Privacy Policy

This Privacy Policy governs the way Sobha Constructions L.L.C (“We”, “Us”, “Our” or “Sobha Constructions”) collect, use, maintain and disclose information collected solely from:

• Users of Our website https://sobhaconstructions.com (“Website”);
• Email, text and other electronic messages between you and Us;
• Mobile and desktop applications that you may download from Our Website;
• Your interactions with Our advertising and applications on third party Website and services; and information and data collected by Our call centers.

 

PERSONAL INFORMATION:

We may collect any information that can be used to identify you, such as your name, postal address, e-mail address, passport number, Emirates ID number, property ID and/or telephone number, details of the contract entered with you (“Personal Information”).
We may collect Personal Information in a variety of ways, including, but not limited to, when you visit Our Website, use Live Chat, subscribe to Our newsletter, complete a form, and in connection with other activities, services, features or resources we make available on Our Website, and automatically as you navigate through the Website. You can always refuse to supply Personal Information, except that it may prevent you from engaging in certain related activities on Our Website.
You can visit Our Website anonymously.
You can change your Personal Information by sending us an email to [email protected].

 

NON-PERSONAL IDENTIFICATION INFORMATION:

We may collect your non-personal identification information whenever you interact with Our Website. Non-personal identification information means information which is about you but does not identify you individually, and/or relates to information about your internet connection, the equipment you use to access the Website and usage details and other similar information.

 

WEB BROWSER COOKIES:

Our Website may use "cookies" to enhance your user experience. Your web browser places cookies on your hard drive for record-keeping purposes and sometimes to track information about you. You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. If you do so, note that some parts of the Website may not function properly. This is a standard operating procedure that is used across the internet.

 

HOW TO MANAGE AND REMOVE COOKIES?

If you are using Our Website via a browser you can restrict, block or remove cookies through your web browser settings. The help menu on the menu bar of most browsers also tells you how to prevent your browser from accepting new cookies, how to delete old cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. You can also visit http://www.aboutcookies.org for more information on how to manage and remove cookies across a number of different internet browsers. You also have the option to change your choices relating to cookies utilized to deliver behaviorally targeted advertising at http://optout.aboutads.info/?c=2&lang=EN OR https://www.youronlinechoices.eu/

 

HOW WE USE COLLECTED INFORMATION:

Sobha Constructions L.L.C may collect and use your Personal Information for the following purposes:

• To improve customer service: Information provided by you helps us respond to customer service requests and support needs, more efficiently;
• To personalize user experience: We may use your information in the aggregate to understand how users as a group use the services and resources provided on Our Website;
• To improve Our Website: We may use feedback provided by you to improve Our products and services;
• To run promotion, contest, survey or other feature on the Website;
• To send you information you agreed to receive about topics of interest to you;
• To send periodic emails;
• To fulfill the purpose for which you provide it;
• For marketing purpose by third party vendor appointed by us;
• For any other purpose disclosed by Us, when you provide it.

By accepting this Privacy Policy, you give your permission for your personal information to be recorded, stored, processed, transferred, and shared by Us. You acknowledge that your information may be shared by us with third party appointed by Us for marketing purposes. You also understand that you have the right to withdraw your consent at any time by notifying Us in writing to not use your information in the manner described above by contacting us at [email protected].
We may use your e-mail address to respond to any inquiries, questions, and/or other requests you may have. If you opt to be a part of Our mailing list, then you will receive e-mails about Sobha Constructions L.L.C, news, updates, related project, product or service information, etc. If at any time you would like to unsubscribe from receiving future emails from Us, you may do so by contacting Us via Our Website.

 

ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION:

You can review and change your Personal Information by logging into the Website. You may also request to update any Personal Information We hold about you by contacting us at [email protected]. 

 

HOW WE PROTECT YOUR PERSONAL INFORMATION:

We adopt appropriate data collection, storage and processing practices and security measures to protect against accidental loss, unauthorized access, alteration, disclosure or destruction of your Personal Information and data stored on Our Website. Any payment transactions will be encrypted using current technology.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Information, we cannot guarantee the security of your Personal Information transmitted to Our Website. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

 

SHARING PERSONAL INFORMATION:

We do not sell, trade, or rent your Personal Information to others. We may share generic aggregated demographic information not linked to any personal identification information with Our subsidiaries, group companies, Our business partners, trusted affiliates and advertisers (e.g.: Facebook) for the purposes outlined above.


We may share Personal Information with other organisations in the following circumstances:

• To provide measurement services and target ads;
• If any applicable law or a public authority says We must share the Personal Information;
• If We need to share Personal Information to establish, exercise or defend Our legal rights (this includes providing Personal Information to others for the purposes of preventing fraud and reducing credit risk);
• To an organisation We sell or transfer (or enter into negotiations to sell or transfer) any of Our businesses or any of Our rights or obligations under any agreement that We may have with you. If the transfer or sale goes ahead, the organisation receiving your Personal Information can use your Personal Information in the same way as Us; or
• To any vendor or third party service provider appointed by us to provide enhanced services;
• For storage of sale contract and for usage of third-party software used for electronic signature of the relevant documentation;
• To any other successors in title to Our business.

 

CHANGES TO THIS PRIVACY POLICY:

Sobha Constructions L.L.C shall update this privacy policy at its sole discretion from time to time. You are advised to check this page for any changes in the privacy policy and to stay informed about how your Personal Information is protected by us, and you acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of any modifications.
Your acceptance of these terms:
By using the Website, you signify your acceptance of this privacy policy as may be modified from time to time. Your continued use of the Website after we make changes is deemed to be acceptance of those changes, as they are binding on you. You are advised not to access the Website if you do not agree with Our privacy policy and practices. 

 

CROSS-BORDER TRANSFERS: 

Your Personal Information may be transferred to and stored in servers and facilities located to countries outside country or region in which you reside. Some of these countries may not provide the same level of data protection as the country in which you reside.

 

We only transfer Personal Information to these countries, when it is necessary for the services we provide you, or subject to appropriate safeguards that assure the protection of your Personal Information, such as contractual arrangements (as appropriate) or otherwise in accordance with applicable laws.

 

DATA SECURITY:

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. The safety and security of your information also depends on you. Where We have given you (or where you have chosen) a password for access to certain parts of Our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.


 

 

DATA RETENTION:

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, We consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which We process your personal data and whether We can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting the DPO.
In some circumstances We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case We may use this information indefinitely without further notice to you.

 

YOUR LEGAL RIGHTS:

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include:

• Requesting access to your personal data.
• Requesting correction of the personal data that we hold about you
• Requesting erasure of your personal data.
• Objecting to processing of your personal data.
• Requesting restriction of processing of your personal data.
• Requesting the transfer of your personal data to you or to a third party.
• Withdrawing consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us on [email protected].  Note, however, that while we will generally comply with your requests, in certain scenarios we may be able to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request.

No fee usually required:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unreasonable, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you:
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond:
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

DATA PROTECTION POLICY

 

SECTION A – WHAT THIS POLICY IS FOR

Policy statement of
Sobha Constructions L.L.C (UAE) as a data controller is committed to protecting and maintaining the confidentiality, integrity security of personal data and respecting the rights of our data subjects. We value the personal information entrusted to us and we respect that trust, by complying with all applicable laws, regulations and adopting best industry practice.
Our management is fully committed to ensuring continued and effective implementation of this policy, and expects all its employees and third parties to share in this commitment. Any breach of this policy will be taken seriously and may result in disciplinary action or business sanction.

Purpose and Scope:
This policy establishes an effective, accountable and transparent framework for ensuring compliance with the requirements of the applicable laws and regulations regarding protection of personal data. This policy applies to all our employees and all third parties responsible for the processing of personal data on behalf of Sobha Constructions L.L.C.

Application of Policy:
All employees processing personal information on behalf of Sobha Constructions L.L.C are required to comply with this policy. Any employee who thinks that he has accidentally breached any terms and conditions of this policy should immediately contact to Data Protection Officer to prevent and limit the impact of the breach.
Various third parties (companies or individuals) who are appointed by us as data processor are required to comply with this policy under the contract with us. Any breach of the policy will be taken seriously and could lead to taking contract enforcement action against the company or individual or terminating the contract.
Our Data Protection Officer is responsible for advising us and our employees about their legal obligations, monitoring compliance with applicable laws and regulation, dealing with data security breaches and with the development of this policy. Any questions about this policy or any concerns should be referred to Data Protection Officer at [email protected].

 

 

 

SECTION B – OUR DATA PROTECTION RESPONSIBILITIES

Data Collection:
In the course of our work, we will ensure that personal data is collected directly from the data subjects’ unless one of the following conditions apply:

• the nature of the business purpose necessitates collection of the personal data from other persons or bodies; or
• such collection is carried out under emergency circumstances to protect the vital interests of the data subject or to prevent serious loss or injury to another person.

If personal data is collected from source other than the data subject, the data subject will be informed of the collection unless one of the following apply:

• the data subject has received the required information by other means;
• a national law expressly provides for the collection, processing or transfer of the personal data.

Data Subject Consent:
 Sobha Constructions L.L.C will obtain personal data only by lawful and fair means and, where appropriate with the knowledge and consent of the data subject concerned. Where a need exists to request and receive the consent of data subject prior to the collection, processing or disclosure of their personal data, Sobha Constructions L.L.C is committed to seeking such consent. The Data Protection Officer, in cooperation with other relevant business representatives, shall be responsible for establishing a system for obtaining and documenting data subject consent for the collection, processing, and/or transfer of their personal data.

Privacy Notices:
We will inform data subjects in writing whose personal data is collected about our identity/contact details and those of the Data Protection Officer, the type of data collected, the reasons for processing, and the legal bases, including explaining any automated decision making or profiling, explaining our legitimate interests, and explaining, where relevant, the consequences of not providing data needed for a contract or statutory requirement, whom we will share the data with, how long the data will be stored and the data subjects’ rights. This information will be communicated through Privacy Notice and will be given at the time when the personal data is collected.

Data Processing: We will only process personal data for the specific purposes explained in our Privacy Notice or for other purposes specifically permitted by law. We will not process personal data unless at least one of the following legal conditions are met:

• the processing is necessary for a contract with the data subject;
• the processing is necessary for us to comply with a legal obligation;
• the processing is necessary to protect someone’s life (“vital interests”);
• the processing is necessary for us to perform a task in the public interest, and the task has a clear basis in law; and
• the processing is necessary for our legitimate interests unless overridden by the interests, rights and freedoms of the data subject.

We will only process Special Categories of Data where the data subject expressly consents to such processing or where one of the following conditions apply:

• the processing is necessary for carrying out our obligations under employment and social security and social protection law;
• the processing is necessary for safeguarding the vital interests (in emergency, life or death situations) of an individual and the data subject is incapable of giving consent;
• the processing is carried out in the course of our legitimate activities and only relates to our members or persons we are in regular contact with in connection with our purposes; and
• the processing is necessary for pursuing legal claims.

Data Subject’s Rights: We will process personal data in line with data subject’s rights including their right to:

• request access to any of their personal data held by us (Subject Access Request);
• ask to have inaccurate personal data changed;
• restrict processing, in certain circumstances;
• object to processing, in certain circumstances, including preventing the use of their data for direct marketing;
• data portability, which means to receive their data, or some of their data, in a format that can be easily used by another person (including the data subject themselves) or organisation;
• not be subject to automated decisions, in certain circumstances; and
• withdraw consent when we are relying on consent to process their data.

We will act on all valid requests as soon as possible, and at the latest within one calendar month, unless we have reason to, and can lawfully extend the time-limit. This can be extended by up to two months in certain circumstances.
All data subject’s rights are provided free of charge provided any Subject Access Requests which are manifestly unfounded or excessive shall be provided on chargeable basis in accordance with applicable laws and regulations.
Any information provided to data subjects will be concise and transparent, using clear and plain language.

Direct marketing:
We will comply with the applicable laws and regulations including any laws which may amend or replace the laws and regulations around direct marketing. This includes, but is not limited to, when we make contact with data subjects by post, email, text message, social media messaging, telephone (both live and recorded calls) and fax.
Any direct marketing material that we send will identify us as the sender and if a data subject exercises their right to object to direct marketing, we will stop the direct marketing as soon as possible unless it is in our legitimate interests.

Third Party Data Processors:
We will only share personal data with third parties when we have a legal basis to do so and if we have informed the data subject about the possibility of the data being shared, unless legal exemptions apply to informing data subjects about the sharing. Only authorised and properly instructed staff are allowed to share personal data.
Before appointing a contractor/agent/supplier/service provider who will process personal data on our behalf, we will carry out necessary due diligence. The checks are to make sure the data processor will use appropriate technical and organisational measures to ensure the processing will comply with applicable laws and regulations, including keeping the data secure, and upholding the rights of data subjects.
We will only appoint third party data processors on the basis of a written contract that will require the data processor to comply with all relevant legal requirements. We will continue to monitor the data processing, and compliance with the contract, throughout the duration of the contract
We will keep records of personal data shared with a third party, which will include recording any exemptions which have been applied, and why they have been applied.

Data Retention:
We will not keep personal data longer than is necessary for the purposes that it was collected for including for the purposes of satisfying any legal, accounting, or reporting requirements. Information about how long we will keep personal data for can be found in our Data Retention Policy which may be obtained by contacting the Data Protection Officer.

Security of Personal Data:
We will use appropriate measures to keep personal data secure at all points of the processing. Keeping data secure includes protecting it from unauthorised or unlawful processing, or from accidental loss, destruction or damage. We limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know.
We will implement security measures which provide a level of security which is appropriate to the risks involved in the processing.
Measures may include:

• technical systems security;
• measures to restrict or minimise access to data;
• measures to ensure our systems and data remain available, or can be easily restored in the case of an incident;
• physical security of information and of our premises;
• organisational measures, including policies, procedures, training and audits; and
• regular testing and evaluating of the effectiveness of security measures.

Transferring personal data outside the European Union (EU):
We may transfer personal data outside EU. Whenever we transfer personal data out of the EU, we will ensure a similar degree of protection is afforded to it by ensuring that we use specific contracts or having robust policies which give personal data the same protection it has in EU.

Training and Guidance:
Our employees/staff that have access to personal data will have responsibilities under this policy outlined to them as part of their employee induction training program. In addition, Sobha Constructions L.L.C accessing personal data will provide regular data protection training and procedural guidance to its employees/staff.

 

SECTION C – MANAGING CHANGE AND RISKS

Data Protection Impact Assessments:
When we plan to carry out any data processing which is likely to result in a high risk, we will carry out a Data Protection Impact Assessment (DPIA). Any decision not to conduct a DPIA will be recorded. We may also conduct a DPIA in other cases when we consider it appropriate to do so.

Dealing with Data Protection Breaches:
Any individual who suspects that a personal data breach has occurred due to theft or unauthorized disclosure of personal data must immediately notify the DPO providing a description of the incident. Notification of the incident can be made via e-mail to the DPO. The DPO will investigate all reported incidents to confirm whether or not a personal data breach has occurred. If a personal data breach is confirmed, the DPO will follow the relevant authorised procedure based on the criticality and quantity of the personal data involved. For severe personal data breaches, Sobha Construction’s executive team will initiate and chair an emergency response team to coordinate and manage the personal data breach response.

Recommendations, Advice and Support:
For any recommendations, advice and support in relation to this policy, please contact the DPO via email at [email protected]. 

 

 

SCHEDULE 1 – DEFINITIONS AND USEFUL TERMS

The following terms are used throughout this policy and have meanings as set out below:

• Data Controller means any person, company, authority or other body who (or which) determines the means for processing personal data and the purposes for which it is processed. The data controller is responsible for the personal data which is processed and the way in which it is processed. We are the data controller of data which we process.
• Data Processors include any individuals or organisations which process personal data on our behalf and on our instructions. This definition will include our entities within Sobha Constructions L.L.C, employees who may be data subjects.
• Data Protection Officer an expert on data privacy who works independently to ensure that data control and processor is adhering to the applicable laws and regulations including policies and procedures in relation to data protection.
• Data Subjects include all living identifiable individuals who we hold or otherwise process personal data about.
• Personal Data means any information relating to a natural person (living person) who is either identified or is identifiable. A natural person must be an individual and cannot be a company or a public body. Representatives of companies or public bodies would, however, be natural persons.
Personal data is limited to information about living individuals and does not cover deceased people. Personal data can be factual (for example, a name, address or date of birth) or it can be an opinion about that person, their actions and behaviour.
• Privacy Notice means the information given to data subjects which explains how we process their data and for what purposes.
• Special Categories of Personal Data include information about a person’s:
  1. Racial or ethnic origin;
  2. Political opinions;
  3. Religious or similar beliefs;
  4. Trade union membership;
  5. Health (including physical and mental health, and the provision of health care services);
  6. Genetic data;
  7. Biometric data;
  8. Sexual life and sexual orientation.