I. Introduction
I.1 The purpose of this document “Principles of Personal Data Protection” is to explain all the conditions of Personal Data processing by GTS ALIVE ME DMCC, the conditions of Processing the Personal Data of Holders when using Passes and Cards and the conditions of using the Website and FB.
I.2 These Principles apply to the Holders and applicants for possession of the following Passes and Cards and co-brands of those Passes and Cards
• ISIC, International Student Identity Card,
• ISIC SCHOLAR, International Scholar Identity Card,
• IYTC, International Youth Travel Card,
• ITIC, International Teacher Identity Card,
• ALIVE Student, ALIVE Employee and ALIVE Alumni and ALIVE membership cards.
I.3 We devote the same care and interest to approaching the protection of Personal Data provided by the Holders of Passes and Cards as we do to the Passes and Cards and options of their use.
I.4 We collect only those Personal Data which we truly need for the stipulated purposes. We do everything so as to provide and guarantee to Holders the best service not only in the United Arab Emirates, but also in all the other countries where the Passes can be used.
I.5 On the following pages, you will find the complete information and conditions concerning Personal Data protection.
I.6 All the terms written with a capital first letter in these Principles have the meaning specified in the definitions here.
I.7 These Principles are valid from 1 January 2018.
II. Contact information
GTS ALIVE ME DMCC The company GTS ALIVE ME DMCC, with registered address: DMCC Business Centre, Unit No: 3928, Jewellery & Gemplex 3, Dubai, United Arab Emirates, license number: DMCC-073822, which is the operator of the Website and simultaneously the controller of Personal Data, unless stipulated otherwise in these Principles.
Rules The Rules means the Rules for using Passes and Cards, which you can find here.
Principles The Principles mean these Principles of Personal Data Protection.
Business Terms and Conditions The Business Terms and Conditions mean the Business Terms and Conditions for Online Ordering, which you can find here.
FB The Facebook profile of ISIC POINT (https://www.facebook.com/isic.ae)
Website The website https://www.studentcard.ae
Pass A Pass means any ISIC, ISIC SCHOLAR, IYTC, ITIC, ALIVE Student, ALIVE Employee and ALIVE Alumni pass, which may be issued by a university or school, GTS ALIVE ME DMCC or another authorised distributor.
Card A Card means any ALIVE card, ALIVE membership card which is issued by GTS ALIVE ME DMCC or another authorised distributor.
Holder The user of any Pass or Card; the Holder is also the data subject.
Personal Data Personal Data refers to any information concerning an identified or identifiable data subject. The data subject is considered identified or identifiable if the data subject can be directly or indirectly identified particularly based on a number, code or one or more elements specific to their physical, physiological, psychic, economic, cultural or social identity; for instance, Personal Data refers to the e-mail address or mobile phone number; Personal Data may also be data about shopping preferences associated with the surname. The processing of your Personal Data is essential for issuing the Pass or Card.
Sensitive Personal Data Sensitive Personal Data are Personal Data which testify to the nationality, racial or ethnic origin, political views, membership in trade union organisations, religious or philosophical beliefs, conviction of crimes, medical condition and sexual life of the data subject and genetic data of the data subject; sensitive Personal Data also refers to biometric data, which allow the direct identification or authentication of the data subject. GTS ALIVE ME DMCC never discloses sensitive Personal Data. These are not processed.
Processing Personal Data Processing refers to any operation or set of operations which the controller or processor systematically perform with Personal Data, either by automated or other means. Personal Data Processing refers in particular to collection, storage on information carriers, disclosure, modification or alteration, searching, use, handover, dissemination, publication, preservation, exchange, sorting or combining, blocking and deletion; collection of Personal Data is a systematic procedure or set of procedures, the aim of which is to obtain Personal Data for the purpose of their further storage on an information carrier for immediate or later processing; storage of Personal Data is the retention of data in such a form that allows their further processing; blocking of Personal Data is an operation or set of operations, through which the means or resources for processing Personal Data are restricted for a stipulated period, with the exception of essential interventions; deletion of Personal Data refers to the physical destruction of their carrier, their physical deletion or their permanent exclusion from further processing.
Purpose The purpose of processing refers to the reason for which GTS ALIVE ME DMCC processes the Personal Data.
Scope Scope refers to the specific Personal Data which we need for Processing, for instance the name and surname.
III. Common information for Holders of Passes purchased within the GTS ALIVE ME DMCC agent network or issued through the online application
III.1 Among other, GTS ALIVE ME DMCC is the holder of license rights and rights to issue ISIC, ISIC SCHOLAR / ITIC / IYTC passes for the United Arab Emirates. GTS ALIVE ME DMCC declares that all the Personal Data are considered strictly confidential and are handled in accordance legal regulations of the United Arab Emirates. GTS ALIVE ME DMCC also accepts all obligations arising from the new General Data Protection Regulation.
III.2 The controller of Personal Data for Passes and Cards issued through the GTS ALIVE ME DMCC agent network or through the online application is GTS ALIVE ME DMCC, which produces and issues the Passes and ensures the related activities.
III.3 The seller included in the GTS ALIVE ME DMCC agent network is the processor of Personal Data.
III.4 GTS ALIVE ME DMCC is only the processor for Personal Data for all ALIVE member Cards and partner Cards. The Card issuer is the controller. All rights, requests and complaints must be applied with the issuer.
IV. Common information for Holders of Passes of schools participating in the ISIC FOR SCHOOLS project
IV.1 GTS ALIVE ME DMCC is the holder of license rights and rights to issue ISIC / ISIC SCHOLAR / ITIC / IYTC passes for the United Arab Emirates and license rights to issue ALIVE passes.
IV.2 GTS ALIVE ME DMCC declares that all the Personal Data are considered strictly confidential and are handled in accordance with the laws of the United Arab Emirates, on Personal Data protection. GTS ALIVE ME DMCC also accepts all obligations arising from the new General Data Protection Regulation.
IV.3 The controller of Personal Data within the ISIC FOR SCHOOLS project is GTS ALIVE ME DMCC, which within this project produces and issues the Passes for schools, respectively their students, and ensures the related activities, including allowing the use of Passes by the subject for the purpose of identification of the subject, the possibility of enjoying benefits at home and abroad for the subject, etc. The controller of Personal Data is also the school itself which participates in the ISIC FOR SCHOOLS project, in order to allow use of the Pass as a student/teacher identification pass, to confirm the status of school student/pupil/teacher/employee and potentially for use in the school’s access and security systems and other use by the school.
IV.4 A school participating in the ISIC FOR SCHOOLS project is the controller of Personal Data, because it mediates the applications for its students/pupils for GTS ALIVE ME DMCC. GTS ALIVE ME DMCC is the processor for the school participating in the project as for processing concerning use during the subject’s term of study at the school, for the purpose of ensuring Pass functionality as a student identification pass.
IV.5 Learn more about the ISIC FOR SCHOOLS project here.
V. Declaration on protection of Personal Data for Holders of Passes from universities and colleges which issue combined school student/teacher/employee/alumni passes with ISIC, ITIC, ALIVE Student, ALIVE Employee and ALIVE Alumni passes
V.1 GTS ALIVE ME DMCC is the holder of license rights and rights to issue ISIC/ITIC passes for the United Arab Emirates and license rights to issue ALIVE passes.
V.2 Universities and colleges might issue student identification document, hereinafter also “pass”. A student pass is a document issued by the university, which the student receives upon registering for study; the said document confirms the student’s legal position, authorising them to enjoy the rights and benefits of a student arising from legal regulations or the university’s internal regulations. Such school student pass may be issued with an ISIC ID card.
V.3 GTS ALIVE ME DMCC allows the academic partner to issue a combined student/teacher/employee/alumni school pass and ISIC/ITIC/ALIVE pass.
V.4 In this case, the controller of Personal Data is the respective academic partner which issued the given Pass, because the specific school produces and issues the pass and ensures all the related activities. GTS ALIVE ME DMCC is not involved in processing, but merely ensures the possibility of using the Pass as imposed on the school.
V.5 GTS ALIVE ME DMCC is the processor for ensuring the possibility of verifying the Pass and enjoying the discounts and benefits according to the Rules for use of Passes, which are here, because the school only entrusts GTS ALIVE ME DMCC with the activities concerning the ensuring of Pass discounts and benefits.
V.6 GTS ALIVE ME DMCC as the processor strictly observes the effective legislation and these Principles.
V.7 GTS ALIVE ME DMCC does not provide your Personal Data to any third parties, unless you grant consent to do so.
V.8 For information about Personal Data processing for the purpose of a combined school pass and Pass, please inquire with the specific school which issues the Pass.
V.9 Use of the Pass is also governed by the internal regulations of the school that issued the Pass.
VI. Purposes of Personal Data processing
The purpose refers to the reason why the Holders’ Personal Data are processed in individual cases, respectively why they are required. Unless stipulated otherwise or unless GTS ALIVE ME DMCC is authorised by legal regulations to perform processing, GTS ALIVE ME DMCC processes Personal Data for the following purposes:
VI.1 Order performance = issuing and use of the Pass/Card
By completing the respective application, the Holder requests the issuing of the Pass/Card. The Pass/Card can only be issued if the Holder gives the controller the necessary Personal Data; this processing is essential for issuing the Pass/Card. The Holder’s Personal Data are used only for issuing the Pass/Card and enabling use. The Holder’s Personal Data are used only as follows:
• to manufacture the body of the Pass/Card;
• to register the Holder’s Personal Data in order to verify student status, Pass/Card validity, authorisation of the claim to a discount/benefit;
• to send the information which the Holder essentially needs for Pass/Card functionality, e.g. information about expiring validity;
• to use other functions enabled by the individual types of Passes/Cards according to the Rules and respective application;
• to keep records of Pass/Card Holders, their verification and control (i.e. verification of pupil/student status, which is a condition for drawing the discount and benefita, and verifying the right to draw discounts/benefits).
VI.2 Personalised commercial messages = marketing, direct marketing
If the Holder granted voluntary and express consent, GTS ALIVE ME DMCC will inform the Holder and send them personalised commercial messages about the options offered by the Pass and GTS ALIVE ME DMCC’s business partners, about discounts, events and contests by GTS ALIVE ME DMCC and GTS ALIVE ME DMCC’s business partners. The Holder’s Personal Data will be used for this purpose so as to allow the following:
• sending of personalised commercial messages from GTS ALIVE ME DMCC and GTS ALIVE ME DMCC’s business partners which are interesting for the Holder based on the ongoing evaluation and updating of Personal Data, including information about the use of the Holder’s Pass/Card among the controller’s business partners and the Holder’s preferences determined from use of the Website and FB, including the use of electronic means of communication;
• sending of regular commercial messages, including the use of electronic means of communication;
• conducting market surveys and evaluation.
VI.3 Verification/control of identification during online Pass purchase
If you grant us your voluntary and express consent, we will verify and control your identity when purchasing the Pass online via verification of a scan of your national ID card/passport. The copy (scan) can be made exclusively by the Holder. The scan of the national ID card (or other provided identification document) will be used exclusively to verify the Holder’s identity. Verification of identity includes checking the photograph on the Pass with the photograph on the national ID card/passport, verifying the data from the Pass with data on the national ID card/passport. After such verification, GTS ALIVE ME DMCC will immediately and securely liquidate the copy (scan) of the national ID card/passport.
VII. Scope of processing Personal Data
The scope of Personal Data is always defined so as to be the scope necessary to fulfil the given purpose. Based on the individual purposes, the scope is as follows:
VII.1 Order performance = issuing and use of the Pass/Card
We only process such Personal Data which the Holder discloses to us, provides or completes in the respective request. For the purpose of production and functioning of the Pass/Card, GTS ALIVE ME DMCC processes the Holder’s photograph, name and surname, issue date and other Personal Data of the Holder, depending on the type of Pass/Card.
The scope of Personal Data on the body of the Passes and Cards is as follows:
• ISIC, ISIC SCHOLAR, ITIC passes contain: name, surname, date of birth, photograph, validity, serial number, school name;
• IYTC Passes contain: name, surname, photograph, validity, serial number;
• ALIVE Student and ALIVE Employee contain: name, surname, date of birth, photograph, validity, serial number, school name;
• ALIVE Alumni contain: name, surname, school name, validity, serial number;
• ALIVE Card (sporting associations) contain: name, surname, date of birth, validity, serial number, institution name.
The Pass or Card may also contain other Personal Data of the Holder, which the Holder provided to GTS ALIVE ME DMCC, such as the Holder’s photograph for Passes/Card on which the photograph is depicted. The scope may also include the issue date and other Personal Data of the Holder.
Furthermore, for the purposes of use and functionality, we keep a database of Holders in which we register in particular the Pass/Card number, issue date, expiry, data about Pass/Card extension and chip information (if it exists) in order to verify the Pass/Card, discount and benefit options and other uses.
The purpose of processing Personal Data is the issuing of the Card, provision of discounts, Card control, management of the numerical Card series for protection against misuse and management of Holder records.
VII.2 Personalised commercial messages = marketing, direct marketing
Only the Holder’s Personal Data for which the Holder has granted consent to use for this purpose will be used for this purpose.
The scope of Personal Data used for the above purpose is:
• name, surname and titles, address data (permanent address, mailing address, country and other data including e-mail address), telephone number and date of birth;
• all Personal Data provided by the Holder in the form or otherwise disclosed by the Holder while granting consent;
• data about us of the Pass/Card among GTS ALIVE ME DMCC’s business partners, including the purchases made, data about use of the controller’s website and social networks, data identified during participation in contests, events and surveys or polls conducted by the controller and data about use of the “MY ISIC” personal account, data on the use of related Passes/Card by one User, including data about the use of Passes and Cards of other controllers, such as membership Passes/Cards, ALIVE Cards;
• the Holder’s other Personal Data concerning the Passes and Cards provided by the Holder or determined by GTS ALIVE ME DMCC from the Holder of Personal Data.
VIII. Recipients of Personal Data
VIII.1 Processors for GTS ALIVE ME DMCC
ISIC Association – a non-profit organisation which controls and manages international identification Passes;
ISIC Global Office – a service organisation of the ISIC Association which ensures the international functioning of Passes and manages the international database of Passes;
Orchitech Solutions, s.r.o. – IT company providing information system management;
An overview of all GTS ALIVE ME DMCC business partners, with which the Holder may apply discounts/benefits and make purchases, can be found here.
An overview of GTS ALIVE ME DMCC partners participating in the agency network can be found here.
VIII.2 Recipients of GTS ALIVE ME DMCC
ISIC Association – a non-profit organisation which controls and manages international identification Passes;
ISIC Global Office – a service organisation of the ISIC Association which ensures the international functioning of Passes and manages the international database of Passes;
IX. Processing term
The processing term is always defined so as to be the term necessary to fulfil the given purpose. Based on the individual purposes, the processing term is as follows:
IX.1 Order performance = issuing and use of the Pass/Card
Personal Data will be processed for this purpose throughout the validity term of the Pass/Card, respectively for the period bound to the respective processing purpose stipulated in the request to issue the Pass, i.e. for the period during which the Pass Holder is authorised to draw the services and benefits associated with the Pass/Card.
A. If the Pass/Card was issued by an authorised partner in the agent network, authorised by GTS ALIVE ME DMCC, the processing term of the Holder’s Personal Data is the validity period and an additional 12 months. The validity period of the Pass/Card starts on the issue date and ends in the month of December of the year after the year of issue – depending on the chosen academic year, but no more than 16 months (for more, see Art. 5.7 of the Business Terms and Conditions). Upon the expiry of validity, the Personal data are stored for 12 months for the following reasons:
• to verify misuse of the Pass/Card and verify expiry of the Pass/Card in the network of GTS ALIVE ME DMCC business partners;
• to send control information reports to the Holder about expiry of the Pass/Card validity, information about the options of obtaining a new Pass/Card and information about the impossibility of further use of the Pass/Card;
• for reasons of controlling the usability of the Pass/Card license number and Holder records in the case of issuing a new Pass/Card.
B. If the Pass was issued based on an online order from the GTS ALIVE ME DMCC Website, the processing term of the Holder’s Personal Data is the validity period and an additional 12 months. The validity period of the Pass/Card starts on the issue date and ends in the month of December of the year after the year of issue – depending on the chosen academic year, but no more than 16 months (for more, see Art. 5.7 of the Business Terms and Conditions). Upon the expiry of validity, the Personal data are stored for 12 months for the following reasons:
• to verify misuse of the Pass/Card and verify expiry of the Pass/Card in the network of GTS ALIVE ME DMCC business partners;
• to send control information reports to the Holder about expiry of the Pass/Card validity, information about the options of obtaining a new Pass/Card and information about the impossibility of further use of the Pass/Card;
• for reasons of controlling the usability of the Pass/Card license number and Holder records in the case of issuing a new Pass/Card.
C. If it is a Pass/Card issued by the school within the “ISIC For Schools” project, the period of processing the Holder’s Personal Data is nine years, which is the period of study, respectively the expiry period of the Pass/Card according to the Rules, during which it is possible:
• in the case of invalidation, to preserve the option of renewing the Pass/Card according to the Rules;
• to verify misuse of the Pass/Card and verify expiry of the Pass/Card in the network of GTS ALIVE ME DMCC business partners;
• to send control information reports to the Holder about expiry of the Pass/Card validity, information about the options of obtaining a new Pass/Card and information about the impossibility of further use of the Pass/Card;
• for reasons of controlling the usability of the Pass/Card license number and Holder records in the case of issuing a new Pass/Card.
D. If it is a Pass/Card issued by the school within the project for universities and other schools, where GTS ALIVE ME DMCC is merely the processor of the Holder’s Personal Data for the given specific school, the processing period is nine years, which is the period of study, respectively the expiry period of the Pass/Card according to the Rules, during which it is possible:
• in the case of invalidation, to preserve the option of renewing the Pass/Card according to the Rules;
• to verify misuse of the Pass/Card and verify expiry of the Pass/Card in the network of GTS ALIVE ME DMCC business partners;
• to send control information reports to the Holder about expiry of the Pass/Card validity, information about the options of obtaining a new Pass/Card and information about the impossibility of further use of the Pass/Card;
• for reasons of controlling the usability of the Pass/Card license number and Holder records in the case of issuing a new Pass/Card.
E. If it is a membership ALIVE Card, where GTS ALIVE ME DMCC is merely the processor, because the Card was issued by the specific organisation, the term of processing Personal Data is usually the validity period of the Card, which is printed on the specific Card, respectively the period by which validity was extended. For specific information about processing and the term, the Holder may contact the organisation which is a member and which issued the Card.
The validity period of individual Passes and Cards is also regulated in detail in the Rules. The validity period and processing time may differ for the aforementioned reasons, e.g. due to the option of renewing the Pass/Card.
If the Holder no longer wishes to use the Pass/Card, they undertake to inform GTS ALIVE ME DMCC of this according to the Rules. In this case, we will process the Holder’s Personal Data only in the necessary scope in order to fulfil the legal obligations of GTS ALIVE ME DMCC and to protect the justified interests of GTS ALIVE ME DMCC, as stipulated by special legal regulations (e.g. due to inspection by individual supervisory authorities).
F. In the case of co-branded payment Pass/Card, GTS ALIVE ME DMCC is only the processor, because the card was issued directly by cooperating financial/banking partner. The processing term is validity period of the Pass/Card. Upon termination of validity, the Personal Data are stored for the purpose of enabling revalidation and for the following reasons:
• to verify misuse of the Pass and verify expiry of the Pass in the network of GTS ALIVE ME DMCC business partners;
• to send control information reports to the Holder about expiry of the Pass validity, information about the options of obtaining a new Pass and information about the impossibility of further use of the Pass;
• for reasons of controlling the usability of the Pass serial number and Holder records in the case of issuing a new Pass.
The validity period of individual Passes and Cards is also regulated in detail in the Rules. The validity period and processing time may differ for the aforementioned reasons, e.g. due to the option of renewing the Pass/Card.
If the Holder no longer wishes to use the Pass/Card, they undertake to inform GTS ALIVE ME DMCC of this according to the Rules. In this case, we will process the Holder’s Personal Data only in the necessary scope in order to fulfil the legal obligations of GTS ALIVE ME DMCC and to protect the justified interests of GTS ALIVE ME DMCC, as stipulated by special legal regulations (e.g. due to inspection by individual supervisory authorities).
IX.2 Personalised commercial messages = marketing, direct marketing
Personal Data will be processed for this purpose for an indefinite term, maximally until consent is revoked. Personal data will not be processed further once the purpose of processing expires.
The Holder may request the termination of sending commercial messages here. In this case, their Personal Data will be further processed in the meaning of Art. 7.2 of these Principles, except for the sending of commercial messages.
Consent to Personal Data processing for the purpose pursuant to Article 7.2 of these Principles may be revoked at any time in writing at the address of GTS ALIVE ME DMCC or here
X. Information about the option of terminating the sending of commercial messages, application of objections, complaints and requests to terminate processing.
You may ask us at any time to terminate the sending of commercial messages, either here or in every individual commercial message.
If you wish to revoke your consent to Personal Data processing for the purpose of personalised commercial messages, marketing, market surveys and direct marketing, you can do so here.
If you have any questions concerning Personal Data processing, security, or wish to apply a right or submit a complaint, please do so here.
XI Information about the rights of Personal Data subjects pursuant to the General Data Protection Regulation effective from 25 May 2018.
XI. Information about the rights of Personal Data subjects pursuant to the General Data Protection Regulation effective from 25 May 2018.
XI.1 Transparent information, notices and procedures for exercising the rights of data subjects
The controller will adopt adequate measures to provide each Holder with complete information in a concise, transparent, comprehensible and easily accessible manner using clear and simple language (e.g. about the Personal Data processor and the course of such Processing) and to make all notices about Processing, in particular as concerns information designated specifically for a child. The controller will provide the information in writing or via other means (e.g. in electronic form). Assuming that your identity is proven by other means, you also have the right to request the provision of this information orally.
The controller will not refuse to accommodate your request whilst exercising your rights (in particular the right to access), unless it proves that it cannot determine the identity of the data subject to which the given data pertain.
You have the right, at your request, to be provided by the controller with information about adopted measures, without undue delay and in any case within one month from receiving the request. This deadline may be extended by an additional two months if necessary given the complexity and number of applications. The controller will inform you of any such extension within one month from receiving the request together with reasons for such delay. If you submitted the request in electronic form, the information will be provided in electronic form, if possible and if you do not require other means.
If the controller does not adopt the measures you requested, it will inform you immediately and at latest within one month from receiving the request about the reasons for not adopting the measures and the possibility of filing a complaint with the supervisory authority and requesting court protection.
We inform you that all this information, notices and actions are provided free of charge. If the requests submitted by the Holder are evaluated as obviously unjustified or inadequate, and in particular if they are repeated, the controller may either:
a) impose a reasonable fee taking into account the administrative costs related to providing the requested information or notice or performing the requested actions; or
b) refuse to accommodate the request.
The controller must prove the obvious lack of justification or inadequacy of the request.
If the controller has justified doubts about the identity of the natural person submitting the request, it may ask for the provision of additional information required to confirm the identity of the Holder.
The information which is to be provided to you may be supplemented with standardised icons with the aim of providing an easily visible, comprehensible and clear overview of the intended processing. If the icons are presented in electronic format, they must be machine-legible.
XI.2 Right to correction
You have the right to have the controller correct inaccurate Personal Data concerning your person without undue delay. With regard to the purposes of processing, you also have the right to complete incomplete Personal Data by providing an additional declaration.
XI.3 Right to deletion (“right to be forgotten”)
You have the right to have your Personal Data concerning your person deleted without undue delay by the controller, and the controller is obliged to delete the Personal Data without undue delay, only if one of the following reasons exists:
a) Your Personal Data are no longer required for the purpose for which they were collected or otherwise processed;
b) You revoke the consent based on which the data were processed, and there are no further legal grounds for Processing;
c) You object to Processing (pursuant to the “Right to objection” below) and there are no superior justified reasons for Processing;
d) The Personal Data were processed unlawfully;
e) The Personal Data must be deleted to fulfil the legal obligation stipulated by Community law or by the laws of the member state which apply to the controller;
f) The Personal Data were collected in connection to an offer of information society services in the case of a person less than 16 years of age, in whose case Processing pursuant to legal regulations requires consent from the person exercising parental responsibility.
If the controller published the Personal Data and is obliged to delete them pursuant to the above “Right to deletion”, it will undertake adequate steps given the available technology and costs, including technical measures, to inform the controllers processing these Personal Data that the subject has requested the deletion of all references to these Personal Data, copies or replications thereof.
The foregoing will not apply if Processing is necessary:
a) to exercise the right to freedom of expression and information;
b) to fulfil legal obligations, which require Processing pursuant to Community law or the laws of member state which apply to the controller, or to fulfil tasks performed in public interest or when exercising public power which has been delegated to the controller;
c) for reasons of public interest in the area of public health;
d) for the purpose of archiving in public interest, for the purpose of scientific or historical research or for statistical purposes, if it is likely that the aforementioned right would prevent or seriously impede the fulfilment of the objectives of such Processing;
e) to determine, exercise or defend legal claims.
XI.4 Right to restriction of Processing
You have the right to have the controller restrict Processing in any of these cases:
a) If you deny the accuracy of the Personal Data, for the time needed for the controller to verify the accuracy of the Personal Data;
b) Processing is unlawful and you reject the deletion of Personal Data and instead request the restriction of their use;
c) The controller no longer needs your Personal Data for the purposes of processing, but you require them to determine, exercise or defend your legal claims;
d) If you have raised an objection against Processing, until it is verified whether the controller’s justified reasons outweigh your justified reasons.
If Processing was restricted pursuant to the aforementioned “Right to restriction of processing”, the Personal Data (with the exception of storage) may be processed only with your consent or in order to determine, exercise and defend legal claims, for reasons of protection of the rights of other natural persons or legal entities, or for reasons of important public interest of the Union or a member state.
If you attained the restriction of Processing, you will be notified in advance by the controller that restriction of Processing will be cancelled.
Notification obligation concerning the correction or deletion of Personal Data or Processing restriction
The controller informs the individual recipients, to whom Personal Data were disclosed, of any corrections or deletion of Personal Data, or will limit Processing, with the exception of cases when this proves to be impossible or requires disproportionate effort. The controller will inform you of these surnames, if you request it.
XI.5 Right to data portability
You have the right to obtain the Personal Data concerning your person which you provided to the controller in structured, regularly used and machine-legible format, and the right to provide these data to another controller without interference from the controller to whom these Personal Data were provided, in the case that:
a) Processing is based on consent or on an agreement,
b) Processing is performed automatically.
When exercising the right to data portability, you have the right to have the Personal Data transferred directly by one controller to another, if this is technically feasible.
Exercising the aforementioned “Right to data portability” does not affect your aforementioned “Right to deletion”. This right does apply to the Processing necessary for the purpose of performing tasks in public interest or when exercising public authority, with which the controller is entrusted.
The aforementioned “Right to data portability” must not have a negative impact on the rights and freedoms of other persons.
XI.6 Right to objection
For reasons concerning your specific situation, you have the right at any time to raise an objection to the processing of Personal Data concerning your person. The controller will no longer process the Personal Data if it does not prove its serious justified reasons for processing, which outweigh your interest or rights and freedoms, or for the determination, exercising or defence of legal claims.
If the Personal Data are processed for the purpose of direct marketing, you have the right at any time to object to the Processing of Personal Data concerning your person for such purpose, which also includes profiling as concerns direct marketing.
If you object to Processing for the purpose of direct marketing, your Personal Data will no longer be processed for this purpose.
In connection to the use of information society services, you may apply your right to raise an objection via automated means using technical specifications.
If the Personal Data are processed for the purpose of scientific or historical research or for statistical purposes, you have the right to object to the processing of Personal Data concerning your person for reasons related to your specific situation, unless Processing is necessary to fulfil a task performed for reasons of public interest.
XI.7 Automated individual decision-making including profiling
You have the right not to be the subject of any decision based solely on automated processing, including profiling, which has legal consequences for you or significantly affects you in a similar manner.
GTS ALIVE ME DMCC does not base any of its decisions exclusively on automated processing.
XII. Contact data of the supervisory body
Please direct questions, comments, requests concerning Personal Data Processing to:
GTS ALIVE ME DMCC
with registered address:
DMCC Business Centre, Unit No: 3928, Jewellery & Gemplex 3, Dubai, United Arab Emirates, license number: DMCC-073822, email: info(at)studentcard.ae
Contacts for the international company IGO: Privacy Officer
IGO (ISIC Global Office)
Keizersgracht 174-176
1016 DW Amsterdam
The Netherlands
Telephone: + 31 (0) 20 421 2800
Fax: +31 (0) 20 421 2810
Please direct requests concerning Personal Data processing for insurance to:
GTS ALIVE ME DMCC
with registered address: DMCC Business Centre, Unit No: 3928, Jewellery & Gemplex 3, Dubai, United Arab Emirates, license number: DMCC-073822, email: info(at)studentcard.ae
Your request, inquiry, revocation of consent, application of rights, request for access or other request will be processed without undue delay after being received, in justifies cases maximally within 30 days. This deadline may be extended by an additional two months if necessary given the complexity and number of applications. Revocation of consent to the sending of commercial messages will be handled immediately, at latest within 7 calendar days.
If necessary, additional information may be requested to assign the application to the specific Holder. In justified cases, to protect Holder’s rights, control/verification of the applicant’s identity may be required.
The Personal Data processing officer for GTS ALIVE ME DMCC is Mr. Michal Lezo, e-mail: michal.lezo(at)gtsalive.com.
XIII. Conditions for use of the Website
XIII.1 Introductory provisions
This Website is operated by GTS ALIVE ME DMCC, with registered address: DMCC Business Centre, Unit No: 3928, Jewellery & Gemplex 3, Dubai, United Arab Emirates, license number: DMCC-073822, email: info(at)studentcard.ae
The Website users acknowledge that:
• this Website is designated exclusively for private and non-commercial use,
• the content on the Website is provided to users free of charge,
• GTS ALIVE ME DMCC is not obliged to provide any updates, maintenance or technical support for the Website,
• GTS ALIVE ME DMCC is the executor of all property rights to the Website, including all related intellectual property rights,
• GTS ALIVE ME DMCC bears no responsibility for damages which users may incur by using the Website, for contributions made on the Website or for damage caused due to the non-functionality or inaccuracy of the Website,
• the Website must not be used by users in other ways that those stipulated by these Principles.
XIII.2 Cookies
Cookies are small text files which the Website places in the user’s computer or other device with internet access. These files allow GTS ALIVE ME DMCC to distinguish the specific user (Holder) from other Website users, to provide users with greater comfort when browsing the pages and to improve them.
GTS ALIVE ME DMCC uses cookies on this Website for the following reasons:
(a) To guide the user to the relevant part of the Website.
(b) To ensure that the Website is displayed identically in various browsers and devices.
(c) To remember the login data of the user, if the user is registered.
(d) To display relevant advertising, marketing.
(e) To ensure the functioning of complex parts of the Website and certain Website functions.
(f) To collect anonymous summarised statistical data about Website visitation, which help GTS ALIVE ME DMCC to improve functionality and services.
Using browser settings to control and delete cookies
Most internet browsers enable the control of most types of cookies through the browser settings. The user can set their browser to inform them about the acceptance of cookies, so that the user can decide whether or not to confirm the use of cookies.
The user can disable cookies in the browser settings. If the user disables cookies, they might not be able to use all the functions of their internet browser and the Website. If cookies are disabled, the user will not be shown relevant advertising.
The user may continuously delete saved cookies from their browser.
The user can find detailed information about how to delete cookies, disable them or continuously block them in the instruction guide for their browser. Explanations in text format with images for Firefox, Microsoft Internet Explorer and Google Chrome are also available under the following links:
https://support.mozilla.org/en-US/products/firefox/protect-your-privacy/cookies
https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en-GB
Users who wish to learn more about using cookies, what type they have set, what cookies mean and how they can be managed better can visit the SPIR website at https://www.youronlinechoices.com/uk/your-ad-choices