This Privacy Policy governs the way Gardenia Homes (“we”) collect, use, maintain and disclose information collected solely from:
- Users of Our website: https://www. gardeniahomes.ae (“Websites”);
- Email, text, and other electronic messages between you and Us;
- Mobile and desktop applications that you may download from Our Websites;
- Your interactions with Our advertising and applications on third-party websites and services, if those applications or advertisements include links to this privacy policy; and information and data collected by our call centers.
PERSONAL INFORMATION:
We may collect any information that can be used to identify you, such as your name, postal address, e-mail address, passport number, Emirates ID number, property ID and/or telephone number, and details of the contract entered with you (“Personal Information”). We may collect Personal Information in a variety of ways, including, but not limited to, when you visit Our Websites, use Live Chat, subscribe to Our newsletter, complete a form, and in connection with other activities, services, features or resources we make available on Our Websites, and automatically as you navigate through the Websites. You can always refuse to supply Personal Information, except that it may prevent you from engaging in certain related activities on Our Websites. You can visit Our Websites anonymously. You can change your Personal Information by sending us an email to info@gardeniahomes.ae
NON-PERSONAL IDENTIFICATION INFORMATION:
We may collect your non-personal identification information whenever you interact with Our Websites. Non-personal identification information means information that is about you but does not identify you individually, and/or relates to information about your internet connection, the equipment you use to access the Websites and usage details, and other similar information.
WEB BROWSER COOKIES:
Our Websites may use “cookies” to enhance your user experience. Your web browser places cookies on your hard drive for record-keeping purposes and sometimes to track information about you. You may choose to set your web browser to refuse cookies or to alert you when cookies are being sent. If you do so, note that some parts of the Websites may not function properly. This is a standard operating procedure that is used across the internet.
HOW TO MANAGE AND REMOVE COOKIES?
If you are using Our Websites via a browser you can restrict, block or remove cookies through your web browser settings. The Help menu on the menu bar of most browsers also tells you how to prevent your browser from accepting new cookies, how to delete old cookies, how to have the browser notify you when you receive a new cookie, and how to disable cookies altogether. You can also visit http://www.aboutcookies.org for more information on how to manage and remove cookies across a number of different internet browsers.
HOW WE USE COLLECTED INFORMATION:
Sobha may collect and use your Personal Information for the following purposes:
- To improve customer service: Information provided by you helps us respond to customer service requests and support needs, more efficiently;
- To personalize user experience: We may use your information in the aggregate to understand how users as a group use the services and resources provided on Our Websites;
- To improve Our Websites: We may use feedback provided by you to improve Our products and services;
- To run a promotion, contest, survey, or other feature on the website;
- To send you the information you agreed to receive about topics of interest to you;
- To send periodic emails;
- To fulfill the purpose for which you provide it;
- For marketing purposes by third-party vendor appointed by us;
- For any other purpose disclosed by Us, when you provide it.
By accepting this Privacy Policy, you give your permission for your personal information to be recorded, stored, processed, transferred, and shared by us, and agree that we may process your personal information. You acknowledge that your information may be shared by us with a third party appointed by us for marketing purposes. You also understand that you have the right to withdraw your consent at any time after notifying us in writing to not use your information in the manner described above by contacting us at hello@sobha-me.com.
We may use your e-mail address to respond to any inquiries, questions, and/or other requests you may have. If you opt to be a part of Our mailing list, then you will receive e-mails about Sobha news, updates, related project, product or service information, etc. If at any time you would like to unsubscribe from receiving future emails from Us, you may do so by contacting Us via any of Our Websites.
ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION:
You can review and change your Personal Information by logging into the Websites. You may also request to update any Personal Information We hold about you by contacting us at hello@sobha-me.com
HOW WE PROTECT YOUR PERSONAL INFORMATION :
We adopt appropriate data collection, storage, and processing practices and security measures to protect against accidental loss, unauthorized access, alteration, disclosure, or destruction of your Personal Information and data stored on Our Websites. Any payment transactions will be encrypted using current technology. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to Our Websites. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Websites.
SHARING PERSONAL INFORMATION :
We do not sell, trade, or rent your Personal Information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding users with Our subsidiaries, group companies, Our business partners, trusted affiliates, and advertisers (eg: Facebook) for the purposes outlined above.
We may share Personal Information with other organisations in the following circumstances:
- To provide measurement services and target ads
- If any applicable law or a public authority says We must share Personal Information;
- If We need to share Personal Information to establish, exercise or defend Our legal rights (this includes providing Personal Information to others for the purposes of preventing fraud and reducing credit risk);
- To an organisation We sell or transfer (or enter into negotiations to sell or transfer) any of Our businesses or any of Our rights or obligations under any agreement that We may have with you. If the transfer or sale goes ahead, the organisation receiving your Personal Information can use your Personal Information in the same way as Us; or
- To any vendor or the third-party service provider appointed by us to provide enhanced services;
- For storage of sale contract and for the usage of third-party software used for electronic signature of the relevant documentation;
- To any other successors in title to Our business.
CHANGES TO THIS PRIVACY POLICY:
Sobha shall update this privacy policy at its sole discretion from time to time. You are advised to check this page for any changes in the privacy policy and to stay informed about how your Personal Information is protected by us, and you acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of any modifications.
Your acceptance of these terms: By using the Websites, you signify your acceptance of this privacy policy as may be modified from time to time. Your continued use of the Websites after we make changes is deemed to be acceptance of those changes, as they are binding on you. You are advised not to access the Websites if you do not agree with Our privacy policy and practices.
GLOSSARY
Legitimate Interest is our lawful interest in conducting and managing our business to enable us to give you the best service/product.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Third Parties means
- Companies within the Sobha Group other than the ones to whom you are providing your personal data.
- Organisations we need to share your personal information with to provide you with the product or service you have chosen.
- Revenue & Customs, regulators, and other authorities.
- Fraud prevention and law enforcement agencies.
- Companies that we introduce to you.
- Agents and advisers who we use to help run your relationship with us, collect what you owe, and explore new ways of doing business.
- Companies we have a joint venture or agreement to co-operate with.
- Organisations that introduce you to us.
- Companies you ask us to share your data with.
We may also share your personal information if the composition of Sobha Group changes in the future:
- We may choose to sell, transfer, or merge parts of our business, or our assets. Or we seek to acquire other businesses or merge with them.
- During any such process, we may share your data with other parties. We will only do this if they agree to keep your data safe and private.
- If the change to our Group happens, then other parties may use your data in the same way as set out in this notice.
1. IMPORTANT INFORMATION
Purpose of this privacy notice
This privacy notice aims to give you information on how Sobha Group collects and processes your personal data, including any data you may provide through this website. It is important that you read this privacy notice so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Controller
Sobha LLC (UAE) is the controller and responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice). We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this Privacy Notice or our privacy practices please contact us at: DPO@sobha-me.com. You have the right to make a complaint at any time to the Information Commissioner’s Office (the “ICO”), the UK’s supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Third-party links
This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website or application you visit.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract. We will notify you if this is the case.
Updating your personal data with us
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
2. THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store, and transfer different kinds of personal data about you which include:
- Identity Data, which includes first name, maiden name, last name or similar identifier, marital status, title, date of birth, gender, country of residence, and nationality.
- Documentary Data, which includes copies of your passport, driver’s licence, ID card, proof of address, etc.
- Contact Data, which includes billing address, delivery address, email address, and telephone numbers.
- Financial Data, which includes bank account and payment card details.
- Contractual Data, which includes details about the products or services we provide to you.
- Transaction Data, which includes details about payments to and from you and other details of products and services you have purchased from or through us.
- Open Data, which includes details about you that are in public records, and information about you that is openly available on the internet.
- Social Relationships Data, which includes your family, friends, and other relationships.
- Location Data, which includes data we get about where you are.
- Technical Data, which includes internet protocol (IP) address, your login data (where applicable), browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites.
- Communications Data, which includes what we learn from you from letters, emails (and other forms of electronic communication), and conversations between us.
- Profile Data, which includes your username and password (if any), purchases or services requested by you, your interests, preferences, and feedback.
- Usage Data, which includes information about how you use our website, products, and services.
- Marketing and Communications Data, which includes your preferences in receiving marketing from us and your communication preferences.
- Special Category Data, which includes details about your race or ethnicity and information about criminal convictions and offences. We will only collect and use these types of data if the law requires or allows us to do so.
We also collect, use, and share Anonymous Data such as statistical or demographic data for any purpose. Anonymous Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
3. HOW IS YOUR PERSONAL DATA COLLECTED
We may collect personal information about you (or your business) from these sources: Data you give us:
- When you apply for our services or purchase our products;
- When you talk to us on the phone;
- When you use our website;
- In letters, emails, and other forms of electronic communication;
- In customer surveys or promotions;
- If your business is looking to enter into or has entered into a business arrangement with us;
- When you make payments to us in relation to the services or products we are providing to you.
Data from third parties we work with, or otherwise publicly available:
- Companies that introduce you to us;
- Fraud prevention and law enforcement agencies;
- Retailers;
- Social networks;
- Public information sources such as Companies House;
- Agents working on our behalf;
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data:
- Where we need to perform a contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation including any obligation arising out of applicable anti-money laundering regulations.
- Where we want to use your personal data for purposes similar to the one for which the personal data is provided.
Where we send direct marketing communications to you, or if we process any Special Category Data we will rely on your consent. For all other purposes, we generally do not rely on consent. You have the right to withdraw your consent at any time by contacting the DPO.
Purposes for which we will use your personal data
We usually collect your data for the following purposes:
- To register you (or your business) as a new customer or supplier
- To deliver our services/products including:
- To process your instructions and requests
- To Manage payments and fees/charges
- To Collect and recover money owed to us
- To manage our relationship with you which will include:
- Notifying you about changes to our terms and conditions or privacy policy
- Studying how our customers use products and services from us and other organisations
- Developing and carrying out marketing activities
- To develop and manage our brands, products, and services and to manage how we work with other companies that provide services to us and our customers
- To manage risk for us and our customers, to obey laws and regulations that apply to us, and to respond to complaints and seek to resolve them
- To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, technical, and corporate governance
- To exercise our rights set out in agreements or contracts
- To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
- To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences
- To make suggestions and recommendations to you about goods or services that may be of interest to you.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact the DPO if you need details about the specific legal ground we are relying on to process your personal data. We make sure we consider and balance any potential impact on you and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
Promotional offers from us We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view of what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, and offers may be relevant for you. You will receive marketing communications from us (or from another company within the Gardenia Homes or third-party vendor appointed by us) if you have requested information from us, if you have provided your express consent for receiving that marketing, or, in certain cases if it is in our legitimate interest.
Third-party marketing We will not share your personal data with any company outside the Gardenia Homes for marketing purposes.
For Opting out You can ask us to stop sending you marketing messages by contacting the DPO at any time. Where you opt out of receiving these marketing messages, you will still receive important information such as changes to your existing services or products purchased from us.
Cookies
You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.
Telephone Calls
We may monitor and/or record your telephone calls to us, or ours to you, or a third-party vendor appointed to do so, to ensure consistent servicing levels (including staff training) and account operation, to assist (where appropriate) in dealing with complaints or disputes, and to assist us in ensuring we comply with our legal obligations.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact the DPO.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
5. DISCLOSURES OF YOUR PERSONAL DATA/
We may have to share your personal data with the parties set out below:
- External Third Parties as set out in the Glossary.
- Third parties to whom we may choose to transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
6. INTERNATIONAL TRANSFERS
We share your personal data within the Gardenia Homes. This may involve transferring your data outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring that we use specific contracts or have robust policies which give personal data the same protection it has in Europe. Companies within the Gardenia Homes are expected to comply with the group’s Data Protection Policy with is applicable to all employees within the group. Please contact the DPO if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
7. DATA SECURITY
We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The safety and security of your information also depend on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Website.
8. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting the DPO. In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. YOUR LEGAL RIGHTS
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include:
- Requesting access to your personal data.
- Requesting correction of the personal data that we hold about you
- Requesting erasure of your personal data.
- Objecting to processing of your personal data.
- Requesting restriction of processing of your personal data.
- Requesting the transfer of your personal data to you or to a third party
- Withdrawing consent at any time where we are relying on consent to process your personal data.
If you wish to exercise any of the rights set out above, please contact us on info@gardeniahomes.ae Note, however, that while we will generally comply with your requests, in certain scenarios we may be able to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unreasonable, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
DATA PROTECTION POLICY
SECTION A – WHAT THIS POLICY IS FOR
Policy statement
Gardenia Homes LLC as a data controller is committed to protecting and maintaining the confidentiality, integrity security of personal data and respecting the rights of our data subjects. We value the personal information entrusted to us and we respect that trust, by complying with all applicable laws, regulations, and adopting best industry practices.
Our management is fully committed to ensuring the continued and effective implementation of this policy and expects all Gardenia Homes employees and third parties to share in this commitment. Any breach of this policy will be taken seriously and may result in disciplinary action or business sanction.
Purpose and Scope
This policy establishes an effective, accountable, and transparent framework for ensuring compliance with the requirements of the applicable laws and regulations regarding the protection of personal data. This policy applies to all our employees and all third parties responsible for the processing of personal data on behalf of Gardenia Homes.
Application of Policy
All employees processing personal information on behalf of Gardenia Homes are required to comply with this policy. Any employee who thinks that he has accidentally breached any terms and conditions of this policy should immediately contact to Data Protection Officer to prevent and limit the impact of the breach. Various third parties (companies or individuals) who are appointed by us as data processors are required to comply with this policy under the contract with us. Any breach of the policy will be taken seriously and could lead to taking contract enforcement action against the company or individual or terminating the contract. Our Data Protection Officer is responsible for advising us and our employees about their legal obligations, monitoring compliance with applicable laws and regulations, dealing with data security breaches, and with the development of this policy. Any questions about this policy or any concerns should be referred to Data Protection Officer at info@gardeniahomes.ae
SECTION B – OUR DATA PROTECTION RESPONSIBILITIES
Data Collection
In the course of our work, we will ensure that personal data is collected directly from the data subjects’ unless one of the following conditions apply:
- the nature of the business purpose necessitates collection of the personal data from other persons or bodies; or
- the collection must be carried out under emergency circumstances in order to protect the vital interests of the data subject or to prevent serious loss or injury to another person.
If personal data is collected from a source other than the data subject, the data subject will be informed of the collection unless one of the following applies:
- the data subject has received the required information by other means;
- a national law expressly provides for the collection, processing, or transfer of personal data.
Data Subject Consent
Each Sobha Group entity will obtain personal data only by lawful and fair means and, where appropriate with the knowledge and consent of the data subject concerned. Where a need exists to request and receive the consent of data subject prior to the collection, processing, or disclosure of their personal data, Sobha Group is committed to seeking such consent. The Data Protection Officer, in cooperation with other relevant business representatives, shall be responsible for establishing a system for obtaining and documenting data subject consent for the collection, processing, and/or transfer of their personal data.
Privacy Notices
We will inform data subjects in writing whose personal data is collected about our identity/contact details and those of the Data Protection Officer, the type of data collected, the reasons for the processing, and the legal bases, including explaining any automated decision-making or profiling, explaining our legitimate interests, and explaining, where relevant, the consequences of not providing data needed for a contract or statutory requirement, whom we will share the data with, how long the data will be stored and the data subjects’ rights. This information will be communicated through Privacy Notice and will be given at the time when the personal data is collected.
Data Processing
We will only process personal data for the specific purposes explained in our Privacy Notice or for other purposes specifically permitted by law. We will not process personal data unless at least one of the following legal conditions is met:
- the processing is necessary for a contract with the data subject;
- the processing is necessary for us to comply with a legal obligation;
- the processing is necessary to protect someone’s life (“vital interests”);
- the processing is necessary for us to perform a task in the public interest, and the task has a clear basis in law; and
- the processing is necessary for our legitimate interests unless overridden by the interests, rights, and freedoms of the data subject.
We will only process Special Categories of Data where the data subject expressly consents to such processing or where one of the following conditions apply:
- the processing is necessary for carrying out our obligations under employment and social security and social protection law;
- the processing is necessary for safeguarding the vital interests (in emergency, life or death situations) of an individual and the data subject is incapable of giving consent;
- the processing is carried out in the course of our legitimate activities and only relates to our members or persons we are in regular contact with in connection with our purposes; and
- the processing is necessary for pursuing legal claims.
Data Subject’s Rights
We will process personal data in line with the data subject’s rights including their right to:
- request access to any of their personal data held by us (Subject Access Request);
- ask to have inaccurate personal data changed;
- restrict processing, in certain circumstances;
- object to processing, in certain circumstances, including preventing the use of their data for direct marketing;
- data portability, which means to receive their data, or some of their data, in a format that can be easily used by another person (including the data subject themselves) or organisation;
- not be subject to automated decisions, in certain circumstances; and
- withdraw consent when we are relying on consent to process their data.
We will act on all valid requests as soon as possible, and at the latest within one calendar month, unless we have reason to, and can lawfully extend the time limit. This can be extended by up to two months in certain circumstances.
All data subject’s rights are provided free of charge provided any Subject Access Requests which are manifestly unfounded or excessive shall be provided on a chargeable basis in accordance with applicable laws and regulations.
Any information provided to data subjects will be concise and transparent, using clear and plain language.
Direct marketing
We will comply with the applicable laws and regulations including any laws which may amend or replace the laws and regulations around direct marketing. This includes, but is not limited to when we make contact with data subjects by post, email, text message, social media messaging, telephone (both live and recorded calls), and fax.
Any direct marketing material that we send will identify us as the sender and if a data subject exercises their right to object to direct marketing, we will stop the direct marketing as soon as possible unless it is in our legitimate interests.
Third-Party Data Processors
We will only share personal data with third parties when we have a legal basis to do so and if we have informed the data subject about the possibility of the data being shared unless legal exemptions apply to informing data subjects about the sharing. Only authorised and properly instructed staff are allowed to share personal data. Before appointing a contractor/agent/supplier/service provider who will process personal data on our behalf, we will carry out necessary due diligence. The checks are to make sure the data processor will use appropriate technical and organisational measures to ensure the processing will comply with applicable laws and regulations, including keeping the data secure and upholding the rights of data subjects.
We will only appoint third-party data processors on the basis of a written contract that will require the data processor to comply with all relevant legal requirements. We will continue to monitor the data processing, and compliance with the contract, throughout the duration of the contract.
We will keep records of personal data shared with a third party, which will include recording any exemptions which have been applied, and why they have been applied
Data Retention
We will not keep personal data longer than is necessary for the purposes that it was collected including for the purposes of satisfying any legal, accounting, or reporting requirements. Information about how long we will keep personal data can be found in our Data Retention Policy which may be obtained by contacting the Data Protection Officer.
Security of Personal Data
We will use appropriate measures to keep personal data secure at all points of the processing. Keeping data secure includes protecting it from unauthorised or unlawful processing, or from accidental loss, destruction, or damage. We limit access to personal data to those employees, agents, contractors, and other third parties who have a business need to know.
We will implement security measures that provide a level of security that is appropriate to the risks involved in the processing.
- technical systems security;
- measures to restrict or minimise access to data;
- measures to ensure our systems and data remain available or can be easily restored in the case of an incident;
- physical security of information and of our premises;
- organisational measures, including policies, procedures, training, and audits; and
- regular testing and evaluating of the effectiveness of security measures.
Transferring personal data outside the European Union (EU)
We may transfer personal data outside the EU. Whenever we transfer personal data out of the EU, we will ensure a similar degree of protection is afforded to it by ensuring that we use specific contracts or have robust policies which give personal data the same protection it has in the EU.
Training and Guidance
Our employees/staff that have access to personal data will have responsibilities under this policy outlined to them as part of their employee induction training program. In addition, each Sobha Group entity accessing personal data will provide regular data protection training and procedural guidance to its employees/staff.
SECTION C – MANAGING CHANGE AND RISKS
Data Protection Impact Assessments
When we plan to carry out any data processing which is likely to result in a high risk we will carry out a Data Protection Impact Assessment (DPIA). Any decision not to conduct a DPIA will be recorded. We may also conduct a DPIA in other cases when we consider it appropriate to do so.
Dealing with Data Protection Breaches
Any individual who suspects that a personal data breach has occurred due to theft or unauthorized disclosure of personal data must immediately notify the DPO providing a description of the incident. Notification of the incident can be made via e-mail to the DPO. The DPO will investigate all reported incidents to confirm whether or not a personal data breach has occurred. If a personal data breach is confirmed, the DPO will follow the relevant authorised procedure based on the criticality and quantity of the personal data involved. For severe personal data breaches, Gardenia Homes executive team will initiate and chair an emergency response team to coordinate and manage the personal data breach response.