Legal Centre

PropQ · Legal

Data Processing Addendum

Last updated 14 July 2026 · Version 2026-07-14

When you add investor or client details to PropQ, we process that personal data on your behalf. This Addendum sets out the data-protection terms that govern that processing under the UAE PDPL.

1.Scope and roles

This Data Processing Addendum (“DPA”) forms part of the Terms of Service between TODO — Registered legal entity name (“PropQ”, “we”) and you (the “Customer”). It applies where we process personal data of your clients and prospective investors (“Investor Data”) on your behalf when you use the Service.

For Investor Data, you are the data controller and we are your data processor. Each party will comply with its obligations under Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (the UAE PDPL) and its implementing regulations.

2.Details of the processing

  • Subject matter: providing the PropQ Service to you.
  • Duration: for the term of your subscription and any wind-down period.
  • Nature and purpose: hosting, storing, organising and transmitting Investor Data so you can build reports, share them, and manage leads.
  • Types of data: typically names, contact details (email, phone, WhatsApp), and notes/activity you record about prospective investors and clients.
  • Categories of data subjects: your clients and prospective investors.

3.Our obligations as processor

  • process Investor Data only on your documented instructions (including as set out in the Terms and this DPA), unless required to act otherwise by law, in which case we will inform you where permitted;
  • ensure personnel authorised to process Investor Data are bound by appropriate confidentiality obligations;
  • implement appropriate technical and organisational security measures (see our security measures);
  • assist you, taking into account the nature of the processing, in responding to data subject requests and in meeting your security, breach-notification, and impact-assessment obligations;
  • notify you without undue delay after becoming aware of a personal data breach affecting Investor Data;
  • make available information reasonably necessary to demonstrate compliance with this DPA.

4.Sub-processors

You authorise us to engage sub-processors (for example, cloud hosting, database, email delivery, and payment processing providers) to help deliver the Service. We impose data protection obligations on each sub-processor that are no less protective than this DPA and remain responsible for their performance. We will make available a current list of sub-processors on request and give you reasonable notice of intended changes so you may object on reasonable data protection grounds.

5.International transfers

Where providing the Service involves transferring Investor Data outside the UAE, we will ensure an adequate level of protection as required by the UAE PDPL, for example by transferring to jurisdictions recognised as providing adequate protection or by putting appropriate contractual safeguards in place.

6.Your obligations as controller

You are responsible for the lawfulness of the Investor Data you provide and its processing — including establishing a valid legal basis, providing any required privacy notices, and obtaining any required consents before entering personal data into the Service. You must not instruct us to process data in a way that breaches applicable law.

7.Deletion and return

On termination of the Service, or on your request, we will delete or return Investor Data and delete existing copies within a reasonable period, unless retention is required by law. You can also delete records within the Service at any time; deletions propagate to backups on our normal backup-rotation cycle.

8.Contact

For matters relating to this DPA, contact privacy@propq.ae.

Questions about this document? Contact legal@propq.ae.

TODO — Registered legal entity name · TODO — Registered office address, Dubai, United Arab Emirates