The Company collects contact information, names, financial details, employment data, and Know Your Customer (KYC)-related information.
The collection of personal information would be through direct communication with the concerned person.
The collected information includes the following type of personal data:
The Company is committed to ensuring that the personal details, including information related to credit/debit card information, are not stored, sold, shared, rented, or leased to any third parties unless required to complete the engagement. The Company takes appropriate steps to ensure data privacy and security, including through various hardware and software methodologies. However, the Company cannot guarantee the security of any information that is disclosed online over any of the companies’ websites.
When the person visits and inquires about services offered by the Company on any of the company’s websites, information like name, contact details, name of the associated organization, location, email address, etc., may be requested.
The Company shall collect personal data in connection with providing our services and conducting our normal business operations and/or communications to invite you to our event or share relevant information.
The Company may hold information about the following:
The Company processes the data for legitimate interests, legal compliance, and protection, but with the data subject’s consent where necessary. As required, personal information shall be processed to advance the Company’s legitimate business interests and other objectives.
These objectives encompass the followingpurposes:
Additionally, the personal data shall be processed for ancillary internal tasks of the Company, such as book-keeping and accounting, auditing, and regulatory reporting requirements to concerned authorities.
To execute the agreed engagement, when the requested information is not obtained from the person, it may impact the quality or delivery schedule of the services.
Personal data shall be used only for the purposes it was collected unless such data is required for some other purpose following the applicable regulations. If such data is required for an unrelated purpose, the concerned company shall give prior intimation to the concerned parties and the legal backing.
The Company shall rely on the data subject’s consent as the legal grounds for processing the personal information for limited instances where an explicit request has been made. If the processing is done based on the consent, the data subject has the right to withdraw that consent at any time. However, any dataprocessingconductedbeforethewithdrawaloftheconsentshallremainvalidandlawful.
Further, in certain situations, the requirement for data processing may arise from the necessity to perform tasks in the substantial public interest as mandated by law, such as detecting and preventing crimes. Such processing shall not be subject to the data subject’s consent.
The Company may share the personal data with third parties or internally amongst the companies when such data sharing is required to conclude the service engagement or other legal purpose mandating the Company to transmit such information.
The Company has never and shall never sell the personal data of the stakeholders to any third party under whatsoever circumstances.
When third parties are involved, the third parties are mandated to adhere to the Company’s Data Privacy Policy and Data Protection Policy. Wherever required under the law or as per internal policies of the Company, the concerned company shall seek the data subject’s consent before transmitting the personal data to third parties.
The Company has adopted appropriate technical, organizational, and security measures to prevent any accidental loss, unauthorized access, use, alteration, or disclosure of the personal data of any data subject. The details of this are captured in the Company’s Data Protection Policy.
Further, the Company has a policy to ensure that only the concerned employees, agents, or third parties access and process the personal data engaged in service delivery or business relationship management. Such data processing is subject to strict adherence to the confidentiality requirement.
The collected personal data shall be retained for the period required to fulfill the purpose for which it was collected, including the ancillary requirement related to legal documentation and accounting/reporting. Once the objective of collected data is achieved, the Company shall appropriately delete, archive, or anonymity the personal data to avoid any inappropriate or unauthorized use of the data without knowledge of the data subject.
Further, the Company also has a mechanism in place to handle the suspected breach of the data privacy and protection standard.
In case of any concerns, complaints, or general requests regarding the personal data, the data subject shall write an
email to the Data Protection Officer at info@heritage-ae.com
The requests from the data subject shall be handled in accordance with the Company’s Data Protection Policy.