1. Introduction

Pinnacle Assurance L.L.C (“Pinnacle”, “we”, “our”, or “us”) is a licensed and regulated real estate brokerage in Dubai. This Privacy Policy explains how we collect, process, store, share, and protect your personal data in compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and, where applicable, the EU General Data Protection Regulation (GDPR) and UK GDPR.

2. Information We Collect

2.1 Personal Information (Provided by You)

• Name, nationality, date of birth.
• Emirates ID or passport details.
• Contact information (phone, email, address).
• Property preferences, transaction history, and correspondence.
• Financial details necessary for property transactions.

2.2 Information We Automatically Collect

• IP address and approximate location.
• Browser type, operating system, device identifiers.
• Website usage behaviour and navigation data.
• Cookies and similar tracking data (see Section 9).

2.3 Information from Third Parties

• Real estate partners and developers.
• Advertising and analytics providers.
• Public records and official property registries.
• Social media platforms when you interact with our pages

3. Legal Basis for Processing

We process personal data under the following lawful grounds:

• Contractual necessity: to fulfil our contractual obligations.
• Legal obligation: compliance with anti-money laundering, tax, and property laws.
• Legitimate interest: business operations, fraud prevention, marketing.
• Consent: for marketing, analytics, and optional services, where required.

4. How We Use Your Information

4.1 Primary Business Operations

• Facilitating property sales, lettings, and management.
• Conducting client verification and due diligence.
• Preparing and managing contracts and transaction documents.

4.2 Communications and Marketing

• Responding to enquiries and sending transaction updates.
• Delivering property alerts, newsletters, and market insights (subject to consent).

4.3 Analytics and Improvements

• Monitoring site performance.
• Improving user experience and developing new services.

4.4 Legal and Security Purposes

• Meeting regulatory requirements.
• Detecting and preventing fraud.
• Protecting the safety and rights of clients and staff.

5. Data Protection Rights

You have the following rights under UAE PDPL and GDPR:

• Right to Access: obtain copies of your data. Kindly be advised that a nominal charge may apply for this service.
• Right to Rectification: correct inaccurate or incomplete information.
• Right to Erasure: request deletion under certain conditions.
• Right to Restrict Processing: limit processing where applicable.
• Right to Object: to certain processing, including marketing.
• Right to Data Portability: receive your data in a structured format.
• Right to Withdraw Consent: without affecting previous lawful processing.
• Right to Lodge a Complaint: with a relevant data protection authority.

6. How We Share Your Information

We share data only when necessary and lawful:

• With real estate professionals, developers, and service providers.
• With advertising partners such as Meta and Google.
• With regulators or law enforcement when required by law.
• During business mergers, acquisitions, or sales.

7. International Data Transfers

Where data is transferred outside the UAE, EU, or UK, we ensure safeguards via adequacy decisions, Standard Contractual Clauses, or other lawful transfer mechanisms.

8. Data Retention

We retain personal data only for as long as necessary:

• Transaction and compliance records: minimum 5 years.
• Marketing data: until consent is withdrawn or 24 months from last interaction.

9. Cookie Tracking Technology

We use cookies and similar technologies in accordance with UAE PDPL and GDPR to improve website functionality, user experience, marketing, and analytics.

9.1 Types of Cookies

• Essential: Core functions like login and secure transactions.
• Performance: Analyse site usage and resolve errors.
• Functional: Store user settings and preferences.
• Advertising: Deliver targeted ads and measure campaign performance.
• Security: Prevent and detect malicious activity.

9.2 Third-Party Cookies

• Analytics Providers (Google Analytics).
• Advertising Networks (Meta, Google Ads).
• Social Media Platforms (integration and sharing tools).

9.3 Cookie Lifespan

Session cookies expire upon browser closure; persistent cookies remain until expiry or manual deletion.

9.4 Cookie Management

You can manage cookies via:

• Our on-site consent tools.
• Browser settings.
• Third-party opt-out tools.

9.5 Legal Basis

Non-essential cookies require consent; essential cookies rely on legitimate interest.

9.6 Further Information

See our standalone Cookie Policy for detailed information.

10. Data Security

Pinnacle Assurance L.L.C maintains a security architecture designed to meet or exceed the standards imposed by applicable data protection laws, including the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data and, where relevant, the EU General Data Protection Regulation. We apply a multi-layered approach that combines physical, technical, and organisational safeguards to ensure the integrity, confidentiality, and availability of personal data entrusted to us.

Our measures include, without limitation: encryption of data in transit and at rest using industry-recognised protocols; secure, access-controlled data centres; role-based access rights with least-privilege principles; network firewalls and intrusion detection systems; and continuous monitoring for suspicious or anomalous activity. All personnel with access to personal data are contractually bound by confidentiality obligations and receive regular, mandatory training on information security and data protection compliance.

While Pinnacle takes every reasonable and proportionate measure to secure personal data, no system of storage or transmission can be guaranteed to be entirely secure. In the event of a suspected or confirmed data incident, we will activate our incident response protocols to contain and investigate the matter promptly, and we will notify affected parties and regulators as required by applicable law.

11. Children’s Privacy

We do not knowingly collect data from individuals under 18. If data is inadvertently collected, it will be deleted unless legally required to retain it.

12. Third-Party Websites

We are not responsible for the privacy practices of third-party websites linked from our platform. Users should review their policies before providing personal data.

13. Changes to This Privacy Policy

We may update this policy to reflect changes in law or business operations. Material changes will be communicated via our website, email, or both, with updated consent obtained where required.

14. Data Breach Notification

In the event of a breach likely to affect your rights:

• We will notify the supervisory authority within 72 hours
• Inform affected individuals with details and mitigation measures
• Keep records of all breaches regardless of severity

15. Contact Us

For any questions, please contact us:

Email: privacy@pinnacle-assurance.com
Phone: +971 56 586 6866

If you are in the EU/UK, you may contact your local data protection authority. Details can be found at: https://edpb.europa.eu