Terms and Conditions
Unlockit aims to streamline the way people transact their their real estate by offering a service for creating real estate contracts and digital signatures. To guarantee security and trust throughout the process, Unlockit has a set of strategic partners that provide the following following services:
Generation, sending and storage of digital contracts and digital signatures and digital signatures.
Identity validation by ID photo (e.g., Citizen's (e.g., Citizen's Card).
Biometric identity validation through a personal photograph photograph.
Storage of signed contracts and proof of signature of all parties signature of all parties, which can be used as proof of proof of transaction and legal certificate in case of dispute.
Identity validation before signing, by means of a photo of the identification document (e.g., Citizen's Card).
Registration and authentication of users.
Management of user profiles and permissions.
Cloud computing and storage services.
Product usage and performance analytics services.
B. HOW DOES IT WORK?
1. For sellers and buyers
Registration on the platform.
- Data collected: email and password.
Performing an identity validation process. - Data collected: full name, TIN, date of birth, citizen card citizen card or passport number, expiration date of the citizen card or passport, gender citizen card or passport number, gender.
If one of the parties has a promissory contract of sale ready to sign then additionally:
Uploading the complete contract in PDF format. - Data collected: The data from the preliminary sales agreement. contract.
Registration of all parties involved in the deal who have to sign the document. the document. - Collected data: full name and email.
Sending an email to each of the parties to sign - Data collected: e-mail.
Digital signature. - Data collected: e-mail, full name, citizen card or passport photo citizen card or passport, IP address.
Once the contract is signed, all parties involved will receive a confirmation e-mail with an address that will allow them to download the contract signed by all parties.
2. For real estate agents and agencies
Registration on the platform. - Data collected: e-mail address and password.
Completion of an identity validation process. - Data collected: full name, TIN, date of birth, citizen card number, passport number, expiration date of the citizen card or passport, gender passport number, expiration date of the citizen card or passport, gender.
Agency creation by the manager or validation of AMI license by the Agents. - Data collected: AMI license, NIPC of the agency, fiscal name of the agency, headquarters of the agency.
Agents management. - Data collected: personal data of the agents, i.e. full name date of birth, citizen card number or passport number, e-mail passport number, e-mail, VAT number.
Agency contract management. - Data collected: contracts concluded by the Agency and managed agents.
Contract creation. - Data collected: general business information, property caderneta certificate, energy certificate, identification of the parties involved and of parties involved and intermediaries.
Sending contract for signature under supra.
C. HOW IS THE DATA MANAGED?
The Unlockit platform is subdivided into four layers: application,
system, database, external vendors.
In the "application" layer, the user performs data management operations creation of contracts by means of his registration and access credentials. credentials.
In the "system" layer, configuration and validation of and validation of profiles and permissions, data management, contract generation and contracts.
In the "database" layer, personal data, personal data of the data of the real estate agencies and agents, and data about the contracts.
To facilitate the understanding of this document, the following definitions are used following definitions are used:
"Personal Data " - information relating to a natural or legal person legal person, where applicable, identified or identifiable, directly or indirectly identifiable, such as identifiers, or other specific elements specific elements relating to his or her physical, physiological genetic, mental, economic, cultural or social identity.
"Processing of personal data " - an operation or set of operations operation or set of operations which is performed upon personal data or upon sets of personal personal data, by automated or non-automated means, such such as
a) the collection, recording, organization, structuring, storage adaptation or alteration, retrieval, consultation, use;
(b) disclosure by transmission, dissemination or otherwise making available; or making available; or
(c) comparison or interconnection, limitation, deletion or destruction destruction.
(3) "Third Party " shall mean any natural or legal person, public authority, service or body other than the data subject the controller, the processor and the persons who under the direct authority of the controller or processor processor are authorized to process personal data.
"Controller of personal data " - a natural or legal person, public natural or legal person, public authority, agency or other body body which, alone or jointly with others, determines the purposes and determines the purposes and means of the processing of personal data. personal data.
"processor " - a natural or legal person, public authority, agency or agency or other body which processes personal data on behalf of the controller. on behalf of the controller.
"Supervisory Authority " - an independent public authority which, in the case of Portugal, is the National Commission for Data Protection (CNPD), which is responsible for supervising the correct application of the legislation on personal data protection.
Cookies " - computer files containing a sequence of numbers and letters numbers and letters that make it possible to uniquely identify a user's Internet access device of a user, but may contain other information other information such as your browsing preferences on a given site. browsing preferences at a particular site. Cookies are downloaded through the web browser to the Internet access device access device (e.g., computer, cell phone, tablet) when accessing certain sites.
The data controller and the data protection officer controller and the data protection officer
The person responsible for collecting and processing your personal data will be Unlockit, as it is Unlockit which provides the service to you and which, within this framework decides what data is collected, the means of processing and the purposes for which for which the data is used.
Unlockit also has a data protection officer (Data Protection Protection Officer, or DPO) who (i) monitors compliance of the data processing with the applicable standards; (ii) is a point of contact with the contact point with the customer or user for clarification of questions processing of their data by Unlockit; (iii) cooperates with the supervisory the supervisory authority; (iv) provides information and advice to the controller (iv) informs and advises the controller or processor on their obligations in the field of privacy and data protection.
Personal data, personal data subjects and categories of personal data personal data
1. What is personal data?
Personal data is any information, of any nature and in any medium, relating to an identified or identifiable natural or legal person identified or identifiable.
An identifiable natural person is one who can be identified directly or indirectly, for example by means of name, identification number identification number, location data, electronic identifier or other elements that allow identification of that natural person. natural person.
2. Who are the data subjects?
The customer or user, a natural person, to whom the data concern and who has used the products and services of Unlockit.
The customer is the person who enters into a contract with Unlockit, and the user is the person who uses Unlockit's products and services, who may not correspond to the Customer. In this regard, Unlockit hereby informs you that it also protects the personal data and respects the rights the rights of customers and users.
3. What categories of personal data do we process?
identification and contact details: e.g. e-mail, telephone contact full name, tax identification number, date of birth citizen card number, passport number, expiration date of citizen card or passport expiration date of the citizen card or passport, gender, address marital status, parents' names, place of birth and photograph.
Other identification data: in particular, your status as representative and/or member of a certain company/entity, data regarding real estate involved in a real estate transaction such as caderneta predial, certificado predial, certificado energética certificate, energy certificate or any other document relevant to the conclusion of the deal, and also data regarding the content of the deal, such as transaction value for example, the transaction value, means of payment, any other relevant information for the correct identification of the business and the final draft of the contract.
Service: products and services purchased or subscribed.
Background, purposes and duration of personal data processing.
Unlockit will only process your personal data for the following grounds:
a) Consent: when you have your express consent -- in written, oral or by validating an option -- prior and if such consent is free, informed, specific and unambiguous. In the case of processing personal data of minors which may be subject to prior consent, Unlockit shall shall require that consent is obtained from the holders of parental of parental responsibilities, notably for the purpose of the provision of services, at a distance, by computerised means.
b) Contract performance and pre-contractual diligence: where the processing of processing of personal data is necessary for the conclusion execution and management of a contract concluded with Unlockit in particular for the purposes of validating identity, managing contacts of contacts, information and requests, for billing management billing and payments.
c) Compliance with legal obligation: where the processing of personal data personal data is necessary to comply with a legal obligation to which Unlockit is Unlockit is subject to, such as the communication of data required by any judicial or administrative authority for law enforcement purposes.
d) Legitimate Interest: where the processing of personal data corresponds to a legitimate interest of Unlockit or a third party such as for example the processing of data for fraud detection revenue protection or improving the quality of services.
When processing the Personal Data of its Clients and Users, Unlockit Unlockit observes the principles of lawfulness, loyalty, transparency transparency, purpose limitation, data minimization accuracy, limited storage, integrity, confidentiality and confidentiality and responsibility.
Unlockit undertakes to guarantee the secrecy and confidentiality of all Personal Data of its Customers, knowledge of which is not intended for public is not intended for public or legal disclosure.
3. Purpose and duration of processing.
Your personal data shall be processed by Unlockit only for the period necessary for the fulfilment of the defined purpose or legal whichever is applicable, or until you exercise your right to object, the right to be consent, the right to be forgotten or to withdraw consent, without prejudice to the without prejudice to the retention of legally required data.
After the end of the respective retention period, Unlockit shall delete or anonymise the data whenever it is not required to be be kept for any other purpose which may subsist and, in this regard, all in this regard, all the rights referred to supra are entirely assured by Unlockit.
a. Access policy and personal identification data management
Unlockit uses an OAuth based authorization policy, with a securely generated and managed authentication identifier. This authentication identifier identifies the user and the access access profiles and permissions, allowing the application and system layers to bar any improper or unauthorized access. access.
Only you can view and change your personal information. information.
Data obtained by identity validation cannot be changed without changed without further validation.
During the execution of a contract, the personal data of a user user participating in this contract may be consulted by Unlockit or one of its partners, for the completion of the same contract, to the extent that they are strictly necessary.
Access management is carried out based on a system of permissions and profiles (known as RBAC).
Access to the database is protected by username and a proxy that prevents direct access by unauthorized applications. applications.
Data consultation and management is performed by an application system, having the proper permissions and access credentials based on Service Accounts and IAM policies. The application *is configured to prevent access by unauthorized applications, unregistered applications, unregistered users, and users that do not have credentials or permissions required to complete a given action. particular action.
The management of authentication identifiers is validated, on each request, by the system layer.
b. Access policy and property data management
Unlockit uses an OAuth based authorization policy, with a securely generated and managed authentication identifier. This authentication identifier identifies the user and the access access profiles and permissions, allowing the application and system layers to bar any improper or unauthorized access. authorized access.
Only the users involved in the transaction will be able to access the process.
Access management is performed based on a system of permissions and profiles (known as RBAC).
c. Access policy and management of data related to the content of the business:
Unlockit does not carry out, nor is responsible for the drafting of contracts.
If the user so wishes, Unlockit makes available, for this direct contact with one of our legal partners who will accompany the will accompany the process at the user's request.
If the user has a contract drawn up and ready to sign you may use the Unlockit platform to facilitate the signing the parties involved. In this case, the contract to be signed is temporarily stored in the "database" layer until all parties are identified to send the document for signature. for signature.
The final signed contract is stored securely, with only the parties involved only the parties involved will be able to access and consult it, through a personal a personal address sent to them by email.
The final signed contract and proof of signatures can be accessed in the Unlockit application layer, which is protected protected by a permission control that guarantees access to the document document only to the users involved.
4. Time limits for processing and storing personal data.
Unlockit processes your personal data and keeps it in accordance with the purposes for which they are processed.
Therefore, and whenever there is no specific legal obligation, the data will be data will be processed only for the period necessary to fulfill the the purposes that motivated their collection and preservation, and always in accordance in accordance with the law, the guidelines and decisions of the CNPD, or the control authority under the terms of the law, as applicable. The personal data collected by Unlockit shall, therefore, be processed and for the purpose of the execution of the contract and, during the respective period of performance. Otherwise, the processing and personal data of Clients may only occur with their express consent, for the purpose of securing rights or duties related to the or duties related to the contract, or when legitimate interests justify it, to that precise extent.
In order to ensure the integrity of the data and to prove the activity business, the data will be stored for the legally required period. legally required period.
How and when personal data is collected
We collect your personal data when you wish to purchase a service Unlockit, both in the pre-contractual phase and for the purpose of contractual contractual execution. The personal data required by Unlockit are personal data that is indispensable for the provision of its services. A collection may be done by registering the user on the site, and by filling in the corresponding form, through the Unlockit site, or by Unlockit site, or by holding a videoconference specifically videoconference, if this option applies and is chosen by the Client. chosen by the Customer.
Personal data is also collected when the user or customer user or customer introduces the necessary data for the formalization of the services required, with the partners identified above.
Unlockit may also access, collect or confirm personal data on sites of the Public Administration and private entities namely to confirm the accuracy and updating of your identification and contact identification and contact details.
**Transmission of personal data
Your personal data may be transmitted to subcontractors for process them in the name and on behalf of Unlockit. In this case, Unlockit Unlockit will take the necessary contractual measures to ensure that the processors respect and protect the personal data of the data subject.
The data may also be transmitted to third parties -- entities other than Unlockit or the subcontractors, in particular companies with whom Unlockit Unlockit is partnering with, in the event that the data subject has consent, or to entities to whom the data must be communicated by force of law.
In the development and execution of the services we provide and in the processing of personal data of clients and users, Unlockit transmits and/or receives the personal data collected with the supra partners partners, who have their own privacy and data processing policies, in compliance with the RGPD and having informed Unlockit of this Unlockit.
**Transfer of data to third countries
Unlockit may need to transfer your personal data to a third country outside the European Union which is not included in the list of countries list of countries which the European Union has already considered as meeting adequate protection of personal data. In such cases, Unlockit shall ensure that data transfers are carried out in strict compliance with the applicable legal standards.
D. CONTENT OF CONTRACTS
Unlockit is not responsible for the content and/or wording of the contracts submitted by Clients or Users for digital signature, and has no digital signature, and has no intervention in the content of the contracts submitted nor any responsibility for their terms and commitments made by the contracting parties.
The contracts are submitted and agreed upon between the parties, with Unlockit has no intervention in their content or in the will of the parties parties, and does not provide any services related to the business outside of those expressly provided for in its performance.
E. RIGHTS OF THE HOLDER OF PERSONAL DATA
Right of access: right to obtain confirmation of what personal data are collected personal data collected and processed by Unlockit, as well as to obtain information about them, such as the purposes for which they are processed, the periods for which they among others, as well as the right to see/hear or obtain copies of, for example, invoices, written agreements or calls and videoconferences in which you are a participant and which are recorded.
Right of rectification: right to request that your personal data that is inaccurate personal data that are inaccurate or to request that incomplete personal data be incomplete personal data to be completed, such as for example the address address, NIF, e-mail, telephone contacts, among others.
Right to erasure of data or "right to be forgotten": The right to obtain the erasure of your personal data, provided there are no valid grounds for keeping it, such as for example in cases where for example, in cases where Unlockit has to keep the data in order to to comply with legal obligations, such as compliance with the legal obligation to retain data for the investigation, detection and prosecution of crimes, or because a judicial procedure is in progress. judicial proceedings are in progress.
Right to portability: right to receive the data you have you have provided us with in a commonly used and machine-readable digital format or to request direct transmission of your data to another entity that becomes to another entity that becomes the new controller of your personal data, such as your personal data, such as receiving your invoices or transmitting your contact details your invoices or transmitting your contact details to the new controller, but controller, but only if this is technically possible. possible.
Right to withdraw consent or right to object: right to object or withdraw your consent at any time to a data processing data processing, such as in the case of data processing for marketing for marketing purposes, insofar as there are no legitimate interests overriding legitimate interests overriding your interests rights and freedoms, for example to defend a right in the context of legal proceedings.
Right of limitation: right to request the limitation of the processing of processing of your personal data, in the form of (i) suspension of processing or (ii) limitation in scope of processing to certain categories of data or categories of data or purposes of processing.
Right to complain: right to lodge a complaint to the CNPD, or to another supervisory authority competent under the law, other than the company or the DPO, if you believe that the processing of your personal data by personal data by Unlockit violates the applicable legal regime.
Exercising your rights
The exercise of your rights is free of charge, except in the case of a manifestly unfounded or excessive request, in which case a reasonable fee may be be charged a reasonable fee taking into account the costs.
You should note in particular that the exercise of your rights of removal of data, withdrawal of consent or limitation may only be exercised to the extent that they do not prevent the compliance with any legal obligation on the part of Unlockit.
Information shall be provided in writing but, if requested may be given orally. In this case, Unlockit shall verify your your identity by means other than oral.
A response to requests shall be provided within 30 days at the latest, unless it is a particularly complex request.
Responsibility for sites
The collection or processing of personal data requested by such third parties is their sole responsibility and Unlockit may not be held may under no circumstances be held liable for the content, accuracy, veracity accuracy, veracity or legitimacy of these sites or for the misuse of the data collected or processed through them.
We warn customers and users of Unlockit of this fact and of the need, before using the sites, products or applications read and accept the rules relating to the processing of personal data defined by these third parties.
Procedural and technical security measures
Unlockit has implemented the appropriate logical, physical, organizational
and security measures in place that are appropriate, necessary and sufficient to protect
personal data against destruction, loss, alteration, diffusion
unauthorised access or any other form of accidental or illicit processing.
Unlockit may update or make adjustments to this Policy, such changes being duly this Policy, and these changes will be duly published.