REDWOOD REAL ESTATE PARTNERS – FZCO

Privacy Policy

Effective Date: 7 May 2026

Last Updated: 7 May 2026

1. Introduction

Redwood Real Estate Partners – FZCO (“the Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting the personal data we collect, hold, and process about you. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you visit our website, submit an enquiry, or otherwise interact with us.

We are a private real estate investment group, and this website is intended to showcase our prior investments and to receive enquiries from prospective and existing investors. This Policy applies to all personal data processed by us in connection with this website and our investor relations activities.

This Policy is issued in accordance with applicable data protection laws, including Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (“UAE PDPL”), the data protection regulations of the Dubai Silicon Oasis Free Zone, and, where applicable to data subjects in the European Economic Area or the United Kingdom, the EU General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the UK GDPR.

2. Who We Are

The data controller responsible for your personal data is:

Redwood Real Estate Partners – FZCO

Registered Office: IFZA Properties, DSO – IFZA, Dubai Silicon Oasis, Dubai, United Arab Emirates

Company Registration Number: DSO-FZCO-42984

VAT Registration Number: 199 397 137

For all privacy-related enquiries, please contact us using the details set out in Section 14 (How to Contact Us).

3. Personal Data We Collect

We collect personal data that you provide to us directly, data we collect automatically when you use the website, and data we receive from third parties. The categories of personal data we may process include:

3.1 Information You Provide Directly

• Identity data: full name, title, nationality, and date of birth (where required for investor verification).
• Contact data: email address, telephone number, postal or business address, and country of residence.
• Professional data: employer, job title, professional background, and source of wealth or funds (where relevant to investor onboarding).
• Investor qualification data: information confirming your status as a qualified, professional, or accredited investor under applicable laws.
• Enquiry data: the content of any messages, enquiries, or documents you send to us via web forms, email, or other channels.
• Identification documents: passport copies, residency or visa documentation, proof of address, and other documents required for know-your-customer (KYC) and anti-money-laundering (AML) checks.

3.2 Information We Collect Automatically

• Technical data: IP address, browser type and version, time-zone setting, operating system, device identifiers, and platform information.
• Usage data: pages visited, links clicked, time spent on pages, referring URLs, and other information about how you interact with our website.

Cookies and similar technologies: as further described in our Cookie Policy.

3.3 Information from Third Parties

• Information from public registers, sanctions and politically-exposed-persons (PEP) screening providers, and credit reference agencies, where used in connection with investor due diligence.
• Information from professional intermediaries, such as introducers, financial advisers, family offices, lawyers, or accountants acting on your behalf.
• Information from analytics, hosting, and marketing service providers used in connection with the website.

4. How We Use Your Personal Data

We process your personal data only where we have a lawful basis to do so. The purposes for which we process personal data, and the corresponding lawful bases, are:

• Responding to enquiries: to receive, assess, and respond to enquiries submitted through our website or by email. Lawful basis: legitimate interests (responding to communications directed at us) and, where the enquiry concerns a potential investment, steps taken at your request prior to entering into a contract.
• Investor onboarding and due diligence: to assess investor suitability, perform KYC/AML checks, and comply with our regulatory obligations. Lawful basis: legal obligation, performance of a contract, and legitimate interests (managing investor relationships and protecting the integrity of our investment activities).
• Investor relations and reporting: to communicate with existing investors, provide reports, updates, and other information relating to investments. Lawful basis: performance of a contract and legitimate interests.
• Marketing communications: to share information about our investment opportunities, market commentary, and the firm with persons who have expressed interest in receiving such information. Lawful basis: consent and/or legitimate interests, depending on the recipient’s location and the nature of the communication.
• Website operation and security: to operate, maintain, secure, and improve our website and to detect and prevent fraud, misuse, and security incidents. Lawful basis: legitimate interests and legal obligation.
• Compliance and legal claims: to comply with applicable laws, respond to lawful requests from regulators or authorities, and to establish, exercise, or defend legal claims. Lawful basis: legal obligation and legitimate interests.

Where we rely on consent (for example, for certain marketing communications or non-essential cookies), you may withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

5. How We Share Your Personal Data

We do not sell your personal data. We may share personal data with the following categories of recipients, in each case subject to appropriate contractual and technical safeguards:

• Affiliates and group entities involved in managing investments and investor relationships.
• Professional advisers, including lawyers, auditors, accountants, and tax advisers.
• Service providers acting as our processors, including website hosting, IT, email, customer relationship management, document storage, and analytics providers.
• Banks, custodians, fund administrators, transfer agents, and other financial counterparties involved in investment transactions.
• KYC, AML, sanctions, and PEP screening providers.
• Regulators, tax authorities, courts, law-enforcement agencies, and other governmental bodies, where required by law or where we consider it necessary to protect our rights or those of others.
• Prospective purchasers, investors, or financiers in connection with any actual or proposed corporate transaction involving us, such as a merger, acquisition, financing, or restructuring.

6. International Transfers

We are based in the United Arab Emirates, and we may transfer personal data outside of the country in which you are located, including to jurisdictions that may not provide the same level of data protection as your home jurisdiction.

Where personal data is transferred from the European Economic Area, the United Kingdom, or other jurisdictions with cross-border transfer restrictions, we put in place appropriate safeguards, such as the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Agreement, or another lawful transfer mechanism. You may request a copy of the relevant safeguards by contacting us.

7. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

Typical retention periods are as follows, subject to longer periods where required by law or to defend legal claims:

• General website enquiries that do not progress: up to 24 months from the date of the last contact.
• Marketing contact data: until you unsubscribe or otherwise withdraw consent, plus a short period to evidence compliance.
• Investor onboarding and KYC/AML records: at least the minimum period required by applicable AML laws (typically a minimum of five years following the end of the business relationship), and longer where required.
• Investment, accounting, and tax records: for the period required under applicable corporate, accounting, and tax laws in the UAE and any other relevant jurisdiction.

When personal data is no longer required, it will be securely deleted, destroyed, or anonymised.

8. Security

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include access controls, encryption in transit, secure hosting, and confidentiality obligations on personnel and service providers.

No method of transmission over the internet or method of electronic storage is, however, completely secure. While we strive to protect your personal data, we cannot guarantee absolute security. You are responsible for keeping any login credentials or other access information confidential.

9. Your Rights

Subject to applicable law, you may have the following rights in relation to your personal data:

• Right of access: to obtain confirmation of whether we process personal data about you, and to receive a copy of that data.
• Right to rectification: to have inaccurate or incomplete personal data corrected.
• Right to erasure: to request deletion of personal data in certain circumstances.
• Right to restrict processing: to request that we limit the way we use your personal data in certain circumstances.
• Right to data portability: to receive certain personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller, where technically feasible.
• Right to object: to object to processing carried out on the basis of legitimate interests or for direct marketing purposes.
• Right to withdraw consent: to withdraw consent at any time, where processing is based on consent.
• Right to lodge a complaint: with the UAE Data Office or, where applicable, with a supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us using the details in Section 14. We may need to verify your identity before responding to your request and may decline requests in limited circumstances permitted by law.

10. Direct Marketing

Where we send you marketing communications, we will do so in accordance with applicable law. You can opt out of receiving marketing communications at any time by following the unsubscribe instructions included in each communication or by contacting us directly. Opting out of marketing communications does not affect transactional or service communications relating to existing investments or business relationships.

11. Cookies and Similar Technologies

Our website uses cookies and similar technologies. For further information, please see our Cookie Policy, which forms part of, and should be read together with, this Privacy Policy.

12. Children

Our website and services are intended for adults. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected personal data from a minor, please contact us so we can delete it.

13. Third-Party Websites

Our website may contain links to third-party websites or services that we do not own or control. This Privacy Policy does not apply to those third parties, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party websites you visit.

14. How to Contact Us

If you have any questions about this Privacy Policy or wish to exercise any of your rights, please contact us at:

Redwood Real Estate Partners – FZCO

IFZA Properties, DSO – IFZA, Dubai Silicon Oasis, Dubai, United Arab Emirates

Email: privacy@redwoodrep.com

(or such other contact email as is published on our website from time to time)

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last Updated” date at the top of this Policy and, where appropriate, provide notice on our website or by other means. We encourage you to review this Policy periodically.

16. Governing Law

This Privacy Policy and any disputes arising out of or in connection with it are governed by the laws of the United Arab Emirates, as applicable in the Emirate of Dubai and the Dubai Silicon Oasis Free Zone, without prejudice to any mandatory data protection rights you may have under the law of your country of residence.