Contents
1. Our Commitment to GDPR
ProprHome is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and the Portuguese Data Protection Law (Lei de Protecao de Dados Pessoais).
We have implemented comprehensive data protection measures and processes to ensure compliance with these regulations. This page explains your rights and how we handle your data.
2. Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right to be Informed
You have the right to know how your personal data is being collected and used.
Right of Access
You can request a copy of all personal data we hold about you.
Right to Rectification
You can request correction of inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing
You can request limitation of how we process your data.
Right to Data Portability
You can receive your data in a portable format to transfer elsewhere.
Right to Object
You can object to processing based on legitimate interests or for marketing.
Rights Related to Automated Decisions
You have rights regarding automated decision-making and profiling.
3. Data Controller
ProprHome acts as the data controller for personal data collected through our platform. This means we determine the purposes and means of processing your personal data.
Data Controller:
ProprHome
Lisbon, Portugal
Email: dpo@proprhome.com
4. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our services (account management, property matching, transactions)
- Consent: Processing based on your explicit consent (marketing communications, analytics cookies)
- Legitimate Interests: Processing necessary for our legitimate business interests (fraud prevention, platform security, service improvement)
- Legal Obligations: Processing required to comply with legal requirements (tax records, regulatory compliance)
5. International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When this occurs, we ensure appropriate safeguards are in place:
- Transfers to countries with EU adequacy decisions
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules for intra-group transfers
- Service providers certified under approved certification mechanisms
6. Data Retention
We retain your personal data only for as long as necessary:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Duration of account + 2 years | Service provision, legal compliance |
| Transaction Records | 7 years | Tax and accounting requirements |
| Property Search History | 2 years | Service improvement, recommendations |
| Marketing Preferences | Until consent withdrawn | Consent-based processing |
| Support Communications | 3 years | Quality assurance, dispute resolution |
7. Security Measures
We implement appropriate technical and organizational measures to protect your data:
- Encryption of data in transit (TLS/SSL) and at rest
- Access controls and authentication requirements
- Regular security assessments and penetration testing
- Employee training on data protection
- Incident response procedures
- Regular backups and disaster recovery plans
- Pseudonymization where appropriate
8. How to Exercise Your Rights
To exercise any of your GDPR rights, you can:
- Email our Data Protection Officer at dpo@proprhome.com
- Use the privacy settings in your account dashboard
- Submit a request through our contact form
We will respond to your request within 30 days. In complex cases, this may be extended by a further 60 days, and we will inform you if this is necessary.
To protect your privacy, we may need to verify your identity before processing your request.
Submit a Data Request
9. Complaints
If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with a supervisory authority.
In Portugal, the supervisory authority is:
Comissao Nacional de Protecao de Dados (CNPD)
Av. D. Carlos I, 134, 1.o
1200-651 Lisboa
Portugal
Website: www.cnpd.pt
We encourage you to contact us first so we can try to resolve your concerns directly.