Back to Home
Our Commitment to Data Protection
InveGlobe is committed to protecting your personal data and respecting your privacy rights. We implement appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of your personal information in accordance with applicable data protection laws.
1. Data Protection Overview
Data protection is fundamental to our business operations and customer relationships. We recognize that personal data is one of your most valuable assets and treat it with appropriate care and security measures.
1.1 Our Data Protection Principles
- Lawfulness and Fairness: We process data lawfully, fairly, and transparently
- Purpose Limitation: Data is collected for specific, legitimate purposes
- Data Minimization: We collect only necessary and relevant data
- Accuracy: We maintain accurate and up-to-date information
- Storage Limitation: Data is retained only as long as necessary
- Security: Appropriate technical and organizational measures protect data
- Accountability: We demonstrate compliance with data protection principles
1.2 Scope of Data Protection
This data protection framework applies to:
- All personal data processed by InveGlobe
- Website visitors and mobile app users
- Customers and prospective customers
- Property owners and developers
- Business partners and service providers
2. Legal Framework and Compliance
2.1 Applicable Laws and Regulations
Our data protection practices strive to comply with applicable laws including:
| Regulation |
Jurisdiction |
Application |
Key Requirements |
| UAE Federal Law No. 45 of 2021 |
United Arab Emirates |
Local data protection requirements |
Consent, data subject rights, security |
| GDPR |
European Union |
EU residents |
Consent, data portability, rights |
| Other Applicable Laws |
Various |
As applicable to users |
Regional privacy requirements |
2.2 Compliance Approach
We maintain compliance through:
- Privacy by Design: Incorporating privacy considerations into system development
- Regular Review: Periodic assessment of data protection practices
- Policy Updates: Regular review and update of policies and procedures
- Best Practices: Following industry standards and guidelines
3. Data Collection Practices
3.1 Types of Personal Data Collected
| Data Category |
Examples |
Collection Method |
Legal Basis |
| Identity Data |
Name, email address |
Registration forms |
Consent, contract |
| Contact Data |
Email, phone, address |
Contact forms, direct communication |
Consent, legitimate interest |
| Property Preferences |
Budget, location, property type |
Search filters, saved preferences |
Legitimate interest |
| Technical Data |
IP address, browser, device info |
Automatic collection |
Legitimate interest |
| Usage Data |
Page views, search history |
Website analytics |
Consent, legitimate interest |
3.2 Data Collection Methods
- Direct Collection: Forms, surveys, direct communication
- Automated Collection: Cookies, analytics (with consent)
- Third-Party Sources: Only when legally permitted
3.3 Special Categories of Data
Sensitive Personal Data
We generally do not collect special categories of personal data. If collection becomes necessary for specific services, we will:
- Obtain explicit consent where required
- Implement enhanced security measures
- Limit processing to necessary purposes only
- Provide clear information about the processing
4. Data Processing and Use
4.1 Purposes of Processing
We process personal data for the following purposes:
Primary Business Purposes
- Property search and recommendations
- User account management
- Customer service and support
- Service delivery and functionality
Secondary Purposes
- Service improvement and development
- Analytics and usage insights
- Communication (with consent)
- Security and fraud prevention
4.2 Legal Basis for Processing
| Legal Basis |
Description |
Examples of Use |
Data Subject Rights |
| Consent |
Freely given, specific agreement |
Marketing emails, analytics cookies |
Withdraw consent anytime |
| Contract |
Necessary for service provision |
Account management, service delivery |
Access, rectification, portability |
| Legitimate Interest |
Necessary for business operations |
Security, service improvement |
Object to processing |
4.3 Automated Processing
We may use basic automated processing for:
- Property Recommendations: Basic matching based on preferences
- Search Results: Filtering and sorting based on criteria
- Basic Analytics: Understanding usage patterns
Your Rights Regarding Automated Processing
You have the right to:
- Understand how automated processing affects you
- Request information about the logic involved
- Contact us with concerns about automated decisions
5. Data Security Measures
Security Framework
We implement appropriate security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
5.1 Technical Security Measures
Data Protection
- Encryption: HTTPS/TLS for data transmission
- Secure Hosting: Reputable cloud providers
- Database Security: Protected database access
- Regular Updates: Security patches and updates
Access Controls
- Authentication: Secure login systems
- Access Limitation: Need-to-know basis
- Session Security: Secure session management
- Monitoring: Basic access logging
5.2 Organizational Security Measures
- Data Minimization: Collecting only necessary data
- Regular Backups: Secure data backup procedures
- Incident Response: Procedures for security incidents
- Vendor Due Diligence: Careful selection of service providers
5.3 Security Standards
Our security approach follows:
- Industry best practices
- GDPR technical and organizational requirements
- Standard web application security measures
- Regular security assessments and improvements
6. Data Retention and Deletion
6.1 Retention Principles
We retain personal data only for as long as necessary to:
- Fulfill the purposes for which it was collected
- Comply with legal requirements
- Resolve disputes and provide support
- Maintain service functionality
6.2 Retention Periods by Data Type
| Data Category |
Retention Period |
Legal Basis |
Deletion Triggers |
| Account Information |
Account lifetime + 2 years |
Contract, legitimate interest |
Account closure request |
| Communication Records |
3 years from last contact |
Legitimate interest |
Support completion |
| Marketing Data |
Until consent withdrawal |
Consent |
Opt-out, inactivity |
| Website Analytics |
26 months maximum |
Legitimate interest |
Automatic expiry |
| Technical Logs |
12 months |
Legitimate interest |
Security/maintenance needs |
6.3 Data Deletion Process
Data Disposal
When data reaches the end of its retention period:
- Secure Deletion: Data is securely deleted from systems
- Backup Removal: Data removed from backup systems
- Third-Party Services: Data deletion requests to service providers
- Verification: Confirmation of complete removal where possible
7. Your Data Rights
Data Subject Rights
Under applicable data protection laws, you have rights regarding your personal data. We are committed to facilitating the exercise of these rights within our technical capabilities.
7.1 Right of Access
You have the right to:
- Obtain confirmation of whether we process your personal data
- Access your personal data and receive a copy
- Receive information about processing purposes
- Know the retention period for your data
7.2 Right to Rectification
You can request correction of:
- Inaccurate personal data
- Incomplete personal data
- Outdated information
7.3 Right to Erasure
You may request deletion when:
- Personal data is no longer necessary for original purposes
- You withdraw consent and no other legal basis exists
- You object to processing and we have no overriding legitimate grounds
7.4 Right to Restrict Processing
You can request limitation of processing when:
- You contest the accuracy of the data
- Processing is unlawful but you prefer restriction over erasure
- You object to processing pending verification
7.5 Right to Data Portability
For data processed based on consent or contract, you can:
- Receive your data in a structured format
- Request transfer to another service provider
7.6 Right to Object
You may object to processing based on:
- Legitimate interests
- Direct marketing purposes
8. International Data Transfers
8.1 Transfer Locations
Your personal data may be processed in:
- UAE: Primary data processing location
- Cloud Providers: Reputable international cloud services
- Service Providers: Third-party services we use
8.2 Transfer Safeguards
When transferring data internationally, we ensure:
- Adequate Protection: Use of providers with appropriate safeguards
- Contractual Protections: Data protection clauses in agreements
- Security Measures: Technical and organizational protections
9. Data Breach Procedures
Incident Response
We maintain procedures to identify, respond to, and manage data breaches to minimize impact on individuals.
9.1 Breach Detection and Response
Our incident response process includes:
- Detection: Monitoring for security incidents
- Assessment: Evaluation of breach scope and impact
- Containment: Steps to limit breach scope
- Investigation: Analysis of causes and extent
- Remediation: Corrective actions and improvements
9.2 Notification Procedures
In case of a breach likely to result in high risk to individuals:
- Regulatory Notification: Report to relevant authorities as required by law
- Individual Notification: Inform affected individuals without undue delay
- Clear Communication: Provide information about the breach and protective measures
9.3 Prevention Measures
We work to prevent breaches through:
- Regular security updates and patches
- Monitoring for suspicious activities
- Secure coding practices
- Regular data backup procedures
10. Complaints and Enforcement
10.1 Internal Complaint Process
If you have concerns about our data processing:
- Contact Us: Email your concerns to our support team
- Investigation: We will investigate your complaint promptly
- Response: Written response within 30 days where possible
- Resolution: Work with you to resolve the issue
10.2 Regulatory Complaints
You have the right to lodge complaints with data protection authorities in your jurisdiction, including:
UAE Residents
Contact the relevant UAE data protection authority or regulatory body as established under applicable law.
EU Residents
Contact your local Data Protection Authority or visit ec.europa.eu for contact information.
10.3 Judicial Remedies
You may seek judicial remedies for:
- Violations of data protection rights
- Damages resulting from unlawful processing
- Non-compliance with your rights requests