SPS SOLUTIONS DMCC

PRIVACY & COOKIES POLICY

Updated April 2022

Welcome to SPS Solutions:
This privacy & cookies policy (“Policy”), we describe:

• the information that we collect and process about you (that you provide directly to us or is provided to us by third parties);
• the purposes for which we collect and process information about you; and
• the basis on which we collect and process information about you, when you use this website (our “Website”) and the services available through this Website, our mobile website, or our Mobile Application provided to our registered users (collectively, our “Services”).

In this Policy, the term “personal information” or “personal data” means personal information or data that relates to an identified or identifiable person.
We recommend that you read this policy carefully in order to understand what SPS Solutions DMCC (“we”, “us”) do with your personal information. Your use of our Website and Services and any dispute over privacy, is subject to this Policy and any of our applicable Terms and Conditions for use of our Services, including their applicable limitations on damages and the resolution of disputes. Our Terms and Conditions for our Services are incorporated by reference into this Policy. By visiting our Website, you are accepting and consenting to the practices described in this Policy.
Regardless of the applicable law set forth in the SPS Solutions DMCC Terms and Conditions for use of our Services, please note that any disputes arising under this Policy will be interpreted in accordance with the Governing Law provisions applicable to you, as set forth under “Governing Law & Jurisdiction” below.
Important Notes:

• SPECIFIC TERMS FOR EUROPEAN UNION (“EU”), UNITED KINGDOM (“UK”) AND EUROPEAN ECONOMIC AREA (“EEA”) CUSTOMERS ONLY: Please note that the whole of this Policy applies to you, together with additional provisions which are specific to EEA and UK customers, and can be found at Appendix 1.
• SPECIFIC TERMS FOR AUSTRALIAN CUSTOMERS ONLY: Please note that the whole of this Policy applies to you together with additional provisions which are specific to Australian customers, and can be found at Appendix 2.
• SPECIFIC TERMS FOR CUSTOMERS FROM THE STATE OF CALIFORNIA ONLY: Please note that the whole of this Policy applies to you together with additional provisions which are specific to residents of California, and can be found at Appendix 3.

HOW, WHEN AND WHAT WE COLLECT?
How does SPS Solutions DMCC collect my personal information?
We collect personal information directly from you, about you from third parties such as our marketing affiliates and service providers used to verify your identity and prevent fraudulent activity, other SPS Solutions DMCC users and other SPS Solutions DMCC clients or customers for the purpose of providing the SPS Solutions DMCC Services to you or as part of a customer referral program, and automatically as you use our Website and the Services. At this time, use of our Services through our Mobile Application is only available to users who register for our Services.

When does SPS Solutions DMCC collect my personal information?

• When you apply for and use our Services, you contact us with questions, and you otherwise choose to provide personal information to us.
• We receive personal information about you from banking references, credit reporting agencies, affiliates, other SPS Solutions DMCC users, and other third parties (e.g., entities that assist us in validating your identity, for risk assessment purposes, for fraud prevention, etc.). We may combine this information with other information that we collect about you.
• We, and our third party service providers, automatically collect the following information about your use of our Website and our online Services through cookies, web beacons, log files and other technologies (subject to your consent where required by applicable law): your domain name, your browser type and operating system, web pages you view, links you click, your IP address, the length of time you visit our Website or use our Services, your activities on our Website, and the referring URL or the webpage that led you to our Website. If you are a registered user using our Mobile Application, we also may collect the following information about you: mobile device ID; device name and model; operating system type, name, and version; your activities within the Mobile Application, the length of time that you are logged into our Mobile Application, and, with your permission, your precise geo-location information. Please see the section “Our Use of Cookies and other Tracking Mechanisms” below for more information.
• When you apply for a job with Amlak Real Estate.

What personal information does SPS Solutions DMCC collect?
The types of personal information we collect about you depends on your particular interaction with our Website and our Services, and includes, where permitted by applicable law:

Categories of Personal Information Collected
Specific Personal Information
Source of Personal Information
Identifiers
Name, email address, phone number, billing or mailing address, IP address, date of birth, national identification numbers and documents that may include your photograph.
Directly from you, third parties on your behalf and as instructed by you, other SPS Solutions DMCC users and customers, our service providers and affiliates.
Financial Information
Bank and credit account information, Credit history as applicable, Details of any transactions carried out using any of the Services
Directly from you, third parties on your behalf and as instructed by you, other SPS Solutions DMCC users and customers, our service providers and affiliates.
Internet or Other Simliar Network Activity
Your interaction with our website
Other information collected through Cookies and other tracking technologies as listed above and as described in the section below entitled “Our Use of Cookies and Other Tracking Mechanisms”
From you directly and our third party analytic tools and cookies usage (See the section below entitled “Our Use of Cookies and other Tracking Mechanisms”).
Commercial Information
Information about your business
Directly from you, third parties on your behalf and as instructed by you, other SPS Solutions DMCC users and customers, our service providers and affiliates.
Geolocation Data
Geolocation
Directly from you and/or through your use of the Mobile Application and/or our third party analytic tools and cookies usage (See the section below entitled “Our Use of Cookies and other Tracking Mechanisms”).
Professional or Employment Information (for Job Candidates)
Name and contact information, professional credentials and skills, educational and work history, salary, evaluations, references, interviews, certifications, disciplinary matters and other information of the type included on a resume, curriculum vitae or cover letter.
Directly from you or when another party, such as a recruiter or external website, provides it to us.
Other categories

• Any other information that you choose to provide to us (e.g.,

Directly from you, third parties on your behalf and as instructed by you.

when you send us an email/otherwise contact us) .

• Calls/emails/other correspondence.

You are responsible for providing accurate and up-to-date information. If you choose to participate in our Refer a Friend program, you acknowledge that you have the right to provide us with your friend’s personal information.

HOW AND WHY WE USE YOUR INFORMATION?

• To validate your identity (including via SMS or Voice Call, as applicable).
• To register you and provide our Services to you, to communicate with you about your use of our Services (including via SMS or, for users of our Mobile Application, via “push” notifications) or any changes in our Terms and Conditions or this Policy that apply to you.
• For the purpose for which you specifically provide the personal information to us, including, to respond to your inquiries, to provide any information that you request, and to provide customer support (including via SMS, as applicable).
• To tailor the content and information that we may send or display to you, to offer location customization (where permitted by applicable law), personalized help and instructions, and to otherwise personalize your experiences while using our Website and our Services, such as developing and offering you new and/or additional services or new and/or additional features to existing services.
• For marketing and promotional purposes, for example, where permitted by law (other than if (where applicable) you opted out by unsubscribing from marketing emails, and/or by contacting us as noted in the table below), we may use your personal information, such as your email address, phone number, or mailing address to send you newsletters, special offers and promotions, or to otherwise contact you about services or information we think may interest you, or to conduct draws for campaigns and the like and deliver prizes and rewards.
• As permitted by applicable law (other than if (where applicable) you opted out), to assist us in advertising our products and services in various mediums including, without limitation, sending you promotional emails, advertising our services on third party sites and social media platforms, sending you direct mail, and by telemarketing.
• To better understand how users, access and use our Website and our Services, both on an aggregated and individualized basis, to administer, monitor, and improve our Website and Services, for our internal purposes, and for other research and analytical purposes. Please see the information below regarding Third Party Analytics.
• To protect us, our customers, employees, partners or property — for instance, to investigate fraud and prevent fraudulent activity, abuse of the Services, harassment or other types of unlawful activities involving us or other companies that we do business with, to enforce this Policy, as well as our Terms and Conditions.
• We process personal data, such as information submitted to us in a job application, to facilitate our recruitment activities and process employment applications, such as evaluating a job

candidate for a position with us and communicating with you regarding your application and future opportunities.

WHEN DO WE SHARE YOUR INFORMATION?
We share your personal information with third parties, including service providers, regulated institutions (e.g., financial institutions), affiliated entities, and business partners as set out in the table below. In the section below, we also list the reasons why we share information.


How and Why We Share Your Information
Does SPS Solutions DMCC Share?
With our service providers and affiliates – for our business purposes, such as to assist us with the provision of the Services and to verify your identity, prevent, detect and protect against fraudulent activity or abuse of the Services, conduct internal research and analytical assessments, process your transactions, maintain your account(s) and provide you with customer care services. These include internet service providers, data and cyber security services, banks, financial institutions, payment processors, financial services providers, remote access services; service providers that help us verify your identity and help us comply with our legal and regulatory obligations; and our business, legal, tax, financial and other advisors, on a confidential basis.
Yes
With fraud prevention and detection service providers – which provide fraud prevention, detection, protection services, or other similar services, on our, or our service provider’s, behalf. Such service providers may keep records of information provided and use it when providing fraud detection and prevention services to other users of their databases.
Yes
For marketing purposes:

1. With our service providers and our affiliates – to market our own products and services; and
2. With non-affiliated third parties for joint marketing purposes.

Yes*
With other SPS Solutions DMCC clients, customers or third parties using our Services - to perform the Services, assist in carrying out your transactions with such clients, customers or third parties or for purposes of our refer-a-friend program(s).
Yes
In response to legal process – to comply with the law, a judicial proceeding, subpoena, court order, or other legal process.
Yes
In connection with business transfers – to another entity if we are acquired by or merged with such other entity, if substantially all of our assets are transferred to such other entity, or as part of a bankruptcy proceeding.
Yes
To protect the rights, property, or safety of us and others – we may disclose personal information to our business partners, service providers and other third parties when we believe it is necessary or appropriate. This includes exchanging information with other companies and organizations for the purpose of investigating, preventing, or taking action regarding illegal activities, suspected fraud or fraudulent operations, situations involving potential threats to the safety of any person, violations of our Terms and Conditions or this Policy, or as evidence in litigation in which we are involved.
Yes
Aggregated and de-identified information – we may disclose aggregate or de-identified information about users for marketing, advertising, research, or similar purposes.
Yes
With consumer reporting agencies, as permitted by law, with respect to users from the United States.
Yes

If you do not want us to use your details for us to market to you, and/or to pass your details on to third parties for marketing purposes, please contact us through the various communication channels available, as listed under the Section titled “Contact Us, Questions, Updating Your Info, Opting Out” below. You will also be able to unsubscribe from any marketing emails sent to you by SPS Solutions DMCC using a link provided in such emails.

We do not sell your personal information.

WHERE WE STORE YOUR DATA?
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent un-authorized access.
OUR USE OF COOKIES AND OTHER TRACKING MECHANISMS
We and our third-party service providers use cookies and other tracking mechanisms (including tracking technologies designed for mobile applications) to track information about your use of our Website and Services. We may combine this information with other personal information we collect from you (and our third-party service providers may do so on our behalf).
Cookies. Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your web browser for record-keeping purposes. Some cookies allow us to make it easier for you to navigate our Website and Services, while others are used to enable a faster log-in process or to allow us to track your activities at our Website and Service. There are four types of cookie:

• Strictly necessary cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable users to log into secure areas of our Website.
• Analytical/performance cookies. These types of cookies allow us to recognize, count the number of visitors, and see how visitors move around our Website when they are using it. This assists us to improve the way in which our Website works, for example, by ensuring that you can find what you are looking for easily.
• Functionality cookies. These cookies are used to recognize you when you return to our Website. They enable the personalization of content, recognition of users, and also remember your user preferences (for example, your choice of language or region).
• Targeting cookies. These cookies record your visit to our Website, the individual pages visited, and the links followed. If the cookie is set by a third party (for example, an advertising network) which also monitors traffic on other websites, this type of cookie may also be used to track your movements across different websites and to create profiles of your general online behavior. Information collected by tracking cookies is commonly used to target online advertising.

The four types of cookies above will be either session cookies or persistent cookies.

• Session Cookies. Session cookies exist only during an online session. They disappear from your computer when you close your browser or turn off your computer. We use session cookies to allow our systems to uniquely identify you during a session or while you are logged into the Website or Services. This allows us to process your online transactions and requests and verify your identity, after you have logged in, as you move through our Website or Services.
• Persistent Cookies. Persistent cookies remain on your computer after you have closed your browser or turned off your computer. We use persistent cookies to remember your user information, preferences and activity, to enable us to provide our services to you when you next return to our Website or Services. We also use persistent cookies to track aggregate and statistical information about user activity, which may be combined with other user information.

Local Storage Objects. We may use Flash Local Storage Objects (“Flash LSOs”) to store your Website preferences and to personalize your visit. Flash LSOs are different from browser cookie because of the amount and type of data stored. Typically, you cannot control, delete, or disable the acceptance of Flash LSOs through your web browser. For more information on Flash LSOs, or to learn how to manage your settings for Flash LSOs, go to the Adobe Flash Player Help Page, choose “Global Storage Settings Panel” and follow the instructions. To see the Flash LSOs currently
on your computer, choose “Website Storage Settings Panel” and follow the instructions to review
and, if you choose, to delete any specific Flash LSO.
HTML5 Storage. We may also store your user information and Website preferences locally within your web browser via HTML5.
Clear GIFs, pixel tags and other technologies. Clear GIFs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs (a.k.a. web beacons, web bugs or pixel tags), in connection with our Website or Services to, among other things, track the activities of Website visitors, help us manage content, and compile statistics about Website and Services usage. We and our third-party service providers also use clear GIFs in HTML emails to our customers, to help us track email response rates, identify when our emails are viewed, and track whether our emails are forwarded.
Changing or Disabling your Cookie Settings. Most web browsers automatically accept cookies, but if you prefer you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Visitors to our Website who disable their web browsers’ ability to accept cookies will be able to browse the Website; however, most site features will not function if you disable cookies and you will not be able to login to use our services.
You can withdraw consent to the placement of cookies at any time by accessing the Privacy Preference Centre on our Website under “Cookies Settings”. However, please note that in order to delete all cookies across all your devices you will need to separately adjust your cookie settings for each device.
Do Not Track. Currently, our systems do not honor browser “do-not-track” requests. You may, however, disable certain tracking as discussed above (e.g., by disabling Cookies); you also may opt- out of Third Party Analytics or targeted advertising by following the instructions in the Third Party Ad Networks section below.

How to reject cookies and/or delete existing cookies?

You can update and change your cookie preference in our cookie preference centre that you can access above.
Besides the abovementioned cookie preference centre, you can change your cookie setting in your browser, and in some cases in your devices too. You can set your browsers or devices to accept all cookies, to notify you when a cookie is issued, or not to receive cookies at any time. The last of these means that certain personalised features cannot then be provided to you and accordingly you may not be able to take full advantage of all of the website's features. Each browser is different, so check the ‘help’, 'options', 'preferences' or similar menu of your browser to learn how to change your cookie preferences. The following links provide more information on cookie settings for commonly used browsers: Cookie settings in Internet Explorer(Opens external link in a new tab); Cookie settings in Firefox(Opens external link in a new tab); Cookie settings in Chrome(Opens external link in a new tab); Cookie settings in Safari web(Opens external link in a new tab) and iOS(Opens external link in a new tab).
You can also visit http://www.aboutcookies.org/(Opens external link in a new tab) which contains comprehensive information on how to do this on a wide variety of browsers. This site includes details on how to delete cookies from your computer as well as more general information about cookies.
We do not recommend turning cookies off when visiting our platforms as this could disadvantage you by preventing you from making bookings through our loyalty schemes or preventing you from booking certain types of products and services. It may also mean that certain parts or functions of our websites do not work properly. Please also note that if you delete your cookies we may no longer automatically recognise your preferences, such as language and country preferences, any previous consent to terms and conditions or any optouts.
In relation to advertising cookies, if you are in the EU you can use the YourOnlineChoices.eu(Opens external link in a new tab) website which allows you to set which advertising cookie providers you accept, and which you do not. You can manage cookies set by third parties by visiting the specific websites of these third parties. For example, all the data collected on you by Google can be accessed at myactivity.google.com(Opens external link in a new tab).

THIRD PARTY ANALYTICS
We use automated devices and applications, such as Google Analytics to evaluate use of our Website and the Services. You can opt-out of Google Analytics by using the Cookies Settings on our Website or under https://tools.google.com/dlpage/gaoptout/. Please note that if you use a new or different computer, install a new browser, or clear your cookies; in that case, you will need to re-opt-out through the link above.
We use these tools to help us improve our Services, performance and user experiences. These entities may use cookies and other tracking technologies to perform their services. These third parties may collect your device ID, IP address, or other information about your use of the Services as part of the analytics they provide to us.

THIRD-PARTY AD NETWORKS
We use third parties, such as network advertisers and other marketing agents, to display advertisements on our Website, to assist us in displaying advertisements on third party websites, and to evaluate the success of our advertising campaigns. Network advertisers are third parties
that display advertisements based on your visits to our Website and unrelated third-party websites. This enables us and these third parties to target advertisements by displaying ads for products and services in which you might be interested. Third-party ad network providers, advertisers, sponsors and/or traffic measurement services may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs and other technologies to measure the effectiveness of their ads and to personalize advertising content to you. These third-party cookies and other technologies are governed by each third party’s specific privacy policy, not this one. We may provide these third- party advertisers with information about your use of our Website and our Services, as well as aggregate or non-personally identifiable information about visitors to our Website and users of our Service.
You may opt-out of many third-party ad networks, including those operated by members of the Network Advertising Initiative (“NAI”) and the Digital Advertising Alliance (“DAA”). For more information regarding this practice by NAI members and DAA members, and your choices regarding having this information used by these companies, including how to opt-out of third- party ad networks operated by NAI and DAA members, please visit their respective websites: www.networkadvertising.org/optout_nonppii.asp (NAI) and www.aboutads.info/choices (DAA).
Opting out of one or more NAI member or DAA member networks (many of which will be the same) only means that those members no longer will deliver targeted content or ads to you. It does not mean you will no longer receive any targeted content or ads on our Website or other websites. You may continue to receive advertisements, for example, based on the particular website that you are viewing. Also, if your browsers are configured to reject cookies when you visit this opt- out page, or you subsequently erase your cookies, use a different computer or mobile device or change web browsers, your NAI or DAA opt-out may no longer be effective. Additional information is available on NAI’s and DAA’s websites accessible by the above links.

Detailed information about cookies
This table details some examples of the different cookies that our Platforms use. The table sets out information explaining the purpose of these cookies and where applicable, includes links to further information that may be of use.

Category
Cookie
Name
Purpose
More information

Essential
Emirates Created
stop_mobi
Checks if the site needs to redirect to the mobile site or not depending on if the visitor is using a mobile device or not.
Not Applicable

Essential
Emirates Created
userId, username
Contains encrypted information that allows someone who logs into Skywards to access their data. This adds another layer of protection to a user’s data.
Not Applicable

Essential
Netscaler
NSC_
This cookie name is associated with the Netscaler load balancing service from Citrix. This is a pattern type cookie with the root being NSC_ and the rest of the name being a unique encrypted alpha numeric identifier for the virtual server it originated from. The cookie is used to ensure traffic and user data is routed to the correct locations where a site is hosted on multiple servers, so that the end user has a consistent experience.
Link to Citrix NetscalerOpens in a new tab

Essential
Google Analytics
_ga, _gat, _gid, gtmEKLandingPage, gtmPrevPage, GAUH
Collects and aggregates data about how users interact with our platform, what pages they look at, how long they spend on them, and other details such as if they have booked a flight or registered in our email database. We use this information to know if our platforms are working as intended, as well as understanding how our users are getting to our site.
Link to Google AnalyticsOpens in a new tab

Functional
Boxever
Boxever
Allows us to deliver a personalized user experience on the website on the basis of users' previous transactions and interactions with the website.
Link to BoxeverOpens in a new tab

Functional
Quantum Metric
Quantummetric.com
Collects and aggregates data about how users interact with our websites and apps; what content is viewed, for how long and if any issues were encountered. We use this information to improve our user experience.
Link to Quantum MetricOpens in a new tab

Marketing
Add This
__atuvs, __atuvc, loc, xtc, um, bt2, mus, uid, uvc, di2, vc
AddThis is a tool used to make it easier to share content across the social web, and provide increased traffic and indepth analytics


Marketing
AppNexus
anj, sess, uuid2
AppNexus is a data platform that allows us to serve more targeted advertising on other websites
Link to AppNexusOpens in a new tab

Marketing
Bing
MUID, MUIDB
These cookies allow us to analyse and understand the performance of advertising served on Bing.
Link to Microsoft BingOpens in a new tab

Marketing, Partner Marketing
Bluekai
bku, bkdc
BlueKai is a data platform and it allows us to serve more targeted advertising on other websites
Link to BluekaiOpens in a new tab

Marketing
Criteo
uid, eid
Criteo is a personalized retargeting company that works with Internet retailers to serve personalized online display advertisements to consumers who have previously visited the advertiser's website
Link to CriteoOpens in a new tab

Marketing
DemDex
demdex, dpm
AppNexus is a data platform that allows us to serve more targeted advertising on other websites
Link to DemDexOpens in a new tab

Marketing, Partner Marketing
DoubleClick
doubleclick.net
These cookies allow us to analyse and understand the performance of advertising served on different Google platforms and Google Partner platforms. These cookies also allow us to serve more targeted advertising via Google's different platforms and Google partner platforms; without these cookies you are likely to see less personalised advertising on websites and some of our offers may not work as expected.
Link to Google AdvertisingOpens in a new tab

Marketing, Partner Marketing
Facebook
a_user, datr, fr, lu
Tracks if someone has logged into Facebook with their device, and if so, allows us to advertise them on Facebook knowing they have been to our website.
Link to FacebookOpens in a new tab

Marketing
Google
SAPISID, HSID, SID, PREF, NID, SSID, APISID
These cookies allow us to analyse and understand the performance of advertising served on different Google platforms. These cookies also allow us to serve more targeted advertising via Google's different platforms.
Link to GoogleOpens in a new tab

Marketing
MediaMath
uuid, uuidc
MediaMath allows us to serve more targeted advertising on other websites.
Link to MediaMathOpens in a new tab

Marketing
Tapad
TapAd_DID, TapAd_TTD_SYNC, TapAd_TS
Tapad allows us to serve targeted advertising across devices by unifying device and behavioural data.
Link to TapadOpens in a new tab

Marketing
Twitter
auth_token, twll, __utmz, secure_session, guest_id, __utma, personalization_id, remember_checked, remember_checked_on, lang
These cookies allow us to analyse and understand the performance of advertising served on Twitter.
Link to TwitterOpens in a new tab

Marketing
YieldOptimizer
ph, ckid, cktst, dph
YieldOptimizer allows us to serve more targeted advertising on other websites.
Not Applicable

Marketing
Youtube
SID, HSID, demographics, VISITOR_INFO1_LIVE, PREF, APISID, SSID, LOGIN_INFO, YSC, SAPISID
These cookies allow us to analyse and understand the performance of advertising served on Youtube videos.
Link to YoutubeOpens in a new tab


CHANGES TO OUR PRIVACY & COOKIES POLICY
This Policy may change from time to time. Any changes in the future will be posted on our Website and, where appropriate, notified to you by either email or under your “My Account” on our Website. Please check back frequently to see any updates or changes to our Policy. We will not materially reduce your rights under this Policy without taking steps to bring such changes to your attention.


CONTACT US, QUESTIONS, UPDATING YOUR INFO, OPTING OUT
If you are a SPS Solutions DMCC Services customer and would like to update your personal information, please log into your “My Account” in order to update certain information or contact us through the contact information below. If you are not a SPS Solutions DMCC Services customer, but have provided us with personal information or if your personal information was provided to us by third parties, and you would like to update your personal information, you may contact us through the phone number or email address listed below. From time to time, we may email you or send you with special offers; you may opt-out of those offers by using a link provided in the email, or by contacting us as noted below.
Address: ***************
E-mail: *****************
Phone number: **************


GOVERNING LAW & JURISDICTION
This Policy shall be governed by and interpreted in accordance with the laws of the United Arab Emirates, and any dispute hereunder shall be brought exclusively in the courts of the United Arab Emirates.


DATA RETENTION
SPS Solutions DMCC retains your personal data for the duration of your engagement with us and for a period following termination of your engagement with us, as required by applicable laws or regulations and/or in accordance with our internal policies and procedures for purposes of prevention of fraudulent activities, risk management and security.

DISCLAIMER
Any and all content provided on this Website or the Services, including links to other websites is provided for information purposes only and does not constitute advice, recommendation or support of such content or website. SPS Solutions DMCC makes every effort to provide true and accurate content on its Website. However, SPS Solutions DMCC provides no warranty, express or implied, of the accuracy, completeness, timeliness, or applicability of such content. SPS Solutions DMCC accepts no responsibility for and excludes all liability in connection with information provided on the SPS Solutions DMCC website, including but not limited to any liability for errors, inaccuracies or omissions.
APPENDIX 1: ADDITIONAL TERMS FOR EEA AND UK CUSTOMERS
The information below is required pursuant to EEA law regarding privacy and data protection. The terms below apply to our EEA and UK customers and Website visitors, in addition to the terms in the rest of the Policy.
If you are unhappy about how we are processing your data or how we have responded to a request or complaint, you have the right to make a complaint to the Gibraltar Regulatory Authority (GRA), the Irish Data Protection Commission (DPC) or your local supervisory authority. You can find more details about how to contact the GRA on their website http://www.gra.gi/data-protection.

WHEN DO WE SHARE YOUR PERSONAL INFORMATION?
The table headed “How and Why We Share Your Information” in the main part of the Policy under the heading “WHEN DO WE SHARE YOUR INFORMATION” lists who we may share your information with, which include transfers for reasons of legal compliance and necessity in order to provide you with our Services.
You should be aware that when sharing your information, it may be transferred to, and stored at, a destination outside the EEA or the UK, as applicable.
Please note that where data is transferred outside of the EEA, non-EEA countries may not offer the same level of protection for personal data as is available in the EEA. SPS Solutions DMCC will take various measures to ensure that your data is treated securely, which may include, but not be limited to:

• assessing the security measures taken at any place your personal data is transferred to;
• having suitable contract terms in place that oblige a data processor to only process in accordance with our instructions;
• having monitoring, reporting and resolution procedures in place with regard to ongoing security; and
• only transferring your data via an appropriate safeguard as described in Article 46 of GDPR, including:

o Standard Contractual Clauses adopted by the European Commission (Article 46.2)

Please contact us at *********************if you require more detailed information about international transfers of your personal information, and the particular safeguards used.

LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA
We process your personal information based on the following legal bases, as recognized by and in compliance with the applicable data protection laws:

• the processing is necessary to perform our contract with you (i.e. the Terms and Conditions that apply as applicable with respect to SPS Solutions DMCC Services, for the provision of our Services), or to take steps requested by you before entering into said contract;
• you are obliged to provide us with personal data as it is necessary to enter into and perform our contractual agreements. In the event that you do not wish to provide us with your personal data for the purposes outlined above in the "How and why we use your information" section, we will not be able to perform our contractual agreement with you;
• the processing is in Amlak Real Estate's or someone else's legitimate interests, and these interests are not overridden by your interests or rights in the protection of your personal data. This may include processing your data for prevention of fraudulent activity, internal research and analytics assessments, for purposes of communication with you, and informing you about new products and services we are offering or to promote new products and services of other parties which we think may be of interest to you, etc.;
• before we process your personal data to pursue our legitimate interests for the purposes outlined above in the "How and why we use your information" section, we determine if such processing is necessary and we carefully consider the impact of our processing activities on your fundamental rights and freedoms. On balance, we have determined that such processing is necessary for our legitimate interests and that the processing which we conduct does not adversely impact on these rights and freedoms.
• you have given your consent to the processing of your data;
• the processing is necessary to meet a legal obligation which applies to Amlak Real Estate.

Sometimes we process data about you which the law considers to fall within special categories (see section "What data do we process about you?" for more details), in which case, we use one of the following grounds:

• the processing is necessary for the establishment, exercise or defense of legal claims;
• you have freely given your informed, specific consent to the processing; or
• the processing is necessary for reasons of substantial public interest, based on applicable law.

If you would like more information about the legal grounds used to process your information, or about the legitimate interests referred to above, please contact us.
In cases where we have asked for, and you have given, your consent to our processing of your personal data, you have the right to withdraw such consent at any time. You can do this by contacting our DPO at *******************

DO YOU HAVE TO GIVE US YOUR PERSONAL INFORMATION?
In most cases, providing your personal data to us is optional, however, if you do not provide it, you will not be able to use our Services. For example, we need details such as your name, address and bank account details so that we can make payments to you and receive payments from you. In other cases, you have a choice over whether we collect your personal data, for example, you can turn off cookies on your browser and we will not place any cookies on your device or computer (although in this case you may not be able to use all parts of our Website).

PROFILING AND AUTOMATED DECISION MAKING
We use automated decision making as part of our process to evaluate eligibility for the use of the SPS Solutions DMCC Services. We use these tools as a measure of fraud prevention and for purposes of security and risk assessment relating to the performance of the SPS Solutions DMCC Services:

1. Automated tools incorporated in our process of approval of your registration application: based on the information you provided, the tool may advise if additional information is required for purpose of approval of your application.
2. Automated tools incorporated in our process of approval of certain payment transaction of registered users: such tools may advise if additional information is required for purpose of performance of the payment transaction.

HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
SPS Solutions DMCC retains your personal data for the duration of your engagement with us and for a period following termination of your engagement with us, as required by applicable laws or regulations and/or in accordance with Amlak Real Estate’s internal policies and procedures for purposes of prevention
of fraudulent activity, risk management and security. SPS Solutions DMCC will periodically review the necessity of retention of your data.

YOUR RIGHTS UNDER GDPR
You have several rights in relation to your personal data which are described in more detail below. You can exercise your rights at any time by contacting us at DPO@1Amlak Real Estate.online.
Accessing your data
You can ask us to:

• Confirm whether we are processing your personal data.
• Give you a copy of that personal data.
• Provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it outside of the EEA and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we carry out any automated decision making or profiling. We aim to give you all this information in this Policy, although if anything is unclear, please contact our Data Protection Officer at ************

You do not have to pay a fee for a copy of your personal information unless your request is unfounded, respective or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.

Correcting your personal data
You can ask us to correct any personal data which is inaccurate or incomplete. This is free of charge.

If we have shared the personal data with anyone else, we will tell them about the correction wherever possible.

If we cannot action a request to correct your personal data, we will let you know and explain why this is.

Erasing your personal data
This right is sometimes referred to as "the right to be forgotten". This is not an absolute right but you have the right to have your data erased, free of charge, in certain circumstances.
You can ask for your personal data to be erased where:

• it is no longer necessary for the purpose for which it was originally collected or processed;
• we are processing your personal data based on your consent, and you withdraw that consent;
• you object to the processing and we do not have an overriding legitimate interest for continuing;
• your personal data has been unlawfully processed;
• your personal data must be erased to comply with a legal obligation;
• the personal data was processed to offer information society services to a child.

There are some exceptions to this right. If one of these applies, we do not have to delete the personal data.
If we have shared your personal data with third parties, we will tell them about the erasure of your data unless this is impossible or would involve disproportionate effort.
Please note, in connection with such requests, that personal data may be either deleted or retained in an aggregated manner without being linked to any identifiers or personal data, depending on technical commercial capability.
Restricting the processing of your personal data
You can ask us to restrict the processing of your personal data in some circumstances, free of charge. This is not an absolute right. If processing is restricted we can store the personal data and retain enough information to make sure the restriction is respected unless you consent or the processing is necessary in relation to a legal claim or to protect the rights of another person or for reasons of important public interest, but we cannot further process your personal data.
You can restrict the processing of your personal data in the following cases:

• if you contest the accuracy of your personal data, we will restrict processing until we have made sure the personal data is accurate;
• if you object to our processing pending the verification of whether or not our legitimate interests override your interests, rights and freedoms or in connection with legal proceedings;
• if the processing is unlawful but you do not want us to erase your personal data;
• if we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.

If we have disclosed the data to a third party, we will inform them about the restriction unless it is impossible or would require a disproportionate effort. We will tell you if we decide to lift a restriction on processing your personal data.
Objecting to the processing of your personal data
You have a right to object to the processing of your personal data at any time. This request will befree of charge. It is not an absolute right, but you can object to our processing of your personal data where it is:

• based on the legitimate interest ground; or
• for the purposes of scientific/historical research and statistics.

We will stop processing your personal data unless we have compelling legitimate grounds for the processing which override your interests and rights, or unless we are processing the personal data for the establishment, exercise or defence of legal claims.
You can require us to stop using your personal data for direct marketing purposes. We will stop as soon as we receive your request. There are no exemptions or reasons for us to refuse.
Data Portability
This allows you to obtain and reuse your personal data for your own purposes across different services. It applies where the following conditions are met:

• you provided the personal data to us yourself;
• we are processing the personal data either based on your consent or because it is necessary for the performance of a contract; and
• the processing is carried out by automated means.

We will provide your personal data free of charge in a structured, commonly used and machine-readable form.
Automated decision making and profiling
You have the right not to be subject to a decision which is based solely on automated processing and which produces a legal (or similarly significant) effect on you.
We will tell you about any automated decision making that affects you. You have the right to:

• request human intervention;
• express your point of view;
• ask for the decision to be explained; and
• challenge the decision.

These rights are not absolute. We may not be able to comply with this request if the processing of personal data is:

• necessary for us to enter into or perform a contract with you;
• authorised by law (e.g. for fraud prevention) and which also lays down suitable measures to safeguard your right, freedoms and legitimate interests; or
• based on your explicit consent.

Dealing with requests to exercise your rights
We will respond to your request without undue delay at the latest within one (1) month of receiving your request unless it is particularly complicated or you have made several requests, in which case we may extend this by two (2) months. We will let you know if we are going to take longer than one (1) month in dealing with your request. If we have a lot of information about you we might ask you if you can tell us what exactly you want to receive. This will help us action your request more quickly.
For the purpose of complying with your requests to exercise the rights listed above, we shall perform the necessary internal processes to identify you.
APPENDIX 2: ADDITIONAL TERMS FOR AUSTRALIAN CUSTOMERS
We are bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) and other laws that govern the handling of personal information. The terms below apply to Australian customers in addition to the terms in the rest of the Policy.
We may also disclose such information as required or permitted by any law, for example to meet our obligations under the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth).
You may request to access or correct any personal information we hold about you. We will provide our reasons if we deny any request for access to or correction of personal information. Where we decide not to make a requested correction to your personal information, and you disagree, you may ask us to make a note of your requested correction with the information.
You should be aware that when sharing your information, it may be transferred to, and stored at, a destination outside Australia including but not limited to the United States of America.
Please note that where data is transferred outside of Australia, other countries may not offer the same level of protection for personal data as is available in Australia under the Privacy Act 1988 (Cth). Nonetheless, SPS Solutions DMCC will take various measures to ensure that your data is treated securely, which may include, but not be limited to:

• assessing the security measures taken at any place your data is transferred to;
• having suitable contract terms in place that oblige a data processor to only process in accordance with our instructions; and
• having monitoring, reporting and resolution procedures in place with regard to ongoing security.

We may also collect, hold, use and disclose certain credit-related personal information about you which may include:

• permitted identification information e.g. names, date of birth, sex, 3 most recent addresses, employer and driver's licence number;
• your applications for credit - the fact that you have applied for credit and the amount and type of credit;
• the identity of your current and previous credit providers;
• records of previous requests made by credit providers to credit reporting bodies (“CRBs”) for information about you in connection with consumer or commercial credit applications, guarantees and securitisation arrangements;

• information about defaults (where repayments are more than 60 days overdue, in certain circumstances);
where those default repayments are no longer overdue, or new payment arrangements have been agreed;

a credit provider’s opinion that you have committed a serious credit infringement (that

is, acted fraudulently or shown an intention not to comply with your credit obligations);

• the start and end dates, credit limits and certain terms and conditions of your credit arrangements;
• information about court judgments against you;
• publicly available information relevant to your credit worthiness;
• certain insolvency information from the National Personal Insolvency Index;
• information derived by CRBs from the above information (e.g. assessments and ratings in respect of your credit worthiness); and
• information we derive from the above information (e.g. our own assessments and

ratings in respect of your credit worthiness), (“credit-related personal information”).
This may also include information about your arrangements with other credit providers as well as with us.
We may disclose some of these types of information to CRBs. CRBs may use credit-related personal information to maintain records on individuals which they may share with other credit providers for those providers’ own credit assessments.
We will notify you of the CRBs that we use.
We may also be required to check the validity of your identification documents with the Australia Document Verification Service (DVS).
Where you express any concerns that we have interfered with your privacy or conducted ourselves inconsistently with this Policy, we will respond to let you know who will be handling your matter and when you can expect a further response. We aim to resolve your concerns in a fair and efficient manner within 30 days.
If you are unhappy about how we are processing your data or how we have responded to a request or complaint, you have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC).
APPENDIX 3: ADDITIONAL TERMS FOR STATE OF CALIFORNIA CUSTOMERS
The information below is required pursuant to the California Consumer Privacy Act of 2018 (the “CCPA”). The terms below apply to residents in the State of California in addition to the terms in the rest of the Policy.

CCPA REQUESTS
Under the CCPA residents in the State of California are provided with specific rights regarding the collection and storage of their personal information.
You or your authorized agent may apply to us with requests as detailed below by contacting us though phone +******************** or though the online form on our Website at *****************
We do not discriminate against any individual based on the exercise of his/her privacy rights.

CCPA Information Request Rights
You have the right to request that we provide to you the following information about our collection and use of your personal information over the preceding twelve (12) months. Once your verifiable consumer request has been confirmed through our review of the information you provide in your request, we will disclose to you:

1. The categories of personal information we have collected about you.
2. The categories of sources for the personal information we have collected about you (e.g., use of cookies, third party, etc.).
3. Our business or commercial purpose for collecting that personal information.
4. The categories of third parties with whom we share or have shared that personal information.
5. The specific pieces of personal information we collected about you (also called a data portability request).
6. We do not sell your personal information. In addition, if we have not disclosed your personal information for a business purpose, we will disclose this fact to you. If we have disclosed your personal information for a business purpose, including direct marketing, we will provide you with a listing that identifies the personal information categories that each category of recipient obtained.

CCPA Deletion Request Rights
You have the right to request that we delete any of the Personal Information collected from you and retained, subject to certain exceptions and your verification. Your request to delete
the Personal Information collected may be denied if it is necessary for us to retain your information under one or more exceptions listed in the CCPA.

WE DO NOT SELL YOUR DATA
We do not sell, personal information collected about you to third parties. We may share your information with our service providers or as instructed by you from time to time for purpose of providing you the Services and as detailed above under the section titled “WHEN DO WE SHARE YOUR INFORMATION”.