Data Protection and Data Processing Policy

Introduction
Blue Falon Real Estate Valuation LLC (“the Company”, “we”, “our”, or “us”) is committed to safeguarding the confidentiality, integrity, and lawful processing of personal data entrusted to us by our clients. This Data Protection and Data Processing Policy outlines the principles under which personal data is collected, processed, stored, and disclosed in compliance with applicable data protection laws of the United Arab Emirates.
Data Controller and Data Processor
For the purposes of applicable laws, the Company acts as the Data Controller when determining the purposes and means of processing personal data, and may act as a Data Processor when handling personal data on behalf of clients, partners, or regulatory authorities. In both roles, the Company is committed to ensuring compliance with data protection principles.
Purpose and Basis of Processing
Personal data shall only be processed for specified, explicit, and legitimate purposes, including but not limited to the provision of real estate consultancy, valuation, and brokerage services, communication with clients, processing of payments, compliance with regulatory obligations, and the administration of client relationships. Processing shall always be based on lawful grounds, such as contractual necessity, legal obligations, or explicit consent of the data subject.
Principles of Data Protection
The Company shall ensure that all personal data is:
  • Processed fairly, lawfully, and transparently.
  • Collected for legitimate business purposes and not further processed in a manner incompatible with those purposes.
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  • Accurate and kept up to date, with all reasonable steps taken to rectify inaccurate data without delay.
  • Stored only for as long as necessary for business or legal obligations, and securely deleted or anonymized thereafter.
  • Processed with appropriate security measures to prevent unauthorized access, disclosure, alteration, or loss.
Confidentiality and Security
The Company employs technical, administrative, and organizational measures to safeguard personal data against unauthorized processing, accidental loss, destruction, or damage. All employees, contractors, and service providers who may have access to personal data are bound by confidentiality obligations.
Cross-Border Data Transfers
Where personal data is transferred outside the United Arab Emirates, the Company shall ensure that adequate safeguards are in place, including contractual protections or reliance on jurisdictions recognized for having appropriate levels of data protection.
Rights of Data Subjects
Data subjects have the right to request access to their personal data, to request correction of inaccuracies, to request restriction or objection to processing, and to request erasure of their data, subject to applicable legal and regulatory obligations. The Company shall respond to such requests in a reasonable timeframe and in accordance with the law.
Use of Third Parties
The Company may engage third-party service providers, including IT service providers, auditors, and payment processors, for the purpose of supporting business operations. In such cases, the Company shall ensure that such parties are contractually bound to process personal data only in accordance with the Company’s instructions and in compliance with applicable data protection laws.
Breach Notification
In the event of a data breach that may compromise the rights or freedoms of individuals, the Company shall notify the affected parties and relevant regulatory authorities in accordance with applicable law.
Amendments
The Company reserves the right to amend this Data Protection and Data Processing Policy from time to time. Updated versions will be published on our website and will take effect immediately upon publication.