Privacy Policy

Customer Data, Intellectual Property & Compliance Policy

Andalusia Real Estate Development LLC

 

1.Purpose

This Policy outlines Andalusia Real Estate Development LLC’s commitment to protecting customer data, intellectual property, and ensuring compliance with local and international legal frameworks. It aligns with UAE Federal Decree-Law No. 45 of 2021 (PDPL), UAE Cybercrime Law (Decree-Law No. 34 of 2021), and international agreements such as TRIPS and WIPO guidelines. The objective is to foster transparency, accountability, and data integrity across real estate operations.

2. Scope

This policy applies to all employees, contractors, and third-party service providers involved in handling data and intellectual property across business units. It covers personal data, client financial records, communication systems, and all business processes involving client engagement, CRM platforms, real estate project data, and legal documentation.

3. Legal Framework

The policy is framed under the following regulations:

• UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection
• UAE Federal Decree-Law No. 34 of 2021 on Combatting Rumors and Cybercrimes
• UAE Commercial Transactions Law
• UAE Copyright and Trademarks Law
• International frameworks including GDPR (where applicable), WIPO, and TRIPS

4. Definitions

• Intellectual Property (IP): Includes registered and unregistered trademarks, logos, plans, brochures, automation workflows, CRM templates, project blueprints, and digital assets.
• Client Data: All forms of identifiable or sensitive data provided by a client or acquired through transactions.
• Confidential Information: Any business, strategic, financial, or client-related data not publicly available.

5. Collection, Use & Retention

Customer data is collected strictly for legitimate business purposes, such as processing real estate transactions, marketing with consent, or legal compliance. Data is retained only for as long as required to fulfill legal and operational obligations. Retention periods are reviewed annually in accordance with PDPL and international best practices.

6. Client Rights

Clients have the right to:

• Access and review their personal data
• Correct or update inaccurate information
• Request deletion of data no longer required
• Object to non-essential processing such as marketing
• Request data portability

Requests must be acknowledged within 5 business days and processed within 30 business days.

7. Data Protection Measures

The Company uses the following safeguards:

• End-to-end encryption
• Role-based system access controls
• ISO/IEC 27001-aligned security policies
• Two-factor authentication (2FA) on all platforms
• Real-time intrusion detection and monitoring

8. Data Transfers

When transferring data outside the UAE:

• Transfers are permitted only to jurisdictions recognized by the UAE for adequate data protection
• Standard Contractual Clauses (SCCs) are enforced where necessary
• Cross-border data mapping and risk assessments are conducted regularly

9. Intellectual Property Ownership

All designs, plans, marketing content, property portfolios, and internal process templates are the intellectual property of Andalusia. Unauthorized use or distribution will be prosecuted under UAE and international law. Collaborations must be governed by co-development or licensing agreements.

10. Employee & Vendor Obligations

All staff and vendors must sign NDAs, DPAs, and IP protection clauses in their contracts. Vendors handling sensitive data or systems must undergo onboarding risk assessments and periodic audits to verify ongoing compliance.

11. Incident Response

In case of a suspected breach:

• An investigation is launched within 24 hours
• The UAE Data Office is notified within 72 hours (if applicable)
• Clients are notified promptly with impact details
• A remediation and containment report is prepared and submitted internally

12. Compliance & Training

All employees must undergo mandatory PDPL, IP protection, and cybersecurity training every 12 months. Training completion is monitored, and non-compliance may result in disciplinary action or system access restrictions.

13. Enforcement & Penalties

Any breach of this policy may result in:

• Verbal or written warning
• Suspension or termination of employment or contract
• Legal prosecution and fines
• Blacklisting from business relationships

14. Policy Updates & Notifications

This policy is reviewed annually. Material changes will be published on the Company website and communicated via internal circulars or emails. Clients will receive notifications for any updates affecting their rights.

15. Governing Language

This Policy is issued in English. In the event of interpretation differences, the English version shall prevail.

16. Contact

Data Protection & Compliance Office

Email: legal@andalusiarealestate.ae

Phone: [Insert Number]

Additional Privacy Compliance Clauses

In alignment with UAE PDPL and international data privacy laws:

• All personal data collected is subject to the same level of protection
• International transfers must meet adequate standards and use SCCs where needed
• Clients may submit data requests; these will be acknowledged within 5 days and resolved within 30
• Data breaches will be logged and reported to UAE authorities within 72 hours, as required

Additional Strategic Compliance Clauses

Compliance with RERA Regulations

Compliance with escrow account management, advertising, project registration, and brokerage conduct.

Anti-Money Laundering (AML) & Know Your Customer (KYC)

Strict adherence to UAE Central Bank and Dubai Land Department requirements for identity and transaction verification.

Dispute Resolution & Arbitration

Disputes are first resolved amicably, then via arbitration at Dubai International Arbitration Centre (DIAC).

Business Continuity & Disaster Recovery

Includes encrypted backups, redundant systems, and semi-annual recovery drills.

Environmental, Social & Governance (ESG) Commitment

Focus on sustainable development, CSR, and governance transparency, with regular ESG audits.

Whistleblowing Policy

Anonymous reporting of unethical behavior is supported and protected under law.

Insurance & Liability Coverage

Covers professional indemnity, cybersecurity, and third-party liability to protect all stakeholders.