Privacy Policy for RentIt-ZM
Last Updated: [ October 15, 2025]
This Privacy Policy explains how Rentit-ZM, the developer of the mobile application RentIt-ZM and Website, collects, uses, protects, and discloses information about you when you use our App.
As a service operating in a global market, we adhere to the principles of the European Union’s General Data Protection Regulation (GDPR) to protect the personal data of our users.
1. Data Controller Details
The data controller responsible for the processing of your personal data is:
Entity Name: [Insert Your Company Name/Developer Name] Address: Lusaka, Zambia
Email for Privacy Inquiries (Mandatory): rentitzm.com
2. Personal Data We Collect and Use
The personal data we collect depends on how you use the App. We only collect data that is strictly necessary for providing our real estate services (Data Minimisation Principle).
Category of Data | Specific Data Points | Purpose of Processing | Lawful Basis (GDPR Art. 6) |
|---|---|---|---|
Identity & Contact Data | Name, Email address, Phone number, Username/Password (encrypted). | To create your user account, verify identity, and enable in-app communication between renters/landlords. | Contractual Necessity (to provide the service) |
Property Listing Data | Property address, Photos, Price, Description, Seller/Landlord details. | To publish property listings in the App and facilitate the core service of connecting users. | Contractual Necessity (to fulfill the contract for listing services) |
Location Data (Sensitive) | Precise GPS coordinates (if permitted), City/Area search input. | To provide relevant location-based search results (“properties near me”). | Consent (Explicitly requested for precise GPS access) |
Financial Data | Payment information (processed by third-party gateway, we only receive transaction details). | To process payments for premium listings or optional services. | Contractual Necessity |
Usage & Technical Data | Device ID, IP address, App version, Crash logs, time spent on listings, search history. | To monitor and analyze App performance, fix bugs, prevent fraud, and improve the user experience. | Legitimate Interest (Improving service and security) |
3. Lawful Basis for Processing (GDPR)
We rely on the following lawful bases to process your personal data:
Contractual Necessity: Processing is necessary for the performance of the contract to which the data subject is party (e.g., creating your account, publishing a listing).
Consent: Where required (e.g., for accessing your precise location or sending non-essential marketing communications), we will obtain your clear, informed, and explicit consent. You have the right to withdraw this consent at any time.
Legitimate Interests: Processing is necessary for our legitimate interests (or those of a third party), provided those interests do not override your rights and freedoms (e.g., ensuring App security, analyzing usage to improve features).
Legal Obligation: Processing is necessary to comply with a legal or regulatory obligation (e.g., tax law, law enforcement requests).
4. Disclosure and Sharing of Personal Data
We only share your data with the following categories of recipients as necessary:
Other RentIt-ZM Users: If you are a renter, your contact information may be shared with the listing owner (landlord/agent) to facilitate a viewing or inquiry, based on your initiated action.
Service Providers (Data Processors): We use third-party companies to facilitate our service (e.g., cloud hosting/servers, analytics, payment gateways). These providers are contractually bound by Data Processing Agreements (DPAs) to process data only on our instruction and comply with GDPR.
Example Sub-processors: [List your main cloud host, e.g., AWS, Google Cloud], [List your analytics provider, e.g., Google Analytics for Firebase].
Legal Requirements: We may disclose your data if required by law, subpoena, or legal process, or if we believe it is necessary to protect our rights, your safety, or the safety of others.
5. Data Security
We implement technical and organizational measures to protect your Personal Data from unauthorized access, loss, or misuse. These measures include:
Encryption of data both in transit (using SSL/TLS) and at rest (on servers).
Regular security assessments and penetration testing.
Role-based access controls to limit internal access to personal data.
Secure storage of user passwords using industry-standard hashing techniques.
Data Breach Notification: In the event of a personal data breach, we will notify the supervisory authority and affected users without undue delay, and in line with the 72-hour requirement set out in the GDPR.
6. Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
Right | Description | How to Exercise |
|---|---|---|
Right to be Informed | The right to know how your data is processed (covered by this policy). | Read this Privacy Policy. |
Right of Access | The right to request a copy of the personal data we hold about you. | Contact the Data Controller via email. |
Right to Rectification | The right to have inaccurate or incomplete data corrected. | Update your profile settings in the App or contact us. |
Right to Erasure | The right to request the deletion of your personal data (“Right to be Forgotten”). | Use the “Delete Account” function in the App settings or contact us. |
Right to Restrict Processing | The right to limit the way we process your data. | Contact the Data Controller via email. |
Right to Data Portability | The right to receive your personal data in a structured, commonly used, and machine-readable format. | Contact the Data Controller via email. |
Right to Object | The right to object to processing based on legitimate interests or for direct marketing. | Opt-out in the App settings or contact us. |
Right to Lodge a Complaint | The right to complain to a supervisory authority if you believe we have violated the GDPR. | Contact your local supervisory authority. |
7. Data Retention
We will retain your Personal Data only for as long as necessary to fulfill the purposes for which we collected it, including for satisfying any legal, accounting, or reporting requirements.
Generally, we retain active account data for the duration of your use of the App. If you delete your account, your personal data will be erased or anonymized within [Specify Timeframe, e.g., 90 days], unless we are legally required to retain it for a longer period.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Policy on this page and updating the “Last Updated” date at the top. We will also inform you through a prominent notice within the App prior to the change becomi