Privacy Policy

Purpose

This document serves as the privacy policy of Masha Estate (the “Company”), detailing the management of personal information in adherence to the Data Protection Law (the “Law”). It explains the protocols for the collection, use, disclosure, and safeguarding of personal information under the stipulations of the Law.

Scope

This privacy policy applies to all personal information processed during the business operations of Masha Estate, including but not limited to interactions through the Company’s website, mobile applications, and other digital or physical engagements.

Collection of Information

Rationale for Collecting Personal Data

Personal data is collected solely for the purpose of providing services, conducting business operations, and ensuring compliance with applicable laws, including anti-money laundering statutes. Information may be obtained from:

  • Clients, their representatives, or beneficial owners

  • Legal or regulatory compliance requirements

  • Information shared during service provision

  • Service providers and partners of the Company

  • Regulatory, certification, or government bodies associated with the Company

  • Participants in seminars, webinars, or events, newsletter subscribers, and office or website visitors

  • Job applicants and employees

Information Categories

  • Individual details: Name, contact information, domicile, gender, marital status, date of birth, nationality, employment history, and family relationships.

  • Identification details: Government-issued identification numbers and documents.

  • Financial information: Bank account details, income, and financial background.

  • Anti-money laundering and sanctions data: Information from databases relevant to AML and counter-terrorism compliance.

  • Special categories of personal data: Political opinions, affiliations, or criminal records as required by law.

  • Identifiers: Digital traces such as IP addresses or website tracking codes.

Special categories of data are collected only when warranted by law or required for compliance.

Utilization of Information

The information gathered is used for service delivery, client relationship management, transaction processing, internal operations, staff recruitment, and legal compliance.

Sharing of Information

Masha Estate does not sell or indiscriminately distribute personal data. Information may be shared only under specific circumstances, such as:

  • Verification and screening processes

  • Engagement with external service providers

  • Collaboration with the Company’s affiliates for operational purposes

  • Compliance with legal or regulatory obligations

All data sharing, including cross-border transfers, complies with the Personal Data Protection Law, Federal Decree Law No. 45 of 2021, ensuring confidentiality and data security.

Data Subjects’ Rights

In accordance with the Personal Data Protection Law (Federal Decree Law No. 45 of 2021), data subjects have the right to:

  • Obtain information about personal data held by the Company and its usage

  • Request a copy of personal data maintained by the Company

  • Request correction of inaccurate or incomplete personal data

  • Request deletion of data where there is no lawful basis for processing

  • Withdraw consent where processing is based solely on consent

  • Object to processing based on legitimate interests, unless compelling grounds exist

  • Restrict processing under certain conditions (e.g., pending verification of accuracy or lawful basis)

These rights may be limited in certain situations to protect public interest (e.g., crime prevention) or the Company’s interests (e.g., regulatory response), in line with the Law.

International Transfers

Personal data may be processed outside the country of residence. Such transfers are conducted with strict adherence to security and handling requirements under the Personal Data Protection Law.

Data Security and Breach Notification

Security Measures

Masha Estate is committed to protecting personal data and employs robust technical and organizational measures to prevent unauthorized access, disclosure, alteration, or destruction. These include:

  • Data encryption in transit and at rest

  • Regular cybersecurity and penetration testing

  • Strict access controls for authorized personnel

  • Secure development standards for online platforms

  • Ongoing employee training on data protection

Breach Notification

In the event of a data breach, Masha Estate will promptly assess and respond to the incident. The Data Protection Commissioner and affected individuals will be notified if there is a potential risk to their rights and freedoms, as required by law.

If the breach is deemed unlikely to pose a risk, the incident will be internally recorded, and preventive measures will be implemented.

Policy Review

This policy is reviewed periodically to ensure continued compliance with the Data Protection Law.
Current version date: 4 September 2024.

Contact Information

For any inquiries, requests, or complaints regarding personal data, please contact:

Masha Estate
📞 +971 50 151 50 79
✉️ info@mashaestate.ae
🏢 1505, 51 Tower Business Bay, Dubai, UAE
🕘 9:30 AM – 6:30 PM (Monday to Friday)