Data processing agreement

For personal data submitted through the Service, the Operator is the controller and PropFix is the processor. The Operator decides the purposes and means of processing. PropFix processes personal data only to provide the Service and on the Operator's documented instructions, including as set out in the Terms of service and this DPA.

• Subject matter: provision of the PropFix maintenance management service.
• Duration: the term of the Operator's account.
• Nature and purpose: hosting, storing, and processing data to receive, assign, track, and resolve maintenance requests.
• Types of data: account details, contact details, maintenance request content including photographs, and usage data.
• Categories of people: the Operator's team members and the tenants who submit requests.

• Process personal data only on the Operator's documented instructions.
• Ensure that people authorized to process personal data are bound by confidentiality.
• Put in place appropriate technical and organizational security measures.
• Assist the Operator, where reasonable, with data subject requests and with security and breach obligations.
• Make available the information needed to demonstrate compliance with this DPA.

PropFix maintains measures including logical isolation of each customer's data, access controls, encryption of data in transit, and an audit trail of changes. We review and update these measures over time as the Service evolves.

The Operator authorizes PropFix to engage subprocessors to help provide the Service. A current list is available on our Subprocessors page. We impose data protection obligations on each subprocessor and remain responsible for their performance. We will give notice of new subprocessors so the Operator has the chance to object on reasonable data protection grounds.

If PropFix receives a request from a data subject relating to the Operator's data, we will direct the request to the Operator and will assist the Operator in responding where reasonable.

PropFix will notify the Operator without undue delay after becoming aware of a personal data breach affecting the Operator's data, and will provide the information reasonably needed for the Operator to meet its own obligations.

PropFix and its subprocessors may process personal data in the United Arab Emirates and in other countries where they operate. Where required, we put appropriate safeguards in place for international transfers.

On termination of the account, PropFix will delete or return the Operator's personal data within a reasonable period, unless retention is required by law.

PropFix will make available the information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to reasonable audits, subject to appropriate confidentiality and security limits.

Each party's liability under this DPA is subject to the limitation of liability set out in the Terms of service.

For questions about this DPA or to raise a data protection matter, contact us at privacy@propfix.io. PropFix Inc., United Arab Emirates.