Arabela Hotel

Last review on 24 May 2018

We do not disclose and/or share your data to any 3-rd party unless your order request it, as payment gateway and shipping company to calculate shipping rates or print shipping labels.
Basically, we collect your name and address for shipping purposes, email address and mobile number to inform you about your order status and finally your Credit Card information for payment purposes.
As for the Credit Card information we do not keep it online. As soon as we receive it and process it, we keep it on hard copy in our physical safe vault, until the product/service is provided, then we destroy it on monthly basis process.
While laws like the GDPR have “right to erasure”, you cannot require to erase the records saved on hard copies that we need for other aspects of our business.
We do not use any 3-party plugins or hidden scripts to collect your personal data and preferences.
We keep online your data until your order is received and the return period is going to expire.
We request your consent in order to use your personal data for marketing purposes (new offers, follow up emails after you’ve placed your order with other products you may be interested in).
We are committed to protect and to keep safe your personal data. In case of a security breach we’ll inform you as soon as we discover it.
We archive your personal data for 15 months on hard copy for accounting purposes and/or any conflict reconciliation.
We preserve the inactive accounts for a period of 6 months.
We preserve the complete orders for a period of 3 months.
We preserve the pending, failed, or cancelled orders for a period of 3 months.
You can request to delete your account at any time by pressing “Delete User” into your account.
We also archive your personal data on hard copy according to the Jordanian Tax Law for the next 5 years.
You have the right to request to delete your personal data from our online database, but we reserve the right to keep offline hard copy according to the Jordanian Law.
We cannot delete any of the personal data stored by Shipping Companies and Payment Gateway. You are advised to read their Privacy Policy before proceeding with payment.

For any privacy-specific requests like “Right of Access” (getting), “Right to Rectification” (updating) and “Right to Erasure” (deleting) your personal data, you are advised to send e-mail to:
If we are facing multiple requests from the same customer, we are permitted under the law to assess a reasonable fee.

What is the GDPR, exactly?
The GDPR is a new law that concerns itself with the handling of personal data of European Union (EU) residents. It takes effect on May 25, 2018.
Over two years in the making, the GDPR is intended to give EU residents more visibility and control over their personal data: how websites, including eCommerce websites, collect data; who they share it with; and what tracking technologies monitor them across the Internet.
If you sell to EU residents, this law applies to you — even if you aren’t in the EU. Fines for non-compliance will be substantial and can be levied on businesses both in and outside the EU.
What new privacy-related rights does the GDPR gives EU residents?
The new law requires stores to inform their customers about what information they collect, store, and share, and establishes specific rules about the kind of consent required before stores can collect personal data. That means that stores will be asking for consent more explicitly and detailing their use of personal data more specifically in their privacy policies.
In addition to clearer notices and privacy policies, the GDPR also gives EU residents powerful new rights such as the Right of Access, Right to Rectification, and Right to Erasure.
That means that EU residents will be able to:
Demand a copy of all the data you have about them.
Demand any errors in the data be corrected.
Request the removal of all personal data.
The GDPR also gives EU residents the right to find out if their personal data has been compromised. Websites will need to notify customers if their personal data is stolen in a breach and do so in a timely manner.
What’s Personal Data, Exactly?
GDPR isn’t about all information—the new rights for EU residents specifically apply to Personal Data.
Personal Data means anything that can identify a person, either on its own or combined with other data. Examples include a person’s:
Physical address or email address
Phone number
Last four credit card digits
Shipping tracking numbers (these are unique to an order, and thus to a person)
IP address
Basically, if you can use a piece of data to identify an EU resident or combine it with other data to identify them—that’s personal data.