Privacy Policy

home24.ae

Privacy policy

Introduction

Welcome to Home24! This Privacy Policy outlines how we handle your personal information and data when you visit and use our website, home24.ae. We are committed to protecting your privacy and ensuring that your personal information is collected and used responsibly

Contact Information

Home24

Unit Area 199, Alquisaidat Nakheel

Ras Al Khaimah, United Arab Emirates

Phone: +971 (72) 44 - 8022

Email: info@home24.ae

Information We Collect

When you visit our website, we may collect the following types of information

Personal Information:

Name, email address, phone number, mailing address, payment information, and any other details you provide during registration or purchase

Non-Personal Information:

Browser type, IP address, operating system, browsing behavior, and other analytical data to understand how users interact with our website

How We Use Your Information

We use the information we collect to

Process and Fulfill Orders:

To handle your orders efficiently, including processing payments, shipping, and delivery

Customer Support:

To provide customer service, address inquiries, and resolve issues related to our products and services

Improve Our Website and Services:

To enhance user experience, develop new features, and optimize our website's performance

Marketing and Communication:

To send promotional materials, updates, and offers, provided you have opted in to receive such communications. You can unsubscribe at any time

Legal Compliance:

To comply with applicable laws, regulations, and legal processes

Sharing Your Information

We do not sell, trade, or otherwise transfer your personal information to outside parties except as described below

Service Providers:

We may share your information with third-party service providers who assist us in operating our website, conducting our business, or servicing you. These providers are contractually obligated to keep your information confidential and secure

Business Transfers:

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction

Legal Requirements:

We may disclose your information if required by law, in response to valid requests by public authorities, or to protect our rights, property, and safety, as well as that of our users and the public

Data Security

We implement a variety of security measures to maintain the safety of your personal information. These measures include

Secure Servers:

Storing your information on secure servers protected by firewalls

Data Encryption:

Encrypting sensitive information during transmission using Secure Socket Layer (SSL) technology

Access Controls:

Restricting access to personal data to authorized personnel only

Cookies

Our website uses cookies to enhance your browsing experience. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your web browser. We use cookies to

Remember Preferences:

To store your preferences and login information

Analyze Usage:

To gather statistical data on how users interact with our website

Personalize Content:

To tailor our website content and offers to your interests

You can choose to disable cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of our website

Third-Party Links

Occasionally, we may include third-party products or services on our website. These third-party sites have separate and independent privacy policies. We, therefore, have no responsibility or liability for the content and activities of these linked sites. However, we seek to protect the integrity of our site and welcome any feedback about these sites

Your Rights

You have certain rights regarding your personal information, including

Access:

You can request access to the personal information we hold about you

Correction:

You can request corrections to any inaccurate or incomplete information

Deletion:

You can request the deletion of your personal information, subject to certain legal obligations

Objection:

You can object to the processing of your personal information for specific purposes, such as direct marketing

Data Portability:

You can request a copy of your personal information in a structured, commonly used, and machine-readable format

To exercise any of these rights, please contact us using the information provided in the "Contact Us" section

Children's Privacy

Our website is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information promptly

International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. By using our website and providing your information, you consent to such transfers

Changes to Our Privacy Policy

We may update our privacy policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. Any changes will be posted on this page, and the date of the latest revision will be indicated at the top of the policy. We encourage you to review this policy periodically for the latest information on our privacy practices

Data Retention

We will retain your personal information for as long as necessary to fulfill the purposes outlined in this privacy policy unless a longer retention period is required or permitted by law. When your personal information is no longer needed, we will securely delete or anonymize it

Your Consent

By using our site, you consent to our website's privacy policy. This consent includes the collection, use, and sharing of your information as described in this policy. If you do not agree with our policies and practices, you should not use our website

Dispute Resolution

If you have any complaints regarding our compliance with this privacy policy, please contact us first. We will investigate and attempt to resolve any complaints and disputes regarding our use and disclosure of personal information. If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority

Governing Law

This privacy policy is governed by and construed in accordance with the laws of the United Arab Emirates. Any disputes arising from or related to the use of this website will be subject to the exclusive jurisdiction of the courts of the United Arab Emirates

Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL)

Governance and Enforcement

Data Office:

The UAE has established a national Data Office responsible for overseeing the implementation of the PDPL, ensuring compliance, and providing guidance

Data Protection Officer (DPO):

Organizations may be required to appoint a DPO based on the nature and scope of their data processing activities. The DPO's role includes monitoring compliance, advising on data protection obligations, and acting as a point of contact with the Data Office

Penalties:

The PDPL outlines significant penalties for non-compliance, which can include fines, restrictions on data processing activities, and even suspension of business operations. The exact fines and penalties are determined based on the severity and nature of the violation

Specific Requirements

Consent:

Obtaining explicit consent from data subjects is mandatory for processing personal data, except in certain lawful circumstances (e.g., performance of a contract, legal obligations, protection of vital interests)

Children’s Data:

Special provisions are in place for processing personal data of children, requiring parental consent and ensuring that data processing practices are appropriate for minors

Sensitive Personal Data:

Processing sensitive personal data (e.g., health data, biometric data) requires additional safeguards and, in many cases, explicit consent from the data subject

Anonymization and Pseudonymization:

Encourages techniques to protect personal data by making it less identifiable

Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020)

Governance and Enforcement

DIFC Commissioner of Data Protection:

The DIFC Commissioner oversees compliance with the data protection law, provides guidance, and enforces the regulations within the DIFC

DPO Appointment:

Required for organizations involved in extensive processing of personal data, or where processing involves regular and systematic monitoring of data subjects on a large scale

Specific Requirements

Data Protection Impact Assessments (DPIAs):

Mandatory for high-risk processing activities, ensuring that potential risks to data subjects are identified and mitigated

Binding Corporate Rules (BCRs):

Organizations can adopt BCRs approved by the Commissioner to facilitate data transfers within corporate groups across borders

Codes of Conduct and Certifications:

Encourages the development of codes of conduct and certification mechanisms to demonstrate compliance with the data protection principles

Abu Dhabi Global Market (ADGM) Data Protection Regulations 2021

Governance and Enforcement

ADGM Commissioner of Data Protection:

The ADGM Commissioner oversees the enforcement of data protection regulations within the ADGM and provides necessary guidance

DPO Appointment:

Required for organizations whose core activities involve regular and systematic monitoring of data subjects on a large scale, or processing large volumes of sensitive personal data

Specific Requirements

Data Protection by Design and by Default:

Organizations must integrate data protection principles into their processing activities and ensure that only necessary data is processed by default

International Transfers:

ADGM requires appropriate safeguards for data transfers, including standard contractual clauses, approved codes of conduct, or certifications

Joint Controllers:

Where two or more controllers jointly determine the purposes and means of processing, they must clearly define their respective responsibilities in a transparent manner

Compliance Strategies

Risk Assessment and Management

Conduct Regular Audits:

Regularly review and audit data processing activities to ensure compliance with data protection laws and identify any potential areas of risk

Develop a Risk Management Plan:

Establish a risk management plan to address identified risks and outline procedures for mitigating potential data breaches

Training and Awareness Programs

Employee Training:

Provide ongoing training for employees on data protection principles, the importance of data security, and the specific requirements of applicable data protection laws

Awareness Campaigns:

Conduct awareness campaigns within the organization to promote a culture of data protection and ensure that all employees understand their responsibilities

Data Breach Response Plan

Incident Response Team:

Establish an incident response team responsible for managing data breaches, including detection, containment, eradication, and recovery

Notification Procedures:

Develop clear procedures for notifying the Data Office, DIFC Commissioner, or ADGM Commissioner, as well as affected data subjects, in the event of a data breach

Data Subject Requests

Streamlined Processes:

Implement streamlined processes for handling data subject requests, such as access, rectification, erasure, and data portability, ensuring timely and efficient responses.

Documentation:

Maintain detailed records of all data subject requests and the actions taken to address them

Best Practices for Data Protection

Data Encryption

Encrypt Data at Rest and in Transit:

Use strong encryption methods to protect personal data both when stored and when transmitted across networks

Access Controls

Implement Role-Based Access:

Restrict access to personal data based on employees’ roles and responsibilities, ensuring that only authorized personnel can access sensitive information

Regular Access Reviews:

Conduct regular reviews of access controls to ensure that they remain appropriate and effective

Data Minimization

Limit Data Collection:

Collect only the personal data necessary for the specified purposes and avoid excessive data collection

Data Retention Policies:

Establish and enforce data retention policies to ensure that personal data is not retained longer than necessary

Vendor Management

Due Diligence:

Conduct thorough due diligence on third-party vendors and service providers to ensure they comply with data protection laws and have adequate safeguards in place

Contracts and Agreements:

Include data protection clauses in contracts with vendors and service providers, specifying their responsibilities and obligations regarding personal data

By implementing these comprehensive measures and adhering to the specific requirements of UAE data protection laws, organizations can ensure the protection of personal data, maintain compliance, and foster trust with their customers and stakeholders

Contact Us

If you have any questions or concerns about our privacy policy, please contact us

Home24

Unit Area 199, Alquisaidat Nakheel

Ras Al Khaimah, United Arab Emirates

Phone:

+971 (72) 44 - 8022

Email:

info@home24.ae