Embedded Files
4partners
PRIVACY AND DATA PROTECTION POLICY
Version 1.0 | Effective Date: 11 April 2026
Issued pursuant to the UAE Federal Decree-Law No. 45 of 2021
Concerning the Protection of Personal Data
ARTICLE I — PRELIMINARY PROVISIONS AND SCOPE
1.1 Purpose and Application
This Privacy and Data Protection Policy (hereinafter, the "Policy") is issued by 4partners (hereinafter, the "Company", "Operator", "we", "us", or "our") and governs all collection, processing, storage, disclosure, and cross-border transfer of Personal Data undertaken in connection with the 4partners mobile application and any ancillary digital services operated thereunder (collectively, the "Platform"). This Policy is legally binding on all natural persons who access or use the Platform (hereinafter, "User", "you", or "your").
This Policy is promulgated in compliance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the "PDPL"), Cabinet Decision No. 35 of 2023, and any supplementary regulatory guidance issued by the UAE Data Office. Nothing herein shall be construed to limit the application of any stricter applicable legislative or regulatory requirements.
1.2 Identity of the Data Controller
The Data Controller responsible for your Personal Data is:
Registered Entity: 4partners
Registered Address: 107 Al Bahl Street, Abu Dhabi, United Arab Emirates
Data Protection Contact: info@4partners.ae
Any correspondence, requests, complaints, or inquiries relating to this Policy or the processing of your Personal Data shall be directed exclusively to the Data Protection Contact identified above.
1.3 Governing Language
This Policy is published in the English language, which shall be the authoritative and governing version in all circumstances. In the event this Policy is translated into the Arabic language or any other language for informational convenience, and any conflict, ambiguity, or inconsistency arises between such translated version and the English version, the English language version shall prevail in all respects without exception.
1.4 Acceptance and Continued Use
Your access to, registration on, or continued use of the Platform constitutes your acknowledgment that you have read, understood, and irrevocably agreed to the terms of this Policy and the processing activities described herein. If you do not agree to any provision of this Policy, you must immediately discontinue your use of the Platform. Access to the Platform by persons who have not accepted this Policy is strictly prohibited.
ARTICLE II — DEFINITIONS
For the purposes of this Policy, unless the context otherwise requires, the following terms shall have the meanings assigned to them below:
"Personal Data” means any information, in whatever form or medium, that relates to an identified or identifiable natural person, whether by reference to a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
"Anonymised Data” means Personal Data that has been irreversibly altered in such a manner that the Data Subject cannot be identified, directly or indirectly, whether by the Data Controller or by any other person or entity.
"Pseudonymised Data” means Personal Data that has been processed in such a manner that it can no longer be attributed to a specific Data Subject without the use of supplementary information, provided that such supplementary information is kept separately and is subject to technical and organisational safeguards.
"Aggregated Data” means statistical, demographic, or analytical data derived from Personal Data which, in its aggregated form, does not identify or render identifiable any individual Data Subject.
"Special Categories of Personal Data” means categories of data that reveal or concern an individual's racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, genetic data, biometric data processed for the purpose of uniquely identifying a natural person, health data, data concerning a natural person's sex life or sexual orientation, or criminal records and convictions.
"Processing” means any operation or set of operations performed upon Personal Data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Data Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
"Data Processor” means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller.
"Data Subject” means the identified or identifiable natural person to whom specific Personal Data relates.
"Platform” means the 4partners mobile application, including all associated digital interfaces, backend infrastructure, and ancillary services operated by or on behalf of the Company.
"Lawful Basis” means a recognised legal ground under applicable data protection legislation that authorises the Processing of Personal Data for a specified purpose.
ARTICLE III — CATEGORIES OF PERSONAL DATA COLLECTED
3.1 Data Collected Directly from Data Subjects
Category of Personal Data
Category of Personal Data
Description and Scope
Description and Scope
Identity Data
First name, last name, username or equivalent unique identifier, and profile photograph uploaded by the User.
Contact Data
Primary and secondary email address(es), and telephone number(s) associated with the User account.
Location Data
Approximate geolocation data, collected only upon affirmative activation of location-sharing functionality by the User via their device settings.
Listings Data
Details of current and historical property listings created by the User on the Platform; details of third-party listings viewed by the User; and records of offers submitted by the User in respect of third-party listings.
Call Data
Audio recordings of communications between the User and the Company's personnel, collected for the purposes of quality monitoring, regulatory compliance, and staff training.
Behavioural Data
Inferred or derived information relating to a user’s conduct, preferences, and areas of interest, generated through analysis of the User's activity patterns on the Platform and typically compiled on an aggregated and segmented basis.
Technical Data
Internet Protocol (IP) address; authentication credentials and session data; browser type, version, and configuration; device time zone and geographic settings; browser plug-in types and versions; operating system and platform specifications; device identifiers; and such other technical information as may be transmitted by the devices through which the User accesses the Platform.
3.2 Aggregated and Anonymised Data
The Company may collect, process, generate, and share Aggregated Data derived from Personal Data for analytical, operational, statistical, and commercial purposes. Such Aggregated Data, once rendered incapable of identifying any individual Data Subject, shall no longer constitute Personal Data for the purposes of this Policy or applicable law. Notwithstanding the foregoing, in the event that Aggregated Data is combined with or linked to Personal Data in a manner that renders an individual identifiable, the resulting combined data shall be treated as Personal Data and processed in full accordance with this Policy.
3.2 Prohibition on Special Categories
The Company does not solicit, require, or knowingly collect Special Categories of Personal Data in connection with the standard operation of the Platform. Data Subjects are expressly cautioned against voluntarily disclosing Special Categories of Personal Data on or through the Platform, whether to the Company or to other Users. Notwithstanding this prohibition, in the event a Data Subject elects to transmit Special Categories of Personal Data through the Platform, such transmission shall constitute the Data Subject's explicit consent to the Company processing such data solely in accordance with the provisions of this Policy and to the extent required for the lawful operation of the Platform.
3.4 Consequences of Declining to Provide Personal Data
The Company shall process Personal Data only for the purposes for which it was originally collected, or for purposes that are compatible with such original purposes. Where the Company determines that it is necessary to process Personal Data for a purpose that is materially different from or incompatible with the original purpose of collection, it shall update this Policy accordingly, notify affected Data Subjects as required under applicable law, and ensure that a separate and adequate Lawful Basis exists for such additional processing.
ARTICLE IV — PURPOSES OF PROCESSING AND LAWFUL BASIS
4.1 General Principle
The provision of certain categories of Personal Data is a prerequisite to accessing and utilising the Platform. Where the Company requires specific Personal Data to discharge its contractual obligations to the User or to fulfil applicable legal requirements, the User's failure to provide such data upon request may result in the Company's inability to grant access to some or all features of the Platform. The Company shall notify the User of any such material consequence at the time the relevant Personal Data is requested.
4.2 Legal Bases Recognised Under This Policy
The Company relies upon the following legal bases to justify its processing activities, as defined under the PDPL and applicable UAE data protection law:
• Contractual Necessity: Processing that is necessary for the performance of a contract to which the Data Subject is a party, or for the taking of pre-contractual steps at the Data Subject's request.
• Compliance with Law: Processing that is necessary for the Company to comply with a legal or regulatory obligation to which it is subject.
• Consent: Processing undertaken on the basis of a freely given, specific, informed, and unambiguous indication of the Data Subject's agreement, which may be withdrawn at any time.
Processing Purpose
Processing Purpose
ata Categories Utilised
ata Categories Utilised
ata Categories Utilised
ata Categories Utilised
ata Categories Utilised
ata Categories Utilised
Identity Data Account Registration and Management
Identity Data; Contact Data
To create, authenticate, and administer User accounts on the Platform.
Contractual Necessity
Account Verification
Identity Data; Contact Data
To verify the identity of Users, including through in-app verification processes, and to maintain the security and integrity of the Platform.
Contractual Necessity
Platform Operation and Service Delivery
Identity Data; Contact Data; Listings Data; Call Data
To operate the Platform in its entirety; to facilitate transactions and interactions between Users; and to deliver services expressly requested by the User.
Contractual Necessity
Analytics and User Segmentation
Behavioural Data; Technical Data
To analyse User engagement and Platform performance; to identify usage trends; and to segment the User base for internal marketing and operational optimisation purposes.
Contractual Necessity
Marketing Communications
Contact Data
To transmit promotional and marketing communications to Users who have provided their prior and explicit consent to receive such communications.
Consent
Fraud Prevention and Security
Identity Data; Contact Data
To safeguard the Platform and its Users against fraudulent activity, misuse, and unauthorised access; and to comply with applicable anti fraud regulatory requirements.
Compliance with Law
ARTICLE V — DISCLOSURE AND TRANSFER OF PERSONAL DATA
5.1 General Disclosure Obligations
The Company does not sell, rent, or otherwise commercialise Personal Data. Disclosure of Personal Data to third parties is strictly limited to the circumstances described in this Article and shall at all times be subject to the imposition of appropriate contractual, technical, and organisational safeguards commensurate with the sensitivity of the data disclosed. All Data Processors engaged by the Company are contractually prohibited from processing Personal Data for any purpose other than those explicitly specified by the Company and from using Personal Data for their own independent commercial or operational purposes.
5.2 Recipients of Personal Data
Other Platform Users
Disclosure to other Users is inherent in, and required for, the facilitation of transactions through the Platform. Data Subjects are notified that information published in connection with a listing, rating, or review — including profile identifiers such as username and profile photograph — will be accessible to all Platform Users and may be indexed by third-party search engines and distributed externally. Data Subjects must exercise caution and independent judgment before publishing any information through the Platform.
Third-Party Providers Processors and Service and Data
The Company engages third-party service providers to assist in the technical operation, administration, and maintenance of the Platform, including IT infrastructure, analytics, and marketing services. Such providers may access Personal Data solely to the extent necessary to perform their contracted services and are bound by confidentiality obligations and data processing agreements that impose obligations no less protective than those contained in this Policy.
Competent Authorities
Personal Data may be disclosed to governmental, regulatory, law enforcement, judicial, or other competent public authorities where such disclosure is required, requested, or authorised pursuant to applicable law, including in connection with criminal investigations, regulatory proceedings, court orders, or legal process.
Successors and Acquirers
In the event of a corporate restructuring, merger, acquisition, joint venture, assignment, sale, or other disposition of all or any material portion of the Company's business or assets, Personal Data may be disclosed to prospective or actual successors or acquirers, subject to the requirement that any such party shall be bound to process the Personal Data in a manner consistent with this Policy.
5.3 Cross-Border Data Transfers
The Company may transfer Personal Data to jurisdictions outside the UAE that may not maintain data protection standards equivalent to those applicable within the UAE. In all such cases, the Company shall ensure that any cross-border transfer is conducted in accordance with the requirements of the PDPL, including by implementing such contractual, technical, or regulatory mechanisms as are prescribed or permitted under applicable law to ensure an adequate level of protection for the transferred Personal Data.
ARTICLE VI — DATA SECURITY AND INTEGRITY
The Company has implemented, and shall maintain, a comprehensive framework of technical and organisational measures designed to protect Personal Data against accidental loss, unauthorised alteration, unlawful access, disclosure, or destruction. Such measures include, without limitation:
• Logical and physical access controls restricting access to Personal Data to authorised personnel on a strict need-to-know basis;
• Imposition of contractual confidentiality obligations on all employees, officers, contractors, and agents who handle Personal Data;
• Deployment of encryption, firewalls, intrusion detection systems, and other industry-standard technical safeguards; Strictly Confidential & Proprietary | © 2026 4partners. All Rights Reserved. 4partners application | PRIVACY & DATA PROTECTION POLICY
• Incident response protocols providing for the prompt identification, containment, investigation, and remediation of any actual or suspected Personal Data breach, including notification to relevant supervisory authorities and, where required by law, to affected Data Subjects.
The Company acknowledges that no technical or organisational measure can guarantee absolute security against all threats. Data Subjects are accordingly encouraged to exercise appropriate caution when transmitting Personal Data over public or unsecured networks.
ARTICLE VII — DATA RETENTION
The Company shall retain Personal Data only for such period as is reasonably necessary to fulfil the purposes for which it was collected, as set out in this Policy, or for such longer period as may be required or permitted by applicable law, regulatory obligation, or legitimate operational necessity (including, without limitation, the resolution of disputes, the enforcement of contractual rights, or the satisfaction of audit requirements).
Upon the expiry of the applicable retention period, Personal Data shall be securely deleted, destroyed, or, where feasible, anonymised in a manner that renders it permanently incapable of re-identification. Anonymised data may be retained indefinitely by the Company without restriction, as it no longer constitutes Personal Data for the purposes of applicable law.
The Company's data retention schedules are subject to periodic review and shall be updated as necessary to ensure continued compliance with applicable legal and regulatory requirements.
ARTICLE VIII — RIGHTS OF DATA SUBJECTS
8.1 Enumeration of Rights
Subject to the conditions, limitations, and exceptions prescribed under the PDPL and other applicable law, Data Subjects may be entitled to exercise the following rights in respect of their Personal Data:
• Right of Access: The right to receive confirmation of whether the Company processes Personal Data relating to you, and where that is the case, to obtain a copy of such Personal Data and supplementary information regarding the processing thereof. • Right to Rectification: The right to require the Company to correct, without undue delay, any inaccurate Personal Data concerning you, and to have incomplete Personal Data completed.
• Right to Erasure: The right to require the deletion or removal of Personal Data where the Company has no continuing legitimate or legal basis for its retention or continued processing.
• Right to Object: The right to object, on grounds relating to your particular situation, to the processing of your Personal Data for specific purposes, including direct marketing.
• Right to Data Portability: The right to receive your Personal Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have such data transmitted directly to a third-party data controller of your designation.
• Right to Withdraw Consent: Where Processing is based solely upon your Consent, the right to withdraw such Consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal. Withdrawal of Consent may result in the partial or complete loss of access to certain Platform features, of which you will be notified at the time of withdrawal.
8.2 Limitations on the Exercise of Rights
Not all rights enumerated in Article 8.1 are absolute, and their availability may be subject to restrictions imposed by applicable law. Some rights may only be exercisable in specific circumstances, and the Company reserves the right to decline requests that are manifestly unfounded, excessive, or repetitive, or that conflict with overriding legal obligations.
8.3 Procedure for Exercising Rights
All requests by Data Subjects to exercise their rights under this Policy shall be submitted in writing to the Data Protection Contact specified in Article 1.2. The Company shall be entitled to verify the identity of the requesting party prior to processing any such request and may require the submission of such supporting documentation as it deems reasonably necessary for that purpose. The Company shall endeavour to respond to all valid requests within thirty (30) calendar days of receipt. Where the complexity or volume of requests necessitates an extended response period, the Company shall notify the requesting party and provide a revised response timeline, which shall not exceed ninety (90) calendar days in total.
8.4 Fees
The Company shall ordinarily process requests to exercise Data Subject rights at no charge. However, the Company expressly reserves the right to impose a reasonable administrative fee in circumstances where requests are manifestly unfounded, repetitive, or excessive in nature, or where the cost of compliance would be disproportionate.
8.5 Complaints
Data Subjects who are dissatisfied with the Company's handling of their Personal Data or its response to any rights request may submit a formal complaint in writing to the Data Protection Contact. The Company shall acknowledge and respond to such complaints within a reasonable timeframe. If a Data Subject remains dissatisfied with the Company's response, they may have the right to lodge a complaint with the UAE Data Office or other competent supervisory authority having jurisdiction over the Company's data processing activities.
ARTICLE IX — MARKETING COMMUNICATIONS
The Company shall not transmit unsolicited marketing communications to Data Subjects. Marketing communications shall be sent only to Users who have provided their prior, explicit, and recorded Consent to receive such communications. Data Subjects who have consented to receive marketing communications may withdraw such Consent at any time by adjusting their notification and communication preferences within the Platform's account settings. Withdrawal of consent to marketing communications shall not affect the lawfulness of any marketing processing carried out prior to such withdrawal.
ARTICLE X — MINORS
The Platform is intended exclusively for use by natural persons who have attained the age of majority in their jurisdiction of residence. The Company does not knowingly solicit or collect Personal Data from individuals who have not attained the age of majority. The Company does not undertake active age verification of all Users and accordingly cannot guarantee that minors do not access the Platform. In the event that the Company becomes aware that a minor has registered on or accessed the Platform in contravention of this restriction, the Company shall take all reasonable steps to delete that individual's Personal Data from its systems. Any person with knowledge of a minor's use of the Platform is requested to notify the Company forthwith via the Data Protection Contact.
ARTICLE XI — THIRD-PARTY LINKS AND EXTERNAL SERVICES
The Platform may contain hyperlinks to or integrations with websites, mobile applications, or services operated by third parties. Such third-party services are entirely independent of the Company, and this Policy does not govern the collection, processing, or use of Personal Data by such third parties. The Company accepts no responsibility or liability for the data protection practices of any third-party service. Data Subjects are strongly advised to review the privacy and data protection policies of all third party platforms accessed through the Platform before providing any Personal Data to such third parties.
ARTICLE XII — AMENDMENTS TO THIS POLICY
The Company reserves the absolute right to amend, modify, or update this Policy at any time, with or without prior notice to Data Subjects, subject to any mandatory notification requirements imposed by applicable law. Any amendments to this Policy shall take effect immediately upon publication of the revised version on this page, unless a different effective date is expressly stated. Where the nature of an amendment is material, the Company may, at its discretion, provide notice to affected Users by means of an in-app notification or by electronic correspondence to the email address on file. Continued use of the Platform following the publication of any amendment shall constitute the User's acceptance of the revised Policy.
ARTICLE XIII — GOVERNING LAW AND JURISDICTION
This Policy shall be governed by and construed exclusively in accordance with the laws of the United Arab Emirates, including without limitation the PDPL and all subordinate legislation and regulatory guidance issued thereunder. Any dispute, claim, or controversy arising out of or relating to this Policy, or the breach, termination, enforcement, interpretation, or validity thereof, shall be subject to the exclusive jurisdiction of the competent courts of the Emirate of Abu Dhabi.
ARTICLE XIV — SEVERABILITY
If any provision or part-provision of this Policy is or becomes invalid, illegal, or unenforceable under applicable law, it shall be deemed modified to the minimum extent necessary to make it valid, legal, and enforceable. If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification or deletion of a provision or part-provision pursuant to this Article shall not affect the validity and enforceability of the remaining provisions of this Policy.
ARTICLE XIV — Contacts Data
With your permission, the app may access your Contacts to collect phone numbers only (contact names and other details are not collected). These phone numbers are securely uploaded to our servers and used to enable features such as notifying you about relevant activity within the app related to your contacts. We do not use this data for marketing purposes, and it is handled in accordance with applicable data protection laws. You can choose not to grant access to your Contacts at any time through your device settings.
Page updated
Google Sites
Report abuse