🏠 PropSafe — Complai Africa

Tenant & Buyer Data Protection for Real Estate Agencies

Every tenancy application collects copies of IDs, bank statements and payslips. PropSafe legally secures your data handling, including cross-border risks from international landlords.

⚖ Ask DPO AI Free
📁 PropSafe Document Bundle
🏠
Real Estate Agency Data Protection Policy
CDPA compliant
Included
📋
Tenant/Buyer Consent & Disclosure Form
Application data
Included
🤝
Staff Confidentiality Agreement
All agents
Included
🔍
DPIA Template
Property data processing
Included
🌐
Property Owner Data Processing Agreement
Including overseas landlords
Included
🗑
Data Erasure & Retention Protocol
Post-lease deletion
Included
🚨
Breach Response Protocol + DP3
72-hour rule
Included
Your Legal Obligations

What the CDPA Requires from Your Organisation

These are mandatory legal requirements under Zimbabwe law, currently being enforced by POTRAZ.

CDPA S.13
Tenant Application Data
Tenancy application data may only be collected with explicit consent, used only for the tenancy decision, retained only as long as legally necessary, and securely destroyed when no longer needed.
CDPG 5/2024
International Landlords — Cross-Border Risk
Sharing tenant data with overseas landlords (including diaspora) is a cross-border transfer requiring POTRAZ authorisation, updated consent forms, and a Data Processing Agreement.
CDPA S.13 — Retention
Unsuccessful Application Data
Data from unsuccessful applicants must be deleted within 6 months of rejection. Retaining ID copies and bank statements beyond this period is a CDPA violation.
CDPA S.17
Conveyancers & Property Management Systems
Any third party processing tenant or buyer data — conveyancers, bond originators, software providers — must sign a Data Processing Agreement before accessing that data.
What Your Plan Includes

Comply Foundations, PropTech Pack Extras, and DPO Support

PropSafe combines your Comply tier with PropTech & Real Estate overlays for tenant, buyer, and landlord data. DPO Shield remains the recurring managed layer for ongoing support.

🏠
Real Estate Agency Data Protection Policy
CDPA compliant
Comply
📋
Tenant/Buyer Consent & Disclosure Form
Application data
PropTech Pack
🤝
ID Verification & Reference Policy
Buyer, tenant, and landlord checks
PropTech Pack
🔍
DPIA Template
Property data processing
Comply
🌐
Real Estate Database Retention Schedule
Applications, leases, and sales records
PropTech Pack
🗑
WhatsApp Marketing Consent Log
Campaign opt-ins for tenant and buyer outreach
PropTech Pack
🚨
Breach Response Protocol + DP3
72-hour rule
Corporate+
📊
Real Estate Data Asset Register
POTRAZ DP1 ready
Included
🔎
Compliance Gap Assessment
27-point checklist
Business+
📋
DSAR Response Kit
Tenant and buyer requests
Business+
Comply Tier Foundations

ROPA and Impact Assessments from Your Comply Tier

These frameworks come from your Comply package. The PropTech & Real Estate pack adds property-specific overlays, while DPO Shield supports recurring governance and sign-off.

📊

Record of Processing Activities (ROPA)

Required under CDPA Section 13. This sits inside Comply Business and above, and becomes the foundation of your POTRAZ-facing operating record.

Your PropSafe ROPA covers:

  • Tenant/buyer names and ID/passport copies
  • Contact details (address, phone, email)
  • Income and employment verification documents
  • Bank statements and financial records
  • Reference letters from previous landlords
  • Lease agreements and tenancy records
  • Property owner/landlord personal data
  • Agent commission and financial records
  • Staff employment records
  • CCTV footage
  • Website enquiry and contact form data
Included in: Comply Business and above
🔍

Data Protection Impact Assessment (DPIA)

Required under CDPA Section 18 before any high-risk processing activity. Comply provides the base framework, while the sector pack adds real-estate-specific prompts.

A DPIA is required when you:

  • Launching an online tenant application portal
  • Enabling overseas landlord access to tenant application data
  • Implementing biometric visitor logs for show houses
  • Adopting a new cloud-based property management system
  • Sharing tenant data with a new conveyancer or bond originator
  • Any offshore cloud storage of property records
Included in: all Comply tiers, with scope varying by package
Common Questions

Frequently Asked Questions

We email tenant ID copies to overseas landlords. Is this allowed? +
This is a cross-border transfer under CDPG 5/2024. It requires POTRAZ authorisation, updated consent forms disclosing the overseas recipient, and a Data Processing Agreement with the landlord.
How long can we keep tenant application documents after rejection? +
A practical upper limit is 6 months from rejection. All documents — ID copies, bank statements, and payslips — should then be securely shredded or permanently deleted. Your PropSafe toolkit includes a data erasure protocol to support that process.
Our property management system is hosted in South Africa. Do we need POTRAZ authorisation? +
Yes. South Africa is outside Zimbabwe. Cloud storage of tenant data there requires POTRAZ authorisation under CDPG 5/2024. Complai Africa can support with templates, guidance, and DPO matching, but the organisation remains responsible for the formal filing.
A former tenant is asking for all data we hold. What do we do? +
Respond within 30 days under CDPA Section 21. If their data has been deleted per your retention schedule, confirm this in writing. Your higher-tier PropSafe package includes a complete DSAR response kit.

Need help interpreting the real-estate requirements?

⚖ Ask AskDPO AI — Free, instant guidance

Choose Your PropSafe Path

Start with Comply Business, then select the PropTech & Real Estate add-on in the next checkout step. Add DPO Shield Business afterward if you need recurring support and help matching with a suitable POTRAZ-certified DPO.

Start Your Compliance
Please enter your organisation name, your name, and a valid email.

🔒 Secure payment via the Complai Africa client portal