Log in
Get Started

Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between:

  • [Your Company Name], trading as Propilist (“Processor”, “We”, “Us”), and
  • The customer using Propilist (“Controller”, “You”, “Your”).

Together, the “Parties.”

1. Purpose
This DPA governs Propilist’s processing of personal data on behalf of the Controller in providing the Propilist Service (CRM, CMS, property management, and related tools).

2. Definitions

  • “Personal Data”: Any information relating to an identified or identifiable person.
  • “Processing”: Any operation performed on Personal Data (collection, storage, use, deletion, etc.).
  • “Controller”: The party determining the purpose and means of processing Personal Data (the agency).
  • “Processor”: The party processing data on behalf of the Controller (Propilist).
  • “Sub-Processor”: Any third party engaged by Propilist to process data.

3. Scope of Processing

  • Nature and purpose: Storage, management, synchronization, and transmission of personal data related to property transactions and agency clients.
  • Types of data: Contact details (name, email, phone), client records, property information, transaction records.
  • Data subjects: End customers, clients of agencies, employees or agents of the Controller.

4. Controller Obligations
The Controller:

  • Ensures lawful basis for processing personal data.
  • Provides only necessary and accurate data.
  • Informs individuals about how their data is used (via Privacy Policy).

5. Processor Obligations (Propilist)
Propilist shall:

  1. Process Personal Data only on documented instructions from the Controller.
  2. Implement appropriate technical and organizational measures to protect data (encryption, access control, backups).
  3. Ensure personnel with access to data are bound by confidentiality.
  4. Assist the Controller in responding to requests from data subjects (access, deletion, portability, etc.).
  5. Notify the Controller without undue delay in the event of a data breach.
  6. Delete or return Personal Data after account termination, unless required by law to retain it.

6. Sub-Processors

  • Propilist may engage Sub-Processors (e.g., hosting providers, payment processors).
  • A current list of Sub-Processors will be made available upon request.
  • Propilist ensures Sub-Processors provide data protection obligations no less protective than this DPA.

7. International Data Transfers

  • Propilist may transfer Personal Data outside the country of origin, subject to ensuring appropriate safeguards (e.g., Standard Contractual Clauses under GDPR).

8. Security Measures

  • Propilist maintains industry-standard security measures, including but not limited to:
    • Encryption in transit and at rest.
    • Firewalls and access controls.
    • Regular backups and disaster recovery protocols.
    • Monitoring for unauthorized access.

9. Data Breach Notification

  • In case of a personal data breach, Propilist will notify the Controller without undue delay.
  • Notifications will include the nature of the breach, affected data, measures taken, and recommended actions.

10. Audit Rights

  • The Controller may request information necessary to demonstrate compliance with this DPA.
  • On reasonable notice, the Controller may audit Propilist’s processing practices (subject to confidentiality).


11. Duration & Termination

  • This DPA remains in effect as long as Propilist processes data on behalf of the Controller.
  • Upon termination of services, Propilist will delete or return Personal Data, unless legally required to retain it.

12. Governing Law
This DPA shall be governed by the same law and jurisdiction as the Terms of Service.

13. Contact Us
For any data protection inquiries, contact:

Propilist Team
Email: [email protected]

Add Your Voice to the Conversation

We'd love to hear your thoughts. Keep it constructive, clear, and kind. Your email will never be shared.