Privacy Policy

1. Introduction

Welcome to Socia. This Privacy Policy explains how we collect, use, process, and protect your personal data when you use our real estate operating system platform. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and Portuguese data protection laws.

Data Controller: [COMPANY NAME PLACEHOLDER]
Address: [COMPANY ADDRESS PLACEHOLDER], Portugal
Email: [CONTACT EMAIL PLACEHOLDER]
Phone: [CONTACT PHONE PLACEHOLDER]

2. Data We Collect

2.1 Information You Provide

• Account Information: Name, email address, phone number, professional details
• Profile Data: Company information, real estate license details, professional experience
• Communication Data: Messages, support requests, feedback
• Payment Information: Billing details, subscription preferences (processed securely by third-party payment processors)

2.2 Automatically Collected Information

• Usage Data: How you interact with our platform, features used, time spent
• Technical Data: IP address, browser type, device information, operating system
• Performance Data: App performance, error reports, crash data
• Location Data: General location for service optimization (with your consent)

2.3 Third-Party Data

• Property data from public records and MLS systems
• Market data from authorized real estate databases
• Integration data from connected third-party services

3. How We Use Your Data

We process your personal data for the following purposes:

• Service Provision: To provide and maintain our real estate operating system
• Account Management: To create and manage your user account
• Communication: To send important updates, notifications, and support responses
• Improvement: To analyze usage patterns and improve our services
• Legal Compliance: To comply with legal obligations and regulations
• Marketing: To send promotional content (with your explicit consent)
• Security: To protect against fraud, abuse, and security threats

4. Legal Basis for Processing

Under GDPR, we process your personal data based on:

• Contract Performance: Processing necessary for providing our services
• Legitimate Interest: For service improvement, security, and business operations
• Consent: For marketing communications and optional features
• Legal Obligation: For compliance with Portuguese and EU laws

5. Data Sharing and Disclosure

We may share your data with:

• Service Providers: Cloud hosting, payment processing, analytics (under strict data processing agreements)
• Legal Authorities: When required by law or to protect our rights
• Business Partners: For integrated services (with your consent)
• Corporate Transactions: In case of merger, acquisition, or sale (with proper notice)

We never sell your personal data to third parties.

6. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). When this occurs, we ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules
• Certification schemes and codes of conduct

7. Data Retention

We retain your data for:

• Active Accounts: For the duration of your subscription plus 3 years
• Legal Requirements: As required by Portuguese accounting and tax laws (up to 10 years)
• Marketing Data: Until you withdraw consent or 3 years of inactivity
• Security Logs: Up to 2 years for fraud prevention and security monitoring

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured, machine-readable format
• Objection: Object to processing based on legitimate interests
• Consent Withdrawal: Withdraw consent for marketing and optional processing

To exercise these rights, contact us at [CONTACT EMAIL PLACEHOLDER]

9. Security Measures

We implement comprehensive security measures:

• Encryption: Data encrypted in transit and at rest using industry-standard protocols
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and penetration testing
• Employee Training: Regular privacy and security training for all staff
• Incident Response: Procedures for handling data breaches within 72 hours

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie usage, please refer to our Cookie Policy.

11. Children's Privacy

Our services are intended for business and professional use by individuals 18 years or older. We do not knowingly collect personal data from children under 16 years of age.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or through our platform. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Complaints and Supervisory Authority

If you have concerns about our data processing practices, you can file a complaint with the Portuguese Data Protection Authority (CNPD):

Comissão Nacional de Proteção de Dados (CNPD)
Address: Av. D. Carlos I, 134 - 1º, 1200-651 Lisboa, Portugal
Phone: (+351) 213 928 400
Email: [email protected]
Website: www.cnpd.pt