Privacy Policy - Done And Dusted Realty

Table of Contents

Privacy Policy for Done & Dusted Realty

Effective Date: 5th Oct “25”

Done & Dusted Realty (“we,” “us,” “our,” or the “Company”) is committed to protecting the privacy and security of personal data in compliance with the UAE’s Personal Data Protection Law (PDPL, Federal Decree Law No. 45 of 2021) and other applicable laws. This Privacy Policy explains how we collect, use, disclose, store, and otherwise process your personal data when you use our website (https://doneanddustedrealty.com/), engage with our services, or otherwise interact with us.

By using our website or services, submitting information to us, or otherwise engaging with us, you acknowledge that you have read and understood this Privacy Policy and consent to our processing of your personal data in accordance with it.

1. Scope & Application

This policy applies to all personal data we collect, receive, store, or process in the UAE or from UAE residents, and to data processes that are establishing contacts or conducting business related to the UAE.
The PDPL also has extraterritorial reach: it applies to entities outside the UAE that process personal data of individuals in the UAE. Data Privacy Office+2ai.gov.ae+2centresystemsgroup.net+2
Entities located in certain UAE free zones (e.g. DIFC, ADGM) may be subject to separate data protection regimes; if your operations lie in such zones, additional or alternate rules may apply. Data Privacy Office+2Mondaq+2centresystemsgroup.net+2

2. Definitions

Below are key terms as used in this policy:

Personal Data means any information relating to an identified or identifiable natural person (data subject), including name, identification number, location data, online identifiers, or factors specific to their physical, physiological, economic, cultural or social identity. centresystemsgroup.net+2ai.gov.ae+2Data Privacy Office+2
Processing means any operation or set of operations performed on personal data (collection, recording, structuring, storage, adaptation, retrieval, use, disclosure, erasure, etc.). Data Privacy Office+1centresystemsgroup.net+1
Controller (Data Controller) is the entity (us) that determines purposes and means of processing personal data.
Processor (Data Processor) means a third party who processes personal data on our behalf under our instruction.
Consent means a clear, affirmative, freely given, specific, informed, unambiguous indication of the data subject’s wishes by which they signify agreement to the processing. Data Privacy Office+2centresystemsgroup.net+2ai.gov.ae+2

3. Personal Data We Collect

We may collect the following categories of personal data:

Category	Examples	Source / Context
Identity & contact data	Name, email address, phone / mobile number, postal address	Provided by you via contact forms, registration, client onboarding
Property & preference data	Property type, location preferences, budget, requirements	When you request property services or matching
Transaction & financial info	Payment details, bank account, transaction history	Where relevant to property booking, payments or services
Documents & identity verification	Passport / ID, proof of address, ownership documents, photos	Required during property transactions, KYC processes
Usage / log data	IP address, browser type, pages visited, timestamps	Automatically collected when you use our website / app
Cookies & tracking data	Cookie identifiers, device identifiers, tracking pixels	Via website, marketing tools, analytics platforms
Other data	Communications, feedback, survey responses	Provided during your interactions or correspondence with us

We will only collect data that is necessary or relevant to fulfill the purposes set out in this policy (data minimization principle).

4. Purposes & Legal Basis for Processing

We process your personal data for the following purposes, and on the legal bases indicated:

Purpose	Legal Basis / Justification under PDPL
To deliver, manage, and improve our services (e.g. property listings, matching)	Performance of contract, legitimate interests
To communicate with you (respond to inquiries, send updates)	Performance of contract, consent, legitimate interests
To verify identity, comply with KYC, AML, or regulatory obligations	Compliance with legal obligations
To send marketing or promotional communications	Consent (you may opt in / opt out)
To perform analytics and business intelligence	Legitimate interests (with adequate safeguards)
To detect, prevent, and investigate fraud, misuse, or security incidents	Legitimate interests, compliance
To comply with legal or regulatory obligations (e.g. record‑keeping, audit)	Legal obligation

We will not process your personal data for incompatible purposes without informing you and, if required, obtaining consent.

5. Consent & Withdrawal

Where our processing relies on your consent (e.g. for marketing), you have the right to withdraw consent at any time.
Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
You may exercise withdrawal via contacting us as described in Section 14, or via any opt-out link provided in communications.

6. Disclosure, Sharing & Cross‑Border Transfers

6.1 Disclosure & Sharing

We may share your personal data with:

Our service providers, vendors, platforms, and partners (for hosting, analytics, marketing, CRM, payment processing)
Real estate agents, brokers, property owners, affiliates (for matching, property transactions)
Professional advisors (legal, accounting, auditing)
Government, regulatory, or law enforcement authorities (if required by law)
In the event of a business reorganization, merger, acquisition, or sale — the receiving entity (with confidentiality commitments)

We require such recipients to use your data only for permitted purposes and to maintain appropriate safeguards.

6.2 Cross‑Border Transfers

Your personal data may be transferred to, stored, or processed in jurisdictions outside the UAE, including countries that may not have data protection laws equivalent to the UAE.
In such cases, we will ensure safeguards such as contractual agreements, standard contractual clauses, binding internal policies, or obtaining your explicit consent to ensure protection in line with PDPL requirements. Data Privacy Office+2ai.gov.ae+2centresystemsgroup.net+2
If the recipient country is deemed to provide an adequate level of protection, transfers may proceed under the adequacy rule.

7. Data Retention & Erasure

We retain your personal data only for as long as needed to fulfill the purposes described in this policy (or as required by law, regulation, or contractual obligation).
We periodically review our data retention periods.
After the retention period expires, or upon your request (if lawful), we securely erase, anonymize, or aggregate your data so that it cannot be re-identified.

8. Security & Breach Notification

We implement technical, organizational, and administrative safeguards to protect your personal data from unauthorized or unlawful access, disclosure, alteration, or destruction (encryption, access controls, network security, staff training, audits).
In the event of a personal data breach likely to result in a risk to individuals’ rights and freedoms, we will notify the UAE Data Office (or relevant authority) and affected data subjects as required under PDPL, without undue delay. Data Privacy Office+2centresystemsgroup.net+2ai.gov.ae+2
We maintain an incident response plan, a breach log, and a protocol to remediate the issue and mitigate harm.

9. Data Subject Rights

Under the PDPL, you have the following rights (subject to conditions and lawful restrictions):

Right of access — obtain confirmation whether your personal data is being processed, and access to it
Right to rectification — correct inaccurate or incomplete data
Right to erasure (deletion) — request deletion of your personal data (in certain circumstances)
Right to restrict processing — request limitation of processing under specific situations
Right to data portability — receive your data in a structured, machine‑readable format and transfer it to another controller
Right to object — object to processing based on legitimate interests, direct marketing, or profiling
Right to withdraw consent — where processing is based on consent
Right to object to automated decision making — including profiling (where applicable)

To exercise any of the above rights, please contact us (see Section 14). We may require you to verify your identity before fulfilling your request. We will respond without undue delay and within the timeframe mandated by law.

We will not discriminate or take adverse action against you for exercising your rights, unless permitted by law. centresystemsgroup.net+1ai.gov.ae+1

10. Cookies & Tracking Technologies

We use cookies, web beacons, pixels, local storage, and similar technologies to collect information about usage, preferences, analytics, and marketing.
We categorize cookies (strictly necessary, performance, functionality, targeting).
You can control, block, or delete cookies via your browser settings, but doing so may affect the functionality or user experience.
In any case, we will provide clear notice and (where consent is required) seek your consent before non-essential cookies are placed.

11. Children’s Privacy

Our services are not intended for children under 18.
We do not knowingly solicit or collect personal data from minors under 18.
If we learn that we have inadvertently collected data of a minor, we will take steps to delete it promptly.

12. Telemarketing & Direct Outreach Compliance

Under recent UAE regulations (e.g. Cabinet Resolutions No. 56 and 57 of 2024), telemarketing or unsolicited calls, SMS, and communications may require prior registration, using approved local numbers, time‑restrictions, and honoring “do-not-call” lists.
We ensure that marketing communications are only sent to you if you have opted in (consented). You may opt out at any time.
We will maintain compliance with regulations governing direct outreach, including identifying the source of your contact consent and respecting your opt-out choices.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technology.
We will post the revised version on our website, with an updated effective date.
If changes are material, we may provide additional notice (e.g. via email) or require fresh consent.
Your continued use of our services after such changes constitutes acceptance of the revised policy.

14. Contact Us / Data Protection Officer

If you have questions, requests, or complaints regarding this Policy, or to exercise your rights, you may contact:

Done & Dusted Realty
Address: Ibn Batuta Gate – 703, Dubai, United Arab Emirates
Email: Info@doneanddustedrealty.com
Phone: +971 58 542 2828

If we appoint a Data Protection Officer (DPO), their contact details will be published here for your convenience.

15. Dispute Resolution & Governing Law

This Privacy Policy is governed by the laws of the United Arab Emirates.
Any disputes or complaints may be escalated to the UAE Data Office or relevant regulatory authority as per PDPL.
Where permissible, disputes may also be resolved via arbitration or court (as per agreement or local law).