GPDR Terms – Chicagoland # 1 Desi Real Estate Brokerage

Your search results

Sohum Realty is committed to protecting the personal data of all individuals who interact with our website and services. This GDPR Compliance Statement explains how we process personal data in accordance with the General Data Protection Regulation (EU) 2016/679. Although Sohum Realty is a US-based brokerage in Illinois, we respect the rights of individuals in the EEA and the United Kingdom who may access our website at https://sohumrealty.com.

1. Data Controller

Sohum Realty acts as the Data Controller for personal data collected through our website and services:

Legal Name: Sohum Realty
Address: 70 S US Hwy 45 #207, Grayslake, IL 60030, USA
Email: info@sohumrealty.com
Phone: (847) 238-2077
All data-related inquiries should be directed to the contact details above.
We will appoint an EU/UK representative if our processing of EEA/UK resident data reaches the threshold requiring such appointment under Article 27 GDPR.

2. Lawful Basis for Processing

We process personal data only where a lawful basis exists under Article 6 of the GDPR:

Consent (Art. 6(1)(a)): Where you have given clear, informed, and freely given consent — such as signing up for newsletters or property alerts.
Contract (Art. 6(1)(b)): Where processing is necessary to perform a contract with you, such as facilitating a property purchase or lease.
Legal Obligation (Art. 6(1)(c)): Where we are required to process your data to comply with applicable laws including Illinois real estate regulations and AML requirements.
Legitimate Interests (Art. 6(1)(f)): Where processing is necessary for our legitimate business interests such as improving our website and preventing fraud.
We do not use automated decision-making or profiling that produces legal effects without your explicit consent.
Where processing is based on consent, you have the right to withdraw that consent at any time without affecting prior lawful processing.

3. Data We Collect & Purpose

We collect only the minimum personal data necessary for the purposes described below (data minimization principle):

Contact & Identity Data: Name, email, phone, and address — for responding to inquiries and facilitating transactions.
Property Preference Data: Search filters, saved listings, and transaction history — to personalize our services.
Technical & Usage Data: IP address, browser type, pages visited, and cookies — for analytics and security.
Communication Data: Records of emails, calls, and messages — retained for business continuity and legal compliance.
Financial Data: Limited financial information relevant to transactions — shared only with necessary parties.
We do not collect special category data or process children’s data under age 16 without verifiable parental consent.

4. International Data Transfers

As a US-based company, your personal data may be transferred to and processed in the United States. We ensure adequate safeguards are in place:

Where we transfer personal data from the EEA or UK to the US, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission.
We assess the data protection laws of recipient countries and implement supplementary measures where necessary.
Third-party service providers who receive personal data are required to comply with GDPR data transfer obligations.
You may request information about specific transfer safeguards by contacting us at info@sohumrealty.com.
We do not transfer personal data to countries without adequate protection unless necessary for contract performance or made with your explicit consent.

5. Data Retention

We retain personal data only as long as necessary to fulfil the purposes for which it was collected:

Transaction Records: Retained for a minimum of 5 years following completion of a transaction, per Illinois brokerage requirements.
Marketing Data: Retained until you withdraw consent, after which it will be deleted within 30 days.
Website Analytics Data: Retained in anonymized form for up to 26 months.
General Correspondence: Retained for up to 3 years from the date of last communication.
Upon expiry of retention periods, data is securely deleted or anonymized so it can no longer be associated with an individual.
In cases of legal claims or regulatory requirements, we may retain data for longer periods as permitted by law.

6. Your GDPR Rights

If you are located in the EEA or UK, you have the following rights under the GDPR. We will respond to verified requests within 30 days:

Right of Access (Art. 15): Request a copy of the personal data we hold about you.
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
Right to Erasure (Art. 17): Request deletion of your personal data where there is no compelling reason for continued processing.
Right to Restrict Processing (Art. 18): Request that we limit processing of your data in certain circumstances.
Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing at any time.
You have the right to lodge a complaint with your local Data Protection Authority. In the UK this is the ICO at ico.org.uk.

7. Data Security & Breach Notification

We implement appropriate technical and organizational measures to protect personal data:

SSL/TLS encryption for all data transmitted between your browser and our website.
Access controls limiting personal data access to authorized personnel on a need-to-know basis.
Regular security assessments, software updates, and staff training on data protection best practices.
Secure data storage with firewall protection, intrusion detection, and regular backups.
In the event of a breach likely to risk individuals’ rights, we will notify the relevant supervisory authority within 72 hours as required by Article 33 GDPR.
Where a breach poses high risk to your rights, we will notify you directly without undue delay as required by Article 34 GDPR.