Call us
Call us
List your property
List your property
List your property

Privacy Policy Prosperty Agent

Part A: General Information

[Prosperty Legal Entity Name], with registered office at [Registered Office Address], registration / TIN number [Company Registration No. / TIN] (hereinafter referred to as the “Company”, “we”, “us” or “our”), in compliance with the European General Data Protection Regulation 2016/679 (the “GDPR”), Greek Law 4624/2019, and any other applicable data protection legislation, takes all necessary measures to protect personal data processed in connection with the Prosperty Agent mobile application (the “App”).

This Privacy Policy informs the users of the App — namely, Sales Agents and authorised contractors of the Company (the “Agents” or “Users”) — about the processing of their personal data, as well as the processing of personal data of customers and other third parties accessed by the Agents through the App.

The App is a professional, business-to-business productivity tool. It is not intended for, and is not made available to, members of the general public. The App is a mobile extension of the Company’s Lead Management System (LMS).

Data Controller

The Company acts as the data controller in respect of: (a) personal data of Agents processed in connection with their use of the App, and (b) personal data of customers and prospects processed by Agents in the App in the course of the Company’s real estate brokerage activities.

For any matter relating to the processing of personal data, including the exercise of data subject rights, please contact: [dpo@theprosperty.com].

Part B: Personal Data of Agents (App Users)

1. Categories of Agent Data Processed

In connection with the provision and operation of the App, the Company processes the following categories of personal data of Agents:

  • Identity and professional contact data: full name (display name), professional email address, professional mobile phone number, job title, region(s) covered, languages, and other professional profile information, as registered by Company administrators in the Keycloak identity system;
  • Authentication data: account identifier and authentication tokens issued through Keycloak. Passwords are managed exclusively within the Keycloak identity provider and are not stored within the App;
  • Profile content: optional avatar image and any additional profile information voluntarily completed by the Agent in their personal profile within the App;
  • Activity and usage data: actions performed in the App (such as creation of updates, documents, viewings, offers; status changes; communications initiated; reads/acknowledgements of notifications), timestamps, device identifier and version of the App;
  • Device and technical data: device model, operating system version, App version, language and locale, IP address, and diagnostic / crash data;
  • Notification preferences: opt-in/opt-out preferences for in-App and push notifications;
  • Calendar synchronisation data (where the Agent enables Google Calendar synchronisation): OAuth tokens and event data necessary to create and update viewing events on the Agent’s calendar.

The professional email address is requested for authentication purposes only. The Agent’s phone number and email address are visible to the Agent within their personal profile screen but are not displayed to other Users of the App, save for the display of the Agent’s name in shared records (e.g. as the assigned agent of a lead).

2. Sources of Agent Data

Personal data of Agents is collected from: (a) the Agent themselves (voluntary profile information, content created in the App); (b) Company administrators (account provisioning, role assignment, regions covered, etc.) via the Keycloak identity system and the LMS; (c) the Agent’s device (device, technical and diagnostic data); and (d) third-party services integrated with the App where the Agent has enabled them (e.g. Google Calendar).

3. Purposes of Processing

The Company processes Agent data for the following purposes:

  • Providing access to and operating the App and the LMS;
  • Authenticating Users and securing the App against unauthorised access;
  • Assigning leads, properties, viewings and offers to Agents and enabling them to perform their professional duties;
  • Managing internal communications, notifications and assignments;
  • Monitoring performance, generating internal KPIs and reports relating to the Agent’s professional activity (e.g. number of contacts attempted, viewings booked, offers submitted);
  • Ensuring the security, integrity and proper functioning of the App and the LMS, including audit logging, troubleshooting, fraud prevention, abuse prevention and information security investigations;
  • Complying with legal, regulatory and tax obligations applicable to the Company;
  • Defending and exercising legal claims, where necessary.

4. Legal Bases

The Company relies on the following legal bases under the GDPR:

  • Performance of the employment or contractor agreement with the Agent and pre-contractual measures (Article 6(1)(b) GDPR);
  • Compliance with legal obligations to which the Company is subject (Article 6(1)(c) GDPR), including labour, tax, anti-money-laundering and real estate regulatory obligations;
  • Legitimate interests of the Company (Article 6(1)(f) GDPR), including the legitimate interest in operating its business, securing its information systems, monitoring and improving the performance of its workforce in a proportionate manner, preventing and detecting fraud and abuse, and defending its rights;
  • Consent (Article 6(1)(a) GDPR), where applicable, for example with respect to optional features such as Google Calendar synchronisation, push notifications, or the use of certain optional profile information.

The Company recognises the inherent imbalance of power in the employer / contractor relationship and does not rely on the Agent’s consent as the legal basis for any processing that is necessary for the performance of the role or for compliance with the Company’s legal obligations.

5. Hardware Permissions Requested by the App

The App requests, where required by the device operating system, the following permissions. These permissions are used solely for the purposes described below and may be revoked at any time through the device settings:

  • Camera: to capture photographs of signed representation agreements, offer documents, identification documents, property photographs and other business-critical documentation, for upload into the relevant LMS record;
  • Photos / Storage (Read/Write): to read and write business-critical files (PDF and JPG) for upload to or download from the LMS;
  • Microphone (where the voice recording feature is used): to record voice notes attached to lead, viewing or update records;
  • Notifications: to display in-App and push notifications relating to lead assignments, mentions, viewing requests and other workflow events;
  • Network access: to communicate with the Company’s backend systems and integrated third-party services.

The App does not collect continuous background location data. Where location data is captured (for example, the meeting point of a viewing), it is captured at the explicit action of the User and stored as part of the relevant business record.

Part C: Personal Data of Customers and Third Parties Processed via the App

1. Categories

The App enables Agents to access and process personal data of customers, prospects, property owners, landlords, tenants and other third parties (collectively, “Customers”) in the course of the Company’s real estate brokerage activities. Such data may include:

  • Identity and contact data: full name, address, email address, mobile and landline telephone numbers, nationality, date of birth, identification or tax identification numbers (where required by law);
  • Property-related data: property addresses, characteristics, ownership documents, valuation indications, photographs, encumbrances and urban planning documentation;
  • Transaction-related data: lead status, viewings, offers, signed representation agreements, communications history;
  • Updates / notes: free-text notes recorded by Agents that may incidentally include information about the Customer’s family status, employment, financial situation, travel plans or similar life-event data, where such information is professionally relevant to the brokerage service;
  • Communication metadata: records of calls, emails or WhatsApp messages initiated through the App.

2. Purposes and Legal Bases

Customer data is processed for the purpose of providing the Company’s real estate brokerage services (sale, purchase, lease or rental of real property) and for related compliance purposes. Legal bases include: Article 6(1)(a) GDPR (consent of the Customer, where applicable), Article 6(1)(b) GDPR (performance of a contract or pre-contractual measures with the Customer), Article 6(1)(c) GDPR (compliance with legal obligations) and Article 6(1)(f) GDPR (legitimate interests of the Company).

3. Sensitive Free-Text Updates

Agents may record free-text “Updates” containing information of a sensitive or personal nature about the Customer (e.g. family or financial status, travel plans). Such information is recorded only when it is strictly relevant for the professional purpose of the brokerage service and is stored within the Company’s LMS in accordance with the Company’s information security and data protection policies. Agents must not record special categories of personal data (Article 9 GDPR) within Updates unless an appropriate legal basis applies and Company guidelines have been followed.

4. Recipients

Customer data accessed through the App may be available, on a need-to-know and role-based basis, to:

  • Other employees of the Company involved in the brokerage process (Sales Agents, Team Leads, Area Managers, Customer Success agents, administrators);
  • Authorised contractors and third-party service providers acting as data processors of the Company (e.g. cloud hosting and infrastructure providers, customer support tools, e-signature providers such as Documenso, calendar and communication providers);
  • Counterparties to the brokerage transaction (e.g. interested buyers, sellers, lessors, lessees), strictly to the extent necessary for the execution of the service;
  • Public authorities and regulators, where the Company is legally required to disclose information.

Part D: Common Provisions

1. International Transfers

Where personal data is transferred outside the European Economic Area, such transfers are made on the basis of an adequacy decision of the European Commission or, in the absence of such a decision, on the basis of appropriate safeguards (such as the Standard Contractual Clauses), in accordance with Articles 44 to 49 GDPR.

2. Retention Periods

The Company retains personal data only for as long as necessary for the purposes for which it was collected, taking into account legal, accounting, tax and regulatory obligations:

  • Agent account data (identity, professional contact, authentication, profile): kept for the duration of the employment or contractor relationship and, after deactivation, for five (5) years for the purpose of defending or exercising legal claims, except where a longer retention period is required by law;
  • Activity and audit logs: kept for five (5) years from the date of the relevant action;
  • Business records (leads, customers, properties, viewings, offers, documents and updates) created or processed via the App: kept for five (5) years from the date of completion of the relevant transaction or from the date of the last interaction with the Customer, except where a longer period is required by applicable law (e.g. accounting, anti-money-laundering or commercial record-keeping obligations);
  • Diagnostic, crash and security logs: kept for the period necessary to investigate and resolve incidents, in accordance with the Company’s information security policy.

3. Account Deactivation Process

Because the App does not include any in-App account deletion feature, account deactivation is performed by Company administrators upon the termination or expiry of the underlying employment or contractor relationship, or in any of the other cases set out in the Terms of Use. Upon deactivation:

  • The Agent’s ability to authenticate to the App and the LMS is revoked through the Keycloak identity system;
  • The Agent’s personal profile data is retained as set out above and may be anonymised or pseudonymised where this is compatible with the legal and operational purposes;
  • Business records (leads, documents, updates, viewings, offers, etc.) attributable to or created by the Agent are retained as set out in Section 2 of this Part D, in order to ensure continuity of customer service, compliance with the Company’s legal obligations and the defence of legal claims;
  • Agents wishing to request the closure of their account or the exercise of their data subject rights may contact [dpo@theprosperty.com].

4. Data Subject Rights

Subject to the conditions and limitations set out in the GDPR and Greek Law 4624/2019, data subjects (Agents and Customers) have the following rights in respect of their personal data:

  • Right of access (Article 15 GDPR);
  • Right to rectification (Article 16 GDPR);
  • Right to erasure / “right to be forgotten” (Article 17 GDPR), subject to the Company’s legal obligations and legitimate interests;
  • Right to restriction of processing (Article 18 GDPR);
  • Right to data portability (Article 20 GDPR);
  • Right to object (Article 21 GDPR);
  • Right to withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of processing carried out before the withdrawal;
  • Right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

Requests for the exercise of these rights may be sent to [dpo@theprosperty.com]. The Company shall respond within thirty (30) days of receipt of a complete request, subject to extensions permitted under the GDPR.

5. Security of Processing

The Company implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including: encryption of data in transit, role-based access controls, multi-factor authentication where applicable, audit logging, secure backups, regular vulnerability and penetration assessments, vetting and confidentiality obligations of personnel and processors, and incident response procedures.

6. Automated Decision-Making

The App does not subject Agents or Customers to automated decisions producing legal effects or similarly significantly affecting them within the meaning of Article 22 GDPR. Indications such as automated property valuation estimates (AVM) or matching scores are decision-support tools used by Agents and do not by themselves produce legal effects on data subjects.

7. App Store Data Safety

In compliance with the Apple App Store and Google Play data safety requirements, the Company declares that personal data collected through the App is used solely for the operation of the App, the provision of the Company’s services, security, fraud prevention and compliance with legal obligations, as described in this Privacy Policy. Personal data is not sold to third parties and is not used for behavioural advertising directed at App users.

8. Changes to this Privacy Policy

The Company reserves the right to update this Privacy Policy at any time to reflect changes in legal requirements, processing activities or App functionality. Material changes will be communicated to Users through the App, by email, or through the Company’s internal communication channels. The “Effective Date” at the top of this document indicates the date of the latest version.

Part E: Contact

For any question or request relating to this Privacy Policy or to personal data processing in connection with the App, please contact: [Prosperty Legal Entity Name][Registered Office Address] — Data Protection: [dpo@theprosperty.com] — General Support: [support@theprosperty.com].

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (Hellenic DPA), Kifisias Avenue 1-3, PC 11523, Athens, Greece, www.dpa.gr.