Privacy Policy on the Processing of Personal Data 1. General ProvisionsThis Personal Data Processing Policy (hereinafter referred to as the “Policy”) has been prepared in accordance with the requirements of
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data of the United Arab Emirates (hereinafter referred to as the “Personal Data Law”) and defines the procedure for processing personal data and the measures taken by
Danube Properties Development (hereinafter referred to as the “Operator”) to ensure the security of personal data.
1.1 The Operator considers the observance of human rights and freedoms in the processing of personal data, including the protection of the right to privacy, as its most important objective and condition for carrying out its activities.
1.2 This Policy applies to all information that the Operator may obtain about visitors to the website
https://danube.itsmrthankyou.com.
2. Basic Terms Used in the Policy2.1.
Automated processing of personal data — processing of personal data using computer technology.
2.2.
Blocking of personal data — temporary suspension of personal data processing (except when processing is necessary to clarify personal data).
2.3.
Website — a collection of graphic and information materials, as well as computer programs and databases ensuring their availability on the Internet at
https://danube.itsmrthankyou.com.
2.4.
Personal data information system — a set of databases containing personal data and the technologies and technical tools that ensure their processing.
2.5.
Depersonalization of personal data — actions resulting in the impossibility of determining, without additional information, whether personal data belong to a specific User or another subject of personal data.
2.6.
Processing of personal data — any action (operation) or set of actions (operations), performed using or without using automation tools with personal data, including collection, recording, systematization, accumulation, storage, updating (modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, or destruction of personal data.
2.7.
Operator — a government authority, legal or natural person who determines the purposes and means of processing personal data and carries out such processing independently or jointly with others.
2.8.
Personal data — any information that directly or indirectly relates to an identified or identifiable User of the website
https://danube.itsmrthankyou.com.
2.9.
Personal data authorized for dissemination — personal data to which the subject has granted access to an unlimited number of persons by giving explicit consent in accordance with the Personal Data Law.
2.10.
User — any visitor of the website
https://danube.itsmrthankyou.com.
2.11.
Provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons.
2.12.
Dissemination of personal data — any actions aimed at making personal data publicly available, including publication on the Internet or by any other means.
2.13.
Cross-border transfer of personal data — transfer of personal data to a foreign state, international organization, foreign individual, or legal entity.
2.14.
Destruction of personal data — any actions resulting in the irreversible destruction of personal data without the possibility of recovery.
3. Operator’s Main Rights and Obligations
3.1. The Operator has the right to:Receive accurate information and/or documents containing personal data from the data subject.Continue processing personal data without consent in cases provided by the Personal Data Law.Independently determine the composition and list of measures necessary to ensure compliance with the Personal Data Law.
3.2. The Operator is obliged to:Provide the data subject, upon request, with information regarding the processing of their personal data.Organize the processing of personal data in accordance with the legislation of the United Arab Emirates. Respond to requests and inquiries from data subjects or their legal representatives. Provide the competent authority for data protection with the required information upon request. Publish or otherwise provide unrestricted access to this Policy. Take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, disclosure, or any other unauthorized actions. Terminate processing and destroy personal data in cases prescribed by the Personal Data Law.
4. Rights and Obligations of Data Subjects
4.1.
Rights of data subjects:- To obtain information regarding the processing of their personal data, except as provided by applicable law.
- To require the Operator to update, block, or destroy inaccurate or unlawfully obtained personal data.
- To withdraw consent to the processing of personal data at any time.
- To object to processing for marketing purposes.
- To lodge a complaint with the UAE Data Office or other competent authority.
4.2.
Obligations of data subjects:- To provide accurate information about themselves.
- To inform the Operator of any updates or changes to their personal data.
4.3. Persons providing false or third-party data without consent bear responsibility in accordance with UAE law.
5. Principles of Personal Data ProcessingProcessing is carried out lawfully, fairly, and transparently. Processing is limited to achieving specific, legitimate purposes. Only personal data relevant to the stated purposes shall be processed. The volume and content of processed data correspond to the declared purposes. Personal data must be accurate and kept up to date. Data is stored only as long as necessary to fulfill processing purposes. After the purpose is achieved, data is deleted or anonymized.
6. Purpose of Personal Data Processing
Purpose: To inform the User by sending electronic messages.
Personal Data Processed: Full name, email address, phone number.
Legal Basis: The Operator’s statutory and corporate documents.
Types of Processing: Collection, recording, systematization, accumulation, storage, destruction, and anonymization.
7. Conditions for Processing Personal DataPersonal data is processed:
- With the consent of the data subject.
- As required by UAE federal laws or international treaties.
- For the execution or conclusion of a contract with the data subject.
- To protect the legitimate interests of the Operator or third parties, provided such processing does not violate the rights and freedoms of the data subject.
- When the data subject has made personal data publicly available.
- When disclosure is required by applicable law.
8. Collection, Storage, Transfer, and Other Processing ProceduresThe security of personal data is ensured through the implementation of legal, organizational, and technical measures in accordance with UAE law.
- The Operator guarantees the safekeeping and confidentiality of personal data and takes all reasonable steps to prevent unauthorized access.
- Personal data will not be transferred to third parties without consent, except as required by law or contract.
- Users may update their personal data by sending an email to office@itsmrthankyou.com with the subject “Personal Data Update”.
- Users may withdraw their consent at any time by emailing office@itsmrthankyou.com with the subject “Withdrawal of Consent to Personal Data Processing”.
- Data collected by third-party services (payment systems, communication platforms, etc.) is processed under their own Privacy Policies. The Operator is not responsible for their actions.
- The Operator ensures confidentiality and restricts access to personal data to authorized personnel only.
- Processing terminates once its objectives are achieved or consent is withdrawn.
9. List of Actions Performed with Personal DataThe Operator performs the collection, recording, systematization, accumulation, storage, updating, extraction, use, transfer, anonymization, blocking, deletion, and destruction of personal data using automated or manual means.
10. Cross-Border Transfer of Personal DataBefore conducting cross-border data transfers, the Operator shall ensure that the foreign recipient provides an adequate level of data protection as required by UAE law and shall notify the competent authority if necessary.
11. Confidentiality of Personal DataThe Operator and other persons who have gained access to personal data are obliged not to disclose or distribute it to third parties without the consent of the data subject, unless otherwise required by UAE law.
12. Final ProvisionsUsers may obtain any clarifications regarding the processing of their personal data by contacting the Operator at
office@itsmrthankyou.com.Any amendments to this Policy will be reflected in this document. The Policy remains valid indefinitely until replaced by a new version. The current version of this Policy is publicly available at
https://danube.itsmrthankyou.com/privacy.
