1. Data controller
[LEGAL NAME] OÜ (Estonian company) · [ADDRESS] · [PRIVACY EMAIL]. EU representative (Art. 27 GDPR): [IF APPLICABLE]. Data Protection Officer: [DPO, if applicable].
2. What we process, why and on what basis
| Processing | Purpose | Legal basis | Retention |
|---|---|---|---|
| Waitlist | Notify you of the launch and prioritise areas | Consent (6.1.a) | Until launch + 12 months or opt-out |
| Founding Member (incl. payment) | Manage your prepayment and refund (payment via Stripe; no cards stored) | Contract (6.1.b) | Relationship + tax periods |
| Product use | Generate the contract, evidence dossier and deposits | Contract (6.1.b) and legal obligation (6.1.c) | 6 years (defence/tax) [confirm] |
| Reason documents (health) | Prove the reason when it is medical treatment | Explicit consent (9.2.a) | Specific period [X years] |
| B2B prospecting | Contact managers (professional data from public sources) | Legitimate interest (6.1.f) | Until objection (one click per message) |
3. Special-category data
If the reason for the stay is medical treatment, the supporting documents can contain health data. We process it only with the tenant explicit consent (art. 9.2.a), with strong encryption, restricted access and a specific retention period.
4. Our role: controller and processor
For waitlist, Founding Member and prospecting data we are the controller. For the tenant data a manager processes with our product, we act as a processor on the manager behalf, under a bilateral processing agreement (DPA).
5. Recipients
The intended closed-pilot recipients are: EU hosting and database, EU S3-compatible object storage, Stripe (payments), Signaturit or equivalent e-signature provider, Didit or equivalent identity-verification provider, transactional email provider, antivirus/OCR if enabled, LLM provider only if assisted extraction is enabled, the partner law firm (document review) and the brokerage only if you request insurance. Formspree/Tally are not used for launch; forms post to Tempora first-party endpoints.
6. International transfers
Data is hosted in the EU. If any provider processes data outside the EEA, we apply standard contractual clauses or another Chapter V mechanism.
7. Retention
Waitlist: until launch + 12 months or until you withdraw consent. Contract dossiers: 6 years (legal defence and tax) [confirm]. Health data: specific period.
8. Your rights
Access, rectification, erasure, objection, restriction and portability: [PRIVACY EMAIL]. Supervisory authority: Spanish Data Protection Agency (AEPD, www.aepd.es) or the Estonian authority, as applicable.
9. Security
Encryption in transit and at rest, role-based access control, audit logging and pseudonymisation where possible.
10. Sub-processor list
The final sub-processor list, location and transfer safeguards live in the DPA. The pilot cannot accept real documents until that list is complete and approved.