performance, user experience, and measurement of effectiveness. Main categories include:
- Essential: Required for site functionality, login, and order processing (cannot be disabled within our systems).
- Functional/Preference: To remember language and region settings.
- Analytical: To measure usage and improve performance.
- Marketing/Targeting: To deliver relevant content (subject to your consent).
Control: You may configure your browser settings to block or delete cookies. Disabling them may affect some Platform functions. If a detailed Cookie Policy exists, a link will be available in the website footer.
The Platform may contain links or embedded components from third-party websites or services. We are not responsible for their practices; please review their privacy policies before use.
We may update this policy from time to time. Material changes will be communicated through in-Platform notices and/or email within a reasonable period before they take effect. Continued use of the Platform after such changes take effect constitutes acceptance of the updated policy.
- Data Controller: Bee Global Bahrain W.L.L (the official operator of the Platform).
- In some cases, we may act as a Data Processor on behalf of service providers/partners under B2B arrangements, in line with agreements that define responsibilities and protect individual rights.
- Support & Privacy Email: contact@imkan.tours
- Postal Address: Manama, Kingdom of Bahrain (Bee Global Bahrain W.L.L)
We will respond within thirty (30) days or the period mandated under Bahraini law.
If you are not satisfied with our response, you may lodge a complaint with the competent Data Protection Authority in Bahrain in accordance with applicable procedures.
