Effective 14 June 2026. This policy is written to comply with Oman’s Personal Data Protection Law (Royal Decree 6/2022, the “PDPL”) and its executive regulations.

1. Who is responsible for your data

Horizon Blue (“we”, “us”), a marine tourism operator at Al Mouj Marina, Street 6, Muscat 113, Sultanate of Oman, is the controller of the personal data described in this policy. Contact for anything data-related: horizonblue.om@gmail.com or +968 93232 837.

2. What we collect

3. Why we use it

4. Who we share it with

We share personal data only with the service providers needed to run your trip, and never sell it:

5. International transfers

Some of these providers process data on servers outside the Sultanate of Oman. Where that happens we rely on providers with recognised security certifications and contractual safeguards, in line with the PDPL’s requirements for transferring personal data outside Oman.

6. How long we keep it

7. Your rights under the PDPL

Subject to the conditions in the PDPL, you have the right to ask us for: access to the personal data we hold about you; correction of inaccurate data; erasure of data we no longer need; a copy of your data (portability); and to withdraw consent where processing is based on consent. To exercise any of these, email horizonblue.om@gmail.com — we respond within the timeframes the law requires. You also have the right to complain to the Ministry of Transport, Communications and Information Technology, the authority responsible for personal data protection in Oman.

8. Cookies

The website uses only what is needed to function: strictly necessary cookies and Cloudflare Turnstile’s bot-protection signals. We do not use advertising cookies or cross-site tracking. If we ever add analytics, this policy will be updated first.

9. Children

Bookings are made by adults. We collect children’s details only as needed for the booking (count and permit category), provided by the responsible adult.

10. Security

Booking data is stored in access-controlled cloud infrastructure (Google Firebase) with encryption in transit and at rest; payment data never touches our systems; staff and partner access is role-restricted. No system is perfectly secure, but we keep the data we hold to the minimum needed to run your trip.

11. Changes to this policy

We will post any changes on this page with a new effective date. Material changes will be flagged on the booking page.

Questions? Contact us — or read our Terms & Conditions.