1. Who We Are
Whitehorse International is a diversified international business operating in real estate advisory, private investment facilitation, and strategic consulting. We are fully licensed and regulated in the United Arab Emirates and operate in accordance with applicable UAE regulations, including the Real Estate Regulatory Agency (RERA) and Dubai Land Department (DLD). We maintain GDPR-aligned standards for handling personal data and serve clients globally.
Data Controller: Whitehorse International
Jurisdiction: Dubai, United Arab Emirates
Data Protection Officer: Available upon request
2. Information We Collect
We collect personal information through multiple channels and touchpoints:
2.1 Information You Provide Directly
- Full name and titles
- Email address and telephone numbers
- WhatsApp-capable numbers and contact preferences
- Location information (country, city, current location)
- Investment profile data (timeline, capital readiness, experience level, decision authority)
- Preference information and areas of interest
- Communications history and interaction records
- Consent and opt-in preferences
2.2 Automatically Collected Data
- Device type, operating system, and browser information
- Website usage data (pages visited, time spent, interactions)
- IP address (anonymized for analytics)
- Cookie and tracking data
- Analytics and performance metrics
2.3 Data From Third Parties
- CRM and lead management platforms
- Analytics and advertising providers
- Communication infrastructure providers
- Public records (where applicable and with consent)
3. Legal Basis for Processing
We process personal data under one or more of the following lawful bases:
3.1 Consent (GDPR Article 6(1)(a))
You explicitly consent when you opt-in to communications, submit forms, or allow tracking. You may withdraw consent at any time by contacting us directly.
3.2 Contractual Performance (GDPR Article 6(1)(b))
We process data necessary to respond to your enquiry, facilitate discussions, and manage any agreements you enter into.
3.3 Legal Obligation (GDPR Article 6(1)(c))
RERA, DLD, and other regulatory requirements require us to verify identity, maintain compliance records, and report certain transaction data.
3.4 Legitimate Interests (GDPR Article 6(1)(f))
We process data for business purposes including website optimization, fraud prevention, security, analytics, and marketing communications (where opted-in).
4. How We Use Your Information
4.1 Primary Use Cases
- Responding to your enquiry and providing relevant information
- Contacting you via email, phone, WhatsApp, or SMS as per your preferences
- Arranging and facilitating discussions and meetings
- Providing documentation, materials, and due diligence information
- Assessing suitability and relevance of opportunities
- Managing transactions and investor relations
4.2 Secondary Use Cases
- Marketing communications and project updates (where opted-in)
- Analytics and website optimization
- Regulatory compliance and reporting
- Fraud prevention and security measures
- Building preference profiles for relevance and personalization
4.3 Automated Decision-Making
We do not make final decisions about your suitability or eligibility using purely automated processes. All determinations are reviewed by qualified staff.
5. Data Sharing & Third Parties
5.1 We Share Data Only Where Necessary
- Authorised members of our team and advisory staff
- Trusted service providers acting on our behalf (CRM systems, communication platforms) under confidentiality obligations
- Relevant professional parties required to respond to your specific enquiry
- Analytics and advertising platforms (anonymized data only)
5.2 What We Do NOT Do
- We do NOT sell or trade personal data
- We do NOT share data with unrelated third parties for their marketing
- We do NOT share sensitive financial data with external parties
- We do NOT disclose data without explicit consent (except as legally required)
5.3 Legal Requirements
We may disclose data when required by law, including:
- UAE/Dubai law enforcement and government authorities
- RERA and DLD regulatory requirements
- Anti-Money Laundering (AML) compliance obligations
- Court orders or legal process
- Tax and accounting compliance
5.4 International Data Transfers
Data may be processed in multiple jurisdictions. International transfers are protected under GDPR Standard Contractual Clauses and appropriate safeguards.
6. Data Retention Schedule
| Data Type | Retention Period | Reason |
|---|---|---|
| Contact Information (Active Enquiries) | 12 months from last contact | Facilitation and follow-up |
| Completed Transactions | 7 years | Regulatory, tax, and legal requirements |
| Inactive Enquiries (No Response) | 24 months | Re-engagement opportunity, then deletion |
| Marketing Consent Records | Until withdrawal | Compliance and legal documentation |
| Analytics Data | 25 months (anonymized) | Platform retention policies |
| Cookies & Tracking Data | 13 months | Analytics and retargeting (or as deleted) |
| AML/Compliance Records | 10 years | UAE regulatory requirements |
After retention periods expire, data is securely deleted. You may request deletion at any time, subject to legal and regulatory obligations.
7. Your Data Protection Rights
7.1 Right to Access (GDPR Article 15)
You may request a copy of all personal data we hold about you.
7.2 Right to Rectification (GDPR Article 16)
You may correct inaccurate or incomplete data (e.g., phone number, email, investor status).
7.3 Right to Erasure (GDPR Article 17)
You may request deletion of your data, subject to legal and regulatory retention obligations.
7.4 Right to Restrict Processing (GDPR Article 18)
You may ask us to limit how we use your data (e.g., pause marketing but keep contact information).
7.5 Right to Data Portability (GDPR Article 20)
You may receive your data in a structured, machine-readable format (CSV, JSON, etc.) for transfer to another organization.
7.6 Right to Object (GDPR Article 21)
You may opt-out of marketing, analytics, or certain profiling activities.
7.7 Right to Withdraw Consent (GDPR Article 7(3))
You may withdraw consent at any time by contacting us. This stops non-essential processing but may not affect legally retained data.
7.8 Right to Lodge a Complaint
If you believe we have violated your rights, you may file a complaint with your local Data Protection Authority (EU), RERA (Dubai), or the ICO (UK).
8. Communications & Multi-Channel Contact
8.1 How We Contact You
Once you submit an enquiry, we will contact you via your preferred method:
Email Communication
- Project updates and documentation
- Investment materials and due diligence
- Contracts and transaction documents
- Market insights and updates (if opted-in)
Phone & SMS Communication
- Initial qualification call (typically within 24 hours)
- Investment discussions and enquiry responses
- Urgent updates and time-sensitive information
- Transaction coordination and support
WhatsApp Communication
- Document sharing and secure messaging
- Real-time updates and quick responses
- Project status and milestone updates
- End-to-end encrypted by WhatsApp
8.2 Managing Your Preferences
You may update your communication preferences at any time:
- Unsubscribe from marketing emails
- Change preferred contact method
- Request to be added to Do Not Call list
- Opt-out of specific communication types
Preference changes take effect within 48 hours.
9. Marketing Communications & Consent
By submitting your information, you consent to being contacted regarding your enquiry and other relevant opportunities aligned with your expressed interests. Communications are relevance-based and limited in frequency.
9.1 Opting Out
You may opt out at any time by:
- Using the unsubscribe option in any email
- Replying "STOP" to any SMS or WhatsApp message
- Contacting us directly with your request
- Updating your preferences in your account
9.2 Our Commitment
- We do not sell your data
- We do not engage in unsolicited spam
- Privacy and discretion are core to our operations
- You control your communication frequency and channels
10. Cookies & Tracking Technologies
10.1 Essential Cookies (Always Active)
- Session management and form functionality
- Security and fraud prevention
- Compliance and consent tracking
10.2 Analytics Cookies (Requires Consent)
- Google Analytics: Measures page views, user behavior, conversion rates (anonymized)
- Opt-out: Google Analytics Opt-Out
10.3 Marketing Cookies (Requires Consent)
- META (Facebook) Pixel: Identifies interests and enables retargeting
- Google Ads: Measures conversion and ad performance
- Opt-out: Facebook Ads Preferences, Google Ad Center
10.4 Controlling Cookies
You may disable cookies through your browser settings. However, this may affect website functionality. By continuing to use our website, you consent to essential cookies and any cookies you have opted into.
11. Data Security & Protection
11.1 Technical Security Measures
- All data in transit encrypted using TLS 1.3
- Sensitive data at rest encrypted with AES-256
- Secure forms and HTTPS across all pages
- Firewalls and DDoS protection
- Intrusion detection and monitoring
11.2 Organizational Security
- Access restricted to authorised personnel only
- Staff training in data protection and privacy
- Data Protection Officer oversight
- Privacy by design principles
- Regular security audits and assessments
11.3 Data Breach Response
In the event of a data breach, we will:
- Notify affected individuals within 72 hours (GDPR requirement)
- Report to relevant authorities (RERA, DLD, Data Protection Authorities)
- Provide guidance on protective steps
- Investigate and implement remediation measures
12. Regulatory Compliance
12.1 GDPR Compliance (EU)
12.2 RERA Compliance (Dubai)
We comply with Real Estate Regulatory Agency requirements including:
- Investor verification and accreditation
- Transparent disclosure of material facts
- Code of Conduct compliance
- Record maintenance for audit and oversight
12.3 DLD Compliance (Dubai)
We comply with Dubai Land Department requirements including:
- Know Your Client (KYC) requirements
- Property transaction reporting
- Record confidentiality and integrity
12.4 AML/CFT Compliance
We comply with Anti-Money Laundering and Countering Financing of Terrorism regulations, including identity verification, beneficial ownership assessment, and suspicious activity reporting.
12.5 UK GDPR & Data Protection Act 2018
For UK residents, we comply with UK GDPR and the Data Protection Act 2018 with equivalent protections to EU GDPR.
13. Children & Minors
Our services are not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor without parental consent, we will delete it immediately.
If you are under 18 and have submitted information, please contact us at the address in Section 15 and we will delete your data.
14. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.
14.1 How We Notify You
- Material changes: We notify you via email
- Minor updates: We update this page (check "Last Updated")
- Ongoing right: You can always review the current version
14.2 Your Agreement
Your continued use of our services after changes constitutes acceptance of the updated Privacy Policy.
15. Contact Us
Privacy Enquiries & Data Subject Requests
For any privacy-related questions or to exercise your data protection rights, please contact:
Data Protection Officer
Whitehorse International
Email: [email protected]
Website: www.whitehorseuae.com
Response Time: 30 days (GDPR requirement)
Regulatory Authorities
RERA (Dubai): +971 4 308 4444 | www.rera.ae
DLD (Dubai): www.dld.gov.ae
ICO (UK): www.ico.org.uk
16. Compliance Certifications
✓ UK GDPR & DPA 2018 Compliant
✓ RERA Registered & Compliant
✓ DLD Approved & Compliant
✓ AML/CFT Regulations Compliant
✓ ISO 27001 Security Standards
This Privacy Policy is a master document covering all operations of Whitehorse International. It supersedes any project-specific privacy notices and applies across all digital platforms, services, and communications channels.