Privacy Policy
Last updated July 2026
1. Introduction
This Privacy Policy applies to personal data processed through diroco.com and related B2B services branded as DIROCO (the "Service"). The Service is offered to licensed real estate agents, brokerages and related business users — not to property buyers or consumers seeking investment advice.
By submitting a contact form, requesting a demo or otherwise providing personal data, you acknowledge that you have read this policy. If you do not agree, do not use the Service or submit personal data.
2. Data controller
Data controller: ROVLEX INTERNATIONAL LTD Company number: 16314439 Registered office: England and Wales Contact: via the form at https://diroco.com/en/contact/ (subject line: Privacy)
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (GDPR), ROVLEX INTERNATIONAL LTD is the controller of personal data described in this policy.
3. Scope — B2B only
DIROCO is a business-to-business platform. We do not market to, profile or enter into contracts with end investors or property buyers. Buyers interact with illustrative investment cases via ALOIK links distributed by their agent; those buyers are not customers of ROVLEX INTERNATIONAL LTD and their relationship is with the agent.
This policy covers personal data relating to agents, agency staff, directors and other business contacts who interact with diroco.com or our B2B delivery workflow.
4. Personal data we collect
We may collect and process the following categories of personal data:
- Identity and contact data: name, work email address, business telephone number (if provided), agency or brokerage name, job title or role. - Market and enquiry data: preferred market (e.g. Dubai, France, UK), message content, product interest, demo requests. - Technical data: IP address, browser type, device identifiers, time zone, pages viewed, referral URL — collected via cookies and similar technologies as described in our Cookie Policy. - Usage and analytics data: aggregated or pseudonymised interaction data where analytics cookies are accepted. - Contract and billing data: where you purchase services — billing contact, order references, payment status (payment card data is processed by third-party payment providers; we do not store full card numbers).
We do not intentionally collect special category data (e.g. health, biometric, political opinions). Do not submit such data through our forms.
5. How we collect data
- Directly from you: contact and lead forms, email correspondence, demo requests, contractual onboarding. - Automatically: cookies, server logs and analytics tools (subject to consent where required). - From your organisation: where a colleague submits an enquiry on behalf of your brokerage.
6. Purposes and lawful bases
| Purpose | Lawful basis (GDPR Art. 6) |
|---|---|
| Responding to B2B enquiries and demo requests | Legitimate interests — operating and growing a B2B service; or steps prior to contract at your request |
| Performing a contract or pre-contractual steps | Contract |
| Service delivery, account administration, support | Contract; legitimate interests |
| Invoicing and payment administration | Contract; legal obligation |
| Analytics to improve the website (consent regions) | Consent |
| Analytics in non-consent regions where permitted | Legitimate interests — limited, proportionate site improvement |
| Compliance with law, fraud prevention, disputes | Legal obligation; legitimate interests |
| Records retention for tax and accounting | Legal obligation |
Where we rely on legitimate interests, you may object as described in Section 10. Where we rely on consent, you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
7. Who we share data with
We share personal data only where necessary:
- Infrastructure providers: hosting, database and authentication services (including Supabase, with data hosted in the European Union). - Analytics providers: where you have consented to analytics cookies. - Professional advisers: lawyers, accountants, insurers — under confidentiality obligations. - Authorities: where required by applicable law or court order.
We do not sell personal data. We do not share agent contact data with property buyers. DIROCO does not contact buyers on an agent's behalf.
8. International transfers
Our primary processing infrastructure is located in the European Union. Where personal data is transferred outside the UK or EEA, we implement appropriate safeguards — including UK International Data Transfer Agreements, EU Standard Contractual Clauses, or transfers to countries with adequacy decisions — as required by UK GDPR and GDPR.
9. Retention
We retain personal data only as long as necessary for the purposes described:
- Enquiry and lead data: up to 24 months from last meaningful contact, unless a longer period is required for an active commercial relationship. - Contract and billing records: duration of the contract plus up to 7 years for accounting and tax compliance. - Analytics logs: typically up to 14 months, subject to provider settings. - Legal claims: retained as long as needed to establish, exercise or defend legal claims.
When retention ends, we delete or anonymise data unless law requires continued storage.
10. Your rights
Subject to applicable law, you have the right to:
- Access your personal data and obtain a copy. - Rectification of inaccurate or incomplete data. - Erasure ("right to be forgotten") in certain circumstances. - Restriction of processing in certain circumstances. - Data portability where processing is based on contract or consent and carried out by automated means. - Object to processing based on legitimate interests. - Withdraw consent at any time where processing is consent-based. - Lodge a complaint with a supervisory authority.
UK residents: Information Commissioner's Office (ICO) — https://ico.org.uk/ EU/EEA residents (including France): your local data protection authority.
To exercise rights, contact us via https://diroco.com/en/contact/. We may need to verify your identity. We respond within one month, extendable where permitted by law.
11. Security
We implement appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit (TLS), and EU-hosted infrastructure. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.
12. Children
The Service is not directed at individuals under 18. We do not knowingly collect data from children.
13. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top will change. Material changes will be indicated on diroco.com where practicable. Continued use after changes constitutes acknowledgement of the updated policy.
14. Contact
ROVLEX INTERNATIONAL LTD Company number 16314439 Enquiries: https://diroco.com/en/contact/