Maitri Realty Global is a real estate consultancy based in Navi Mumbai, Maharashtra, India. We operate the website maitrirealtyglobal.com and related services to connect property buyers, investors and NRI clients with residential and commercial property developments in Navi Mumbai and international markets including Dubai, London and the Caribbean.
For the purposes of data protection law, Maitri Realty Global is the Data Controller — meaning we decide how and why your personal data is processed.
This Privacy Policy applies to all personal data we collect through our website, enquiry forms, WhatsApp communications, email and any other interaction with Maitri Realty Global.
This policy is designed to meet the requirements of the following laws: the Indian Information Technology Act 2000 and IT (Amendment) Act 2008, the EU General Data Protection Regulation (GDPR), the UK General Data Protection Regulation (UK GDPR) and the Australian Privacy Act 1988 — as our clients include NRI visitors from these regions.
We collect information in the following categories:
| Category | What exactly | How collected |
|---|---|---|
| Contact details | Full name, email address, phone number | Enquiry forms, WhatsApp, direct email |
| Location information | City, country of residence or interest | Contact form (you provide voluntarily) |
| Property preferences | BHK type, budget range, buyer type (investor / end-user / broker) | Project enquiry forms |
| Communication content | Your messages, queries and notes from our conversations | Forms, WhatsApp, email, phone calls |
| Technical data | IP address, browser type, pages visited, time on site | Automatically via cookies (only after consent) |
| Consent record | Whether you consented to marketing, and when | Recorded when you tick the consent checkbox |
We do not collect or process any special category data (such as health information, religious beliefs, political opinions, or financial account details). We do not collect payment card information — all payments, if applicable, are handled directly by developers or through regulated financial institutions.
We use your personal data only for the following purposes:
| Purpose | Example |
|---|---|
| Responding to your enquiry | Calling you back about a property you asked about |
| Arranging site visits | Coordinating a visit to Malhar 24 East for you |
| Sending you property information | Sharing floor plans, pricing and project details you requested |
| Keeping records of our relationship | Noting which properties you viewed and your preferences |
| Marketing (with consent only) | Sending you new project launches or market updates if you agreed |
| Website analytics (with consent only) | Understanding which pages visitors read most |
| Legal compliance | Maintaining records as required under Indian real estate regulations |
Under GDPR and UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following:
| Processing activity | Legal basis |
|---|---|
| Responding to your property enquiry | Legitimate interests — you contacted us specifically to ask about a property |
| Storing your enquiry details | Legitimate interests — to follow up and manage our client relationship |
| Sending analytics cookies | Consent — only after you click "Accept All" |
| Sending advertising cookies (Meta Pixel, Google Ads) | Consent — only after you click "Accept All" |
| Sending you marketing about new projects | Consent — only if you specifically agreed |
| Maintaining records for regulatory compliance | Legal obligation — under Indian real estate and tax regulations |
Maitri Realty Global is based in India. Some of our service providers (listed in Section 5) process data in the United States or the European Union.
For transfers to the USA, we ensure appropriate safeguards are in place:
Supabase — stores data in the region you select at setup (we use Singapore to keep data closest to India). EU Standard Contractual Clauses (SCCs) apply for any EU personal data.
Google and Meta — operate under EU-US Data Privacy Framework certification and/or Standard Contractual Clauses.
For UK visitors: transfers are covered under the UK GDPR adequacy framework and relevant transfer mechanisms.
For Australian visitors: transfers are made in accordance with Australian Privacy Principle 8 (APP 8), which permits cross-border disclosure where the recipient provides equivalent privacy protections.
| Data type | Retention period | Reason |
|---|---|---|
| Enquiry form data | 2 years from date of enquiry | Property searches often span 1–2 years; we may have relevant new projects for you |
| Active client records | Duration of relationship + 5 years | Indian real estate regulations and potential legal claims |
| Analytics data (cookies) | 14 months (GA4 default) | Industry standard for trend analysis |
| Consent records | Until you withdraw consent + 3 years | Legal proof that consent was given |
| Server logs (IP addresses) | 90 days | Security monitoring only |
| Audit logs | 3 years | Security and compliance verification |
After these periods, your personal data is permanently deleted or anonymised so that you can no longer be identified from it.
Depending on where you live, you have the following rights over your personal data. We honour all of these regardless of your location.
Ask us what personal data we hold about you and receive a copy within 30 days.
Ask us to correct any inaccurate or incomplete personal data about you.
Ask us to delete your personal data ("right to be forgotten"). We will comply within 30 days unless we have a legal obligation to retain it.
Ask us to temporarily stop processing your data while a dispute is resolved.
Object to us processing your data for direct marketing. We will stop immediately.
Receive your personal data in a structured, machine-readable format (CSV).
Withdraw your consent at any time. This does not affect processing already carried out before withdrawal.
Lodge a complaint with your national data protection authority if you are unhappy with how we handled your data.
UK visitors — You may also contact the Information Commissioner's
Office (ICO) at ico.org.uk.
EU visitors — Contact your national supervisory authority. A list is
available at edpb.europa.eu.
Australian visitors — Contact the Office of the Australian
Information Commissioner (OAIC) at oaic.gov.au.
Cookies are small text files stored on your device when you visit a website. We use the following categories:
| Type | Purpose | Consent required |
|---|---|---|
| Strictly necessary | Remember your cookie preference. Required for the website to work. | No — always active |
| Analytics | Google Analytics 4 — counts page visits and measures how visitors navigate the site. Data is anonymised and aggregated. | Yes — Accept required |
| Advertising | Meta Pixel and Google Ads — measures whether our ads lead to enquiries. No personal profiles are built without consent. | Yes — Accept required |
You can change your cookie preference at any time by clearing your browser's local storage and reloading the page — the consent banner will reappear.
To opt out of Google Analytics across all websites, use the Google Analytics Opt-out Browser Add-on. To opt out of Meta advertising, visit Facebook Ad Settings.
We take the security of your personal data seriously. The following measures are in place:
Encryption in transit — all data is transmitted over HTTPS using TLS 1.2 or higher. HTTP connections are automatically redirected to HTTPS.
Encryption at rest — all data stored in our Supabase database is encrypted at rest using AES-256 encryption.
Access controls — role-based access control means team members can only access data relevant to their role. Row Level Security policies are enforced at the database level, not just the application level.
Audit logging — all significant data access and modification events are logged with timestamps and user identifiers.
No passwords stored — admin panel passwords are managed by Supabase Auth using bcrypt hashing. We never store or see plain-text passwords.
Session management — admin sessions expire after 30 minutes of inactivity and require re-authentication.
Despite these measures, no system is completely secure. If you believe your data has been compromised in any way, please contact us immediately at maitrirealtyglobal@gmail.com.
Our services are directed at adults who are in a position to purchase, invest in or rent property. We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have inadvertently collected data from a child, we will delete it immediately.
If you are a parent or guardian and believe your child has submitted personal data to us, please contact us at maitrirealtyglobal@gmail.com and we will remove it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology or legal requirements. When we make significant changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify active clients by email.
We encourage you to review this page periodically. Your continued use of our website after changes are posted constitutes acceptance of the updated policy for website usage. For processing based on consent, we will ask for renewed consent where required by law.
For any questions about this Privacy Policy, to exercise your data rights, or to report a concern, please contact us: