Privacy Policy

What data shall be collected?

The Company collects contact information, names, financial details, employment data, and Know Your Customer (KYC)-related information.

The collection of personal information would be through direct communication with the concerned person.

The collected information includes the following type of personal data:
Personal details such as name, correspondence addresses, telephone numbers, email addresses,
Other identifiers like date and place of birth, gender, nationality,
Names and titles of owners, directors, shareholders, beneficiaries, counterparties, or similar individuals,
Bank account details, including Debit/Credit Card information necessary to conclude the transaction,
Taxation-related information,
Income/salary, occupation/employment,
Specimen signature, copy of Passport or Emirates ID or other similar documents,
Copy of address proof – such as Utility Bill,
Other information required for compliance (to conduct the Customer Due Diligence) with the provisions of Anti-Money
Laundering (AML), and
Any other details or documents necessary to establish a business relationship or successfully provide the agreed services.

The Company is committed to ensuring that the personal details, including information related to credit/debit card information, are not stored, sold, shared, rented, or leased to any third parties unless required to complete the engagement. The Company takes appropriate steps to ensure data privacy and security, including through various hardware and software methodologies. However, the Company cannot guarantee the security of any information that is disclosed online over any of the companies’ websites.

When the person visits and inquires about services offered by the Company on any of the company’s websites, information like name, contact details, name of the associated organization, location, email address, etc., may be requested.

How the data shall be used?

The Company shall collect personal data in connection with providing our services and conducting our normal business operations and/or communications to invite you to our event or share relevant information.

The Company may hold information about the following:
The person is a client, a representative of a client, or the beneficial owner of a client.
The person is a party or the representative of a party in a matter on which we are advising a client.
Where the company must process personal data per the regulatory requirements, such as Anti-Money Laundering laws.
When the person is the supplier to any companies, providing any goods or services, including a representative of a company that provides services.
When the person is the supplier to any companies, providing any goods or services, including a representative of a company that provides services.
The person who has attended our seminars, webinars, or events or has subscribed to receive our newsletter updates.
Current employee, past employee, and the prospect who has applied for employment with any of the Company companies, including the shareholders and senior management.
Where the person has met any of the employees of the companies and exchanged business cards or contact details under a professional setup.
Legal basis for using the data

The Company processes the data for legitimate interests, legal compliance, and protection, but with the data subject’s consent where necessary. As required, personal information shall be processed to advance the Company’s legitimate business interests and other objectives.

These objectives encompass the followingpurposes:
Managing, overseeing, and enhancing business relationships, including business development and analysis activities.
Establishing, exercising, or safeguarding legal claims and rights and protecting and enforcing the Company’s rights, assets, and safety.
Communicating with you, either directly or through one of our partners, including for customer service, to provide you with updates and other information relating to the website, and for marketing and promotional purposes.
Investigating, responding to, and resolving grievances or incidents related to the business, upholding service quality, and training the personnel.
Personal data may be processed to adhere to laws and regulations. This may include collaborating with and responding to requests from the government, regulatory bodies, or other relevant parties and reporting transactions or activities to these entities.
Monitoring and analyzing the use of services and products for risk assessment and control, including detecting, preventing, and investigating fraud.
Executing compliance actions such as AML measures (KYC and Customer Due Diligence).

Additionally, the personal data shall be processed for ancillary internal tasks of the Company, such as book-keeping and accounting, auditing, and regulatory reporting requirements to concerned authorities.

To execute the agreed engagement, when the requested information is not obtained from the person, it may impact the quality or delivery schedule of the services.

Personal data shall be used only for the purposes it was collected unless such data is required for some other purpose following the applicable regulations. If such data is required for an unrelated purpose, the concerned company shall give prior intimation to the concerned parties and the legal backing.

The Company shall rely on the data subject’s consent as the legal grounds for processing the personal information for limited instances where an explicit request has been made. If the processing is done based on the consent, the data subject has the right to withdraw that consent at any time. However, any data processing conducted before the with draw a lof the consent shall remain validand law ful.

Further, in certain situations, the requirement for data processing may arise from the necessity to perform tasks in the substantial public interest as mandated by law, such as detecting and preventing crimes. Such processing shall not be subject to the data subject’s consent.

Involvement of third parties

The Company may share the personal data with third parties or internally amongst the companies when such data sharing is required to conclude the service engagement or other legal purpose mandating the Company to transmit such information.

The Company has never and shall never sell the personal data of the stakeholders to any third party under whatsoever circumstances.

When third parties are involved, the third parties are mandated to adhere to the Company’s Data Privacy Policy and Data Protection Policy. Wherever required under the law or as per internal policies of the Company, the concerned company shall seek the data subject’s consent before transmitting the personal data to third parties.

How the security of the data will be ensured?

The Company has adopted appropriate technical, organizational, and security measures to prevent any accidental loss, unauthorized access, use, alteration, or disclosure of the personal data of any data subject. The details of this are captured in the Company’s Data Protection Policy.

Further, the Company has a policy to ensure that only the concerned employees, agents, or third parties access and process the personal data engaged in service delivery or business relationship management. Such data processing is subject to strict adherence to the confidentiality requirement.

The collected personal data shall be retained for the period required to fulfill the purpose for which it was collected, including the ancillary requirement related to legal documentation and accounting/reporting. Once the objective of collected data is achieved, the Company shall appropriately delete, archive, or anonymity the personal data to avoid any inappropriate or unauthorized use of the data without knowledge of the data subject.

Further, the Company also has a mechanism in place to handle the suspected breach of the data privacy and protection standard.

How to raise Data Privacy-related concerns?

In case of any concerns, complaints, or general requests regarding the personal data, the data subject shall write an email to the Data Protection Officer at legal@metropolitan.realestate

The requests from the data subject shall be handled in accordance with the Company’s Data Protection Policy.