Privacy Policy

This Privacy Policy explains how Dubai Smart Home (DSH) collects, uses, stores, and protects personal data. We have written it in plain English so that our customers, prospects, household members, and website visitors can understand what we do with information about them. Where it matters, we point to the exact UAE law we are following so you can verify our position.
last updated: 01.05.26

DSH is a residential smart home installer based in Dubai. We design, supply, install, commission, and provide ongoing monitoring for high end automated villa systems including lighting, climate, security, surveillance, access control, audio, cinema, networking, voice control, pool and outdoor systems, energy and solar, and wellness equipment. Our customers are largely homeowners across Emirates Hills, Palm Jumeirah, Dubai Hills, Tilal Al Ghaf, Al Barari, MBR City, Sobha Hartland, Bluewaters, Pearl Jumeira, Damac Hills, Arabian Ranches III, Jumeirah Golf Estates, and Sustainable City.

Because the systems we install can capture video, audio, biometrics, and behavioural patterns inside a private home, we treat privacy as a core engineering requirement, not a checkbox. This document tells you what that looks like in practice.

1. Who we are

The legal entity behind this policy is:

  • Trading name: Dubai Smart Home (DSH)
  • Legal entity name: Dubai Smart Home LLC
  • Majority shareholder: NasrCapital FZE LLC
  • Registered address: One Central, 8th and 9th Floor, Trade Centre 2, Dubai, United Arab Emirates
  • Website: dubaismarthome.ae
  • General contact: support@dubaismarthome.ae
  • Privacy contact: support@dubaismarthome.ae
  • Data Protection Officer (DPO): reachable at support@dubaismarthome.ae

DSH is a mainland Dubai company licensed by the Dubai Department of Economy and Tourism (DED). We are not registered in the DIFC or ADGM free zones. Where our customers operate businesses or family offices inside DIFC or ADGM and instruct us to handle data for those operations, we will additionally align our handling with DIFC Data Protection Law No. 5 of 2020 or ADGM Data Protection Regulations 2021 as applicable to that engagement, on top of the UAE federal baseline.

For the purposes of UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the UAE PDPL), DSH acts in two distinct roles:

  • Controller for personal data we collect for our own purposes such as our website, sales pipeline, employees, suppliers, and service contracts.
  • Processor for personal data that lives on systems we install and operate inside a customer's home, where the homeowner is the controller. Examples include CCTV footage, voice transcripts, access logs, and presence telemetry produced by household systems.

We make this distinction explicit in every customer agreement so it is clear who is responsible for what.

2. Scope

This policy covers:

  • The DSH website at dubaismarthome.ae and any subdomains we operate.
  • Email, phone, WhatsApp, and in person conversations between you and DSH staff.
  • Sales and onboarding workflows including site surveys, design proposals, contracts, and payments.
  • Smart home systems we install, integrate, or remotely monitor on behalf of our customers, to the extent that DSH touches the data flowing through those systems.
  • Third party services we use to run our business (subprocessors), listed at /legal/subprocessors.

This policy does not cover third party apps you choose to install on your own devices outside our scope of work, even if they happen to interact with hardware we installed. Their privacy notices apply.

3. What personal data we collect

We split the data we handle into four categories.

3.1 Website visitors

When you browse dubaismarthome.ae we may collect:

  • IP address and approximate location (city level, derived from the IP).
  • Device, browser, and operating system metadata.
  • Pages viewed, time on page, referral source, and on page interactions.
  • Any information you voluntarily submit through forms, the chat widget, or a calendar booking.

Cookie and analytics behaviour is described in detail in our Cookie Policy.

3.2 Prospect leads

If you contact us about a potential project, request a quote, attend a showroom visit, or book a discovery call, we typically collect:

  • Full name, mobile number, email address, preferred language.
  • Property address or community (for example, Emirates Hills, Palm Jumeirah).
  • Project scope notes, budget indication, timeline, and architectural drawings or photos you share with us.
  • Any introducer or referrer details.
3.3 Contracted customers

Once you become a DSH customer, we additionally collect and process:

  • Emirates ID number and a copy of your Emirates ID, where required for contract verification or community access permits.
  • Passport copy, where required for VAT invoicing or property ownership confirmation.
  • Title deed or Ejari, where the community management company requires proof of ownership for installer access.
  • Bank or payment details for invoicing and refunds.
  • Authorised contacts and household members who can issue instructions to DSH.
  • System credentials, recovery contacts, and break glass access agreements.
  • Service tickets, on site work logs, and remote support session records.
3.4 Third parties whose data appears on installed systems

This category is unique to our business and we want to be transparent about it. The systems we install inside a customer villa naturally capture data about people other than the homeowner. This can include:

  • Family members and guests filmed by CCTV or doorbell cameras.
  • Domestic staff captured on cameras, access control logs, and activity sensors.
  • Visiting contractors, delivery agents, and tradespeople caught on surveillance.
  • Voices captured by voice assistants and acoustic sensors.
  • Faces processed by face recognition cameras, where the homeowner has explicitly enabled that feature.

For this category, the homeowner is the data controller under UAE PDPL and is responsible for lawful basis, signage, and notice obligations. DSH supports the homeowner with technical safeguards, configuration defaults that minimise collection, and our CCTV and Surveillance Notice which explains the rules in detail.

4. Lawful basis for each category

UAE PDPL Articles 4 and 5 require a lawful basis for every act of processing. The basis we rely on depends on what we are doing.

  • Replying to your enquiry, sending a quote: Steps prior to contract (Art. 4(2)).
  • Performing the installation contract: Performance of contract (Art. 4(2)).
  • Sending you marketing emails: Your explicit consent (Art. 4(1), Art. 6).
  • Storing financial records for 7 years: Legal obligation under UAE Federal Decree-Law No. 26 of 2020 amending VAT and tax record keeping rules (Art. 4(5)).
  • Improving the website, fraud prevention, fixing system faults: Our legitimate interests, balanced against your rights (Art. 4(7)).
  • Processing health data, biometric data, religious or political data: Explicit, separate consent for sensitive personal data (Art. 5 read with Art. 15).
  • Sharing with Dubai Police, DCD, or courts: Legal obligation under UAE Cybercrimes Law (Federal Decree-Law No. 34 of 2021) and Penal Procedures Law.

We do not rely on consent for things you cannot reasonably refuse, such as completing a contract you signed. Where we do rely on consent we make it specific, informed, and withdrawable at any time.

5. Camera, audio, and biometric data

Because surveillance and voice systems sit at the heart of what we install, we treat this category with extra care. The full rulebook is in our CCTV and Surveillance Notice. The short version:

  • Camera footage on a customer system belongs to the customer. DSH only views it when the customer asks us to, or when we need brief access to diagnose a fault under an audited break glass procedure.
  • Cameras must not film public streets, neighbouring properties, or areas where a reasonable person expects privacy. UAE Cybercrimes Law (Federal Decree-Law No. 34 of 2021) Article 44 makes unlawful recording a criminal offence, and UAE Penal Code (Federal Decree-Law No. 31 of 2021) Article 378 makes invasions of private life a criminal offence. We design installations to comply with both.
  • Audio recording of conversations requires consent. Our default voice control deployment uses on premises Whisper transcription with no cloud storage of voice audio.
  • Face recognition and biometric matching are off by default. We will only enable them on explicit written instruction from the homeowner.
  • Public area or street facing surveillance in residential communities may require permission from Dubai Police or the relevant authority under Dubai Law No. 3 of 2017 on the regulation of security guards and surveillance cameras. We will tell you when a permit is needed and help you obtain it.
6. Smart home telemetry

Modern smart home platforms phone home for software updates, scene synchronisation, remote access, and analytics. DSH builds its installations to give you control over how much of that telemetry leaves your villa.

Cloud connected platforms we commonly deploy and the data they typically transmit:

  • Lutron Caseta and HomeWorks (myLutron cloud): scene state, schedule, time stamps, account email.
  • Crestron Home and Crestron XiO Cloud: processor health, firmware version, room status.
  • Control4 OS3 (4Sight): event logs, room states, software updates.
  • Ubiquiti UniFi (UniFi Cloud / Site Manager): network topology, client device counts, throughput.
  • Apple HomeKit: device states encrypted to your iCloud account, not visible to DSH.
  • IACAD prayer times API: geographic coordinates of the property for daily Fajr to Isha schedule ingestion.

Where the customer prefers minimal cloud exposure we offer locally hosted equivalents:

  • Voice control: on premises Whisper for speech to text. No voice audio leaves the home.
  • Home automation hub: Home Assistant Yellow or similar self hosted controller, fully on premises with optional Wireguard VPN for remote access.
  • Video storage: local NVR with no cloud upload, with optional encrypted offsite backup to a UAE region.

We will document, in writing, exactly which cloud services your installation uses, what they transmit, and how to disable them.

7. How we use the data

We use personal data to:

  • Respond to enquiries and prepare proposals.
  • Design, install, commission, and maintain your smart home.
  • Provide remote monitoring, diagnostics, and software updates where you have asked us to.
  • Issue invoices, collect payment, and meet our tax and accounting obligations.
  • Send service notifications such as scheduled maintenance reminders and urgent security advisories.
  • Send marketing communications where you have opted in. You can opt out at any time using the unsubscribe link or by emailing support@dubaismarthome.ae.
  • Defend legal claims and comply with lawful requests from UAE authorities.
  • Improve our products, training, and processes. Where we use customer data for product improvement we either anonymise it first or rely on your explicit consent.
8. Who we share it with

We share data only when it is necessary and on a controlled basis.

  • Subprocessors: the cloud platforms, payment processors, CRM, accounting software, and field service tools that we use to run DSH. Our current list is published at /legal/subprocessors and is reviewed regularly. Each subprocessor is bound by a written data processing agreement.
  • Manufacturer support: where a hardware fault requires escalation to a manufacturer (for example, Crestron, Lutron, Hikvision, Axis, Mobotix, Avigilon, Ubiquiti, Sonos, Apple, Control4), we share the minimum data needed to resolve the case.
  • Community and developer access teams: where a community such as Emirates Hills or Palm Jumeirah requires installer access permits, we share installer names, vehicle plates, and Emirates ID copies of the engineers attending site.
  • Regulators and authorities: including the Telecommunications and Digital Government Regulatory Authority (TDRA), Dubai Civil Defence (DCD), Dubai Electricity and Water Authority (DEWA), Dubai Police, and the UAE Data Office, in response to lawful requests.
  • Professional advisers: auditors, lawyers, and insurers under confidentiality.

We do not sell personal data to anyone, ever.

9. International transfers

UAE PDPL Articles 22 to 23 permit cross border transfers either to jurisdictions deemed adequate by the UAE Data Office, or under appropriate safeguards.

Our default posture:

  • UAE first: we keep data inside UAE regions wherever the underlying platform offers a UAE region.
  • EU second: for monitoring, RMM, ticketing, and analytics tools that do not yet offer a UAE region, we prefer EU regions which benefit from mature data protection regimes.
  • Other regions: only where the platform we depend on does not offer UAE or EU regions, and we assess the destination country and provider against UAE PDPL adequacy criteria.

For transfers to jurisdictions without an adequacy decision we use Standard Contractual Clauses or equivalent contractual safeguards as permitted by Article 23(2). On request we will tell you exactly which countries your data is processed in.

10. Retention periods

We keep personal data only as long as we need it. Our defaults:

  • Website analytics: 26 months. Industry standard for trend analysis.
  • Cookie consent records: 24 months. Demonstrate consent under UAE PDPL Art. 6.
  • Prospect lead records (no contract): 24 months from last contact. Sales follow up window.
  • Contract files, invoices, tax records: 7 years. Federal Decree-Law No. 26 of 2020 record keeping rules.
  • As built drawings and design files: Lifetime of the installation plus 2 years. Service obligations.
  • Service tickets and on site work logs: 5 years. Warranty support.
  • Remote management telemetry (RMM): 90 days rolling. Diagnostics window.
  • CCTV footage on customer NVR: Default 30 days, configurable per system. Industry default for residential.
  • Voice control transcripts: Not retained by default. Privacy by default posture.
  • Face recognition templates: Only while the feature is enabled, then securely deleted. Sensitive personal data.
  • Payment card data: Not stored by DSH; held by PCI DSS certified payment processor. PCI DSS.
  • Employee records: Per UAE Labour Law and tax rules. Legal obligation.

When the retention period ends we either delete the data or anonymise it irreversibly.

11. Your rights as a data subject

Under UAE PDPL Articles 13 to 19 you have the following rights:

  • Right to information about how we process your data (Art. 13).
  • Right of access to your personal data and to receive a copy (Art. 14).
  • Right to rectification of inaccurate or incomplete data (Art. 15).
  • Right to erasure in defined circumstances (Art. 15).
  • Right to restrict processing in defined circumstances (Art. 16).
  • Right to data portability, to receive your data in a structured, common format and have it transferred to another controller (Art. 17).
  • Right to object to processing based on legitimate interests or direct marketing (Art. 18).
  • Right to refuse automated decision making that produces legal effects (Art. 19).
  • Right to withdraw consent at any time, without affecting the lawfulness of past processing.
  • Right to lodge a complaint with the UAE Data Office.

To exercise any right, email support@dubaismarthome.ae. We will verify your identity, respond within 30 days, and explain any extension if your request is complex. There is no charge for reasonable requests.

12. Children's data

DSH services are aimed at adult homeowners. We do not knowingly collect personal data from anyone under 18. If a child's data appears on a customer's installed system (for example, a child filmed on home CCTV), the homeowner is the controller and is responsible for safeguards. If you believe we hold data about a child without an appropriate basis, contact support@dubaismarthome.ae and we will investigate.

13. Security

We follow security practices aligned with ISO/IEC 27001 and the UAE Information Assurance Standards (NESA / TDRA UAE IAS v1.1) for the parts of our business that touch sensitive customer environments. For HNW family office customers we will, on request, document our alignment with NESA controls relevant to the engagement.

In practice this means:

  • All web traffic over TLS 1.2 or higher.
  • Encryption at rest using AES 256 for backups, NVR storage, and CRM data.
  • Role based access control with least privilege, multi factor authentication for all DSH staff.
  • Audited break glass procedure for any DSH engineer access into a customer environment.
  • Asset hardening following TDRA Cyber Hygiene residential guidelines, including default password rotation, firmware patching schedules, and segmented IoT VLANs.
  • Secure software development lifecycle for any custom integrations.
  • Annual penetration testing of our internet facing systems.
  • Documented incident response runbook including a 72 hour breach notification path under UAE PDPL Article 9.

If we ever suffer a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the UAE Data Office without undue delay and within 72 hours where feasible, and we will notify affected data subjects directly where required by Article 9(3).

14. Cookies

We use cookies and similar technologies on our website. The detail is in our Cookie Policy, which covers categories, specific cookies, consent under UAE PDPL Article 6, and how to manage your preferences.

15. Electronic signatures and records

Some of our contracts are signed electronically. Electronic signatures, electronic records, and trust services in the UAE are governed by Federal Decree-Law No. 46 of 2021 on Electronic Transactions and Trust Services (the Electronic Transactions Law). DSH uses signing platforms that meet the requirements for reliable electronic signatures under that law. The personal data captured during signing (your name, email, IP, signing timestamps, audit trail) is retained alongside the signed contract for the duration set out in section 10.

16. Changes to this policy

We may update this policy from time to time. The version date at the top tells you when it was last changed. For material changes we will email registered customers and post a notice on the website. We encourage you to review this page periodically.

17. Complaints and the UAE Data Office

If you have a concern about how we handle personal data, please contact us first at support@dubaismarthome.ae. We will work with you to resolve it.

If you remain unsatisfied, you have the right to lodge a complaint with the UAE Data Office, the regulator established under UAE Federal Decree-Law No. 44 of 2021.

  • Authority: UAE Data Office
  • Website: u.ae (official UAE Government portal)
  • How to contact: the UAE Data Office's current address and complaint channel are published on u.ae

For matters involving cybercrime, including unlawful recording, hacking, or impersonation, you may also contact Dubai Police's eCrime portal under Federal Decree-Law No. 34 of 2021 on Combating Rumours and Cybercrimes.

This policy is published in English. If a translated version is provided, the English version prevails in the event of a conflict.

Do you have questions?
Reach out to our team and start a discussion.
Contact us
Contact us
Surface what matters, automate the rest.
monthly Newsletter
We won't share your data with third parties. Ever.
Pages
HomeServicesAbout UsContact
Follow Us
LinkedInInstagramX (Twitter)YouTube
Services
Smart Lighting & ClimateSmart Lighting ControlMotorized Shading & CurtainsSecurity & SurveillanceSmart Gate & Access ControlVoice Control & AINetworking & ITHome Theater & CinemaWhole-Home AudioPool & Outdoor AutomationEnergy Management & SolarWellness & Comfort
Legal
All DocumentsPrivacy PolicyTerms of ServiceCookie PolicyWarrantyService Level AgreementRefund & CancellationCCTV NoticeSubprocessorsAccessibilityLegal Notice
Premium smart home automation for villas and homes across Dubai and the UAE.
A company by Nasrcapital
© 2026 Dubai Smart Home. All rights reserved.
SitemapContactPrivacyTerms