DATA PROCESSING AGREEMENT
Data Processing Agreement
Processor terms for agencies, developers, property managers and enterprise customers using the platform for their own records.
This is an operational launch pack, not a legal opinion. Final wording must be approved by Cyprus counsel before signed customer use.
Roles and instructions
When a customer uploads or manages personal data for its own real estate workflow, the customer is the controller and Verified Property Passport acts as processor for that customer data.
Verified Property Passport processes customer data only on documented instructions, to provide the service, support, security, billing, compliance logs and legally required actions.
Data and processing
Data subjects may include tenants, buyers, sellers, landlords, guarantors, agents, lawyers, contractors, property managers and customer staff.
Processing includes collection, storage, validation status tracking, access control, report generation, public summary sharing, audit logging, support, deletion review and export.
Security and confidentiality
The platform uses account authentication, role-based access, API keys, public share tokens, access logs, document visibility controls and separation between raw documents and report summaries.
Personnel and service providers must handle personal data confidentially and access it only for support, security, legal or operational purposes.
Subprocessors, breach and return
Subprocessors may be used for hosting, database, email, billing, storage, monitoring and approved integrations. The active list is published in the subprocessor register.
Material data incidents must be assessed promptly and communicated to affected controllers without undue delay where GDPR notification support is required.
On termination, customer data is exported, deleted or retained only where legal, billing, dispute, security or transaction record keeping requires retention.