1.1 Seef Properties B.S.C. (“Company”), together with its subsidiaries and affiliates (collectively, the “Group”), is committed to maintaining the confidentiality, integrity, and security of personal and sensitive information collected from customers, in accordance with applicable laws. The words “our”, “we” or “us” where they appear herein refer to the Company and the Group, unless the context indicates otherwise. The words “you” and “your” where they appear herein refer to you, the person accessing the websites or applications and accepting the respective terms and conditions.
1.2 This Privacy Notice has been developed in line with the provisions of the Personal Data Protection Law No. 30 of 2018 (“PDPL”) and defines our procedures to process Personal and Sensitive Personal Data collected and processed by us through all means including, without limitation, our corporate offices, website, applications, Customer Service Helpdesks whether in person or electronically and Property and Facility Management divisions.
1.3 This Privacy Notice also covers any additional Personal Data that we may collect from customers and process, during or through other interactions, either directly with us or through our Data Processors.
1.4 We recognise the importance of data privacy and treats your Data in accordance with applicable data protection laws and regulations.
1.5 This Privacy Notice should be read in conjunction with any other privacy notices or fair processing notices and product terms and conditions we may provide on specific occasions when we are collecting or processing Personal Data.
1.6 This Privacy Notice is updated frequently with the last update being on 11 August 2021. Whenever an update is enacted, it shall be posted on our websites, with any significant updates informed to our customers as applicable.
1.7 By accessing and using our websites and mobile applications, you agree to the terms and conditions of this Privacy Notice.
2.1 “Data or Personal Data” means any information of any form related to an identifiable individual, or an individual who can be identified, directly or indirectly, particularly through his/her personal identification number, or one or more of his/her physical, physiological, intellectual, cultural or economic characteristics or social identity.
To determine whether an individual can be identified, all the means used by, or that may be available to, the Data Manager or any other person, shall be taken in consideration.
Personal Data that we collect may include name, identification and passport numbers, date of birth, email and address. Personal Data and supporting documentation required is available in our application forms.
2.2 “Sensitive Personal Data” means any personal data that reveals, directly or indirectly, the individual’s race, ethnicity, political or philosophical views, religious beliefs, union affiliation, criminal record or any Data related to his/her health or sexual life.
2.3 “Data Manager” means the person who decides, solely or in association with others, the purposes and means of processing of certain Personal Data. In the events where such purposes and means are prescribed by applicable laws, the Data Manager shall be the person who is responsible for the processing.
2.4 “Data Processor” means the person who processes the data for and on behalf of the Data Manager, not including whoever works for the Data Manager or Data Processor.
2.5 “Processing” means any operation or set of operations carried out on Personal Data by automated or non-automated means, such as collecting, recording, organising, classifying in groups, storing, modifying, amending, retrieving, using or revealing such Data by broadcasting, publishing, transmitting, making them available to others, integrating, blocking, deleting or destroying them.
2.6 “Direct Marketing” means any communication, by any means, through which a marketing or advertising material is directed to a specific person.
3. DATA WE COLLECT
3.1 Information Requested/Collected By US
3.1.1 As part of our legitimate business use and regulatory requirements and for the purpose of providing our services, we must and do collect and process the following categories of Personal Data about our past, existing and prospective clients (individuals and legal entities)
DATA CLASS INDICATIVE DATA ELEMENTS (NON-EXHAUSTIVE)
Individual’s information ID Cards, Passports etc.
Legal entity’s information Commercial registration certificate, extracts, trade licenses, authorised signatory lists, authorisations, resolutions etc.
Financial information Bank details, debit and credit card information, bank statements, audited and non-audited financial statements or sales reports etc.
Documents Service-related agreements, terms and conditions, declarations, disclosures, application forms and other information concluded between you and us
Website and Application usage information We collect, store and process traffic customer data as part of providing customers with services. Your IP address is also collected and so are details of your geographic address (post code or name of street, town or city, etc.).
(in our corporate offices, properties and malls)
When you visit our corporate offices or any of shopping malls or projects, we may also collect information about you on CCTV as part of our security measures.
3.1.2 In order to properly provide our services and to adhere to regulatory requirements, we collect Personal Data about you from sources, which include without limitation, the following:
a. Government authorities and regulators,
b. Participants of Group services (such participating stores merchants located in our properties);
c. Records of the correspondence between us;
d. Our websites and applications; and/or
e. Events and marketing campaigns, including raffle systems.
3.2 Information Collected Automatically by Us
3.2.1 When you visit our websites or applications, we may collect certain Personal Data automatically from your device such as:
a. Your IP address;
b. Device type;
c. Unique device identification number; and/or
d. Browser type, broad geographic location (on a country or city level).
3.2.2 We also collect information about how your device has interacted with our websites and applications, including the pages accessed and links clicked. Collecting this information enables us to better understand the visitors and users who come to our websites and applications, where they come from and what content on our website and application is of interest to them. We use this information for our internal analytics purposes, and to improve the quality and relevance of our websites and applications to our visitors.
3.2.3 Our websites and applications also use various social media plugins as well as links to external websites which are not controlled or maintained by us that may collect information regarding your identifier and usage. We will not be responsible for the data collection and content on these plugins, websites or applications.
4. DATA VOLUNTARILY PROVIDED BY YOU
4.1 We collect Personal Data that you provide voluntarily through our website or applications, which include without limitation, when registering and signing up, completing online forms to contact us, subscribing to a newsletter, subscribing to receive marketing communications from us, participating in surveys, registering for events that we are organising and/or uploading documents through our electronic portals. Personal Data we collect may include, without limitation:
4.1.2 Job title or related particulars;
4.1.3 Legal entity name;
4.1.4 Legal entity Data;
4.1.5 Contact information, including email addresses, telephone numbers and/or fax numbers;
4.1.6 Demographic information, such as industry, country, preferences and other interests;
4.1.7 Information relating to the services you are interested in or require from us; and
4.1.8 Any other Personal Data you voluntarily provide.
4.2 Any Data provided by you on behalf of a Data Owner who either partially or wholly lacks the legal capacity to consent shall be considered within the limits of the applicable laws as if granted by the Data Owner.
5. HOW WE PROTECT YOUR DATA
5.1 As the Data Manager, we have a responsibility to apply technical and organisational measures capable of protecting the Data against unintentional or unauthorised destruction, accidental loss, unauthorised alteration, disclosure or access, or any other form of processing.
5.2 We limit access to Personal Data to our Group, and its members, regulators, government authorities, vendors, consultants, employees, contractors, business partners or agents who require such access on a need-to-know basis and under strict confidentiality arrangements in connection with providing products or services to you or for other legitimate business purposes only.
5.3 We have instituted adequate measures for providing an appropriate level of security aligned to the nature of the Data being processed, and the risks that may arise from this processing. Our various security measures include encryption, firewalls and access controls.
5.4 Notwithstanding this, despite our best efforts, we cannot absolutely guarantee the security of Data against all threats. We have implemented suitable measures to identify, monitor and report any breaches of Personal Data in line with the requirements of the PDPL.
6. PROCESSING YOUR DATA
6.1.1 Providing our products or services to you (as an individual and/or legal entity);
6.1.2 Administering our relationship and performing our obligations under a contractual arrangement with you;
6.1.3 Complying with legal and regulatory requirements;
6.1.4 Invoicing, accounting and tax purposes;
6.1.5 Anti-money laundering, combating financing of terrorism and fraud-prevention purposes;
6.1.6 Enhancing of our products and services;
6.1.7 Researching, analysis and statistical purposes;
6.1.8 Establishing, exercising or defending legal rights;
6.1.9 Marketing of our current and/or upcoming products/services;
6.1.10 Participating in our raffles; and
6.1.11 Other legitimate interests in the effective delivery of information and services to you in line with the lawful operation of our business, to the extent that the same do not adversely interfere with your rights.
6.2 We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to know how processing for any new purpose is compatible with the original purpose, please contact us.
6.3 If we need to use your Personal Data for an unrelated purpose, we will notify you to explain the legal basis which allows us to do so or, where required by law, to seek your consent.
6.4 Legitimate Authorities
We rely upon the following legitimate authorities to process your Personal Data:
6.4.1 Explicit consent from you;
6.4.2 Administering our relationship and performing our obligations under a contractual arrangement with you;
6.4.3 Complying with legal and regulatory requirements; and
6.4.4 Other legitimate interests in the effective delivery of information and services to you in line with the lawful operation of our business, to the extent that the same do not adversely interfere with your rights.
6.5.1 We may use your identity, contact information, profile data or other Personal Data to directly market products and/or services that may be of interest to you.
6.5.2 We will provide you an option to opt-in to our marketing activities (including newsletters, promotions) at the time of signing-up for our services. Existing customers who are already registered in our systems will continue to receive our marketing communications unless they opt-out.
6.5.3 To opt-out of receiving direct marketing and to update your communication preferences, please contact us on email@example.com
6.5.4 We do not share your Personal Data with third-party marketers or advertisers.
7. DISCLOSING YOUR DATA
7.1 We will only disclose your Personal Data to third-parties outside our Group in the following circumstances:
7.1.1 When explicitly requested by you;
7.1.2 To perform our obligations under a contractual arrangement with you; or
7.1.3 If compelled by a court order or an order of a competent legal authority.
7.2 Third-party recipients of Personal Data may include, without limitation:
7.2.1 Government authorities and other regulators or professional bodies;
7.2.2 Entities within our Group;
7.2.3 Courts, police and law enforcement agencies;
7.2.4 Professional advisors such as auditors, law firms and tax advisors (when required);
7.2.5 Insurance providers;
7.2.6 Service providers;
7.2.7 Emergency services;
7.2.8 Credit reference agencies; and
7.2.9 Third-party raffle and gift administrators.
8. DATA TRANSFER OUTSIDE BAHRAIN
8.1 The PDPL sets out the circumstances under which Personal Data can be transferred outside of the Kingdom of Bahrain. Except in the circumstances described in Section 7 above (Disclosing Your Data), we will only disclose your Personal Data to third parties that have agreed in advance in writing to provide a sufficient level of privacy protection.
8.2 We may need to transfer data outside the Kingdom of Bahrain for providing uninterrupted services to you, including without limitation, cloud storage.
9. DATA RETENTION
9.1 Once Personal Data is received by us, the same will be stored in physical and/or digital formats, as applicable.
9.2 Our policy is to retain Personal Data for as long as required, with sufficient retention periods set in accordance with local legal, regulatory and professional requirements for archival purposes and to establish, exercise or defend our legal rights if required.
9.3 We may retain anonymised information for significant periods of time for historical, research and analytical purposes
10. YOUR RIGHTS
10.1 Under the provisions of the PDPL, you are provided with the rights set out below in relation to the processing of your Personal Data. To exercise your rights under the PDPL, you are required to authenticate yourself with adequate proof of identity.
10.1.1 Right to Enquire
You have the right to request and obtain information on the Personal Data we hold and processes, and the purpose for which it is maintained by us.
10.1.2 Right to Object
You have the right to object to being contacted by us for direct marketing purposes. On receipt of such objection, we will ensure that you are removed from the relevant our marketing databases, as applicable.
To opt-out from receiving direct marketing communications, please contact us at any time through the following channels: firstname.lastname@example.org
10.1.3 Right to Demand Rectification, Blocking or Erasure
You may submit an application to request to rectify, block or erase your Personal Data, as the case may be, if the processing thereof is done in contravention of the provisions of the PDPL, and in particular, if the data is incorrect, incomplete or not updated, or if the processing thereof is illegal.
10.1.4 Right to Withdraw Consent
At any time, subsequent to providing consent, you have the right to withdraw the consent provided. Withdrawal of consent will be applicable to future use of the Personal Data and will not in any way impact legitimate use of the Personal Data prior to the withdrawal of the consent.
Withdrawal of consent to process certain mandatory Personal Data related to services provided by us may result in our inability to continue providing these services to you.
10.1.5 Right to Complain
You may submit a complaint to Bahrain’s Personal Data Protection Authority, if you have reason to believe that any violation of the provisions of the PDPL has occurred or that we are processing Personal Data in contravention of its provisions.
If you believe there has been a breach of privacy regarding your Personal Data, please contact us at:
Address: Data Protection Officer
Office 2001, Building 2102
Al Seef 428
P.O. Box 20084
Manama – Kingdom of Bahrain
11. YOUR RESPONSIBILITIES
11.1 We are required by law to confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights) prior to processing any requests from you, to ensure that your Personal Data is not disclosed to any person who has no right to receive it.
11.2 We may contact you to ask you for any further information reasonably required to respond to any of your queries or concerns.
11.3 It is important that the Personal Data we hold about you is accurate and up to date. It is your obligation to keep us informed of any changes to your Personal Data during the term of the relationship with us either via visiting our corporate offices or submitting the same to your usual point of contact within the Group.