1. Introduction
Capital Dream Dubai is committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR). This section outlines your rights under the GDPR and how we collect, process, and protect your personal information.
2. Data Controller
Capital Dream Dubai is the data controller responsible for your personal data. We determine the purposes and means of processing your personal data in compliance with GDPR.
3. Legal Basis for Processing Personal Data
We process your personal data under the following legal bases:
- Consent: When you provide clear consent for us to process your personal data for specific purposes.
- Contract: When the processing is necessary for the performance of a contract you have with us or to take steps at your request before entering into a contract.
- Legal Obligation: When we are required to process your data to comply with legal obligations.
- Legitimate Interests: When processing is necessary for our legitimate interests, and your interests and fundamental rights do not override those interests.
4. Your Rights Under GDPR
Under the GDPR, you have the following rights:
- Right to Access: You have the right to request access to your personal data that we hold.
- Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
- Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances (commonly known as the “right to be forgotten”).
- Right to Restrict Processing: You have the right to request the restriction of processing your personal data in certain situations.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
- Right to Object: You have the right to object to the processing of your personal data in certain situations, including for direct marketing purposes.
- Right to Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw that consent at any time.
5. Data Retention
We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or internal policy requirements. After this period, your personal data will be securely deleted or anonymized.
6. Data Security
We have implemented appropriate technical and organizational measures to ensure the security of your personal data and to protect it against unauthorized access, alteration, disclosure, or destruction. However, please note that no data transmission over the internet is completely secure, and we cannot guarantee absolute security.
7. Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure that any such transfers are conducted in accordance with GDPR requirements, including the use of appropriate safeguards such as Standard Contractual Clauses or other legally recognized mechanisms.
8. Third-Party Processors
We may use third-party service providers to assist in processing your personal data. These providers are bound by contract to process your personal data only on our behalf and in compliance with GDPR.
9. Complaints
If you believe that we have violated your rights under GDPR, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence.
10. Contact Information
If you have any questions about this GDPR policy or wish to exercise any of your rights, please contact us at [insert contact information].
By using our services and providing your personal data, you acknowledge that you have read, understood, and agree to this GDPR policy.