Main Shofield Group, Inc. – Global Privacy Policy
Effective Date: 24 June 2025 | Last Revised: 24 June 2025
1. Scope
This Policy applies to personal information collected by Main Shofield Group, Inc. and its subsidiaries and brands (collectively “Shofield”, “we”, “us”, “our”) when you:
-
visit or interact with any Shofield‑controlled website, portal, or social‑media page;
-
use our software products (e.g., Lily AI), mobile apps, or chat services;
-
engage our real‑estate, consulting, or business‑formation services; or
-
otherwise communicate with us online or offline.
2. Information We Collect
| Category (CPRA) | Typical Data Elements | Source | Purpose |
|---|---|---|---|
| A. Identifiers | Name, postal address, email, phone, IP address, device ID | You; automated collection | Account setup; KYC; marketing |
| B. Personal records | Passport/Emirates ID, visa pages, utility bills, EIN | You | Regulatory filings; identity verification |
| C. Protected classes | Not intentionally collected (we will delete such data if discovered) |
— | — |
| D. Commercial data | Transaction history, property listings, invoices | You; service providers | Contract fulfilment |
| E. Biometric | None | — | — |
| F. Internet activity | Log files, browser type, referring URL, Cookie IDs | Automated | Site security; analytics |
| G. Geolocation | General location from IP; property coordinates | Automated; you | Service delivery |
| H. Audio/visual | Call recordings (with notice), video walk‑throughs | You | Quality assurance; client requests |
| I. Professional data | Title, employer, proof‑of‑funds letters | You | Eligibility screening |
| J. Inferences | Propensity‑to‑buy scores, lead qualification | Derived internally | Personalization |
We do not process any “sensitive personal information” for the purpose of inferring characteristics, nor do we knowingly sell or “share” data in the CPRA sense.
3. Legal Bases for Processing (GDPR/UK GDPR Art. 6)
| Basis | When We Rely on It |
|---|---|
| Contract (Art. 6 (1)(b)) | To deliver requested real‑estate or company‑formation services |
| Legal Obligation (Art. 6 (1)(c)) | AML/KYC checks, tax and corporate‑record retention |
| Legitimate Interests (Art. 6 (1)(f)) | Fraud prevention, network security, B2B direct marketing (balanced with your rights) |
| Consent (Art. 6 (1)(a)) | Optional newsletters, cookies that are not strictly necessary |
4. How We Use Your Data
-
Provide, maintain, and improve our services
-
Facilitate payments and verify identity
-
Respond to inquiries and provide customer support
-
Market similar services to corporate clients (opt‑out any time)
-
Comply with applicable laws, court orders, and regulatory requests
-
Detect, investigate, and prevent fraud or security incidents
-
Plan and execute corporate transactions (merger, acquisition, asset sale)
5. Disclosures & International Transfers
We share information only with:
-
vetted service providers bound by confidentiality (cloud hosting, CRM, payment gateways, KYC vendors, real‑estate developers);
-
professional advisers (lawyers, auditors, bankers);
-
government authorities or free‑zone regulators (e.g., IFZA) when legally required;
-
affiliates and successors in a corporate restructuring.
Cross‑border transfers:
Data from the EEA, UK, or Switzerland is transferred to the United States pursuant to the EU–U.S. Data Privacy Framework (if certified) and approved Standard Contractual Clauses. UAE personal data is handled in accordance with PDPL 45/2021.
6. Retention
| Data Type | Default Retention | Statutory Authority / Rationale |
|---|---|---|
| Corporate & KYC records | 7 years after account closure | U.S. IRS & FinCEN, UAE AML rules |
| Property transaction files | 10 years | RERA / Dubai Land Dept. |
| Marketing contact details | Until opt‑out or 24 months of inactivity | CPRA “reasonably necessary” standard |
| Web analytics logs | 14 months | Google Analytics default |
When retention expires, data is securely deleted or anonymised.
7. Your Rights
| Region | Rights Summary |
|---|---|
| EEA/UK | Access, Rectification, Erasure, Restriction, Portability, Objection, automated‑decision opt‑out, lodge complaint with supervisory authority |
| U.S. (CA, VA, CO, CT, UT, TX, etc.) | Access, Correction, Deletion, Portability, Opt‑out of targeted ads / sharing, Limit use of sensitive data |
| UAE | Access, Correction, Erasure, Processing halt |
Submit a request:
Online form: https://mainshofield.com/privacy‑requesthttps://mainshofield.com/privacy‑request
Email: privacy@mainshofield.com
Toll‑free number (U.S.): +1 844‑xxx‑xxxx
We will verify your identity (or that of an authorized agent) before fulfilling any request.
8. Cookies & Similar Technologies
We use:
-
Essential cookies – site functionality & security (cannot be disabled)
-
Analytics cookies – aggregated traffic measurement (opt‑out available)
-
Advertising/remarketing cookies – only with your consent in jurisdictions that require it
A complete cookie table and preference center is available at Preferences → Cookie Settings in the site footer.
9. Data Security
Controls include TLS 1.3 encryption in transit, AES‑256 server‑side encryption at rest, zero‑trust network segmentation, annual SOC 2 (Type II) audits, and ISO 27001‑aligned policies. We maintain incident‑response and breach‑notification plans compliant with GDPR Arts. 33–34 and U.S. state data‑breach statutes.
10. Children
Our services are directed at persons 18 years and older. We do not knowingly collect data from minors; any such data will be deleted upon discovery.
11. “Do Not Track” & Global Privacy Control
We honor browser “Global Privacy Control” (GPC) signals as a valid opt‑out of sale/sharing for CPRA purposes.
12. Notice for California Residents (“Shine the Light”)
California customers may request a list of third parties to whom we disclosed personal information for their direct‑marketing purposes in the preceding calendar year. Submit requests to california‑privacy@mainshofield.com.
13. Financial Incentive Disclosure
We do not offer programs that compensate you for the collection or sale of personal information.
14. Accessibility
This Policy is formatted to meet WCAG 2.1 AA standards. Alternate formats (large print, braille, audio) are available on request.
15. Contacts
| Role | Contact |
|---|---|
| Chief Privacy Officer (CPO) | privacy@mainshofield.com |
| EU/EEA Representative (Art. 27 GDPR) | [EU Rep Name], [EU Rep Address], eu‑rep@mainshofield.com |
| UK Representative | [UK Rep Name], [UK Rep Address], uk‑rep@mainshofield.com |
| UAE Data Officer (PDPL Art. 10) | uaedpo@mainshofield.com |
16. Changes to This Policy
We will post any material changes on this page and, where appropriate, notify you by email at least 30 days in advance. Previous versions will be archived at mainshofield.com/privacy‑archive for reference.
