Arbore Estates Privacy Policy – Your Data Protection Rights & Global Compliance

Last updated: 30 November 2025

At a Glance

Arbore Estates collects and uses personal information to provide real estate services, respond to inquiries, and deliver relevant property offers via digital advertising. Our activities—including website, app, email/SMS/WhatsApp, lead forms, and advertising—involve tracking technologies (cookies, pixels, tags, SDKs) across Meta (Facebook/Instagram), Google Ads, YouTube, TikTok, Snapchat, and LinkedIn. We follow strict privacy standards required by UAE, EU/UK, US, Canada, Brazil, Australia, South Africa, Singapore, and Saudi Arabia laws.

Your Rights: Depending on your location, you may access, correct, delete, or port your data; opt out of targeted advertising; and withdraw consent at any time.

Contact Us:

• Email: info@arboreestates.com

• Phone: +971 800 2729

• Registered Address: Villa 2, 39th Street, Al Barsha 3, Dubai, UAE

Table of Contents

1. About This Policy

2. Who We Are

3. Data Categories We Collect

4. Purposes of Processing

5. Legal Bases for Processing

6. Cookies, Pixels, and Tracking Technologies

7. Ad Platform-Specific Disclosures

8. Data Sharing and Recipients

9. International Data Transfers

10. Data Retention

11. Security Measures

12. Your Rights by Jurisdiction

13. Marketing Communications

14. Automated Decision-Making & Profiling

15. Children’s Privacy

16. Third-Party Links

17. Updates to this Policy

18. Complaints & Contact

1. About This Policy

This policy describes how Arbore Estates (“we”, “us”, “our”) collects, uses, stores, processes, and shares personal data via our website, digital ads, lead forms (Meta, TikTok, LinkedIn, etc.), CRM, app, email, SMS, WhatsApp, and all marketing channels. It explains your rights and how you can exercise them.

We comply with the UAE Federal Decree-Law No. 45 of 2021 (PDPL), DIFC Data Protection Law, GDPR (EU/UK), US state laws (CCPA/CPRA, Colorado/Virginia/Connecticut/Utah), CAN-SPAM, TCPA, PIPEDA (Canada), LGPD (Brazil), Privacy Act (Australia), POPIA (South Africa), PDPA (Singapore), KSA PDPL, and all major platform ad policies.

2. Who We Are

• Legal Entity: Arbore Estates, Registered in UAE

• Registered Address: Villa 2, 39th Street, Al Barsha 3, Dubai, UAE

• Privacy Contact: ask@arboreinvestments.com, +971 800 2729

• Supervisory Authority: UAE Data Office, relevant Data Protection Authority (EU/UK), CPPA (California), Office of the Privacy Commissioner (Canada), ANPD (Brazil), OAIC (Australia), Information Regulator (South Africa), PDPC (Singapore), SDAIA (Saudi Arabia)

• Data Hosting: AWS Middle East (UAE), Google Cloud, Microsoft Azure

3. Data Categories We Collect

Identifiers:

• Name, email, phone, WhatsApp number

• Postal/mailing address

• IP address, device/browser identifiers (IDFA/GAID), cookie/ad IDs

• Social handles, account usernames

Commercial Info:

• Property inquiries, preferences, budget

• Transaction and booking records

• Service usage, CRM records

Internet/Activity:

• Pages viewed, time spent, referral source

• Clicks, scrolls, ad interactions

• Search terms, sessions, heatmaps

• Form submissions, UTM parameters

Geolocation:

• Approximate location from IP, city/country

• No precise location unless you give explicit consent

Inferences & Segments:

• Interest categories, audience segments, lookalike modeling

Social Profile Info:

• Additional profile details shared via lead forms or platform integrations

Financial Info:

• We do not collect payment card/bank info directly. Third-party payment processors (PCI DSS-compliant) process all transactions.

Sensitive Data:

• We do not collect sensitive personal data (race, religion, health, orientation, biometrics) unless strictly necessary and always with explicit consent.

Children:

• Our services are for users aged 18+. We do not knowingly collect personal info from children under 18.

4. Purposes of Processing

• Responding to property inquiries and requests

• Providing property information, valuations, listings

• Managing client relationships, bookings, transactions

• Personalized advertising, retargeting, conversion measurement, analytics, custom/lookalike audience building

• CRM enrichment, sales pipeline, email/SMS/WhatsApp marketing

• Service improvement, debugging, market analysis

• Compliance with legal obligations, fraud and security

5. Legal Bases for Processing

• Consent: Non-essential cookies, tracking, personalized ads, marketing email/SMS/WhatsApp, audience uploads — EU/UK, UAE, Brazil, Singapore, South Africa, Quebec, California

• Legitimate Interests: Service improvement, anonymized analytics, fraud prevention (not overridden by your rights)

• Contract: Service delivery and responding to requests

• Legal Obligation: Regulatory, accounting, security, lawful requests

Jurisdiction-specific:

• California (CCPA/CPRA): Opt-out of “sale/share,” limited use of sensitive data, GPC signals

• Brazil (LGPD): Judicial, credit protection

• South Africa (POPIA): Public interest, research/analytics

• Singapore (PDPA): Access/correction, Do Not Call Registry

6. Cookies, Pixels & Tracking Technologies

What:

• Cookies, pixels, SDKs, tags, local storage

Categories:

• Strictly necessary (site functionality)

• Functional (preferences)

• Analytics/performance (behavior, improvement)

• Advertising/marketing (personalized ads, retargeting, audience building)

Key third parties:

• Google (GA4, Ads, Signals, Floodlight)

• Meta (Pixel, CAPI, SDK)

• TikTok (Pixel, Events API)

• Snapchat (Snap Pixel, SDK)

• LinkedIn (Insight Tag, API)

• Hotjar, Clarity (if used)

Retention:

• Session cookies: deleted on browser close

• Persistent cookies: 30 days–24 months; pseudonymized ad data: 90–180 days

Your controls:

• Consent banner: Accept All, Reject Non-Essential, Manage Preferences

• Browser settings: block/delete cookies

• GPC/DNT signals respected (where required): disables behavioral tracking for California/Colorado/Connecticut users

Platform Opt-Outs:

• Google: adssettings.google.com

• Meta: facebook.com/adpreferences

• TikTok: tiktok.com/privacy/ads-and-your-data

• Snapchat: support.snapchat.com/en-US/a/advertising-preferences

• LinkedIn: linkedin.com/psettings/advertising

• NAI/DAA: optout.networkadvertising.org, optout.aboutads.info

Apps:

• iOS: Settings > Privacy & Security > Tracking

• Android: Settings > Privacy > Ads

7. Ad Platform-Specific Disclosures

Google Ads & YouTube:

• Uses: gTag, Google Ads Remarketing tags, Google Analytics (GA4), Signals, Floodlight, Enhanced Conversions

• Data: Page views, conversions, device/IP, ad interactions, audience signals

• Consent Mode v2 is active.

• Opt-out: adssettings.google.com

Meta (Facebook/Instagram):

• Uses: Pixel, Conversions API, SDK, Advanced Matching (hashed identifiers)

• Data: Page views, conversions, device info, hashed contact for audience matching

• Consent required before pixel fires (EU, UK, UAE, Quebec, Brazil, Singapore).

• Opt-out: facebook.com/adpreferences

TikTok:

• Uses: Pixel, Events API

• Data: Page views, conversions, device, IP, user agent, timestamps

• Opt-out: tiktok.com/privacy/ads-and-your-data

Snapchat:

• Uses: Pixel, SDK

• Data: Page views, conversions, device, IP

• Opt-out: support.snapchat.com/en-US/a/advertising-preferences

LinkedIn Ads:

• Uses: Insight Tag, Enhanced Matching

• Data: URL, referrer, IP, device/browser, timestamps

• Consent for EU/UK, Quebec, Singapore

• Opt-out: linkedin.com/psettings/advertising

8. Data Sharing & Recipients

• Advertising Platforms: Meta, Google, TikTok, Snapchat, LinkedIn

• Analytics Providers: Google Analytics, Hotjar/Clarity (if used)

• CRM/Automation: HubSpot, Salesforce, or similar

• Hosting/Cloud: AWS, Google Cloud, Azure

• Payment processing: Stripe, PayFort, or equivalent (if applicable)

• Security: Security monitoring/anti-fraud services

• Property Portals/Partners: Verified third-party portals

• Government Authorities: As legally required

• No onward sale: Data is not “sold,” but may be “shared” for advertising under California law (you can opt out)

9. International Data Transfers

• UAE, US, EU/UK, and other required jurisdictions

• Safeguards: Standard Contractual Clauses (SCCs), UK IDTA/Addendum, EU-US Data Privacy Framework, adequate protection

10. Data Retention

Deletion/anonymization occurs after retention period.

11. Security Measures

• Encryption (TLS/SSL in transit, AES at rest)

• Multi-factor authentication and least-privilege access controls

• Regular vulnerability assessments and monitoring

• Incident response plan, breach notification within required timelines (e.g. 72h for GDPR)

• Vendor vetting and secure data centers

12. Your Rights by Jurisdiction

Universal:

• Withdraw consent, unsubscribe any time

• Opt-out via cookie banner, website links, or platform links above

EU/UK (GDPR):

• Access, correct, delete, restrict, port, object, withdraw consent, complain to DPA

California (CCPA/CPRA):

• Know, delete, correct, opt-out of sale/share, limit sensitive PI, non-discrimination

UAE (PDPL):

• Access, correct, erase, restrict, object, portability, withdraw consent

Canada (PIPEDA):

• Access, correct, withdraw consent, lodge complaint

Brazil (LGPD):

• Confirm, access, correct, anonymize/block/delete, portability, delete, info about sharing, review automated decisions

Australia (Privacy Act):

• Access, correct, complain, direct marketing opt-out

South Africa (POPIA):

• Access, correct/delete, object, complain

Singapore (PDPA):

• Access, correct, withdraw consent, join Do Not Call Registry

Saudi Arabia (KSA PDPL):

• Access, correct, delete, object, portability

How to Exercise:
Email: ask@arboreinvestments.com, Phone: +971 800 2729, Address: Villa 2, 39th Street, Al Barsha 3, Dubai, UAE.
Requests must be verified before processing. Standard response times: 1 month (GDPR), 45 days (CCPA), others as required.

13. Marketing Communications

• Emails, SMS, WhatsApp, direct messages sent only where legal and with opt-in consent as required

• Unsubscribe any time via link in emails or reply STOP to SMS/WhatsApp

• Opt-outs processed within 10 business days (CAN-SPAM, TCPA) or promptly (GDPR, UAE, etc.)

• No dark patterns; clear options always

14. Automated Decision-Making & Profiling

• Ad personalization and audience segmentation is automated

• No decisions made solely by automation that have legal or similarly significant effects

• Right to request human intervention for automated decisions

15. Children’s Privacy

• Services not directed at users under 18

• No knowing collection from children under 18 or under 13 (COPPA compliance); deletion on parental request

16. Third-Party Links

• Links to external sites/apps maintain independent privacy practices—review their policies separately

17. Updates to This Policy

• Updates posted here with new date

• Material changes notified via website banner and (if required) email

18. Complaints & Contact

If dissatisfied, lodge complaints with:

• UAE: UAE Data Office

• EU/UK: Your local Data Protection Authority

• California: CPPA

• Canada: Office of the Privacy Commissioner

• Brazil: ANPD

• Australia: OAIC

• South Africa: Information Regulator

• Singapore: PDPC

• Saudi Arabia: SDAIA

Contact: ask@arboreinvestments.com, +971 800 2729, Villa 2, 39th Street, Al Barsha 3, Dubai, UAE

By submitting your information, you consent to this policy.

© 2025 Arbore Estates. All rights reserved.