Privacy Policy

1.1. Personal Information You Provide When you use our services, we collect the following information:

Identity Data: - Full name (as per passport) - Passport number - Date of birth - Place of birth - Gender - Nationality - Passport photo (data page)

Contact Data: - Email address - Phone number / WhatsApp - Residential address

Travel Data: - Flight ticket booking (dates, flight number, route) - Hotel booking (hotel name, address, check-in/out dates) - Umrah travel itinerary - Supporting travel documents

1.2. Payment Information We collect transaction-related information: - Order number / invoice - Selected payment method (VA, E-wallet, QRIS) - Payment status - Transaction date and time

Important: We do NOT store your credit card details, bank account numbers, or PIN. All sensitive payment data is processed directly by Midtrans (our payment gateway), which is PCI-DSS Level 1 certified.

1.3. Technical and Usage Information We automatically collect: - Device data: Device type, operating system, browser - Connection data: IP address, general geographic location (city/country) - Activity data: Pages visited, access time, clicks, feature interactions - Cookies: Data stored in your browser for a better experience (see section 8)

1.4. Communications We retain your communication history with us: - Emails you send to umrateehq@gmail.com - WhatsApp conversations with customer support - Feedback, complaints, or suggestions you provide

We use your data for the following purposes:

2.1. Umrah Visa Processing - Validating your travel documents - Verifying hotels with the Nusuk Saudi Arabia database - Submitting visa applications to partner PPIU - Processing and tracking your visa status - Delivering the approved visa

2.2. Service Communication - Payment and order confirmation - Visa application status updates - Important notifications regarding your Umrah journey - Responding to your questions or complaints - Notification of policy or service changes

2.3. Payment Processing - Processing your payment transactions - Preventing and detecting fraud or suspicious activity - Managing refunds if required - Storing transaction records for audit purposes

2.4. Service Improvement - Analyzing platform usage to improve user experience - Identifying and fixing bugs or technical issues - Developing new features based on user needs - Conducting market research and trend analysis

2.5. Legal Compliance - Complying with Indonesian legal requirements and regulations - Protecting the rights, property, and security of Umratee and users - Detecting and preventing illegal activity or misuse - Responding to requests from authorities when required by law

What We Do NOT Do: - Sell your personal data to third parties - Use your data for targeted advertising from other companies - Share your information with parties unrelated to visa processing

We only share your data with the following parties for specific purposes:

3.1. Official PPIU Partners Your travel and identity data is shared with PPIU (Umrah Travel Organizers) officially licensed by the Ministry of Religious Affairs to process your visa application to the Saudi Arabian government.

3.2. Payment Gateway (Midtrans) Your payment information is processed through Midtrans, a PCI-DSS certified payment gateway. Data shared is limited to what is necessary to process the payment.

3.3. Technical Service Providers We use trusted third-party services for: - Email service: To send notifications via email - WhatsApp Business API: To send status updates via WhatsApp - Cloud hosting: To store data securely - Analytics: To analyze platform usage (anonymized data)

All service providers are contractually bound to maintain data confidentiality and only use data for purposes we specify.

3.4. Authorities We may share your information with authorities (police, courts, regulators) if: - Required by law or court order - To protect the rights and security of Umratee or others - To detect or prevent fraud or illegal activity - As part of a legal investigation

3.5. Merger or Acquisition If Umratee is involved in a merger, acquisition, or asset sale, user data may be transferred as part of that transaction. You will be notified by email about changes in ownership or use of your data.

We implement technical and organizational security measures to protect your data:

4.1. Technical Security - SSL/TLS Encryption: All data sent between your browser and our servers is encrypted - Database encryption: Sensitive data in our database is encrypted at rest - Firewall: Firewall systems to prevent unauthorized access - 24/7 Monitoring: Monitoring systems to detect suspicious activity - Regular security audits: Periodic security assessments

4.2. Organizational Security - Restricted access: Only employees who need access to process your visa can view personal data - Confidentiality agreements: All employees and partners are bound by confidentiality agreements - Security training: Employees are trained on data security practices - Password policy: Strong password policies for all internal systems

4.3. Your Responsibility You also play a role in keeping your account secure: - Use a strong, unique password - Do not share your password with anyone - Log out after using the platform on shared devices - Contact us immediately if you suspect unauthorized access to your account

Important Note: Although we use best-in-class security measures, no system is 100% safe from cyberattacks. We are committed to continuously improving security and will notify you if a data breach occurs that affects your information.

We retain your data only as long as necessary for the purposes described in this policy:

Retention Periods: - Visa application data: Retained for up to 2 years after the application is complete for customer support and audit purposes - Payment data: Retained for up to 5 years in accordance with Indonesian tax regulations - Communication history: Retained for up to 1 year for customer support reference - Account data: Retained while the account is active, or 6 months after inactivity

5.1. Data Deletion After the retention period ends: - Personal data will be permanently deleted or anonymized - Backup data will be deleted according to our backup rotation schedule - Data required for legal compliance will be retained as required

5.2. Early Deletion Requests You may request early deletion of your data by contacting us. However, we may be unable to delete data if it is still needed for: - Completing an ongoing transaction - Legal compliance (tax, audit, investigation) - Detecting or preventing fraud - Resolving disputes or enforcing agreements

You have the following rights regarding your personal data:

1. Right of Access You have the right to know what personal data we hold about you. Contact us to request a copy of your data.

2. Right of Correction You may update or correct inaccurate data through your account dashboard or by contacting customer support.

3. Right of Deletion You may request deletion of your data, subject to our legal obligations to retain certain data.

4. Right of Portability You may request a copy of your data in a structured, machine-readable format.

5. Right to Restriction of Processing In certain circumstances, you may request that we restrict the processing of your data.

6. Right to Object You may object to the processing of your data for certain purposes, such as marketing (if applicable).

7. Right to Withdraw Consent If data processing is based on your consent, you may withdraw consent at any time.

How to Exercise Your Rights To exercise the above rights, contact us via: - Email: umrateehq@gmail.com with the subject "Personal Data Request" - WhatsApp: +62 851-8563-6562

We will respond to your request within 14 business days. We may request identity verification to ensure the security of your data.

7.1. What Are Cookies? Cookies are small text files stored on your device when you visit our website. Cookies help us remember your preferences and improve user experience.

7.2. Types of Cookies We Use

Essential Cookies (Required): Cookies necessary for the platform to function properly. Includes cookies for authentication, security, and session management.

Analytics Cookies: Cookies that help us understand how users use the platform (pages visited, time spent, etc.). This data is anonymized and used to improve our services.

Functional Cookies: Cookies that remember your choices (language, display preferences) to provide a more personalized experience.

7.3. Managing Cookies You can manage or delete cookies through your browser settings. However, disabling cookies may affect platform functionality.

For guidance on managing cookies: www.allaboutcookies.org

Some of our service providers may be located outside Indonesia, which means your data may be transferred to and stored on international servers. This includes: - Cloud hosting providers (AWS, Google Cloud, etc.) - Email service providers - Analytics platforms

We ensure that all international service providers meet security standards equal to or higher than Indonesian standards, and are contractually bound to protect your data.

Umratee services are intended for adults (18 years and above). We do not knowingly collect personal data from individuals under 18 without parental/guardian consent.

If you are submitting a visa application for a child under 18, you are responsible as the parent/guardian for providing their data and consenting to the processing of that data.

If we discover that we have collected data from a child without appropriate consent, we will immediately delete that data.

Our platform may contain links to third-party websites (e.g., airlines, hotels, payment gateways). We are not responsible for the privacy practices of those websites.

We recommend reading the privacy policy of each website you visit. This privacy policy applies only to the Umratee platform.

We may update this privacy policy from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons.

Significant changes will be notified through: - Email to the address registered to your account - Notifications on the platform - Updating the "Last updated" date at the top of this page

By continuing to use our services after changes take effect, you agree to the updated privacy policy.

If you have questions, concerns, or requests regarding this privacy policy or how we handle your personal data, please contact us:

Data Protection Officer — Umratee

Email: - privacy@umratee.com *(for specific privacy inquiries)* - umrateehq@gmail.com *(for general inquiries)*

WhatsApp: +62 851-8563-6562

Operating Hours: Monday – Friday: 09:00 – 17:00 WIB We will respond within 2 business days.

Our Commitment Umratee is committed to protecting your privacy and data security. We continually improve our privacy practices in line with technological developments and regulations. Your trust is our top priority.