Legal

PRIVACY
POLICY.

What we collect, why we collect it, and the choices you have over your data.

Last updated
17 May 2026
Effective
17 May 2026

1. Introduction

GoClimb Sports LLC, trade licence no. 1439984, operator of the indoor bouldering facility branded "GoClimb" at 01-09 Junction Mall, Dubai Investment Park 1, Dubai, United Arab Emirates, and the website goclimb.ae ("GoClimb", "we", "us", "our"), is the data controller for the personal data described in this Privacy Policy.

This Privacy Policy explains how we collect, use, store, and share personal data, and the rights you have under UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "PDPL"), Federal Decree-Law No. 34 of 2023 on Combating Rumours and Cybercrimes, and other applicable laws.

2. Data We Collect

2.1 You give us directly

  • Identity & contact data: name, date of birth, email, mobile number, emergency contact.
  • Account data: username, password (stored hashed), preferences.
  • Transaction data: passes and memberships purchased, class bookings, payment confirmations (we do not store full card numbers; card data is processed by our payment provider).
  • Waiver data: signed assumption-of-risk form, guardian details for minors.
  • Photographs and video of you within the Facility (e.g. event photography, marketing imagery, social-media content), where you have consented or where filming is otherwise lawful under our House Rules.

2.2 Sensitive personal data

Under the PDPL, certain data is classified as sensitive and is processed only with your explicit consent, or where strictly necessary to protect your vital interests:

  • Health & safety information you voluntarily disclose on the Waiver or to instructors (e.g. injuries, allergies, medical conditions, pregnancy, medication) so we can keep you safe in classes and respond appropriately to incidents.
  • We do not collect biometric data (e.g. fingerprint, facial recognition). If we introduce biometric access in future, we will update this Policy and obtain your explicit consent before processing such data.

2.3 We collect automatically

  • Facility access logs (entry/exit timestamps tied to your account).
  • CCTV footage within the Facility, for safety, security, and incident investigation. CCTV signage is posted at the entrance.
  • Website usage data: IP address, device and browser type, pages viewed, referrer, approximate location derived from IP — collected via cookies and similar technologies. See our Cookie Policy for detail.

2.4 We receive from others

  • Payment confirmations from our payment processor.
  • Booking and CRM data from our gym management system.
  • Reviews and tagged content from social platforms where you have made these public.

3. How & Why We Use Your Data

  • To create and manage your account, process payments, and deliver the passes, classes, and memberships you book.
  • To keep you safe — verifying age, applying medical notes from your waiver, contacting your emergency contact if needed.
  • To operate CCTV for safety, security, and incident investigation, and to share footage with the Dubai Police or other competent authorities on lawful request.
  • To use photography and video taken within the Facility for marketing, social media, and editorial purposes, in line with our House Rules and any objection you have notified us of.
  • To communicate operationally — booking confirmations, schedule changes, facility closures, membership renewals.
  • To send marketing about GoClimb classes, events, and offers, where you have opted in. Every marketing message identifies GoClimb as sender and includes a one-click unsubscribe; you can opt out at any time without affecting transactional communications.
  • To improve the Facility and website — analytics on usage patterns and class popularity.
  • To comply with legal obligations, respond to lawful requests from authorities, and defend our legal rights.

We do not make decisions about you that produce legal or similarly significant effects solely by automated means, and we do not engage in automated profiling.

4. Lawful Basis

We process personal data on one or more of the following lawful bases under the PDPL:

  • Performance of a contract with you (e.g. delivering a class you booked, managing your membership).
  • Your consent (e.g. marketing emails, optional cookies, photography for marketing use, processing of sensitive health data disclosed on the Waiver).
  • Compliance with a legal obligation (e.g. VAT and tax records under UAE Federal Tax Authority rules, safety reporting).
  • Protection of your vital interests (e.g. acting on disclosed medical conditions in a safety-critical situation).
  • Our legitimate interests in operating, securing, and improving the Facility, including CCTV operation for safety and security, fraud prevention, and direct marketing to existing customers, balanced against your rights.

5. Who We Share Data With

We share personal data only where necessary, and only with parties bound by appropriate confidentiality and data protection obligations:

  • Our gym management and CRM provider, which hosts bookings and membership records.
  • Payment processors that handle card transactions.
  • Email and SMS service providers used to send operational and marketing communications.
  • Website analytics and hosting providers.
  • Professional advisers (legal, insurance, accounting) where required.
  • Public authorities where disclosure is required by law.

We do not sell your personal data.

6. International Transfers

Some of our service providers process personal data outside the UAE. Where this is the case, the data may be transferred to and processed in jurisdictions including the European Union, the United Kingdom, and the United States, depending on the provider.

All transfers are subject to safeguards required by PDPL Articles 22–23. We rely on (a) transfers to jurisdictions recognised by the UAE Data Office as providing an adequate level of protection, or (b) contractual safeguards (including standard contractual clauses or equivalent) imposing PDPL-aligned obligations on the recipient. You may request a summary of the safeguards in place for a specific transfer by contacting us using the details in section 12.

7. How Long We Keep It

  • Account, booking, and transaction records: for the duration of your account plus five (5) years thereafter, in line with UAE Federal Tax Authority record-keeping requirements (Cabinet Decision No. 36 of 2017 on the Executive Regulations of the VAT Law) and for dispute resolution purposes.
  • Signed waivers and associated health disclosures: for ten (10) years from your last visit, having regard to limitation periods for personal injury claims under the UAE Civil Code.
  • CCTV footage: thirty (30) days, unless preserved for incident investigation, legal claims, or disclosure to competent authorities.
  • Marketing data: until you withdraw consent or are inactive for twenty-four (24) months, whichever is earlier.
  • Website analytics: aggregated indefinitely; identifiable cookie data retained as set out in our Cookie Policy.

8. Security

We apply administrative, technical, and physical safeguards appropriate to the sensitivity of the data, including encryption in transit, access controls, staff training, and vendor due diligence. No system is perfectly secure, but we will notify you and the relevant authority promptly of any breach affecting your personal data, as required by the PDPL.

9. Your Rights

Subject to the PDPL and applicable exemptions, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data where it is no longer needed.
  • Restrict or object to certain processing, including direct marketing.
  • Request a copy of your data in a portable format.
  • Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.
  • Object to decisions taken solely by automated means (although, as noted in section 3, we do not currently take such decisions).

To exercise any of these rights, contact us using the details in section 12. We will respond within the timeframes required by the PDPL.

If you believe we have not handled your personal data in line with the PDPL, you also have the right to lodge a complaint with the UAE Data Office, the supervisory authority responsible for data protection in the UAE.

10. Minors

For the purposes of this Policy, a "minor" is any individual under eighteen (18) years of age. We knowingly collect data about minors only with the verifiable consent of a parent or legal guardian, given as part of the Waiver and account registration process described in our Terms & Conditions, and only for the purposes of operating kids classes, family memberships, and ensuring the safety of minors using the Facility.

A parent or legal guardian may at any time exercise the rights set out in section 9 on behalf of a minor in their care.

11. Changes to This Policy

We may update this policy from time to time. The current version is always available on this page with a revised "Last updated" date. Material changes will be communicated by email to active Account holders at least fourteen (14) days before they take effect. Continued use of the Facility or your Account after the effective date constitutes acceptance of the revised Policy.

12. Contact Us

Questions, requests, or complaints relating to your personal data can be sent to info@goclimb.ae with the subject line "Data Protection" so we can route them appropriately, or addressed in writing to: Data Protection, GoClimb Sports LLC, 01-09 Junction Mall, Dubai Investment Park 1, Dubai, United Arab Emirates.