Privacy

EN - English
CH - Simplified Chinese

RED DIAMOND DESTINATIONS PRIVACY POLICY
Version 1.0 – 04th April 2023

1.0 BACKGROUND

Bahamas-based entity Red Diamond Destinations, trading as (AE Ltd), the principal place of business of which is at Trident Trust Company (Bahamas) Limited, Building A, First Floor, Caves Corporate Centre, Blake Road and West Bay Street, P.O. Box N-3944, Nassau, Bahamas, incorporated in the Commonwealth of the Bahamas, under registration number 200850 B (“we” “us” or “our”), is company that provides exclusive VIP travel and experience services. Red Diamond Destinations collects specific types of customer data to enable these services and to provide a bespoke travel concierge and design experience to its global customers.
Red Diamond Destinations is the Data Controller for the personal data it processes under this policy. A “Data Controller” is a person or organization who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed.
The Data Protection Officer (DPO) can be reached at dpo@reddiamonddestinations.com.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you wish to update your personal data, please do so via your account or by contacting dpo@reddiamonddestinations.com.

2.0 SCOPE

This policy explains what personal data Red Diamond Destinations collects, how the personal data is used (processed, stored, and shared), how the personal data is protected, and your rights relating to your personal data. This policy describes the basis for collecting, processing, and sharing your personal data and provides relevant contact details.
This policy is applicable to our use of personal data, and it is designed to meet the company’s legal obligations. We recognize that the use and disclosure of data has important implications for us and for the individuals whose data we process. We operate in countries which regulate the use and impose restrictions on overseas transfers of personal data. To ensure that we handle personal data properly, we have adopted a global approach to our privacy compliance. Personal data includes any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data). This includes information that can or could be used to identify an individual or individual’s online activity either directly (e.g. name, e-mail-address) or indirectly (e.g. ip address). Personal data can also be your use of a website (e.g. Information about website visits, browser info and information regarding your device(s)).
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.0 WHY AND HOW RED DIAMOND DESTINATIONS COLLECTS AND USES PERSONAL DATA

Red Diamond Destinations’ goal is to be a premier entertainment provider and to deliver a world-class customer experience to each user every time they use one of our products or services. Achieving this level of service requires an in-depth understanding of our users’ preferences, what they like about the products and services, and what can be improved upon.
We will only process (i.e. use) your personal data when the law allows us to, that is, when we have a legal basis for processing. Section 4.0 (PERSONAL AND SENSITIVE DATA WE COLLECT AND PROCESSING PURPOSES) below sets out further information about the legal basis that we rely on to process your personal data.
We use your personal data in the following circumstances:

“performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you as a party or to take steps at your request before entering into such a contract;
“legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
“legitimate interests”: where necessary for our interests (or those of a third party), provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest to understand how you interact with our games to ensure that the security of games is maintained. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and
“consent and explicit consent”: where you have provided your consent or explicit consent to process your personal data.

We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at dpo@reddiamonddestinations.com.
It is our intention to only collect the data required to provide our products and services and/or, meet legal and regulatory requirements.

4.0 PERSONAL AND SPECIAL CATEGORY/SENSITIVE DATA WE COLLECT AND PROCESSING PURPOSES

Red Diamond Destinations and where applicable its partners will securely collect, process, use, store, and transfer the following categories of personal data to enable us to provide our services, optimal operations, meet regulatory requirements, and continuously improve our products, services, and customer experience. We may process your personal data under more than one legal basis depending on the specific purpose(s) for which we are using the data. Please contact us at dpo@reddiamonddestinations.com. if you need details about the specific legal basis we follow to process your personal data where more than one ground has been set out.

Providing our services this data includes all of those listed below to be able to actually provide our services, but will also include, in some instances, your Personal Data being made publicly available e.g. when you are participating in a tournament, your ranking and league position may be made public.
Contact, Marketing, and Communication (CMC) Data – this data includes customer’s telephone number, communications preferences, email address, and records of consent to marketing communications from Red Diamond Destinations (e.g. special offers, promotions, and newsletter). With Personal Data, we use CMC data to ensure that only age-appropriate and legal marketing strategies are used. Our lawful basis of processing for this processing activity is consent and legitimate interest. You have the right to withdraw consent to electronic marketing at any time by following the unsubscribe instructions in such marketing materials or by contacting us.
Technical and Behavioral Data – customer location, login data, browser info, time zone, device ID, operating system/platform, voice data, other technologies on the device, and IP address will be all be collected when accessing Red Diamond Destinations’ products and services. This information will help build the customer’s profile, be used to expedite user authentication and to train, evaluate, and improve the speech recognition and natural language understanding models in our voice user interface. for this processing activity is legitimate interest.
Contact (Non-marketing) – Red Diamond Destinations may need to contact you regarding your activity on its platforms, products, or services via phone, email text message or instant message for the following reasons: in relation to enquiries submitted, to aid the support or processing of a booking and other online services offered, to investigate suspicious or potentially problematic activity, and for any other account related functions or operations. Our lawful basis for processing this activity is performance of a contract, legitimate interest and legal or regulatory obligation.
Special Category/Sensitive Personal Data – Special categories of personal data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

We will only use your personal data for the purposes for which we collected it as detailed in Section 3.0 (WHY AND HOW RED DIAMOND DESTINATIONS COLLECTS AND USES PERSONAL DATA) and Section 4.0 (PERSONAL AND SENSITIVE DATA WE COLLECT AND PROCESSING PURPOSES), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at dpo@reddiamonddestinations.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5.0 DATA COLLECTION METHODS

Red Diamond Destinations uses three basic methods to collect different types of personal data: direct customer-provided collection, indirect system-to-system collection, and third-party collection.

Direct Collection – a customer uses Red Diamond Destinations’ websites and mobile applications to manually enter data, upload data (e.g. images), or send Red Diamond Destinations artifacts (e.g. copies of driving license or passport) and content during activities such as:
◦ creating an account or updating a profile,
◦ downloading an Red Diamond Destinations application,
◦ signing up for a newsletter, service, or membership program
◦ Using your voice to help assist you when you are playing one of our games
◦ communicating with Red Diamond Destinations via the website, mobile application, or phone. This may include Red Diamond Destinations recording phone calls between you and Red Diamond Destinations personnel to confirm business transactions and/or to ensure compliance with regulatory requirements.
Indirect Technical Collection – when a customer uses Red Diamond Destinations websites and applications or associated third-party communications tools (e.g. Facebook Messenger), the system will automatically collect technical data from the customer’s device (i.e. hardware and software), usage data about the customer’s browsing, playing preferences, and session patterns. Red Diamond Destinations also uses cookies, session replay (a.k.a. session recording), and other analytics to automate technical data collection.
Third-Party Collection – when a customer uses a social media profile (e.g. Facebook, Google, or Apple) to expedite the account creation or login process, Red Diamond Destinations partners will use the data from the associated profile to prove age verification, location verification, build profiles, and customize marketing. If a customer chooses to participate in customer research efforts managed by third-party collection and analysis agencies, Red Diamond Destinations will gain access to the feedback and data customers voluntarily consent to provide.

6.0 RED DIAMOND DESTINATIONS PRIVACY AND SENSITIVE DATA PROCESSING SAFEGUARDS

In accordance with best practice and International Organization of Standards (ISO) 2700-based IT and security processes and procedures outlined in Red Diamond Destinations’ Information Security Policy (ISP), Red Diamond Destinations proactively enables and continuously monitors a robust system of layered security controls specifically designed to limit and protect the collection, processing, storage and use of personal data. The following safeguards are designed to educate Red Diamond Destinations staff and users about our personal data collection, use, sharing, and protection.

Prior to our first collection and at any point when data use changes, Red Diamond Destinations informs users what data types are being collected, for what purpose(s), how long it will be stored, and where applicable, requests the data subject’s consent.
Through direct and indirect collection, Red Diamond Destinations will verify data accuracy and encrypt stored data to promote the integrity of the data.
Red Diamond Destinations’ Data Protection Officer (DPO) oversees staff training on data protection standards.
Red Diamond Destinations’ DPO oversees data protection efforts and can be reached via email: dpo@reddiamonddestinations.com.

7.0 COMPLAINTS

You may raise your concerns with your local data protection authority directly, without contacting us first, however, we encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to our processing of your personal data.

8.0 DATA COLLECTION AND SHARING

It is our policy to only share personal data when informed consent has been given by the data subject, sharing has been requested by the data subject, or it is permitted/required by law. Personal data will be protected from access by persons within the company unless expressly required for job-related functions as outlined in the user consent.

8.1 INTERNATIONAL TRANSFERS

Red Diamond Destinations is a global company and therefore uses global vendors and subcontractors as well as global IT systems and applications. As a result, the Personal Data we collect about you may be transferred to, and stored at, a destination outside of your country which may have less strict, or no data protection laws, when compared to those in your country. We will comply with the requirements for data transfers as required by your country.
When we share your personal data within the Red Diamond Destinations’group of companies, this involves transferring your personal data outside of the jurisdiction you are located in. The personal data is shared in accordance with your countries international transfer requirements with regard to personal data, which require all Red Diamond Destinations entities to follow the same rules when processing your personal data. You can request a copy of our international transfer agreements at any time by contacting us at dpo@reddiamonddestinations.com.
In some cases, the parties we use to process personal data on our behalf are based outside your jurisdiction, therefore their processing of your personal data will involve a transfer of such data outside of your jurisdiction. Similarly, we may be requested by a government regulator or authority based outside of your jurisdiction for your personal data. Where this is the case, we will only share the minimal amount of personal data necessary for the purpose of processing and, where possible, we will inform you of the transfer and share the personal data in an anonymized form.
Whenever we transfer your personal data out of your jurisdiction, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection by your government; and/or
where we use certain service providers, we may use specific contracts approved by your data protection regulator, which gives personal data the same protection it has within your jurisdiction

Please contact us at dpo@reddiamonddestinations.com if you would like further information about the specific mechanism used by us when transferring your personal data out of your jurisdiction.

9.0 USE OF COOKIES

Red Diamond Destinations uses cookies to enable website features and customer experience (CX) by customizing each user’s interaction with site services and capabilities. Cookies are small files stored on the user’s computer designed to hold a modest amount of data specific to a client and website, which can be accessed either by the web server or the client computer. Tables on each website outline the names and types of cookies used (including those used by third parties) and how each is used.
In general, Red Diamond Destinations websites use the following types of cookies, the scope and function of which are explained below:

Session cookies
Persistent cookies.

Session cookies are automatically deleted when you close the browser. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period of time which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all the features of this website.
The cookies we use are categorized into the following functions:
Necessary: These cookies are required to ensure the website functions as designed and meets your device parameters.
Preferences: These cookies enable the website to remember your preferences and optimize your personal CX by enabling the site to remember data that changes the way the website behaves or looks, like your preferred language or the region that you are in.
Statistics: These cookies enable Red Diamond Destinations to understand how visitors interact with websites by collecting and reporting information anonymously.
Marketing: These cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers. These cookies will only ever be enabled with your consent.

10.0 CONSENT FOR MARKETING PURPOSES

Prior to receiving direct marketing material from Red Diamond Destinations, users shall provide active consent. Consent will be requested during account registration, and users may update their marketing preferences at any time through their profile settings.

11.0 DATA RETENTION

Red Diamond Destinations will only retain personal data for as long as necessary to fulfill the purposes it was collected for, including compliance with any applicable legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, Red Diamond Destinations will take into account its legal and regulatory obligations, the amount, nature and sensitivity of the data and potential risk from unauthorized use or disclosure of personal data.
User data will be retained for as long as the player’s account is active. Electronically stored data will be backed up and protected in accordance with processes and procedures outlined in Red Diamond Destinations’ ISP.
Red Diamond Destinations will continually assess the purposes for which the data is collected and processed to determine whether those aims might be achieved through other means. Customer data may be anonymized, such that it can no longer be associated with a specific user, for research or statistical purposes. In these cases, we may use this information indefinitely without further notice to customers or data subjects.
In response to a data subject request to “be forgotten” or have data deleted, where applicable, Red Diamond Destinations will delete and/or obfuscate the data such that it cannot be associated with the individual. We will maintain a record of the date of your request, how it was made, and when it was completed.

12.0 CUSTOMER RIGHTS AND RESPONSIBILITIES

Red Diamond Destinations has a legal obligation to protect customer data as a controller of personal data. For the customers’ part, data should be kept up-to-date, accurate, and secure from public disclosure or easy unauthorized access. Customers will have access and the ability to update their personal data via the websites and mobile applications. Customers should never share accounts, user IDs, or passwords, and passwords should be complex.
You have the right to:

Know and have access to what personal data Red Diamond Destinations collects and uses,
Request correction of any incomplete or inaccurate data,
Request erasure of personal data (subject to legal obligations that Red Diamond Destinations has in relation to data retention, of which the customer will be notified, if applicable, at the time of the request), this includes closing your account,
Object to processing of personal data (e.g. marketing; automated decision making or profiling),
Request to suspend the processing of personal data,
Request to transfer (data portability) personal data to a third party,
Withdraw consent to the processing of your personal data (where a customer withdraws consent, Red Diamond Destinations may not be able to provide products or services to that customer), and
Right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.

Data subject access requests should be sent to dpo@reddiamonddestinations.com. We try to respond to a request within one calendar month, unless a request is particularly complex, or a significant number of requests have been made. Red Diamond Destinations may refuse to comply with a customer request in certain circumstances such as clearly unfounded, repetitive or excessive requests. As part of its handling of the requests, Red Diamond Destinations may need to contact you to confirm your identity to process the request.

RED DIAMOND DESTINATIONS 隐私政策
版本 1.0 – 2023 年 4 月 4 日

1.0 背景信息

总部位于巴哈马的 Red Diamond Destinations，交易名称为 (AE Ltd)，主要营业地点位于 Trident Trust 有限公司 (巴哈马) , Blake 路和 West Bay 街交叉口，Caves 商业中心，A 座，1 楼，邮政信箱 N-3944，拿骚，巴哈马。公司在巴哈马国注册成立，注册号200850 B (“我们”，“我们”或“我们的”），提供专属贵宾旅行和体验服务。 Red Diamond Destinations 收集特定类型客户数据以提供这些服务，并为其全球客户量身定制旅行礼宾服务和设计体验。
Red Diamond Destinations 是本政策下处理个人数据的数据控制者。“数据控制者”是单独或共同决定处理或可能处理任何个人数据的目的和方式的个人或组织。
请通过 dpo@reddiamonddestinations.com 联系数据保护官 (DPO)。
我们需要持有您最新且准确的个人数据，这很重要。如果您的个人数据在您与我们来往期间发生变化，请及时通知我们。如果您想更新个人数据，请在您帐户或联系 dpo@reddiamonddestinations.com 更新。

2.0 适用范围

本政策说明 Red Diamond Destinations 收集哪些个人数据、如何使用（处理、存储、共享）和保护个人数据，以及您在个人数据方面的权利。本政策描述了收集、处理和共享您个人数据的依据，并提供相关联系方式。
本政策适用于我们对个人数据的使用，旨在履行公司的法律义务。我们意识到数据的使用和披露对我们和数据由我们处理的个人影响重大。我们在规范个人数据使用并限制其海外传输的国家开展业务。为确保我们妥善处理个人数据，我们采用全球性隐私合规方案。个人数据涵盖任何能从中识别出本人身份的相关信息。它不涵盖身份已被删除的个人数据（匿名数据）。这包括可以或可能直接（例如姓名、电子邮箱）或间接（例如IP地址）识别个人或个人在线活动的信息。个人数据也可以是您使用网站的信息（例如网站访问信息、浏览器信息和设备信息）。
处理是指，无论自动与否，对个人数据或多组个人数据执行任何单一或系列操作，例如收集、记录、组织、结构化、存储、改编或更改、恢复、参考、使用、通过传输、传播或其他方式披露、排列或组合、限制、删除或销毁。

3.0 RED DIAMOND DESTINATIONS 收集和使用个人数据的原因和方式

Red Diamond Destinations 致力成为一流的娱乐提供商，并在每位用户每次使用我们产品或服务时为他们提供世界一流的客户体验。实现这种服务水平需要深入了解用户偏好、他们对产品和服务的喜好以及可以改进的地方。
我们只在法律允许情况下，即有法律依据处理信息时，处理（即使用）您的个人数据。下面第 4.0 节（我们收集的个人和敏感数据以及处理目的）列出更多有关我们处理您个人数据的法律依据信息。
我们在以下情况使用您的个人数据：

“履行合同”：我们需要履行已经与您签订或即将签订的合同，或在签订此类合同之前应您要求采取措施；
“法律或监管要求”：我们需要遵守必须遵守的法律或监管要求；
“合法利益”：不触犯您基本权利前提下，维护我们（或第三方）的利益。例如，了解您如何与我们的游戏互动以确保维护游戏安全是符合我们利益的。在为了维护我们合法利益处理您个人数据之前，我们定会考虑并权衡其对您和您的权利的任何（正面和负面）潜在影响；以及
“同意和明确同意”：您同意或明确同意我们处理您个人数据。

当对您的影响的重要性超出我们利益时，我们不会使用您个人数据从事活动（除非取得您同意或被法律要求或允许）。您可通过dpo@reddiamonddestinations.com联系我们，更加了解我们在特定活动中如何评估我们合法利益和对您的任何潜在影响。
我们仅打算收集在我们提供产品以及服务和/或满足法律和监管要求所需的数据。

4.0 我们收集的个人和特殊类别/敏感数据以及处理目的

Red Diamond Destinations 及其合作伙伴（如适用）将安全地收集、处理、使用、存储和传输以下类别的个人数据，让我们能够提供服务、优化运营、满足监管要求并不断改进产品、服务和客户体验。根据我们使用数据的具体目的，我们可能会根据多项法律依据处理您个人数据。如果您需要详细了解我们根据多项法律依据处理您个人数据时的具体依据，请通过 dpo@reddiamonddestinations.com 联系我们。

提供我们的服务：这类数据包括下列所有让我们能提供服务的信息，有时也包括您被公开的个人数据，例如参赛时，您的排名和联赛位置可能会公开。
联系、营销和通信数据(CMC)：这类数据包括客户电话、通讯偏好、电子邮箱以及对来自 Red Diamond Destinations 的营销通讯同意记录（例如特别优惠、促销和时事通讯）。个人数据方面，我们用 CMC 数据确保只使用符合年龄及合法的营销策略。此处理活动的合法处理依据是同意及合法利益。您有权随时按照营销材料说明取消订阅或联系我们撤回电子营销同意。
技术和行为数据：使用 Red Diamond Destinations 的产品和服务时，客户地理位置、登录数据、浏览器信息、时区、设备ID、操作系统/平台、语音数据、设备上的其他技术以及IP地址都将被收集。这些信息将协助建立客户档案，加快用户身份验证以及训练、评估和改进我们语音用户界面中的语音识别和自然语言理解模型。此处理活动的合法依据为合法利益。
联系（非营销）：出于以下原因，Red Diamond Destinations 可能需要通过电话、电子邮件、短信或即时通信就您在其平台、产品或服务的活动与您联系：关于提交的查询，帮助支持或处理预订和其它在线服务，调查可疑或可能有问题的活动，以及任何其它与帐户相关的功能或操作。处理此活动的合法依据为履行合同、合法利益和法律或监管要求。
特殊类别/敏感个人数据：特殊类别个人数据包括您的种族或民族、宗教或哲学信仰、性生活、性倾向、政治观点、工会、健康信息以及遗传和生物识别数据。

我们只根据第 3.0 节（RED DIAMOND DESTINATIONS 收集和使用个人数据的原因和方式）和第 4.0 节（我们收集的个人和敏感数据以及处理目的）中详述的原始目的使用您的个人数据，除非我们合理认为需要出于其它原因使用数据，而且该原因与原始目的兼容。如您希望我们解释新用途的处理如何与原始用途兼容，请通过dpo@reddiamonddestinations.com联系我们。如果我们需要将您个人数据用于不相关用途，我们会通知您并解释允许我们这样做的法律依据。
请注意，在法律要求或允许的情况下，我们可能会根据上述规则在您不知情或未同意的情况下处理您的个人数据。

5.0 数据收集方法

Red Diamond Destinations 使用三种基本方法收集不同类型的个人数据：客户提供的直接收集、系统至系统的间接收集和第三方收集。

直接收集：客户在以下活动中使用 Red Diamond Destinations 的网站和移动应用程序手动输入数据、上传数据（例如图像）或发送文件（例如驾照或护照副本）和内容至 Red Diamond Destinations：
◦ 创建帐户或更新个人资料，
◦ 下载 Red Diamond Destinations 应用程序，
◦ 报名参加时事通讯、服务或会员计划
◦ 在玩我们游戏时使用您的语音协助
◦ 通过网站、移动应用程序或电话联系 Red Diamond Destinations。此项可能包括 Red Diamond Destinations 将您与 Red Diamond Destinations 人员之间的电话录音以确认业务交易和/或确保遵守监管要求。
间接技术收集：当客户使用 Red Diamond Destinations 网站和应用程序或关联的第三方通信工具（例如 Facebook Messenger）时，系统将自动从客户的设备（即硬件和软件）收集技术数据，浏览记录、玩乐偏好和会话模式。 Red Diamond Destinations 还使用 cookies、会话回放（又名会话记录）和其他分析法自动收集技术数据。
第三方收集：当客户用其社交媒体个人信息（例如 Facebook、Google 或 Apple）来加快帐户创建或登录时，Red Diamond Destinations 的合作伙伴将把相关信息中的数据用于验证年龄、验证地理位置、建立档案和个性化营销。如客户选择参与由第三方收集和分析机构管理的客户研究工作，Red Diamond Destinations 将取得客户自愿同意提供的反馈和数据。

6.0 RED DIAMOND DESTINATIONS 隐私和敏感数据处理保障措施

根据 Red Diamond Destinations 的信息安全政策 (ISP) 中概述的最佳实践和基于国际标准组织 (ISO) 2700 的IT和安全流程和程序，Red Diamond Destinations 主动启用并持续监控强大的分层安全控制系统，专门设计用于限制和保护个人数据的收集、处理、存储和使用。以下保护措施旨在让 Red Diamond Destinations 的员工和用户了解我们的个人数据收集、使用、共享和保护。

我们首次收集数据之前以及数据使用发生变化时，Red Diamond Destinations 会通知用户正在收集哪些数据类型、为何收集、将存储多久以及在适用情况下征求数据主体同意 .
通过直接和间接收集，Red Diamond Destinations 将验证数据准确性并加密存储数据以提高数据完整性。
Red Diamond Destinations 数据保护官 (DPO) 负责监督有关数据保护标准的员工培训。
Red Diamond Destinations 的 DPO 负责监督数据保护工作，其联系方式为：dpo@reddiamonddestinations.com。

7.0 投诉

您可直接向当地数据保护机构提出您的疑虑，无需事先联系我们，但建议您先与我们联系，因为我们的目标是迅速、高效和令人满意地解决您可能针对我们如何处理您个人数据的任何疑虑或投诉。

8.0 数据收集和共享

我们的政策是仅在数据主体已提交知情同意、请求共享或法律允许/要求的情况下共享个人数据。个人数据将受到保护，公司内部人员无法访问，除非用户同意中已明确允许与工作相关职能的需求。

8.1 国际传输

Red Diamond Destinations 是一家使用全球供应商和分包商以及全球IT系统和应用程序的跨国公司。因此，我们收集您个人数据后可能会转移并存储在您所在国家以外的地方，相较于您所在国家，这些地方可能没有数据保护法或不那么严格。我们将遵守您所在国家的数据传输要求。
当我们在 Red Diamond Destinations 公司集团内共享您个人数据时，您的个人数据将传输至您所在司法管辖区之外。个人数据是根据您所在国家个人数据国际传输要求共享的，这要求所有 Red Diamond Destinations 公司在处理您个人数据时遵循相同规则。您可随时通过dpo@reddiamonddestinations.com联系我们，索取本公司国际传输协议副本。
某些情况下，代理我们处理个人数据的个体会位于您所属管辖区之外，所以他们处理您个人数据时将把数据传输至您所属管辖区之外的地区。有时，在您所属管辖区之外的政府监管机构或当局可能会要求我们提供您的个人数据。在这种情况下，我们只会共享处理目的所需的最少量个人数据，同时，如情况允许，我们会通知您数据已被传输并以匿名形式共享个人数据。
每当我们将您个人数据传输至您所属管辖区之外时，都会至少实施以下其中一条保护措施为数据提供类似程度的保护：

我们只会将您的个人数据传输至由您所在国家政府认定提供充分保护的国家；和/或
我们使用某些服务提供商时，可能会采用您所在国家数据保护监管机构批准的特定合同，为个人数据提供与您所属司法管辖区内相同的保护

如您想进一步了解我们在将您个人数据传输至您所属管辖区之外时使用的具体机制，请通过 dpo@reddiamonddestinations.com 联系我们。

9.0 Cookies 的使用

Red Diamond Destinations 使用cookies量身定制每个用户与网站服务和功能的互动从而启用网站功能和客户体验(CX)。Cookies是存储在用户计算机上的小文件，旨在保存特定客户和网站的少量数据，可通过网络服务器或客户端计算机访问。每个网站上的表格概述了所用cookies的名称和类型（包括第三方使用的cookies）以及每个cookie的使用方式。
一般来说，Red Diamond Destinations 网站使用以下类型的cookies，其范围和功能如下：

会话 cookies
持久性 cookies

会话cookies将在您关闭浏览器时自动删除。它们会存储一个所谓的会话ID，可将来自您浏览器的各种请求分配至公共会话。这样您回来时，我们网站能识别您的计算机。当您退出或关闭浏览器时，会话 cookies 将被删除。
持久性cookies将在指定时长后自动删除，具体时长因cookie而异。您可随时在浏览器的安全设置中删除 cookies。
您可根据个人喜好设置浏览器，例如拒绝接受第三方cookies或所有cookies。请注意，您可能无法使用本网站的全部功能。
我们使用的cookies分类为以下功能：
必要：需要这些cookies来确保网站按设计运行并满足您的设备参数。
偏好：这些cookies让网站记住您的偏好并优化您的个人体验，它们让网站记住改变网站运行模式或外观的数据，例如您的首选语言或您所在的地区。
统计数据：这些cookies匿名收集和提交信息让 Red Diamond Destinations 了解访问者如何与网站互动。
市场营销：这些cookies会跨网站跟踪访问者，对个别用户显示具相关性和吸引力的广告，让这类广告对发布商和第三方广告商变得更有价值。这些cookies只会在您同意的情况下启用。

10.0 接受营销同意书

用户需主动提交同意书才能收到来自 Red Diamond Destinations 的直接营销信息。用户注册帐户时将被要求确认同意，用户可随时在个人资料设置修改他们的营销偏好。

11.0 保留数据

Red Diamond Destinations 只会在达成数据收集目的所需时间内保留个人数据，包括遵守任何适用的法律、会计或报告要求。为确立个人数据适当保留期限，Red Diamond Destinations 将考虑其法律和监管义务、数据的数量、性质和敏感性以及个人数据被未经授权使用或披露的潜在风险。
只要玩家的帐户有效，就会保留用户数据。电子存储的数据将根据 Red Diamond Destinations 信息安全政策中概述的流程和程序进行备份和保护。
Red Diamond Destinations 将持续评估其收集和处理数据的目的，以确定是否可以通过其他方式实现这些目标。出于研究或统计目的，客户数据可能会被匿名化，不再关联任何特定用户。在此情况下，我们可能会无限期使用这些信息，而无需另行通知客户或数据主体。
关于数据主体要求“被遗忘”或删除其数据，在适用情况下，Red Diamond Destinations 会将数据删除和/或模糊化，使其无法关联数据主体。我们将记录您提出要求的日期、方式以及完成时间。

12.0 客户权利和责任

作为个人数据的控制者，Red Diamond Destinations 有保护客户数据的法律义务。客户应确保数据的及时更新和准确并保护其不被公开披露或轻易未经授权访问。客户将可通过网站和移动应用程序查看和更新他们的个人数据。客户不应共享帐户、用户ID或密码，应设置复杂密码。
您有权：

了解和查看 Red Diamond Destinations 收集和使用哪些个人数据，
要求更正任何不完整或不准确的数据，
要求删除个人数据（须符合 Red Diamond Destinations 在数据保留方面的法律义务，如有冲突，将在提出要求时通知客户），这包括关闭您的帐户，
反对处理个人数据（例如营销；自动决策或分析），
要求暂停处理个人数据，
要求将个人数据传输至第三方（数据可移植性），
撤回对处理您个人数据的同意（如客户撤回同意，Red Diamond Destinations 可能无法向该客户提供产品或服务），以及
在决策产生法律效力或类似重大影响的情况下不受制于自动决策 – 您有权在决策对您产生法律效力或类似重大影响的情况下不受制于自动处理产生的决策。

数据主体的访问请求应发送至dpo@reddiamonddestinations.com。我们会尽量在一个日历月内回复请求，除非请求特别复杂，或收到大量请求。Red Diamond Destinations 可能会在某些情况下拒绝客户的要求，例如明显无根据、重复或过度的要求。处理请求时，Red Diamond Destinations 可能需要联系您以确认您的身份才能处理请求。