Issued by: Xplor Miles Sports Events Marketing LLC
1-141-333, DUBAI BRANCH - 1-141, Plot Number : 623-0
Dubai, United Arab Emirates
partnership@explor42.com
www.explor42.com
1. Introduction
At Xplor Miles Sports Events Marketing LLC (“Explor42”, “we”, “us”, “our”), your privacy and trust are our top priorities.
This Privacy & Data Processing Policy explains how we collect, process, use, store, and protect your personal data — whether you are a traveler, event participant, hotel partner, or service provider.
Explor42 is a community-led sports travel company that curates athlete-first experiences across marathons, triathlons, cricket, F1, football, and other global sporting events.
This policy is designed to comply with:
India’s Digital Personal Data Protection Act (DPDP 2023)
The EU General Data Protection Regulation (GDPR)
UK GDPR & Data Protection Act 2018
California Consumer Privacy Act (CCPA)
By using our website or services, you consent to this policy.
We collect personal information directly from you, automatically, or through our partners:
Type
Examples
Purpose
Identification Data
Name, gender, DOB, nationality, passport number
Event registration, visa support
Contact Data
Email, phone, address
Communication, customer support
Travel Data
Itinerary, hotel booking, event participation
Fulfillment of travel packages
Payment Data
Card, bank details (via secure gateways)
Processing transactions
Preference Data
Race category, food preferences
Personalization of packages
Technical Data
IP address, cookies, browser info
Site analytics and improvement
We may also receive limited data from:
3. How We Use Your Data
We use your data to:
Register and manage your bookings
Communicate updates and confirmations
Process payments securely
Coordinate with hotels, event organizers, and logistics partners
Send optional marketing updates (only with your consent)
Improve user experience through analytics and feedback
Fulfill legal, accounting, and compliance obligations
4. Legal Basis for Processing (GDPR)
If you are based in the EU/EEA or UK, we process data based on:
Contractual necessity – to fulfill your booking
Consent – for marketing or optional data sharing
Legitimate interest – to improve services
Legal obligation – for tax and compliance
5. Data Retention
We retain personal data only as long as necessary:
Booking and financial data: 7 years
Marketing data: Until consent is withdrawn
Analytics/cookies: 12–24 months
6. Data Security
We implement strict controls including:
SSL encryption on all web and payment pages
Role-based access and password policies
Cloud infrastructure security (AWS/GCP)
Regular audits, firewalls, and backups
7. Sharing & International Transfers
We share data only when necessary with:
Event organizers (for bibs, registration)
Hotels and travel partners
Visa support agencies and logistics providers
CRM and marketing partners (Zoho, Meta, Google)
Payment gateways and banks
Data may be transferred internationally (e.g., Singapore, UAE, UK, EU). All such transfers follow GDPR adequacy standards or contractual safeguards.
8. Your Rights
You have the right to:
Access, correct, or delete your personal data
Withdraw consent for marketing
Request data portability
Lodge a complaint with the relevant authority
To exercise any of these rights, contact partnership@explor42.com We respond within 30 days.
9. Children’s Privacy
Explor42 does not knowingly collect data from individuals under 18. If such data is identified, we delete it promptly.
10. Cookies
We use cookies for essential site operations, analytics, and marketing.
See our detailed Cookies Policy for more information and cookie management options.
This section applies to all Explor42 partners, vendors, and service providers handling personal data on our behalf.
11. Purpose of This Addendum
This DPA governs how our partners (“Processors”) handle personal data shared by Explor42 (“Controller”) to deliver contracted services — e.g., hotel bookings, visa assistance, transportation, or event logistics.
12. Processor Obligations
Each Processor agrees to:
Process Data Only on Written Instructions: Use data only for purposes specified by Explor42.
Confidentiality: Ensure staff and agents maintain confidentiality.
Security Measures: Maintain strong data protection practices — encryption, limited access, and regular security reviews.
Sub-processing: Engage sub-processors only with Explor42’s consent and ensure equivalent protections.
Breach Notification: Notify Explor42 within 24 hours of any known or suspected data breach.
Data Subject Assistance: Cooperate with Explor42 in responding to data access or deletion requests.
Return or Deletion of Data: Delete or return all personal data upon completion of services unless required by law to retain it.
Audit Rights: Allow Explor42 to verify compliance through documentation or audits.
Category
Examples
Traveler Details
Name, gender, DOB, nationality, passport info
Contact Details
Phone, email, address
Travel Information
Booking ID, flight, hotel, itinerary
Payment Data
Secure transaction details
Special Data
(if applicable)*
Medical or dietary preferences (with consent)
14. Data Retention and Deletion
Data will be kept only for the duration of the service or as legally required. Once processing ends, data must be securely deleted or anonymized.
15. Liability and Indemnity
Each party is responsible for its own compliance.
The Processor shall indemnify Explor42 against any penalties or claims resulting from its non-compliance with this DPA.
16. Governing Law
This DPA is governed by the laws of UAE, without prejudice to applicable international data protection laws.
Disputes are subject to the jurisdiction of courts in UAE.
17. Contact Information
Xplor Miles Sports Events Marketing LLC
1-141-333, DUBAI BRANCH - 1-141, Plot Number : 623-0
Email: partnership@explor42.com
Website: www.explor42.com
