
Terms & Conditions
1 January 2025
Covered Data Set
All sets of personal data, whether already stored, processed, or acquired, are subject to the Company’s Data Protection Policy. It includes the following:
Participants in the transactions may include members of the Company’s management, employees, agents, contractors, suppliers, third-party consultants, business partners, and affiliates.
Personal Information
Any information related to an identifiable individual (the “Data Subject”) which can be directly or indirectly identifiable by using one or more of the following criteria will be considered as personal data. The following criteria are:
- First and last name of a legal entity
- Citizenship
- Year and place of birth
- Contact information (email ID, phone number)
- Information from an official identification document (e.g., a passport, an Emirates ID, or a national ID card)
- Personal information of immediate relatives and business partners
Protecting Personal Information
The following actions are considered as data processing. Such actions include: Any action taken against personal information, including but not limited to collecting, recording, assessing, organizing, modifying, transferring to third parties for compliance or delivery of agreed services, erasing, or destroying data.
Data Security Essentials
Data protection is of the utmost importance to the Company. We are dedicated to ensure full protection and privacy of our employees, customers, and suppliers. The principles that govern the Company’s data processing are in strict accordance with the data protection regulations and the ADGM’s data protection standards. In order to keep customer information secure, the company will follow the following guidelines:
- Fair data processing according to the law: Businesses must safeguard individuals’ rights when processing and handling personal information. The collection and usage of personal information must adhere strictly to all applicable laws and standards.
- In order to complete a commercial transaction, the Company will only collect and process the data that is required at the moment.
- The data will only be collected and processed with the individual’s authorized consent.
The Data Protection Officer is responsible for educating staff on how to handle data properly, according to mentioned principles. His tasks also include communicating with internal stakeholders, and ensuring compliance with data protection standards.
Purpose Limitation:
The subjects of the data collection should be informed regarding the aims and step-by-step process of the data collection. The company will use obtained data solely for the required purposes.
Detailed Data Collection:
The organization gathers all personal information required to complete certain tasks. Throughout this process, it will adher closely to the data collecting procedure and initiate regular reviews of the collected and processed data.
Priority One:
Verification of personal information is accurate and up to date. All data fixations happen immediately. In order to maintain data relevance and compliance with regulations, we inform the owner of the data to update his information or to share it with us.
It is the responsibility of the Company to rectify, update, or remove any inaccurate or incomplete data.
Transparency:
It is guaranteed that all personal information is collected in accordance with legislative standards. The Company guarantees that all personal information is collected directly from the data subject. The data subject should be informed on the usage of his personal data. Any company should inform the data subject of any reason of sharing his data to the third-party.
Data Storage:
The Company is obligated to keep the personal information for as long as is required in order to meet the data processing standards set by regulators. Any information that is not relevant or useful should be handled in a proper way.
- Protected and irreversible data removal
- Secret messaging, encryption, or pseudonymization
- If encryption or data removal is not an option, the data will be archived in order to limit its future processing or use.
The company is required to have an open and transparent data inventory, in accordance with the data’s purpose and the period of its maintenance.
Data Security:
All personal information will be processed with the utmost secrecy by the companies. The main goal is to keep your data safe from illegal or unintentional processing as well as accidental deletion or its loss.
By following these steps, the Company is accounted responsible for the ethical data management.
Protection of Individuals’ Data and Data Management
The main goal of the Company is to make sure that each individual is well aware of the date collection and data management steps. The rights, mentioned below, are applicable to all individuals whose personal data has been collected and processed by the Company:
- An individual’s right to access, rectify, or delete personal information held by the Company, as well as details regarding the data’s collection and usage.
- The right to know whether personal information, of an individual, will be shared with the third-party. If yes – under which conditions.
- The data subject has the right to request to delete his personal information, if it is no longer needed by the Company.
- Data subject has the right to object to or limit the processing of their personal data if they believe that it is more important to safeguard their interests rather than the Company’s need to process the data. If it is supported by regulatory compliance, such data processing restrictions cannot be applied.
- A valid reason must be provided by the Company or any of its affiliates if a data subject requests access to his personal data or information regarding the data’s usage. If the data subject is unhappy with the rejection, they can file a formal complaint.
Transmitting Data to the Data Subject
Anyone whose data has being requested can do so by sending an email to info@dubaiproperties.pro, which is the contact of the Data Protection Officer.
In order to prevent unauthorized individuals from gaining access to sensitive information, the Data Protection Officer must first confirm the identity of the person making the request.
As soon as the individual requests access to their data, the Company will respond accordingly.
When dealing with customers’ personal information, the Company knows that it must adhere to certain guidelines in order to safeguard customers’ rights.
Data Transfer of Individuals
Data subjects are required to provide their consent before any personal data can be transmitted to the third-party or internal stakeholders of the company (data receivers).
Such data receivers are required to sign a Service Level Agreement committing them to using the personal data exclusively for the purposes laid forth in the agreement. Additionally, the recipient of the data who is not directly involved in this Policy must adhere strictly to its Data Protection Rules.
Such Agreement is not required if the data transmission request comes from regulatory bodies that oversee the data subject or any of the companies. The Company allowed to disclose personal information of the subject to law enforcement agencies as a result of a legal requirement, without the data subject’s consent. Once the legal request for personal data has been validated, sharing of such data will be authorized by the Company’s Data Protection Officer.
Data Storage
The Company will maintain accurate records of personal data and a record of how that the data has been or will be used, for the period of six (6) years.
Reporting Violations
Any party that violates Data Protection Standards, highlighted in this policy, will be subject to a thorough investigation by the Company.
A suspension or termination of the Company’s relationship with the internal personnel or the stakeholder may be imposed, depending on the gravity of the violation and its effects.
If you are, or someone you know suspects that another company’s employee, customers, suppliers, third-parties, or business associates are not following Data Protection Regulations, you are obliged to notify the appropriate parties, immediately. You can notify the Group’s Data Protection Officer of any such violation by sending an email to: info@dubaiproperties.pro.
