Get a demo

Exhibit A - Data Privacy


A. Scope: This Exhibit A applies solely to the extent Customer is subject to Applicable Data Protection Law. In case of any inconsistency between this Exhibit and the Agreement, this Exhibit shall prevail.

B. Definitions: Capitalized terms used in this Exhibit A without definition shall have the meanings assigned to them in the Re-Leased Master Subscription Agreement. In this Exhibit, the following terms shall have the following meanings:


(a)  “controller”, “processor”, “data subject”, “processing” (and “process”), “special categories of personal data” and “supervisory authority” shall have the meanings given in the GDPR; and


(b)  “Customer Personal Data” shall mean any Customer Data that constitutes Personal Data, the processing of which is subject to Applicable Data Protection Law, for which Customer or Customer’s customers are the controller, and which is Processed by Re-Leased to provide the Service.


C. Relationship of the Parties: Customer (the controller) appoints Re-Leased as a processor to process the Customer Personal Data in accordance with the documented instructions of Customer which are as described in this Agreement (or as otherwise agreed in writing by the parties) (the “Permitted Purpose”), unless required to do so otherwise by applicable law (in which case Re-Leased shall inform customer, unless that law prohibits such information on important grounds of public interest). The subject matter, nature and purpose of the Processing, the types of Customer Personal Data and categories of data subjects are set out in Appendix 1 to this Exhibit A.

D. Customer’s obligations: Customer is responsible for compliance with the requirements of Applicable Data Protection Law applicable to Controllers, including providing sufficient notice to data subjects, seeking consent for processing where necessary and responding to and complying with data subject requests. To the extent that Customer is a processor on behalf of other controllers then Customer: (a) is the single point of contact for Re-Leased; (b) must obtain all necessary authorizations from such other controller(s); (c) undertakes to issue all instructions and exercise all rights on behalf of such other controller(s); and (d) is responsible for compliance with the requirements of Applicable Data Protection Law applicable to processors.

E. Re-Leased use: Customer acknowledges that Re-Leased may process Customer Personal Data relating to the operation, support, or use of the Services for its own business purposes including to allow Re-Leased to improve, develop and protect its services, create new services and comply with the law.

F. International transfers: The Customer acknowledges and agrees that Customer Personal Data may be transferred to or stored in the EEA, the UK, or elsewhere in the performance of Re-Leased’s obligations under this contract. Re-Leased shall take such measures to ensure compliance with any data transfer obligations contained in the Applicable Data Protection Law including the execution of approved Standard Contractual Clauses or International Data Transfer Agreements.


G. Change in transfer mechanisms: If Re-Leased’s compliance with Applicable Data Protection Law applicable to the transfers in Section F is affected by circumstances outside of Re-Leased’s control, including if a legal instrument for affecting such transfers is invalidated, amended or replaced, then Customer and Re-Leased will work together in good faith to reasonably resolve such non-compliance.


H. Confidentiality of processing: Re-Leased shall ensure that any person it authorizes to process the Personal Data (an “Authorized Person”) is subject to appropriate duties of confidentiality.

I. Subcontracting:

i. Customer consents to Re-Leased engaging third parties (collectively “subprocessors”) to process the Customer Personal Data in connection with the Permitted Purpose provided that: (i) Re-Leased maintains an up-to-date list of its subprocessors which is available at, which it shall update with details of any change in subprocessors at least 10 days' prior to any such change; (ii) Re-Leased imposes data protection terms on any subprocessor as required by Applicable Data Protection Law; and (iii) Re-Leased remains liable for any breach of this Clause that is caused by an act, error or omission of its subprocessor.


ii. Customer may object to Re-Leased's appointment or replacement of a subprocessor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such event, Re-Leased will either not appoint or replace the subprocessor or, if this is not possible, Customer may suspend or terminate this Agreement (without prejudice to any fees incurred by Customer prior to suspension or termination).



J. Cooperation and data subjects' rights: Re-Leased shall in connection with the Customer Personal Data, taking into account the nature of the Services and the information available to Re-Leased, and insofar as this is possible, provide reasonable and timely assistance to Customer (at Customer's expense), including by implementing technical and organizational measures, to:


i. enable customer to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a data subject, supervisory authority or other third party in connection with the processing of the Customer Personal Data. In the event that any request under (i) is made directly to Re-Leased, Re-Leased shall promptly inform Customer providing full details of the same;


ii. enable customer to conduct any data protection impact assessment that may be required under Applicable Data Protection Law, and prior consultations with supervisory authorities; and


iii. provide reasonable information and cooperation to Customer so that Customer can fulfil any data breach reporting obligations it may have under (and in accordance with the timescales required by) Applicable Data Protection Law.



K. Audit: Upon reasonable request and no more than once per calendar year, Re-Leased shall provide Customer with reasonable documentation to demonstrate compliance with the obligations of this Exhibit or submit its facilities to audit by Customer. Such activity shall be at Customer's expense and any audit reports or similar documentation shall be subject to the confidentiality provisions of this Agreement. Audits of Re-Leased’s facilities shall only extend to those facilities relevant and material to the processing of Customer Personal Data, and such audits shall be carried out by the Customer, a supervisory authority, or an independent auditor agreed between the parties, during normal business hours and in a manner that causes minimum disruption.



L. Sensitive Data: Customer shall not provide (nor permit any User to provide) any special categories of personal data to Re-Leased.

Appendix 1



1. Data Subjects


The Customer Personal Data Processed concern the following categories of Data Subjects (please specify):






Authorized Users


Any other individuals whose Personal Data Customer chooses to upload




2. Categories of Customer Personal Data


The Customer Personal Data Processed concern the following categories of data (please specify):






Registration information, including contact details, name, title, job  


Details of associated properties, including address, rental details, payment details 


Usage information 


Any other personal data Authorized User chooses to upload to the Services




3. Processing operations 


The Customer Personal Data will be subject to the following basic Processing activities (please specify): 






Collection, registration, storage administration, transfer and analytics


Other processing activities associated with property management services



Quick Links