Terms of use

Set of Data Covered

The Company’s Data Protection Policy applies to all sets of personal data currently held or handled by the companies or to be obtained in the future, which includes the following:

Personal Data

The personal data will cover the information relating to a person (also known as “Data Subject”) who is or can be identified, directly or indirectly, by reference to any of the following parameters:

Data Protection

Processing personal data means any operations performed about personal data, such as collecting, recording, evaluating and organizing, altering, and transmitting to third- party for compliance or providing the agreed services, including data retention, deletion, or destruction.

Key Principles for Data Protection

The Company firmly commits to preserving privacy and upholding the data protection rights of the employees, customers, suppliers, and other stakeholders. The Company’s approach to processing personal data is guided by principles that align closely with the data protection guidelines and the ADGM’s Data Protection Regulations. The Company shall adhere to the following core principles of data protection:

Fairness And Lawfulness Processing:

Processing personal data means any operations performed about personal data, such as collecting, recording, evaluating and organizing, altering, and transmitting to third- party for compliance or providing the agreed services, including data retention, deletion, or destruction.

Purpose Limitation:

Collecting personal data is always for specific, explicit, and legitimate purposes, as intimated to the data subject before obtaining the data. The companies shall not indulge in any further processing of the data inconsistent with the pre-determined purpose.

Adequate Data Collection:

The company collects the necessary and relevant personal data required for the intended processing purposes, strictly following the data collection process, with periodic review of the data obtained and processed.

Accuracy And Timeliness:

Ensuring the accuracy of the personal data is of paramount significance. Any inaccuracies in the data are promptly addressed. Further, any expiry of the information is immediately discussed with the data subject, and valid data is obtained to ensure the data’s relevance and regulatory compliance.

The companies must take necessary measures to ensure that the inaccuracy or incompleteness of the data is corrected, updated, or deleted.

Transparency:

The company shall ensure that the personal data is directly obtained from the data subject in compliance with the regulatory requirements.. Further, the data subject shall be informed about the purpose for which the data is collected and how the same will be handled. The companies shall clarify the data subject about the possible data transfer to a third party and the reason thereof.

Data Retention and Deletion:

The company shall retain the personal data for such period as necessary to fulfill the regulatory data processing requirements. Any historical data with no more use or significance for compliance shall be handled optimally using the following methods:

The company shall maintain a transparent data inventory aligned with the purpose and data maintenance duration.

Data Security:

The companies shall ensure the security of all personal data, which shall be handled with confidentiality. These measures aim to prevent any unauthorized or unlawful processing and accidental loss or destruction of the data.

The company is dedicated to conducting responsible and ethical personal data processing practices by adhering unwaveringly to these principles.

Rights of Data Subjects and Handling the Data Requests

The Company aims to ensure that individuals know that their data is being processed and how it is being used.
All the persons whose personal data has been obtained, processed, or handled by the Company are entitled to the following:

Providing The Information To Data Subject

The data subjects can request personal data or any related information by addressing an email to the Data Protection Officer at https://oplusrealty.com/contact-us

The Data Protection Officer shall verify the data access request against the requestor’s valid identity document before allowing access to personal data.

The Company shall ensure that the person’s request for data access is handled promptly.

The Company understands the need to protect the data subject’s rights and follow clear rules regarding communicating with individuals about their personal data.

Transmission of Personal Data

Transmission of personal data to the Company’s internal stakeholders or the third party (data recipients) is subject to the data

subject’s voluntary consent, authorizing the processing of the personal data.

The companies shall enter into a Service Level Agreement with such data recipients binding them to use the personal data only for the defined purposes. Further, the third-party recipient shall be subject to strict compliance with the data protection standards of this Policy.

Such agreement shall not be required when the transmission data request is from the regulatory authorities governing the data subject or any of the companies. This policy permits the Company to disclose the personal data of the individuals, based on a legal obligation, to law enforcement agencies, without the data subject’s consent. The Company’s Data Protection Officer shall authorize such data transmission after validating the legitimacy of the legal request for personal data.

Data Retention

The Company will keep the personal data records organized along with the log of the purpose for which such data has been used or is expected to be used for a minimum of six (6) years.

Violation and Reporting

The Company shall not tolerate non-compliance with the data protection principles laid down in this policy, and an appropriate investigation shall be launched against the concerned parties.

Depending on the seriousness of the violation and the impact it has caused, the Company shall suspend the employment arrangement with the internal personnel or terminate the business relationship with the stakeholder.

 

The Company encourages its staff and external stakeholders to report any suspected non-compliance with the data protection requirements involving any companies’ employees, customers, suppliers, third parties, or business associates. Such matter must be immediately escalated to the Group’s Data Protection Officer by:

Writing an email at https://oplusrealty.com/contact-us

Compare listings

Compare