Privacy Policy of Dinar Property Management
An important piece of information to note initially:
In accordance with Article 7(3) of the GDPR (2016) which states “The data subject shall have the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal.” The user can, at any time in whole or part, revoke your consent as well as any other settings you set when visiting our website https://dinarproperties.ae and all its associated subpages (hereinafter referred to collectively as our “Website”). Likewise, Cookie related data is collected via “CookieYes” DINAR consent management platform (hereinafter referred to as the “CMP Tool”). Information, in this context, on the use of cookies and other tracking technologies (“trackers”) as well as the processing of personal data in that regard, the consent therein and possible revocation can be found in our “Cookie Policy”.
This Privacy Policy is valid from 2nd of September 2023.
I. Responsible entity (“Controller”) and your rights as the data subject
1. Responsible entity
Dinar Property Management (hereinafter also referred to as “Dinar property management”, “DINAR”, “we” or “us”) is responsible for the data processing governed by this Privacy Policy. As per Article 4(7) of the GDPR which defines responsible entity as “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.” Dinar may be construed as a responsible entity. Dinar acts in compliance with Article 13(1)(a) and Article 14(1)(a) of GDPR which requires the data controller to provide the data subject with certain information at the time the data is obtained.
Please note:
According to Article 28 of the GDPR, a licensee is to qualify as a third party data processor that processes personal data on behalf of the primary controller. The responsibility for the data processing, respectively in connection with the company web presences of the licence partners of Dinar Property Management (hereinafter the “Company web presences”) which can also be accessed via our Website rests with named licensees. They are, in this context, responsible for data processing such as contact enquiries and, in particular, for data processing in connection with the search or sale/rental and valuation of properties. This adheres to Article 6(1)(b) of the GDPR. This article allows controllers to process personal data if it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. In the context of third party licensees, this could mean that a controller could transfer personal data to a licensee if the licensee is providing a service or serves a function of utility to the data subject. This likewise falls under Article 6(1)(f): This article allows controllers to process personal data if it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party which in the given instance would be pertaining to provision of sale/rental and valuation of properties.
The current overview of these licence partners can be found on the DINAR website.
2. Data Protection Officer
In accordance with Article 28 of the GDPR, appointment of Data Protection Officer may be required if sensitive information is obtained, however DINAR does not collect any data that may befall under the “sensitive” category.
3. Your rights as a data subject
The concept of a ‘data subject’ and the associated rights are primarily defined in the General Data Protection Regulation (GDPR), specifically in Article 4(1) for the definition and Articles 12-23 for the rights of data subjects. You may exercise your data protection rights against Dinar Property Managment insofar as the company is responsible for data processing in connection with our website. DINAR adheres to such an agreement.
You have the following data subject rights as per Articles 12-23 of GDPR:
You have the right to information about the processing of your personal data (for example, the origin of this data, the purpose of processing, and the modalities of data processing) as is underscored in Article 12. Furthermore, under certain conditions, you are entitled to object to the future processing of your data, as well as the right to restrict the use or the deletion of said data as outlined in Articles 17, 16 and 21 pertaining to conditional erasure rights. Finally, you may at any time stop the sending of advertising material or the execution of market research or commercial communications as established in Article 21(2) which states: “Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.” Likewise, DINAR obeys Article 13 of the Privacy Directive (2002/58/EC) which expresses the use of electronic contact details for the purposes of direct marketing to solely be allowed in respect to subscribers or users who have given their prior consent.
In summary, you have a right to:
- Information, (as per Article 12)
- Correction, (as per Article 16)
- Deletion (or request to be forgotten), (as per Article 17)
- Restriction of processing, (as per Article 18)
- Data portability, (as per Article 20)
- Object to the processing of your personal data, (as per Article 21)
- Complaint to supervisory authorities. (as per Article 77(1))
In addition, you have the right, at any time, to object to the processing of your personal data for direct marketing purposes. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes as per adherence to Article 21(2) and 21(3) of the GDPR which state: “Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.”
According to Art. 7 III of the EU General Data Protection Regulation (hereinafter “GDPR”), you may at any time revoke your initial consent towards us. Once the consent is revoked we will no longer continue to process the data. The definition of “consent” in the General Data Protection Regulation (GDPR) is found in Article 4(11). It reads: “Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” This in turn signifies that for consent to be construed valid under GDPR, it must be freely given, clear, specific, and informed.
Please note that your right to the deletion of your data is subject to certain restrictions. For example, we do not have to or are not allowed to delete data that we are required to retain due to legal retention periods. Data that we need to assert, exercise or defend due to legal claims are also excluded from your right of deletion. The aforementioned restrictions to this right are enshrined in Article 17(3) of the GDPR. The regulation states that the right to deletion does not apply if processing is necessary for one of the following reasons:
- To exercise the right of freedom of expression and information.
- For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing.
- For the establishment, exercise or defense of legal claims.
- If you have a complaint about the way we process your data, you have the recourse to a supervisory authority, in particular in the member state of your residence, workplace or the place of the alleged breach as protected by Article 77 of the GDPR which states “Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.”
We reserve the right to disclose information about you if we are required to do so by law enforcement bodies or other lawful authorities. Legal basis: Art. 6 I sentence 1 lit. c GDPR (legal obligation) which likewise encompasses the following statement “processing is necessary for compliance with a legal obligation to which the controller is subject.” This denotes legal freedom of disclosure under scenarios of external legal obligation pertaining to law enforcement.
II. Collection and processing of personal data when visiting our Website
Article 15 of the General Data Protection Regulation (GDPR) stipulates the right of access and specifies that data subjects have the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Furthermore, the controller shall provide a copy of the personal data, free of charge, in an electronic format. This implies that the data controller needs to disclose which data of the individual data subject is being processed.
1. What data do we process from you (hereinafter referred to as “you” or “user”)?
When you use our Website, we process personal data, in particular:
- The e-mail address, first name, last name, title, address, telephone number, property data, participation in events and webinars, hereinafter referred to as “data” or “personal data”, provided to us by you in the event that you use individual services offered by DINAR via our Website (e.g. in the context of contact enquiries, newsletter mailings, webinars as well as the market price determination of properties); mandatory fields are marked with an “asterisk”; (DINAR Offers full transparency in the types collected data as per Article 15, Article 14 and Article 13(1) of the GDPR) (*For reference only – Article 14 is the most prominent one as it stipulates that the controller must provide the data subject with information about the origin of the data, the categories of personal data concerned, and the purpose of the processing, among other details.)
- Personal data (also hereinafter referred to as “user data”) transmitted by the user’s internet browser each time they access the Website and stored as part of log files, also known as server log files. This data includes: the IP address (Internet Protocol address) of the accessing computer; the name of the accessed page; date and time of access; URL from which the user accesses the page; the volume of data transmitted; status message for successful access; session ID number; (For reference only – The General Data Protection Regulation doesn’t explicitly mention “server log files” or “IP Address” in its text. However, they would be covered under the broad categories of personal data that GDPR seeks to protect. This falls under the scope of Article 4(1), which defines personal data as any information relating to an identified or identifiable natural person, and Article 5(1), which discusses the principles of data processing, including lawfulness, fairness, transparency, data minimization, accuracy, storage limitation, integrity, and confidentiality. Likewise, article 4(1) does introduce the broad concept of online identifiers which may be applied in the context of the use of electronic communications services.)
- Personal data in the form of location data (GPS data, so-called “Locate Me” function), which is transmitted by your Internet browser each time you have activated this setting on the browser by default or application-based. This analogously falls under the framework of article 4(1) which defines personal data as any information relating to an identified or identifiable natural person.
- (For reference – The GDPR does not mention GPS data, but it’s understood to include any information that can identify an individual either directly or indirectly. This includes location data, which would cover GPS. This means collection and utilization of the GPS data needs to comply with all relevant GDPR provisions. This may include obtaining the individual’s consent before collecting this data (as per Article 7), providing clear information about how this data will be used (Articles 13 and 14), and ensuring appropriate security measures are in place to protect the data (Article 32). The individual also has the right to access, correct, and delete this data, and to object to its processing (Articles 15-21).
2. Purpose of the processing
(GDPR) makes it compulsory for organizations to state the purpose of data collection in Article 13(1)(a) and Article 14(1)(a). These articles state that organizations must provide data subjects with clear and concise information about the purposes for which their personal data is being collected and processed. This information must be provided at the time when the personal data is collected, or at the latest within a reasonable period of time after the data is collected. In addition, the principle of ‘purpose limitation’ in Article 5(1)(b) also underlines the need for clear purposes, stating that personal data must be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.” DINAR thus adheres to the aforementioned statutory provisions by vividly stating the purpose of data collection.
We process the personal data of the users of our Website (https://dinarproperties.ae) for the following purposes:
- Provision of online offers for own and third-party advertising (legal basis is the legitimate interest of PSI in marketing its own services as well as the services of the companies of the PSI as described above); This explicitly follows article Article 6(1)(f) of the GDPR which states “Processing is lawful only if and to the extent that at least one of the following applies:… the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.” Marketing thus is to fall under the category of “legitimate interest” without overriding data subject interests. This is further reinforced by Recital 47 of the GDPR which mentions “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.”
- Fulfilment of user contact requests to the Property Shop Investment (legal basis is the fulfilment of the contract as well as in the event of the user data being passed on, your consent or the legitimate interest of PSI to pass on contact or service requests within the PSI Group to the relevant (licence partner) company of this PSI which is responsible in terms of expertise and/or geographical location;
- If applicable, for the purpose of fulfilment of a valuation request of the property as described by the user, as well as the implied interest in the sale of the property as submitted by the valuation request This represents a legitimate interest and contract fulfillment, which are legal bases for processing personal data under Article 6(1)(b) (Contract) and Article 6(1)(f) (Legitimate Interests). In this case, the legitimate interest would be for Property Shop Investment, UAE to market its services to the data subject. (The legal basis is (a) the fulfilment of the contract as well as, (b) your consent in the event that we need to share your contact data with (i) a suitable licence partner of the PSI Group based on expertise or geographical location This falls under Article 6(1)(a). This article sets out the legal basis for processing personal data based on the data subject’s consent. In this case, the consent would be for Property Shop Investment, UAE to share the data subject’s contact data with its license partners or the company technically implementing the evaluation. (for the definition, please see section 3 below)) or (ii) to the company technically implementing the evaluation and (c) the legitimate interest in marketing our services or your consent in the case of the use of your contact data for direct marketing); This likewise refers back to Article 6(1)(f) (Legitimate Interests) for the company’s marketing activities. Direct marketing also specifically refers to Article 21(2), which gives individuals the right to object to the processing of their personal data for direct marketing purposes at any time.
- The organisation of webinars (legal basis is the fulfilment of the contract by PSI and, in case your contact details are passed on to the lecturer, your consent); Contract fulfilment can be justified under Article 6(1)(b) which allows for the processing of personal data when it is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract. If the individual’s contact details are passed on to the lecturer, it is required to have their consent. This falls under Article 6(1)(a), which permits the processing of personal data given the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- The organisation of webinars (legal basis is the fulfilment of the contract by PSI and, in case your contact details are passed on to the lecturer, your consent); Contract fulfilment can be justified under Article 6(1)(b) which allows for the processing of personal data when it is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract. If the individual’s contact details are passed on to the lecturer, it is required to have their consent. This falls under Article 6(1)(a), which permits the processing of personal data given the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- Sending out an e-mail newsletter by PSI or the Property Shop Investment Group containing our offers as well as self and third-party advertising to the extent permitted by law or based on the consent given (the legal basis is either your consent or PSI´s legitimate interest in direct marketing, as long as the marketing is carried out in compliance with data protection and competition law requirements of the applicable national regulations); This is covered under Article 6(1)(f), which states that data processing is lawful if it’s necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Article 6(1)(a) is also applied where consent to data processing constitutes lawfulness.
- For the optimisation and operability of the Website (legal basis is the legitimate interest of PSI to constantly improve the quality of the Website and to ensure ease of use); The processing of personal data for the optimization and operability of the website can be considered as a legitimate interest of the company. This is covered under Article 6(1)(f) of the GDPR, which states that processing is lawful if it is necessary for the purposes of the legitimate interests pursued by the controller. No overriding interests are to be construed on such basis.
- For the optimisation and operability of the Website (legal basis is the legitimate interest of PSI to constantly improve the quality of the Website and to ensure ease of use); The processing of personal data for the optimization and operability of the website can be considered as a legitimate interest of the company. This is covered under Article 6(1)(f) of the GDPR, which states that processing is lawful if it is necessary for the purposes of the legitimate interests pursued by the controller. No overriding interests are to be construed on such basis.
- For the optimisation and operability of the Website (legal basis is the legitimate interest of PSI to constantly improve the quality of the Website and to ensure ease of use); The processing of personal data for the optimization and operability of the website can be considered as a legitimate interest of the company. This is covered under Article 6(1)(f) of the GDPR, which states that processing is lawful if it is necessary for the purposes of the legitimate interests pursued by the controller. No overriding interests are to be construed on such basis.
For the purposes of processing in connection with cookies and other tracking technologies, please refer to our Cookie Policy.
In summary: The legal basis for the processing of your personal data is Art. 6 I sentence 1 lit. a GDPR if the processing is based on consent, Art. 6 I sentence 1 lit. b GDPR if the processing is based on a (possibly pre-contractual) contractual relationship Art. 6 I sentence 1 lit. f GDPR if the processing is based on the legitimate interest of DINAR. If the processing of personal data is necessary to comply with a legal obligation to which Dinar Property Management is subject, Article 6 I sentence 1 lit. c GDPR is the relevant legal basis.
If the legal basis is your consent, you are entitled to revoke your consent at any time without affecting the lawfulness of the processing of your personal data carried out based on the consent until revocation. If the legal basis is the legitimate interest, you are also generally entitled to object to the processing of personal data relating to you at any time for reasons arising from your particular situation. In this respect, Art. 21 GDPR applies.
3. Disclosure of your personal data
Article 13(1)(e) and Article 14(1)(e) of the GDPR require the data controller to provide information about the recipients or categories of recipients of the personal data, if any. In cases where it’s not practical to list each recipient individually, the GDPR allows for categories of recipients to be indicated. Likewise, Article 30(1)(d), which requires controllers to keep a record of the categories of recipients to whom personal data have been or will be disclosed. This record must be kept for at least 5 years after the end of the processing activities. Due to the scale and complexity of data processing by DINAR , it is not possible to list each recipient of your personal data individually in this data protection policy, which is why, as a rule, only categories of recipients are indicated.
Within DINAR , your data will be require the data to fulfil our contractual and legal obligations and to pursue legitimate interests in the context of this Website service or based on your consent. This carry out the valuation of properties or that send out newsletters. Article 6(1)(f) allows processing if it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Article 13(1)(e) and Article 14(1)(e) specify that the data controller should inform the data subject about the recipients or categories of recipients of the personal data. DINAR thus adheres to this.
In addition, as a general principle, we will only pass on your personal data to third parties (i.e. companies that do not belong to the DINAR if this is necessary for the fulfilment of the contract (Article 6(1)(b) of the GDPR, which permits data processing when necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.), If we or the third party have a legitimate interest in the transfer, if there is a legal obligation or if you have given your consent (as per Article 6(1)(f) of the GDPR, which allows data processing for the purposes of the legitimate interests pursued by the data controller or by a third party), If your data is transferred to third parties based on legitimate interest, this will be explained in this Privacy Policy. Third parties to whom we may disclose your personal data, irrespective of our performance, include external advisors (e.g. lawyers and accountants), public authorities within their jurisdiction to comply with legal obligations and/or to protect our rights (e.g. tax authorities, police, prosecutors, courts) (Article 13(1)(e) and Article 14(1)(e), which stipulate that the data controller should inform the data subject about the recipients or categories of recipients of the personal data.), potential purchasers or acquirers of all or part of our assets and/or activities, and other third parties where you instruct us to disclose data or give your consent as per Article 6(1)(a). The mention of potential purchasers or acquirers of assets is covered under Recital 48, which acknowledges that controllers may have a legitimate interest in transmitting personal data within a group of undertakings for internal administrative purposes, including the processing of clients’ or employees’ personal data.
In summary:
DINAR will transmit the personal data you have entered to the respective company based on a so-called legitimate interest within the DINAR as per Article 6(1)(f) pertaining to the concept of legitimate interest validation for the data controller and third parties.
If, on the other hand, your contact request concerns offers from other companies of the DINAR (i.e. our licence partners), we will pass on your personal data from the DINAR group of companies with your prior consent as is covered under Article 6(1)(a) which states that processing is lawful if “the data subject has given consent to the processing of his or her personal data for one or more specific purposes.” Furthermore, Article 7 of the GDPR provides conditions for consent. It states that the request for consent must be presented in a manner which is clearly distinguishable from other matters, in an intelligible and easily accessible form, using clear and plain language.
4. Transfer of data to non-EEA countries
In addition to the above paragraph “Disclosure of your personal data”, the following applies:
Recipients of personal data may be located outside the EEA/UK. Where personal data is transferred to locations outside the EEA/UK, we will ensure, as required by law, that your data protection rights are adequately protected, either because the European Commission has decided that the country to which personal data is transferred ensures an adequate level of protection (Art. 45 GDPR) or the transfer is subject to adequate safeguards (e.g. standard contractual clauses) as agreed by the European Union and the recipient of the data (Art. 46 GDPR) unless the GDPR provides for an exception (Art. 49 GDPR). Furthermore, where necessary, we intend to agree to additional measures with recipients to ensure an adequate level of data protection.
Under Article 30, organizations are required to maintain a record of processing activities, which could include these safeguards. Also, Article 12 mandates that the controller takes appropriate measures to provide any information referred to in Articles 13 and 14 and the communications under Articles 15 to 22 and 34 relating to processing, in a concise, transparent, intelligible, and easily accessible form, using clear and plain language. Copies of the adequate safeguards (where we rely on them) and a list of recipients outside the EEA/UK are available on request. Please note that these copies may be redacted to the necessary extent to protect trade secrets or other confidential information as per the broader scope of the Trade Secrets Directive (EU) 2016/943.
5. Storage and deletion of your data
Dinar Property Management will retain your personal data for the time necessary to achieve the purposes for which data is collected, including any retention period required by the applicable law (e.g. retention of accounting records). The handling of data retention periods in GDPR is covered by Article 5(1)(e) which states that personal data shall be: ‘kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’).’
6. Tracking Pixels and Analytics Tools
Information Collection via Tracking Technologies
We prioritize your privacy and believe in transparency. As part of our commitment to upholding these principles, we’re providing details on the tracking technologies implemented on our platform and how they interact with your personal data.
Google Analytics: We utilize Google Analytics to better understand user interaction with our website. While it sets cookies on your browser or mobile device, it does not directly collect personally identifiable information without your explicit consent. Instead, it helps us analyze the behavior of visitors to our website.
Facebook Pixel: To measure the effectiveness of our Facebook advertisements, we employ the Facebook Pixel. This tool collects data related to actions undertaken on our website resulting from our Facebook advertising.
Snapchat Pixel: Through the Snapchat Pixel, we measure the performance of our advertisements on Snapchat. It provides insights into user interactions originating from our Snapchat ads.
Google Ads Pixel: The Google Ads Pixel aids us in evaluating and optimizing our advertising campaigns on the Google Ads platform. It gathers data pertaining to your interactions with both our ads and website.
TikTok Pixel: To gauge the efficiency of our TikTok ads, we’ve implemented the TikTok Pixel. This tool gathers data on user engagements stemming from our TikTok advertisements.
Yandex Metrica: This tool provides analytics about our website’s user traffic. While Yandex Metrica uses cookies to collect certain data, it does not capture personally identifiable information without your direct permission.
VK Pixel: With the VK Pixel, we monitor the success rate of our VK ads. This technology captures data on how VK platform users interact with our site post-engagement with our advertisements.
Microsoft Clarity: This tool offers insights into user behavior, assisting in enhancing our website’s user experience. It collects data on interactions such as clicks, mouse movements, and scrolling actions.
