GDPR Compliance

PropCRM is fully compliant with the General Data Protection Regulation (GDPR) and committed to protecting your privacy rights.

GDPR
Compliant
EU
Data Centers
DPO
Appointed

Our GDPR Commitment

We are committed to protecting the privacy and rights of all individuals whose personal data we process, in full compliance with GDPR requirements.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It governs how personal data of EU residents must be collected, processed, stored, and protected.

As a global real estate CRM platform, PropCRM processes personal data of individuals from various jurisdictions, including the European Union. We have implemented comprehensive measures to ensure full GDPR compliance across all our operations.

GDPR Compliance

Your Rights Under GDPR

GDPR grants you specific rights regarding your personal data. Here's how PropCRM supports and facilitates these rights.

Right to Access

You have the right to request access to your personal data and information about how we process it.

  • • Request a copy of your personal data
  • • Learn about processing purposes
  • • Understand data retention periods
  • • Know about data recipients

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

  • • Correct inaccurate information
  • • Complete incomplete data
  • • Update outdated information
  • • Real-time data synchronization

Right to Erasure

Request deletion of your personal data under certain circumstances.

  • • Delete unnecessary data
  • • Remove data after withdrawal of consent
  • • Erase unlawfully processed data
  • • Secure deletion procedures

Right to Portability

Receive your personal data in a structured, machine-readable format.

  • • Export data in standard formats
  • • Transfer data to other services
  • • Structured data formats (JSON, CSV)
  • • Automated export tools

Right to Restriction

Request limitation of processing under specific circumstances.

  • • Restrict processing during disputes
  • • Limit use while verifying accuracy
  • • Control processing scope
  • • Temporary processing suspension

Right to Object

Object to certain types of processing, including direct marketing.

  • • Object to marketing communications
  • • Challenge legitimate interest processing
  • • Opt-out of profiling
  • • Granular consent controls

Legal Basis for Processing

We only process personal data when we have a valid legal basis under GDPR. Here are the legal bases we rely on.

Legal Bases We Use

Contract Performance

Processing necessary to provide our CRM services, manage your account, and fulfill our contractual obligations.

Legitimate Interest

Processing for purposes such as service improvement, security monitoring, and business analytics where our interests don't override your rights.

Consent

Explicit consent for marketing communications, optional features, and third-party integrations. You can withdraw consent at any time.

Legal Obligation

Processing required to comply with legal obligations, such as tax requirements, anti-money laundering laws, and regulatory compliance.

Data Processing Purposes

Service Provision

Account management, feature delivery, customer support

Communication

Service updates, newsletters, marketing (with consent)

Analytics

Usage analysis, performance improvement, feature optimization

Security

Fraud prevention, security monitoring, threat detection

Legal Compliance

Regulatory requirements, legal obligations, dispute resolution

GDPR Compliance Measures

We have implemented comprehensive measures to ensure GDPR compliance across all aspects of our data processing activities.

Privacy by Design

Built-in privacy controls, data minimization principles, and privacy-first architecture throughout our platform development.

Data Protection Officer

Appointed DPO who monitors compliance, conducts privacy impact assessments, and serves as your privacy contact point.

Processing Records

Comprehensive records of all processing activities, including purposes, categories of data, and retention periods.

Privacy Impact Assessments

Regular PIAs for new features and processing activities to identify and mitigate privacy risks before implementation.

Breach Response

Incident response procedures to detect, report, and address data breaches within 72 hours as required by GDPR.

International Transfers

Appropriate safeguards for international data transfers, including standard contractual clauses and adequacy decisions.

How to Exercise Your Rights

We make it easy for you to exercise your GDPR rights. Here's how you can request access, correction, deletion, or other actions regarding your personal data.

Self-Service Portal

Access, update, or delete your personal data directly through your account settings.

  • • Update profile information
  • • Download your data
  • • Manage consent preferences
  • • Delete your account

Contact Our DPO

Submit formal requests directly to our Data Protection Officer for complex privacy matters.

Email: dpo@propcrm.com

Response Time: 30 days maximum

Language: English, Arabic

Available: Monday-Friday

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority if you believe we've violated GDPR.

EU Residents: Contact your national DPA

UAE Residents: UAE Data Office

Other Jurisdictions: Local privacy regulators

No Cost: Free to file complaints

Questions About GDPR or Your Privacy Rights?

Our Data Protection Officer is here to help with any privacy-related questions or requests.

Data Protection Officer

Email: dpo@propcrm.com

Phone: +971 52 311 6993

Address: P1, Building 13, Bay Square, Business Bay, Dubai, UAE

Response Times

General Inquiries: 5 business days

Rights Requests: 30 days maximum

Urgent Matters: 24-48 hours

Breach Reports: Immediate response

Contact DPO Read Privacy Policy