Luxury real estate agency
Office 1314, The Onyx, Tower 1
Sheikh Zayed Road,
The Greens, Dubai
Office 707, Sky Tower,
Shams Abu Dhabi, Al Reem Island,
Abu Dhabi
+971 (4) 581-4595 +971 (4) 362-6726
Online
Policy on processing personal data and cookies

Terms and their definitions

  1. Policy – this personal data and cookie processing policy, published online at: https://whitewill.ae/privacy.
  2. We, Us, Our, and the Operator – WHITEWILL REAL ESTATE BROKERS L.L.C, License Nr. 939961, address: Office 1314, Onyx Business Center, Tower 1, Sheikh Zayed Road, The Greens district, Dubai, e-mail: info@whitewill.ae.
  3. Your and the Personal Data Subject – our counterparty under the User Agreement, which may be an individual who uses the Website in accordance with the procedure and on the terms set forth in the Agreement.
  4. User Agreement – the offer regulating the procedure for the use of the Website by Users, published at: https://whitewill.ae/user-agreement.
  5. Personal Data – any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified directly or indirectly, in particular by reference to identifiers such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  6. Processing of Personal Data – any operation or set of operations performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data. Personal data processing is carried out through mixed (including automated) processing.
  7. Automated Processing of Personal Data – processing of personal data using computer technology.
  8. Confidentiality of Personal Data – a mandatory requirement for Us or for another person who has obtained access to Personal Data not to disclose such data without the consent of the Personal Data Subject or without other legal grounds.
  9. Anonymization of Personal Data – actions that result in it being impossible, without additional information, to determine whether personal data belongs to a specific personal data subject.
  10. Website- Our website https://whitewill.ae.  
  11. Cookies – a small text file placed by the Website on your computer or device when you visit certain sections of the Website and/or when you use certain features of the Website.
  12. GDPR or Regulation – the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC, as amended and incorporated into the national legislation of the Member States.
  13. California Online Privacy Protection Act or CalOPPA – the California Online Privacy Protection Act.
  14. California Consumer Privacy Act or CCPA – the first comprehensive privacy law in the United States, adopted in late June 2018, which provides various privacy rights to California consumers.
  15. US Privacy Act 1974 or UPA – the law regulating the processing of personal information of U.S. citizens or persons with permanent residence in the U.S.
  16. PECR – the Privacy and Electronic Communications (EC Directive) Regulations 2003.
  17. UAE Data Protection and Privacy Laws – all and any laws and regulations governing the Processing of Personal Data, including but not limited to: (1) Dubai Data Protection and Privacy Law, (2) Federal Data Protection Law (Federal Decree-Law No. 45 of 2021), effective 2 January 2022, (3) The Constitution of the United Arab Emirates (UAE) (Federal Law No. 1 of 1971), (4) The Penal Code (Federal Decree-Law No. 31 of 2021, repealing Federal Law No. 3 of 1987), (5) The Cybercrime Law (Federal Decree-Law No. 5 of 2012 on Combating Information Technology Crimes), as amended by Federal Decree-Law No. 12 of 2016 and Federal Decree-Law No. 2 of 2018, (6) The Telecommunications Regulation Law (Federal Law by Decree No. 3 of 2003, as amended), including regulations/policies adopted by the Telecommunications and Digital Government Regulatory Authority (TDRA) regarding the protection of telecommunications consumer data in the UAE.

Subject and Legal Basis of Processing of Personal Data

  1. Subject of the Policy. The provisions of this Policy apply to the relationship between Us and You related to the Processing of personal data within the framework of the relationship arising between Us on the use of the Site, formed as a result of Your acceptance of the terms of the User Agreement.
  2. Legal Basis for Processing. The legal basis for Processing Your Personal Data is always Your consent. Without Your consent to the terms of this Policy, We will not be able to fully perform our obligations under the agreements concluded with You (including, but not limited to, the User Agreement).

Acceptance of the Policy Terms

  1. In this section, You can learn about the actions that indicate Your consent to the Processing of Your Personal Data (hereinafter – “Consent to Data Processing”).
  2. Content of Consent to Data Processing. By providing Consent to Data Processing, You confirm that You have fully read and agree with the User AgreementPersonal Data and Cookie Processing Policy, and that You provide specific, informed, conscious, and unambiguous consent  to the Processing of Your Personal Data
  3. Please note that Consent to Data Processing means, among other things, that You also agree to both Automated and non-automated Processing of Your Personal Data, under the terms set forth in this Policy as well as in the Consent to Data Processing.
  4. Requesting a callback. If You request a callback using the relevant functionality of the Website, You are considered to have provided Consent to Data Processing at the moment of clicking the “Request a Call” button (or an equivalent).
  5. Making an outgoing call. By calling the Operator and continuing the conversation with an Operator’s employee, You provide Consent to Data Processing.
  6. Messenger messaging. If You send Us a message via a messenger, including by using the relevant functionality of the Website, Your Consent to Data Processing is considered provided at the moment You send the first message to Us.
  7. Familiarizing yourself with the content of the Site. If You are simply browsing the Site, You are deemed to have given Us Consent to the processing of Personal Data to the extent set out in this Policy (technical data, Cookies (unless a different consent procedure in relation to the processing of Cookies is implemented on the Site).
  8. Storage of consent information. Please note that We may store information about Your actions (by means of logging systems or equivalent) confirming Your Consent to Data Processing, as specified in this section of the Policy, for three (3) years after You express such consent, unless a different period is provided by law.

Term of the Policy and Processing of Personal Data

  1. Term of the Policy. Once You accept the terms of this Policy, it remains valid indefinitely. However, this does not affect the term of Processing Your Personal Data – it is determined by this Policy.
  2. Term of Processing of Personal Data. As a general rule, We process Your Personal Data until the moment We respond to Your inquiry, and for three (3) years thereafter, unless another retention period is established by applicable law, the User Agreement, or any other contract related to the use of the Website or the Processing of Your Personal Data, to which You are a party. In other cases, We will cease Processing Your Personal Data if You object to such Processing or if You withdraw Your previously given consent to Processing, in accordance with the terms of this Policy and applicable law. However, in such cases, We may be unable to fulfil our obligations under contracts with You.
  3. Amendments. We may amend this Policy at any time. Such changes may be related to modifications of Our business processes, external factors, or other reasons. After making amendments, We immediately publish the updated Policy on the Website so that You can review it in its new version. If You continue using the Website after the Policy has been amended, We will consider this as Your unconditional acceptance of the Policy in its updated version.

Grounds, Purposes, and Principles of the Policy

  1. Grounds. This Policy has been developed in compliance with the requirements of: (a) GDPR; (b) CalOPPA; (c) CCPA; (d) PECR; (e) Federal Law No. 152-FZ; (f) GDPR;(g) UAE Data Protection and Privacy Laws; and (h) other laws and regulations that determine the cases and specifics of processing Personal Data of the Data Subject.
  2. Purposes. The Policy pursues the following purposes: (1) ensuring the protection of human and civil rights and freedoms in the Processing of Personal Data, including the right to privacy, personal and family confidentiality; (2) preventing unauthorized actions (unlawful or accidental access) by third parties to Your Personal Data, as well as its destruction, alteration, blocking, copying, or distribution; (3) ensuring a legal and regulatory regime of confidentiality and control over Your Personal Data; (4) protecting constitutional rights of citizens to privacy, confidentiality of Personal Data, and preventing possible threats to Your security.

    The main purpose of this Policy is to provide You with a complete and transparent understanding of: the legal basis for the collection and Processing of Your Personal Data; the categories of Personal Data that We may collect about You; what happens with the Personal Data We collect; where We process Your Personal Data; how long We store Your Personal Data; to whom We may transfer Your Personal Data; and to explain Your rights as a Personal Data Subject. 

  3. Principles. We adhere to the following principles when Processing Personal Data: (1) processing of Personal Data must be lawful and fair; (2) processing of Personal Data must be limited to achieving specific, pre-defined, and legitimate purposes; Processing that is incompatible with the purposes of data collection is not allowed; (3) the content and scope of the processed Personal Data must correspond to the stated purposes of Processing; the processed Personal Data must not be excessive in relation to the declared purposes, accuracy, sufficiency, and relevance of Personal Data in relation to the purposes of Processing must be ensured; Personal Data must not be stored longer than necessary for the purposes of Processing, unless another retention period (or its procedure for determination) is established by this Policy.

Composition of Collected Personal Data

  1. Requesting a callback. You may request a callback from Us. To do this, You need to provide the following data by entering it into a special form on our Website: a mobile phone number and a Name. Please note that by providing third-party data, You undertake to comply with the guarantees specified in this Policy. Also keep in mind that You may enter any Name, including one that does not correspond to Your real Name. However, such a Name must comply with ethical and moral standards.
  2. Messenger data. Our Website allows You to contact Us via WhatsApp, Telegram, or other messengers (if available). The Website contains special URLs (e.g., https://messenger-bot.whitewill.ru/web/... or similar), and when following such a link, You will be able to send Us a message in the selected messenger. By sending such a message, We will receive data about the address of Your account in the relevant messenger, as well as other data specified in that account and made publicly available.
  3. Technical data. When using the Website, We automatically collect certain Personal Data. Such data may include, for example, the Internet Protocol (IP) address used to connect Your computer to the Internet, login data, browser type and version, time zone settings, types and versions of browser plug-ins, operating system and platform, and information about Your visits to websites.
  4. Other data. In exceptional cases, We may request that You provide additional Personal Data. We will always notify You in advance and request Your additional consent for Processing.
  5. Personal Data of third parties. Please note that if You provide Us with Personal Data of third parties, You guarantee that You have obtained all necessary consents from such persons, including consent to the transfer of Personal Data, and other documents required to ensure full compliance with this Policy, executed in accordance with their applicable law (Third-Party Consent). If You act as an operator of such Personal Data, You also guarantee that You ensure the transfer and protection of their Personal Data at a level no less than that provided by this Policy. Third-Party Consent must be executed in writing, and the original must be provided by You within seven (7) calendar days from the date of the Operator’s request. Providing third-party Personal Data without such guarantees is not permitted, and You assume full responsibility for any breach of this guarantee.

Rights of the Personal Data Subject

  1. Obtaining information. You have the right to receive information about Us, about Our location, and about whether We hold Your Personal Data, as well as to review such Personal Data.
  2. Clarification. You have the right to request that We clarify, block, or delete Your Personal Data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of Processing, and to take measures provided by law to protect Your rights.
  3. Form of provision. Information about the presence of Your Personal Data will be provided to You in an accessible form, and will not contain Personal Data relating to other Personal Data Subjects.
  4. Procedure for access. You (or Your legal representative) may obtain access to Your Personal Data in person or by submitting a written request. The request must contain the number of the main identity document of You or Your representative, the date of issue of the document, the issuing authority, and a handwritten signature. The request may also be submitted electronically. We are obliged to respond to Your request within thirty (30) days of receipt, which may be extended to sixty (60) days depending on the complexity and number of requests.
  5. Content of Response. In a request for access to Personal Data, You have the right to demand from Us information related to the Processing of Your Personal Data, including: (1) confirmation of the fact of Processing of Personal Data and the purpose of such Processing; (2) methods of Processing; (3) the name and location of the Operator; information about persons who have access to Personal Data or to whom such access may be provided; (4) the list of processed Personal Data and the source of its receipt; (5) the duration of Processing, including the period of storage; (6) and information about the legal consequences for the Personal Data Subject that may result from the Processing of their Personal Data.
  6. Withdrawal of consent. You have the right to withdraw Your consent to the Processing of Personal Data, to limit the methods and forms of Processing, and to prohibit the distribution of Personal Data without Your consent.
  7. Right to appeal. You have the right to appeal Our actions or inaction to the authorized body for the protection of the rights of Personal Data Subjects or in court.
  8. Right to protection. You have the right to the protection of Your rights and lawful interests, including compensation for damages and moral harm, through the courts.

Rights of the Data Subject (GDPR)

If You are a citizen of a Member State of the European Economic Area or the United Kingdom (or lawfully provide Us with the Personal Data of such a person), You are also granted the rights listed below. You may exercise them by sending an email to Our contact details.

  1. Right to be informed (Articles 12–14 of the Regulation). You have the right to receive information about the collection and use of Your Personal Data, in particular about the purposes of Processing, retention periods, and to whom the data will be transferred. This information must be provided at the time We collect Your Personal Data. If We receive Personal Data from other sources, We will inform You within a reasonable period after obtaining the data and no later than one month, unless You already have such information or unless providing it would require disproportionate effort. The information must be concise, transparent, accessible, and written in clear and understandable language, which is why We aim to explain Our data processing policy in detail. We will inform You of any new use of Your Personal Data before such Processing begins.

  2. Right of access (Article 15 of the Regulation). You have the right to obtain confirmation from the Operator as to whether Your Personal Data is being processed, and if so, access to the Personal Data and the following information: purposes of Processing; categories of Personal Data concerned; recipients or categories of recipients to whom the Personal Data has been or will be disclosed, including recipients in third countries or international organizations; where possible, the envisaged retention period or the criteria used to determine that period; the existence of the right to request rectification or erasure of Personal Data or restriction of Processing concerning the data subject or to object to such Processing; the right to lodge a complaint with a supervisory authority; the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such Processing for the data subject. If Personal Data is transferred to a third country or international organization, You have the right to be informed of the appropriate safeguards relating to the transfer. Upon request, the Operator also provides a copy of the Personal Data undergoing Processing. For any additional copies requested, the Operator may charge a reasonable fee based on administrative costs. If You make a request by electronic means, and unless otherwise requested, the information shall be provided in a commonly used electronic form.

  3. Right to rectification (Article 16 of the Regulation). You have the right to have inaccurate or incorrect Personal Data corrected upon request, made either orally or in writing. The Operator has one calendar month to respond to such a request.

  4. Right to erasure (“right to be forgotten”) (Article 17 of the Regulation). The Regulation grants individuals the right to have their Personal Data erased. You may request deletion by contacting Our Data Protection Officer, who has one month to respond to Your request. Please note that this right is not absolute and applies only in specific circumstances provided for in Article 17 of the Regulation.

  5. Right to restrict Processing (Article 18 of the Regulation). You have the right to request the restriction or suspension of the Processing of Your Personal Data. If Processing is restricted, such Personal Data, except for storage, may only be processed with Your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of public interest of the Union or a Member State. Please note that this right is not absolute and applies only in specific circumstances provided for in Article 18 of the Regulation.

  6. Right to data portability (Article 20 of the Regulation). The right to data portability allows You to receive and reuse Your Personal Data for Your own purposes across different services. It enables You to easily move, copy, or transfer Personal Data from one IT environment to another in a secure and safe way, without affecting usability. Please note that You have the right to request the direct transmission of Personal Data from one Operator to another, where technically feasible..

  7. Right to object (Article 21 of the Regulation). You have the right to object at any time to the Processing of Your Personal Data on grounds relating to Your particular situation. We will no longer process Your Personal Data unless We have compelling legitimate grounds for the Processing which override Your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims. If Your Personal Data is processed for direct marketing purposes, You have the right to object at any time to the Processing of Your Personal Data for such marketing, including profiling to the extent that it is related to direct marketing.

  8. Rights related to automated decision-making, including profiling (Article 22 of the Regulation). You have the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects concerning You or significantly affects You. Please note that this right is not absolute and applies only in specific circumstances provided for in Article 22 of the Regulation. You may withdraw Your consent to the Processing of Personal Data at any time. Please remember that the withdrawal of consent applies only to future Processing. Any Processing carried out before such withdrawal remains unaffected.

Transmission of Personal Data

  1. Transfer of Personal Data. For the purposes of Processing Personal Data, We may need to provide Your Personal Data to Our counterparties, including but not limited to Amocrm JSC (TIN: 7709477879, OGRN: 5157746087681). Your Personal Data may also be transferred to government authorities, in particular executive authorities, based on their official request.
  2. Mandatory and optional transfers. The transfer of information may be mandatory, for example in relation to user equipment data: IP address, operating system, geographic data, device ID/type, communication channel (browser/application), payment authorization, identification/verification. It may also be optional, for example in relation to address match indicators, account information, and similar data.

Storage of Personal Data

  1. Localisation of Personal Data. If You are a citizen of the Russian Federation, We store Your data on servers located within the territory of the Russian Federation. If You are a citizen of a Member State of the European Economic Area, the United Kingdom, or another country whose data protection legislation requires Personal Data to be Processed within its borders, then Your Personal Data will be collected and Processed within the European Economic Area or in such a country accordingly.

Principles and Measures for Protecting Personal Data

  1. Defense Principles. We employ legal, organizational, administrative, technical, and physical measures to protect Personal Data- to ensure the protection of your Personal Data.
  2. Security measures. Security measures for the Processing of Personal Data are planned and implemented in order to comply with applicable data protection laws and regulations. We ensure the safety of Your Personal Data by the following means: (1) restricting and specifying the number of employees with access to Personal Data, (2) appointing a Data Protection Officer, (3) developing and implementing local regulations on Personal Data Processing, (4) identifying security threats to Personal Data when processed in information systems, (5) applying organisational and technical security measures, (6) using certified information protection tools, (7) maintaining records of electronic media, (8) establishing access rules to Personal Data, (9) restricting access to premises housing data-processing technical equipment and information storage, (10) detecting and preventing unauthorised access to Personal Data, (11) classifying Personal Data as confidential information, (12) obtaining non-disclosure agreements from employees directly involved in Processing, (13) restoring Personal Data modified or destroyed as a result of unauthorised access, (14) informing employees about data protection legislation and internal rules, (15) monitoring compliance with Personal Data security measures.

Cookies

  1. Use of Cookies. The Website uses Cookies. When visiting the Website, Your internet browser sends the following data to Our server: (1) date and time of visit, (2) browser type, (3) language settings, (4) operating system. This information is stored in connection logs for a limited time (from session duration up to one year) to ensure security, proper Website performance, and for statistical purposes.
  2. Functions of Cookies. The Website uses different groups of Cookies. The first group is functional and technical Cookies. Their main function is to provide the server with information about Your session, language, browser, and to enable the full operation of the Website. They are necessary to recognise You when You return to the Website, allowing Us to personalise content and remember Your preferences. The second group is analytical Cookies, which help Us evaluate and count visitors, as well as understand how they navigate the Website. This enables Us to improve its performance, for example, by optimising navigation. You may refuse the use of analytical Cookies by changing settings in Your browser.
  3. Retention period of Cookies. By retention period, Cookies are divided into Persistent and Session Cookies. “Session Cookies” remain on Your device until the browser is closed. “Persistent Cookies” remain until their expiry date or until You delete them.
  4. "Disabling Cookies. You may accept or reject Cookies on all websites by changing Your browser settings. For example, when using Internet Explorer version 11.0: (1) select “Settings,” then “Internet Options,” (2) open the “Privacy” tab, (3) select preferred settings. Each browser has its own settings for changing or deleting Cookies. Please note that disabling Cookies may affect some Website functions. For more information on how to adjust Your browser, please refer to www.aboutcookies.org or www.allaboutcookies.org. If You use multiple devices (smartphone, tablet, computer), ensure that each browser on each device is configured according to Your preferences."

Addresses for Exchange of Legally Significant Communications

  1. Details of the Parties. During the performance of obligations under this Policy or other obligations as a Personal Data Operator, there may be an exchange of legally significant communications. Such exchange takes place using the official contacts of the Parties, both in writing and electronically, without the need for a separate agreement on electronic document flow. Our details are provided in the Official Notice (at the end of this document), while Your details are provided by You when submitting a callback request, sending Us a message in a messenger, or through other communication channels. Please note that You bear the risks associated with providing outdated contact details for such communication.
  2. Correspondence exchange. Correspondence may only be exchanged using the contact details specified in accordance with this Policy.

Final Provisions

  1. Severability clause. If any provision of this Policy is found invalid or unenforceable, such provision shall be deemed replaced by a valid one most closely reflecting its intent. In such cases, the Policy cannot be deemed invalid in its entirety.

Official Notice

WHITEWILL REAL ESTATE BROKERS L.L.C

License Nr. 939961

Address: Office 1314, The Onyx Tower, 1 Sheikh Zayed Rd, The Greens, Dubai

E-mail: info@whitewill.ae  

E-mail (Personal Data questions): privacy@whitewill.ae

THE CONTACTS LISTED ARE THE ONLY OFFICIAL SOURCES OF CONTACT WITH US. PLEASE PAY ATTENTION!

Document reference:https://whitewill.ae/privacy

The Policy is published in free access in the information and telecommunication network of the Internet on the Operator's Website