1. INTRODUCTION
We are Saif Al Ghurair Group LLC, its subsidiaries and affiliated entities (hereinafter “SAGG”, "We" or "Us"). SAGG is the Data Controller of your personal data as described in this Privacy Statement, unless otherwise specified. Our Office is located at Hor Al Anz, Deira, Dubai, U.A.E; P.O.Box: 1. SAGG is committed to protect and respect the privacy of your personal data, and your rights, and this statement is intended to provide you with information on how your personal data is processed. This statement is in alignment with UAE PDPL2.OBJECTIVE AND SCOPE
Through this privacy statement we intend to provide an insight into our privacy practices regarding Personal Data that we collect and process about you through various sources. This Privacy Statement covers the categories of personal data collected, how we use or process such data, who are the recipients of such data, and your associated rights under applicable laws including how to exercise the same3.PERSONAL DATA THAT WE PROCESS
3.1 Categories of Personal Data collected
When you visit our shopping malls, purchase real estate units from us, contact us, access our websites, use our applications, are employed with us, or provides services to us or work with our service providers/ vendors, we collect personal information about you and may use it along with other information collected or generated during our relationship with you.- a)Identification and contact details Full Name; Emirates ID; Photograph; Address; Nationality; Telephone no.; E-mail; Date of Birth; Passport Gender; utility bills, educational details and the data contained there; occupation, marital status, Ejari contract, driving license
- b) Technical Information Information collected as part of your visit and usage of our websites, such as Internet Protocol (IP) address, demographics, your computers’ operating system, device information, and browser type and information collected via cookies or similar tracking technologies
- c) Financial and other details
- Bank Statements; Transaction amounts; Bank account numbers
- d) Audio-Visual information Information such as photographs or images captured, CCTV recordings.
- e) Human Resource Information Candidate - Candidate name, Emirates ID, phone number, address, Resume, Date of Birth, Educational qualification including skill details, Employment related information, details pertaining to background checks, passport. Employee – Name, Emirates ID, Contact Details, labour card, Family details/details of relatives (in case of employees - name of Relative, Gender, Relation, Date of Birth, Date of Death, Age, address), Educational Qualifications, Work experience details, Passport, Salary, Compensation, taxation, benefits, claims and other financial information, Performance and development records, Digital Access and IT related information, Work Travel-related records, Health and safety records, Background checks and screening details, Leave and Attendance records.
- f) Vendor Details Vendor name and contact details, address, tax related details, Details of Vendor POC (Emirates ID, Passport), Bank details
3.2 Sources of Personal Information
We may collect the Personal Information through various sources/platforms, such as mentioned below-- a) Submitted through our website forms, applications on our portals, or by contacting/emailing our official contacts.
- b) Shared to our employees.
- c) Sourced from public websites and social media, including your publicly accessible profiles.
- d) Shared by our suppliers, vendors, and service providers.
- e) Sourced via cookies and similar tracking technologies as deployed on our website (details are available in the Cookie notice).
- f) Shared by our affiliate/group companies
3.3 Why is Personal Data Processed
- a) To adhere to applicable legal obligations
- b) To assess candidate’s suitability towards job requirement as part of the recruitment or internship selection process and other associated processes including background verification by our authorized vendor,
- c) To assist in the onboarding you as an employee, other associated processes, and to carry out various employment related activities and to enable us to ensure that we are compliant with any applicable Labor and/or other relevant laws.
- d) For vendor empanelment, purchase order/ invoice creation, submitting quotations to vendors.
4. LEGAL BASIS OF PROCESSING
Your personal data will be processed by SAGG for the following purposes:| Legal Basis | Particulars |
|---|---|
| Contractual basis | Personal Information is processed when it is necessary for the performance of a contract to which data subject are the party, as per applicable laws. E.g. contracts with vendors and suppliers, contracts with employees. |
| SAGG’s Obligation in the field of Employment Law | Processing is necessary for the Controller or Data Subject to fulfill his/her obligations and exercise his/her legally established rights in the field of employment, social security or laws on social protection, to the extent permitted by those law Examples – For medical insurance of employee |
| Consent of the Data Subject | Personal Data is processed with your consent. Where we process Personal Data based on consent, your consent is revocable at any time, |
| To defend Legal Claims | Processing is necessary to initiate or defend against any actions to claim rights or legal proceedings, or related to judicial or security procedures |
| Legal Requirement | If the Processing is necessary to fulfill obligations imposed by other laws of the State on Controllers. |
5. RECEPIENTS OR CATEGORIES OF RECEPIENTS OF PERSONAL DATA
We may disclose personal information that we collect, or you provide as described in this privacy policy:
5.1 Transfer within the same Country
- a) Affiliate/ Group Companies - We may share your personal information with our Group/ Affiliate companies only where there is a legal requirement to be addressed or there are business reasons for the same
- b) Vendors/ Suppliers/ Service Providers - We may transfer or share your Personal Data with third parties service providers, HRMS service providers.
- c) Govt. Agencies - When required, SAGG may disclose your personal data to external law enforcement bodies or regulatory authorities, to comply with applicable legal obligations. We may also disclose your personal data where mandated by law and as further required when We believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
5.2 International Data Transfer
Your personal data, that we collect, may be transferred to recipients in countries other than the country in which the data was originally collected. These transfers will be undertaken in compliance to UAE PDPL. If it necessary to transfer your personal data to recipients in third countries where there is no data protection law, personal data would be transferred under a contract or agreement that obliges the establishment in those countries to implement the provisions, measures, controls related to imposing appropriate measures, or as per express Consent of the Data Subject to transfer his/her Personal Data outside the State or If the transfer is necessary to fulfill obligations and establish, exercise or defend rights before judicial authorities or if the transfer is necessary to enter into or execute a contract between the Controller and Data Subject, or between the Controller and a third party to achieve the Data Subject's interest or if the transfer is necessary to protect the public interest where we transfer personal data to another country for processing by a recipient. You can enquire about the basis of cross border transfer by register your request at the details mentioned at clause 8.2 of this statement6. SECURITY MEASURES
Your personal data security is an important concern to us. We provide the utmost care in secure transmission of your personal withing our systems and servers. We use industry security standards to safeguard the confidentiality of your information and to make sure that your personal information is secure with us. We have implemented and maintained appropriate technical and organizational security measures, policies and procedures to protect your personal information from the accidental loss, unauthorized access, use, alteration and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Measures we take includes:- a) Placing confidentiality requirements on our staff and service providers; to ensure these required agreements are put in place in writing
- b) Restriction of access to your personal information to employees and third parties strictly on a need-to-know basis, such as to respond to your enquiry or request.
- c) Using secure communication channels for transmitting personal data.
7. DATA RETENTION
Personal Information will not be retained for a period more than necessary to fulfill the purposes outlined in this privacy statement unless a longer retention period is required by law or for directly related legitimate business purposes. Personal Data that is no longer required to be retained as per legal and business requirements will be disposed in a secure manner. This means that we may retain your personal information for a reasonable period, for example, till the end of the contract with the organization you represent, or after your query has been addressed. In certain cases, we may retain your personal information for a longer period where extended retention periods are required by law or regulation and to establish, exercise or defend our legal rights. We will ensure that it is disposed in a secure manner when it’s no longer needed. For more information on where and how long your personal information is stored, and for more information on your rights of erasure and portability, please contact us using the details provided in Section – ‘How do you contact us?’.8. YOUR RIGHTS AND HOW TO EXCERCISE THEM
8.1 Data Subject Rights
You (data subjects) have certain rights over your Personal Data being processed by Org Name. In summary, the Data Subject rights are:- a) To be informed: Data Subject’s right to know how, why, for how long, on what legal bases his/her Personal Data is processed, existence of automated decision making, controls and standards for the periods of storing and keeping his/her Personal Data.
- b) Access: Data Subject’s right to access their Personal Data to know what the Controller it for (among other things).
- c) Rectify: Data Subject’s right to correct their Personal Data when this is not accurate.
- d) Erasure: Data Subject’s right to permanently delete their Personal Data after fulfilling certain requirements. The right is not absolute and only applies in certain circumstances.
- e) Restriction of processing. This means that a Data Subject can limit the way that Controller uses their Personal Data. In such case and if applicable, Controller will only store the Personal Data to comply with relevant regulation, but it won’t be processed for anything else.
- f) Right to object: In some cases, Data Subject have the right to object to certain processing, for example, if the Data Subject does not want to be contacted by Controller for marketing purposes.
- g) Data portability. In certain scenarios Data Subjects may request the Controller to provide a copy of their Personal Data in a digital format or send it to a third party appointed by them.
- h) Right to withdraw consent: Where the data processing is based on your consent, you may withdraw your consent to the processing of any Personal Data at any time. This will not affect the lawfulness of any processing operation before your withdrawal.