We may collect any information that can be used to identify you, such as your name, postal address, e-mail address, passport number, Emirates ID number, property ID and/or telephone number, and details of the contract entered with you (“Personal Information”). We may collect Personal Information in a variety of ways, including, but not limited to, when you visit Our Websites, use Live Chat, subscribe to Our newsletter, complete a form, and in connection with other activities, services, features or resources we make available on Our Websites, and automatically as you navigate through the Websites. You can always refuse to supply Personal Information, except that it may prevent you from engaging in certain related activities on Our Websites. You can visit Our Websites anonymously. You can change your Personal Information by sending us an email to [email protected]
We may collect your non-personal identification information whenever you interact with Our Websites. Non-personal identification information means information that is about you but does not identify you individually, and/or relates to information about your internet connection, the equipment you use to access the Websites and usage details, and other similar information.
If you are using Our Websites via a browser you can restrict, block or remove cookies through your web browser settings. The Help menu on the menu bar of most browsers also tells you how to prevent your browser from accepting new cookies, how to delete old cookies, how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether. You can also visit http://www.aboutcookies.org for more information on how to manage and remove cookies across a number of different internet browsers. You also have the option to change your choices relating to cookies utilized to deliver behaviorally targeted advertising at http://optout.aboutads.info/?c=2&lang=EN OR https://www.youronlinechoices.eu/
Sobha may collect and use your Personal Information for the following purposes:
We may use your e-mail address to respond to any inquiries, questions, and/or other requests you may have. If you opt to be a part of Our mailing list, then you will receive e-mails about Sobha news, updates, related project, product or service information, etc. If at any time you would like to unsubscribe from receiving future emails from Us, you may do so by contacting Us via any of Our Websites.
You can review and change your Personal Information by logging into the Websites. You may also request to update any Personal Information We hold about you by contacting us at [email protected]
We adopt appropriate data collection, storage, and processing practices and security measures to protect against accidental loss, unauthorized access, alteration, disclosure, or destruction of your Personal Information and data stored on Our Websites. Any payment transactions will be encrypted using current technology. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to Our Websites. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Websites.
We do not sell, trade, or rent your Personal Information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding users with Our subsidiaries, group companies, Our business partners, trusted affiliates, and advertisers (eg: Facebook) for the purposes outlined above.
We may share Personal Information with other organisations in the following circumstances:
Welcome to Sobha Realty’s privacy notice which is effective from 4 August 2019. Sobha LLC (UAE) and its group companies, including Sobha Real Estate UK Limited (Collectively “Sobha Group”), are committed to protecting your personal data. This privacy notice provides information about what to expect when Sobha Group collects and processes your personal information. You will also be informed about your privacy rights and how the law protects you.
Legitimate Interest is our lawful interest in conducting and managing our business to enable us to give you the best service/product.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Third Parties means
We may also share your personal information if the composition of Sobha Group changes in the future:
This privacy notice aims to give you information on how Sobha Group collects and processes your personal data, including any data you may provide through this website. It is important that you read this privacy notice so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Sobha LLC (UAE) is the controller and responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice). We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this Privacy Notice or our privacy practices please contact us at: [email protected] You have the right to make a complaint at any time to the Information Commissioner’s Office (the “ICO”), the UK’s supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website or application you visit.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract. We will notify you if this is the case.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store, and transfer different kinds of personal data about you which include:
We also collect, use, and share Anonymous Data such as statistical or demographic data for any purpose. Anonymous Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
We may collect personal information about you (or your business) from these sources: Data you give us:
We will only use your personal data:
Where we send direct marketing communications to you, or if we process any Special Category Data we will rely on your consent. For all other purposes, we generally do not rely on consent. You have the right to withdraw your consent at any time by contacting the DPO.
Purposes for which we will use your personal data
We usually collect your data for the following purposes:
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact the DPO if you need details about the specific legal ground we are relying on to process your personal data. We make sure we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
Promotional offers from us We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view of what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you. You will receive marketing communications from us (or from another company within the Sobha Group or third-party vendor appointed by us) if you have requested information from us, if you have provided your express consent for receiving that marketing, or, in certain cases if it is in our legitimate interest.
Third-party marketing We will not share your personal data with any company outside the Sobha Group for marketing purposes.
For Opting out You can ask us to stop sending you marketing messages by contacting the DPO at any time. Where you opt out of receiving these marketing messages, you will still receive important information such as changes to your existing services or products purchased from us.
We may monitor and/or record your telephone calls to us, or ours to you, or a third-party vendor appointed to do so, to ensure consistent servicing levels (including staff training) and account operation, to assist (where appropriate) in dealing with complaints or disputes, and to assist us in ensuring we comply with our legal obligations.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact the DPO.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may have to share your personal data with the parties set out below:
We share your personal data within the Sobha Group. This may involve transferring your data outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring that we use specific contracts or have robust policies which give personal data the same protection it has in Europe. Companies within the Sobha Group are expected to comply with the group’s Data Protection Policy with is applicable to all employees within the group. Please contact the DPO if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Website.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting the DPO. In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include:
If you wish to exercise any of the rights set out above, please contact us on [email protected]. Note, however, that while we will generally comply with your requests, in certain scenarios we may be able to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unreasonable, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Sobha LLC (UAE) and its group companies, including Sobha Real Estate UK Limited (Collectively “Sobha Group”) as a data controller is committed to protecting and maintaining the confidentiality, integrity security of personal data and respecting the rights of our data subjects. We value the personal information entrusted to us and we respect that trust, by complying with all applicable laws, regulations, and adopting best industry practices.
Our management is fully committed to ensuring the continued and effective implementation of this policy and expects all Sobha Group’s employees and third parties to share in this commitment. Any breach of this policy will be taken seriously and may result in disciplinary action or business sanction.
Purpose and Scope
This policy establishes an effective, accountable, and transparent framework for ensuring compliance with the requirements of the applicable laws and regulations regarding the protection of personal data. This policy applies to all our employees and all third parties responsible for the processing of personal data on behalf of Sobha Group.
Application of Policy
All employees processing personal information on behalf of Sobha Group are required to comply with this policy. Any employee who thinks that he has accidentally breached any terms and conditions of this policy should immediately contact to Data Protection Officer to prevent and limit the impact of the breach. Various third parties (companies or individuals) who are appointed by us as data processors are required to comply with this policy under the contract with us. Any breach of the policy will be taken seriously and could lead to taking contract enforcement action against the company or individual or terminating the contract. Our Data Protection Officer is responsible for advising us and our employees about their legal obligations, monitoring compliance with applicable laws and regulations, dealing with data security breaches, and with the development of this policy. Any questions about this policy or any concerns should be referred to Data Protection Officer at [email protected]
In the course of our work, we will ensure that personal data is collected directly from the data subjects’ unless one of the following conditions apply:
If personal data is collected from a source other than the data subject, the data subject will be informed of the collection unless one of the following applies:
Data Subject Consent
Each Sobha Group entity will obtain personal data only by lawful and fair means and, where appropriate with the knowledge and consent of the data subject concerned. Where a need exists to request and receive the consent of data subject prior to the collection, processing, or disclosure of their personal data, Sobha Group is committed to seeking such consent. The Data Protection Officer, in cooperation with other relevant business representatives, shall be responsible for establishing a system for obtaining and documenting data subject consent for the collection, processing, and/or transfer of their personal data.
We will inform data subjects in writing whose personal data is collected about our identity/contact details and those of the Data Protection Officer, the type of data collected, the reasons for the processing, and the legal bases, including explaining any automated decision-making or profiling, explaining our legitimate interests, and explaining, where relevant, the consequences of not providing data needed for a contract or statutory requirement, whom we will share the data with, how long the data will be stored and the data subjects’ rights. This information will be communicated through Privacy Notice and will be given at the time when the personal data is collected.
We will only process personal data for the specific purposes explained in our Privacy Notice or for other purposes specifically permitted by law. We will not process personal data unless at least one of the following legal conditions is met:
We will only process Special Categories of Data where the data subject expressly consents to such processing or where one of the following conditions apply:
Data Subject’s Rights
We will process personal data in line with the data subject’s rights including their right to:
We will act on all valid requests as soon as possible, and at the latest within one calendar month, unless we have reason to, and can lawfully extend the time limit. This can be extended by up to two months in certain circumstances.
All data subject’s rights are provided free of charge provided any Subject Access Requests which are manifestly unfounded or excessive shall be provided on a chargeable basis in accordance with applicable laws and regulations.
Any information provided to data subjects will be concise and transparent, using clear and plain language.
We will comply with the applicable laws and regulations including any laws which may amend or replace the laws and regulations around direct marketing. This includes, but is not limited to when we make contact with data subjects by post, email, text message, social media messaging, telephone (both live and recorded calls), and fax.
Any direct marketing material that we send will identify us as the sender and if a data subject exercises their right to object to direct marketing, we will stop the direct marketing as soon as possible unless it is in our legitimate interests.
Third-Party Data Processors
We will only share personal data with third parties when we have a legal basis to do so and if we have informed the data subject about the possibility of the data being shared unless legal exemptions apply to informing data subjects about the sharing. Only authorised and properly instructed staff are allowed to share personal data. Before appointing a contractor/agent/supplier/service provider who will process personal data on our behalf, we will carry out necessary due diligence. The checks are to make sure the data processor will use appropriate technical and organisational measures to ensure the processing will comply with applicable laws and regulations, including keeping the data secure and upholding the rights of data subjects.
We will only appoint third-party data processors on the basis of a written contract that will require the data processor to comply with all relevant legal requirements. We will continue to monitor the data processing, and compliance with the contract, throughout the duration of the contract.
We will keep records of personal data shared with a third party, which will include recording any exemptions which have been applied, and why they have been applied
We will not keep personal data longer than is necessary for the purposes that it was collected including for the purposes of satisfying any legal, accounting, or reporting requirements. Information about how long we will keep personal data can be found in our Data Retention Policy which may be obtained by contacting the Data Protection Officer.
Security of Personal Data
We will use appropriate measures to keep personal data secure at all points of the processing. Keeping data secure includes protecting it from unauthorised or unlawful processing, or from accidental loss, destruction, or damage. We limit access to personal data to those employees, agents, contractors, and other third parties who have a business need to know.
We will implement security measures that provide a level of security that is appropriate to the risks involved in the processing.
Transferring personal data outside the European Union (EU)
We may transfer personal data outside the EU. Whenever we transfer personal data out of the EU, we will ensure a similar degree of protection is afforded to it by ensuring that we use specific contracts or have robust policies which give personal data the same protection it has in the EU.
Training and Guidance
Our employees/staff that have access to personal data will have responsibilities under this policy outlined to them as part of their employee induction training program. In addition, each Sobha Group entity accessing personal data will provide regular data protection training and procedural guidance to its employees/staff.
Data Protection Impact Assessments
When we plan to carry out any data processing which is likely to result in a high risk we will carry out a Data Protection Impact Assessment (DPIA). Any decision not to conduct a DPIA will be recorded. We may also conduct a DPIA in other cases when we consider it appropriate to do so.
Dealing with Data Protection Breaches
Any individual who suspects that a personal data breach has occurred due to theft or unauthorized disclosure of personal data must immediately notify the DPO providing a description of the incident. Notification of the incident can be made via e-mail to the DPO. The DPO will investigate all reported incidents to confirm whether or not a personal data breach has occurred. If a personal data breach is confirmed, the DPO will follow the relevant authorised procedure based on the criticality and quantity of the personal data involved. For severe personal data breaches, Sobha Group’s executive team will initiate and chair an emergency response team to coordinate and manage the personal data breach response.
Recommendations, Advice, and Support
For any recommendations, advice, and support in relation to this policy, please contact the DPO via email at [email protected]
The following terms are used throughout this policy and have meanings as set out below: