This Privacy Policy explains how Arsenal East Real Estate Development L.L.C. (“Company”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects your personal data when you interact with our website, mobile application Arsenal, or related services.
This Privacy Policy should be read together with our Terms and Conditions, Cookie Policy, and Online Payment Terms. By using our website or mobile application, you acknowledge that your personal data may be collected and processed as described herein.
The Company complies with applicable UAE data protection legislation.
1. Data Controller
Arsenal East Real Estate Development L.L.C.
Address: UAE, Dubai, Burj Khalifa, Boulevard Plaza Tower 2, Office 903
Email:
info@arsenaleast.com Phone:
+971 4 451 33572. Personal Data We CollectDepending on your interaction with us, we may collect the following categories of personal data:
Category: Examples
Identification & profile: Name, nationality, date of birth, profile information
Contact data: Email address, phone number, preferred language, communication preferences
Account & registration: Information associated with email, phone, social login, or Emirates ID-based registration
Booking & transaction: Project preferences, request details, transaction status, payment schedule, payment history
Compliance & KYC: Passport, visa, address, national ID, KYC forms, due diligence materials
Payment-related: Payment amount, date, status, transaction reference, masked payment method details
Technical & device: Device ID, device type, OS, IP address, logs, analytics, crash or performance data
Location: Approximate location or country-level information where permitted by device settings
Communications: Emails, messages, support requests, call requests, communications with managers
Documents & records: Transaction-related documents and files
The Company does not collect or store full bank card numbers, CVV codes, or authentication credentials used for payment processing. Payment card data in transit is handled solely by the licensed Payment Processor in accordance with PCI DSS standards.
3. How We Collect Personal DataWe may collect personal data:
• directly from you when you register, submit a request, make a payment, or communicate with us;
• automatically through your use of the website or application (see our Cookie Policy);
• from third-party sign-in providers (Apple, Google, Facebook, etc.) where you choose to sign in via those services;
• from internal systems such as CRM or ERP;
• from banks, service providers, agents, partners, and affiliated entities;
• from public or government-related sources where legally permitted or required, including the Dubai Land Department (DLD) and RERA.
4. Purposes of ProcessingWe process your personal data for the following purposes:
• providing and operating the website and application;
• creating and managing accounts and authenticating users;
• responding to inquiries, requests, and support communications;
• supporting booking, reservation, and sales processes;
• processing online payments and maintaining payment records;
• displaying transaction information and payment schedules;
• supporting internal financial controls and reconciliation;
• carrying out KYC, AML, sanctions screening, fraud prevention, legal, and regulatory compliance;
• improving service quality, user experience, security, stability, and App performance;
• sending service-related, administrative, and transaction-related communications;
• sending marketing, promotional, project-related, or event-related communications where permitted by law or based on consent;
• establishing, exercising, or defending legal claims and protecting our rights, users, systems, and operations.
5. Legal Basis for ProcessingDepending on the circumstances and applicable law, we process personal data on the following legal bases:
• Contract: processing is necessary to perform a contract with you or take pre-contractual steps at your request;
• Legal obligation: processing is necessary to comply with legal or regulatory obligations, including AML, RERA/DLD requirements, and the PDPL;
• Legitimate interests: processing is necessary for our legitimate interests in operating, improving, and securing our services, provided these do not override your rights;
• Consent: where consent is required by applicable law, including for certain marketing communications and optional App permissions. Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of prior processing.
6. App PermissionsThe mobile application may request access to certain device features. If enabled by you:
• Geolocation — to determine your country or show more relevant property content;
• Camera — for uploading profile images or KYC documents;
• Push notifications — for service messages, payment reminders, transaction updates, and booking confirmations;
• Biometric authentication (Face ID / fingerprint) — for secure login where supported by your device.
You may manage or revoke App permissions at any time through your device settings. Revoking certain permissions may limit App functionality.
7. Third-Party Service ProvidersWe may use third-party service providers in areas including analytics, maps, location services, SMS delivery, messaging, authentication, payment processing, CRM, ERP, support, and compliance. These may include Firebase, Google Maps, DaData, Imobis, Twilio, licensed payment processors, and ERP/1C-based systems, depending on actual implementation.
Where providers act as data processors on our behalf, we take appropriate contractual and technical steps to ensure they process personal data only for the purposes and in the manner we instruct. Such providers may also process personal data under their own terms and privacy notices where they act as independent data controllers.
8. Disclosure of Personal DataWe may disclose personal data to:
• members of our corporate group and affiliated entities;
• sales teams, personal managers, support personnel, ERP administrators, and technical support staff;
• banks and licensed payment service providers;
• legal advisers, compliance advisers, and auditors;
• the Dubai Land Department (DLD), RERA, escrow agents, and other regulatory authorities;
• government authorities and law enforcement agencies where required by law;
• fraud prevention and due diligence partners;
• third parties appointed by us for marketing purposes, where you have provided consent — you have the right to withdraw this consent at any time by contacting us in writing;
• potential successors or acquirers in connection with a corporate transaction.
We do not sell your personal data in the ordinary commercial sense.
9. International and Cross-Border TransfersYour personal data may be transferred to, stored in, or accessed from locations outside the UAE, including jurisdictions where data protection laws may differ. Where personal data is transferred internationally, we take steps to ensure an appropriate level of protection through suitable contractual, technical, and organisational safeguards, in accordance with the PDPL and applicable implementing regulations.
10. Data RetentionWe retain personal data for as long as necessary for the purposes described in this Privacy Policy, including to provide services, manage bookings and sales, and comply with legal, tax, accounting, AML, regulatory, audit, and dispute-resolution requirements.
Transaction-related data may be retained for a minimum of five (5) years after completion or termination of the relevant transaction, as required by applicable UAE law. KYC and AML-related records are retained for such periods as required by UAE anti-money laundering legislation.
Where personal data is no longer needed, we will delete, anonymise, aggregate, or securely archive it, subject to legal obligations.
11. Your Rights Under the PDPLSubject to applicable law, you have the right to:
• request access to your personal data;
• request correction of inaccurate or incomplete data;
• request deletion of your personal data in certain circumstances;
• request restriction of processing in certain circumstances;
• object to certain types of processing, including processing for direct marketing;
• withdraw consent where processing is based on consent;
• data portability where applicable and technically feasible;
• lodge a complaint with the UAE Data Office or another competent supervisory authority.
To exercise your rights, please contact us at
info@arsenaleast.com marking your email “Data Protection Request”. We may need to verify your identity before responding. We will respond within the timeframes required by applicable law.
12. Account and Data DeletionIf you have created an account, you may request deletion of your account and associated personal data. When a deletion request is received and validated, your account may be deactivated or deleted and certain data removed from active systems. Some data may be retained where necessary for legal, regulatory, tax, accounting, anti-fraud, contractual, land registration, KYC/AML, security, or dispute-resolution purposes.
To request deletion, please contact us at
info@arsenaleast.com or use any available in-app deletion functionality where implemented.
13. Data SecurityWe implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful access, disclosure, misuse, alteration, loss, or destruction. These measures include encrypted transmission (TLS/SSL), PCI DSS-aligned payment data handling, role-based access controls, need-to-know access principles, authentication controls, and regular updates of systems and dependencies.
No method of transmission or storage is completely secure, and absolute security cannot be guaranteed. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant competent authority in accordance with our obligations under the PDPL and applicable law.
14. Marketing Communications and Opt-OutWhere permitted by law, we may send you marketing, informational, promotional, project-related, or event-related communications by email, SMS, phone, WhatsApp, push notification, or other available channels.
You may opt out at any time by using the unsubscribe link in an email, following opt-out instructions in a message, changing App notification preferences, or contacting us directly. We will process opt-out requests promptly and in any event within the timeframe required by applicable law.
Even if you opt out of marketing communications, we may still send you service-related, booking-related, transaction-related, legal, or administrative messages where necessary.
15. ChildrenOur services are not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected personal data from a minor, please contact us at
info@arsenaleast.com and we will take steps to delete it.
16. Third-Party LinksThe website and application may link to third-party websites or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party websites or services you visit. We are not responsible for the privacy practices or content of such third parties.
17. Changes to This Privacy PolicyWe may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or operational needs. The updated version will be posted on the website and/or made available through the application with a revised effective date. Where changes are material, we will endeavour to provide reasonable prior notice. Continued use of our services after such update constitutes acceptance of the revised Privacy Policy.
18. Governing LawThis Privacy Policy is governed by the laws of the UAE and, where applicable, the Emirate of Dubai, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. Any dispute relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts of the Emirate of Dubai.