GDPR Compliance

Last updated: 9/10/2025

Our Commitment to GDPR

AqarIntel is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and your rights as a data subject.

1. Data Controller Information

Data Controller: AqarIntel AI Limited
Contact: gdpr@aqarintel.ai
Data Protection Officer: privacy@aqarintel.ai

2. Legal Basis for Processing

We process your personal data under the following legal bases:

2.1 Consent

  • Marketing communications
  • Analytics cookies
  • Personalized property recommendations
  • AI-generated market insights based on your preferences

2.2 Contract Performance

  • Account creation and management
  • Service delivery
  • Payment processing
  • Customer support

2.3 Legitimate Interests

  • Service improvement and development
  • Fraud prevention and security
  • Anonymous analytics
  • AI model training (using anonymized data)

2.4 Legal Obligations

  • Tax and accounting requirements
  • Compliance with court orders
  • Anti-money laundering regulations

3. Your Rights Under GDPR

3.1 Right to Access

You can request a copy of all personal data we hold about you. We will provide this information free of charge within 30 days.

3.2 Right to Rectification

You can request correction of any inaccurate or incomplete personal data. You can update most information directly in your account settings.

3.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

3.4 Right to Data Portability

You can request your personal data in a structured, commonly used, and machine-readable format (JSON or CSV). You can also request we transfer this data directly to another service provider where technically feasible.

3.5 Right to Object

You can object to processing of your personal data for:

  • Direct marketing purposes
  • Processing based on legitimate interests
  • Processing for research or statistical purposes

3.6 Right to Restrict Processing

You can request restriction of processing when:

  • You contest the accuracy of the data
  • Processing is unlawful but you don't want erasure
  • We no longer need the data but you need it for legal claims
  • You've objected to processing pending verification of legitimate grounds

3.7 Right to Withdraw Consent

You can withdraw consent at any time for processing based on consent. This doesn't affect the lawfulness of processing before withdrawal.

3.8 Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority if you believe we're not complying with GDPR.

4. How to Exercise Your Rights

To exercise any of your GDPR rights:

  1. Email us at gdpr@estateguide.ai with your request
  2. Include "GDPR Request" in the subject line
  3. Provide your account email and specific right you wish to exercise
  4. We may request additional information to verify your identity
  5. We will respond within 30 days (may extend to 60 days for complex requests)

5. Data Protection Measures

5.1 Technical Measures

  • End-to-end encryption for sensitive data
  • Regular security audits and penetration testing
  • Access controls and authentication systems
  • Regular backups and disaster recovery procedures
  • Pseudonymization and data minimization

5.2 Organizational Measures

  • Staff training on data protection
  • Data Protection Impact Assessments (DPIAs)
  • Privacy by Design principles
  • Vendor management and data processing agreements
  • Incident response procedures

6. International Data Transfers

When we transfer your data outside the EEA, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Additional security measures as required

7. Data Retention

We retain personal data only as long as necessary:

  • Active accounts: Duration of account plus 30 days
  • Inactive accounts: 2 years then automatic deletion
  • Financial records: 7 years (legal requirement)
  • Marketing consent: Until withdrawn or 3 years of inactivity
  • Analytics data: Anonymized after 90 days
  • AI training data: Immediately anonymized

8. Data Breach Notification

In case of a personal data breach:

  • We will notify the supervisory authority within 72 hours
  • If high risk to your rights, we will notify you without undue delay
  • We maintain records of all data breaches
  • We conduct post-incident reviews to prevent recurrence

9. Automated Decision Making

We use AI for property recommendations and market analysis:

  • You can request human review of automated decisions
  • You can opt out of automated profiling for marketing
  • AI decisions are recommendations only, not final determinations
  • We provide explanations of AI logic when requested

10. Children's Data

We do not knowingly collect data from children under 16. If we discover we have collected such data, we will delete it immediately.

11. Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures. Check this page periodically for updates.

12. Contact Our Data Protection Team

For GDPR-related inquiries:

Email: gdpr@estateguide.ai
Data Protection Officer: privacy@estateguide.ai
Response time: Within 30 days

Or use our contact form and select "GDPR Request" as the subject.