Key terms used within this policy:
|We, us, our||Chesterton International Real Estate Brokerage trading as Chestertons|
|You or Your||Refers to anyone whose personal data we process|
Personal data is any information that tells us something about you, where you are directly or indirectly identified, or identifiable as an individual. We may collect and use the following personal data about you.
This personal data is required to provide our services to you. If you do not provide the personal data we ask for, it may delay or prevent us from providing services to you.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We use different methods to collect data from and about you including through:
This includes personal data you provide when you:
Data directly from a third party:
Technical Data from the following parties:
Identity and Contact Data from data brokers or aggregators such as PropertyFinder, Bayut and Facebook.
Identity and Contact Data from publicly available sources such as social media sites, including Facebook, YouTube and LinkedIn, and Government Economic Departments.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer and provide services to you.||For the performance of our contract with you or to take steps at your request before entering into a contract.|
|To prevent and detect fraud against you or us||For our legitimate interest or those of a third party, i.e. to minimize fraud that could be damaging to you and us.|
|To manage our relationship with you which will include:
– Updating and enhancing customer records
– Asking you to leave a review or take a survey
|Performance of a contract with you
Necessary to comply with a legal obligation
|Conducting checks to identify our customer and verify their identity. Screening for financial and other sanctions or embargoes. Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, e.g. under health and safety regulation or rules issued by our professional regulator||To comply with our legal and regulatory obligations|
|Gathering and providing information required by or relating to audits, enquiries, or investigations by regulatory bodies||To comply with our legal and regulatory obligations|
|Ensuring business policies are adhered to, e.g. policies covering security and internet use||For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you|
|Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, range of services or other efficiency measures||For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you|
|Statutory returns||To comply with our legal and regulatory obligations|
|Ensuring safe working practices, staff administration and assessments||To comply with our legal and regulatory obligations. For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you|
|To record telephone calls both incoming and outgoing||Performance of a contract with you
Necessary for our legitimate interests (to train staff and maintain high levels of services)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
Necessary to comply with a legal obligation
|To enable you to partake in a prize draw, competition or complete a survey||Performance of a contract with you
Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|Marketing our services to:
– existing and former customers.
– third parties who have previously registered with us or expressed an interest in our services.
– third parties with whom we have had no previous dealings.
|Necessary for our legitimate interests (to develop our products/services and grow our business)|
We will hold your personal data on our client management systems and use this to provide you with marketing information about similar services offered by us to those which you have engaged us to provide which we feel you might find useful from time to time. You can opt out of receiving this information at any time.
We only allow our service providers to handle your personal information if we are satisfied, they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers (where possible) to ensure they can only use your personal information to provide services to us and to you. These will include but will not be limited to:
We routinely share personal data with:
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use aggregate information to help advertisers reach the kind of audience they want to target (for example people living in a particular area). We may make use of the personal data we have collected from you to enable us to comply with our advertiser’s wishes by displaying their advertisement to that target audience. Analytics and search engine providers that assist us in the improvement and optimization of our site. Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you or for the purposes of completing an anti-money laundering identity check, in accordance with our legal obligations.
We use online advertising to keep you aware of what we’re up to and to help you find our products. Like many companies, we may target Chestertons banners and ads to you when you use other websites and apps, based on your Contact, Technical, Usage and Profile Data. We do this using a variety of digital marketing networks and ad exchanges, and a range of advertising technologies such as web beacons, pixels, ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook’s Custom Audience Service.
We use a range of analytics and targeted advertising tools to display relevant website content on our website and online advertisements on other websites and apps (as described above) to you, deliver relevant content to you in marketing communications (where applicable), and to measure the effectiveness of the advertising provided. For example, we use tools such as Google Analytics to analyze Google’s interest-based advertising data and/or third-party audience data (such as age, marital status, life event, gender and interests) to target and improve our marketing campaigns, marketing strategies and website content. We may also use tools provided by other third parties, such as Facebook to perform similar tasks, using your Contact, Technical, Usage and Profile Data.
In order to opt out of targeted advertising you need to disable your ‘cookies’ in your browser settings or opt-out of the relevant third-party Ad Settings. For example, you can opt-out of the Google Display Advertising Features.
The security of your data is very important to us, and we have measures in place, which are designed to prevent unauthorized access to your personal data including but not limited to:
All data is hosted in datacenters which have systems and protections in place to protect against both unauthorized access, and other external factors that could cause damage to, your personal data. There are strict access requirements in place and access is restricted to those necessary.
We may transfer your personal data to an external third party which is based outside the UAE so their processing of your personal data will involve a transfer of data outside the UAE.
Whenever we transfer your personal data out of the UAE, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the UAE which give personal data the same protection it has in Europe.
We will not keep your personal data for longer than we need to, the period for which we will keep your personal data will depend on the type of service you have requested from us. The retention period may be longer than the period for which we are providing services to you where we have statutory or regulatory obligations to retain personal data for a longer period, or where we may need to retain information in case of legal claim.
In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on the links below to find out more about these rights:
If you wish to exercise any of the rights set out above, please contact us.
Please note that we will keep a record of the fact that you have made a request to exercise your rights, and our response to your request, to demonstrate compliance with our data protection obligations and so that we can handle any queries, complaints or claims in relation to your request. This record will be kept in accordance with our retention policies at section 8 above.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
If you have any complaints about the way we use your personal data please contact the data protection officer at firstname.lastname@example.org who will try to resolve the issue.
From time to time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments.
This notice was last updated June 2022