Privacy Policy

Privacy Policy

Last updated: 04/05/2026

Smart Management Properties ("SMP""we""us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you visit our website at smartmanagementproperties.com, contact us, or interact with us as a prospective or existing customer.

This Policy is written to comply with the principles of the EU General Data Protection Regulation (GDPR), the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL), and applicable US state privacy laws.

1. Who is the data controller

The SMP brand is operated by two group entities, each acting as data controller for interactions falling within its scope:

  • SMP IT Consultancy LLC-S.P.C, a UAE limited liability company, for UAE-based interactions and the UAE-side platform operations.

  • Smart Management Properties LLC, a Florida limited liability company, for US-based interactions and the US-side platform operations.

References in this Policy to "SMP" mean the entity that contracts with you or interacts with you, depending on the context. If you are not sure which entity is involved, please contact us at the email address in section 10.

Where SMP processes personal data on behalf of a customer (typically end-user or building-resident data captured through the SMP platform), the customer is the data controller and SMP acts as data processor under a separate Data Processing Addendum. In that case, this Policy describes only how SMP itself handles personal data; the customer's own privacy notice governs how the customer handles end-user data.

2. What personal data we collect

Depending on your interaction with us, we may collect the following categories of personal data:

  • Contact data: name, professional email, phone number, company name, job title β€” collected when you fill in a contact form, request a demo, or otherwise reach out to us.

  • Communication data: the content of messages you send us and our responses.

  • Usage data: technical information such as IP address, browser type and version, device type, pages visited, time spent on pages, and referring URL β€” collected automatically when you visit our website.

  • Cookie data: information set by cookies and similar technologies β€” see our Cookie Notice for details.

  • Customer account data: if you become a customer, business contact information for your authorised representatives, and information about your property portfolio relevant to the commercial relationship.

We do not collect special-category data (such as health, biometrics, racial or ethnic origin, or political opinions) through this website. Any biometric integration on the SMP platform itself is governed by specific contractual safeguards with the relevant customer and is outside the scope of this Policy.

3. Why we collect your data and on what legal basis

PurposeLegal basis (GDPR / PDPL)Respond to your enquiries and provide pre-contractual informationPerformance of pre-contractual steps; legitimate interestSend you commercial information about products and services that may be relevant to you (B2B context)Legitimate interest; consent where required by applicable lawProvide and operate our services to existing customersPerformance of a contractAuthenticate users and secure our platformPerformance of a contract; legitimate interest in securityImprove our website and servicesLegitimate interestComply with legal, accounting and tax obligationsLegal obligation

You have the right to object to processing based on legitimate interest at any time (see section 6).

4. Who we share your data with

We share personal data only with the following categories of recipients, and only to the extent necessary:

  • Other SMP group entities, under intra-group data sharing arrangements (UAE entity, US entity).

  • Service providers acting as data processors on our behalf, including: Squarespace (website hosting), our cloud infrastructure providers (platform hosting), our IoT integration partners, our CRM and email tools, and our analytics providers. All processors are bound by written agreements that include the data protection obligations required by applicable law.

  • Professional advisers (lawyers, auditors, accountants) bound by confidentiality.

  • Authorities and regulators where required by law, valid legal process, or to protect our legal rights.

We do not sell personal data, and we do not share personal data with third parties for their own marketing purposes.

A current list of the principal sub-processors used by SMP is available to customers and prospective customers on request.

5. International data transfers

Because we operate from both the UAE and the United States, your personal data may be transferred between those jurisdictions and to the locations of our service providers (including the United States and the European Economic Area).

We rely on appropriate safeguards for these transfers:

  • From the EU/EEA: the European Commission's Standard Contractual Clauses (2021/914), supplemented as appropriate by additional technical and organisational measures.

  • From the UAE: the cross-border transfer provisions of the PDPL, including any specific requirements established by the UAE Data Office.

  • Between SMP entities: an intra-group data processing agreement applies.

6. Your rights

Subject to applicable law, you have the following rights in respect of your personal data:

  • Access β€” you may request a copy of the personal data we hold about you.

  • Rectification β€” you may ask us to correct inaccurate or incomplete data.

  • Erasure β€” you may ask us to delete your data in certain circumstances ("right to be forgotten").

  • Restriction of processing β€” you may ask us to limit how we use your data while a request is being assessed.

  • Objection β€” you may object to processing based on legitimate interest, including direct marketing.

  • Data portability β€” you may ask us to provide certain data in a structured, commonly used format.

  • Withdrawal of consent β€” where processing is based on consent, you may withdraw it at any time.

  • Right not to be subject to automated decision-making β€” we do not currently make solely automated decisions with legal or significant effects on individuals.

To exercise any of these rights, contact us at the email address in section 10. We will verify your identity before responding and will respond within the timeframes required by applicable law (typically one month under GDPR, with the possibility to extend by a further two months for complex requests).

If you are using the SMP platform as an end user (for example, a building resident), the customer (your employer or building owner) is the data controller and you should direct your request to the customer in the first instance. We will assist the customer in responding to your request as required by the relevant Data Processing Addendum.

7. How long we keep your data

We keep personal data only for as long as necessary for the purposes for which it was collected, plus any period required by law:

  • Website analytics data: retained for the period configured by our analytics provider (see our Cookie Notice).

  • Contact and prospect data: retained for as long as the commercial relationship is active and for a period thereafter consistent with the statutory limitation period applicable to claims in the relevant jurisdiction.

  • Customer contractual data: retained as set out in the relevant Master Services Agreement and Data Processing Addendum.

  • Accounting and tax data: retained as required by applicable law in each jurisdiction (typically 5 to 10 years).

When personal data is no longer needed, it is either securely deleted or anonymised.

8. Data security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include role-based access control, two-factor authentication on administrative access, encryption of data in transit and at rest, audit logging, and a documented incident response procedure. Personnel with access to personal data are bound by confidentiality undertakings and receive appropriate training.

In the event of a personal data breach likely to affect your rights, we will notify the competent supervisory authority within the timeframes required by applicable law and, where the law requires, we will notify you directly.

9. Cookies

Our website uses cookies and similar technologies. A separate Cookie Notice describes which cookies we use, for which purpose, and how you can manage your preferences. When you first visit the website you will be asked for your consent to non-essential cookies via our cookie banner.

10. Contact us and complaints

If you have a question about this Privacy Policy, want to exercise any of the rights described above, or wish to make a complaint, contact us at:

Email: laurene@citylinksglobal.ae

If you remain unsatisfied with our response, you may lodge a complaint with the competent supervisory authority:

  • EU/EEA: the data protection authority of your country of residence, place of work, or place of the alleged infringement.

  • UAE: the UAE Data Office, or the relevant free-zone data protection authority where applicable.

  • United States: the relevant state Attorney General or the Federal Trade Commission.

We would, however, appreciate the opportunity to address your concerns directly first.

11. Changes to this Policy

We may update this Policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this Policy will be updated, and material changes will be communicated to existing customers. We encourage you to review this Policy periodically.