Data Protection Policy

1. Our Commitment to Data Protection

1.1 Legal Compliance

We comply with all applicable data protection laws including:

• Uganda Data Protection and Privacy Act (2019)
• European Union General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Other applicable regional data protection regulations

1.2 Data Protection Principles

We adhere to the following data protection principles:

• Lawfulness: We process data lawfully, fairly, and transparently
• Purpose Limitation: Data is collected for specific, legitimate purposes
• Data Minimization: We collect only necessary data
• Accuracy: We keep personal data accurate and up-to-date
• Storage Limitation: Data is retained only as long as necessary
• Security: We implement appropriate security measures
• Accountability: We demonstrate compliance with data protection laws

2. Types of Personal Data We Collect

2.1 Identity Data

• Full name and contact information
• Email addresses and phone numbers
• Date of birth and identity documents
• Professional credentials and certifications

2.2 Financial Data

• Payment information and transaction records
• Bank account details for property transactions
• Credit history and financial references
• Commission and earnings records

2.3 Property Data

• Property ownership records
• Property valuations and assessments
• Transaction history and preferences
• Search queries and saved properties

2.4 Technical Data

• IP addresses and device information
• Browser type and operating system
• Cookies and tracking technologies
• Usage analytics and behavior patterns

3. Legal Basis for Processing

3.1 Contract Performance

We process data to:

• Provide real estate services and property transactions
• Process payments and manage subscriptions
• Facilitate communication between parties
• Fulfill our contractual obligations

3.2 Legitimate Interests

We may process data based on our legitimate interests to:

• Improve our services and user experience
• Conduct market research and analytics
• Prevent fraud and ensure security
• Manage our business operations

3.3 Legal Compliance

We process data to comply with:

• Tax reporting and financial regulations
• Anti-money laundering requirements
• Property transaction regulations
• Court orders and legal investigations

3.4 Consent

We obtain explicit consent for:

• Marketing communications
• Optional data collection features
• Third-party integrations
• Research and surveys

4. Data Security Measures

4.1 Technical Safeguards

• Encryption: Data in transit and at rest is encrypted using industry standards
• Access Controls: Role-based access and multi-factor authentication
• Firewalls: Network security and intrusion detection systems
• Regular Updates: Security patches and system updates

4.2 Organizational Measures

• Staff Training: Regular data protection training for all employees
• Access Policies: Strict need-to-know access principles
• Incident Response: Procedures for data breach management
• Regular Audits: Internal and external security assessments

4.3 Physical Security

• Secure data centers with 24/7 monitoring
• Restricted access to server rooms and facilities
• Backup systems and disaster recovery plans
• Secure disposal of hardware and media

5. Data Sharing and Transfers

5.1 When We Share Data

We may share your data with:

• Property Agents: For property inquiries and transactions
• Payment Processors: For secure payment processing
• Legal Authorities: When required by law or court order
• Service Providers: Trusted partners who assist our operations

5.2 International Transfers

When transferring data internationally, we ensure:

• Adequate protection through adequacy decisions
• Standard contractual clauses for data transfers
• Binding corporate rules for group companies
• Specific derogations for necessary transfers

5.3 Third-Party Safeguards

• Data processing agreements with all partners
• Regular audits of third-party security practices
• Contractual obligations for data protection
• Right to audit and inspect partner facilities

6. Data Retention

6.1 Retention Periods

• Account Data: While account is active plus 7 years
• Transaction Records: 7 years for tax compliance
• Marketing Data: Until consent is withdrawn
• Legal Records: As required by applicable laws

6.2 Secure Deletion

When data is no longer needed, we:

• Securely delete or anonymize personal data
• Use certified data destruction methods
• Maintain records of deletion activities
• Verify complete removal from all systems

7. Your Rights

7.1 Access and Information

• Right to know what data we hold about you
• Right to receive a copy of your personal data
• Right to information about how we use your data
• Right to know who we share your data with

7.2 Control and Correction

• Right to correct inaccurate information
• Right to complete incomplete data
• Right to delete your personal data
• Right to restrict processing in certain circumstances

7.3 Portability and Objection

• Right to receive data in a portable format
• Right to transfer data to another service
• Right to object to processing for marketing
• Right to object to automated decision-making

8. Contact Information

8.1 Data Protection Officer

8.2 Supervisory Authority

You have the right to lodge a complaint with the relevant supervisory authority:

9. Changes to This Policy

We may update this Data Protection Policy from time to time. When we do:

• We will notify users of significant changes
• We will update the "Last Updated" date
• We will maintain previous versions for reference
• We will obtain new consent where required