CORVALIS
Anmelden

GDPR Compliance

How Sophie meets GDPR requirements.

Sophie helps you work in compliance with GDPR. Here's how the individual requirements are implemented.

Applicants actively consent to data processing.

Legitimate Interest (Art. 6(1)(f))

Communication as part of the application process.

Pre-contractual Measures (Art. 6(1)(b))

Data processing for lease agreement review.

Information Obligations

At First Contact

Sophie automatically informs applicants about:

  • Who processes the data (you as landlord)
  • For what purpose (application process)
  • How long (until end of process + 6 months)
  • What rights exist

Privacy Policy

Applicants receive a link to your privacy policy.

Data Subject Rights

Right of Access (Art. 15)

Applicants can request what data is stored.

How it works:

  1. Applicant asks Sophie for their data
  2. Sophie creates a data export
  3. You approve the export
  4. Applicant receives the extract via email

Right to Rectification (Art. 16)

Applicants can have incorrect data corrected.

How it works:

  1. Applicant communicates correction
  2. Sophie updates the data
  3. Applicant receives confirmation

Right to Erasure (Art. 17)

Applicants can request deletion of their data.

How it works:

  1. Applicant requests deletion
  2. Sophie automatically checks if deletion is possible
  3. During active process: Notice to applicant
  4. After process end: Deletion within 30 days

Right to Data Portability (Art. 20)

Applicants can request their data in machine-readable format.

Retention Periods

During Process

All data is stored while the application process is active.

After Acceptance

Data is transferred to lease agreement process.

After Rejection

  • Basic data: 6 months (for queries)
  • Documents: Immediate deletion (optional)
  • Communication: 6 months

Automatic Deletion

Data is automatically deleted after expiration of periods.

Technical Measures

Encryption

  • TLS 1.3 for all connections
  • AES-256 for stored data
  • End-to-end encryption for sensitive documents

Access Control

  • Role-based permissions
  • Multi-factor authentication available
  • Activity log

Server Location

  • Servers in Germany (Frankfurt)
  • No data transfer outside EU

Data Processing Agreement

As a data processor, we have:

  • Data Processing Agreement (DPA) concluded
  • Technical and Organizational Measures (TOMs) documented
  • Register of processing activities created

Download DPA

Under Settings > Data Protection you can download the DPA.

Data Breaches

Automatic Detection

Sophie automatically detects potential data breaches.

Notification

In case of a breach, you are immediately informed and assisted in reporting to the supervisory authority.

Checklist for Landlords

  • [ ] Privacy policy on your website
  • [ ] DPA with CORVALIS concluded
  • [ ] Retention periods configured
  • [ ] Team informed about data protection