PropertyOne (Novola SAS) · Last Updated: February 22, 2026
This page summarizes the Data Processing Agreement (the "DPA") under which Novola SAS processes personal data on behalf of its customers when they use PropertyOne. The DPA is a contract that forms part of your subscription agreement. This summary is for information only and does not replace the signed DPA text.
A pre-signed DPA is available to every customer. To execute it, or to request our standard DPA text and subprocessor annex, contact legal@ppty.one. Where a customer has a signed order form or master subscription agreement, the DPA is incorporated into that agreement by reference.
The DPA prevails over any conflicting terms in our Terms of Service with respect to the processing of personal data.
For personal data that a customer imports into or generates within its workspace (for example, tenant identities, lease documentation, IBANs, and banking ledger data), the customer is the Data Controller and Novola SAS is the Data Processor. Novola processes that personal data only on the customer's documented instructions and to provide the Service.
For data Novola collects in its own right (account registration, billing, and system configuration), Novola is the Data Controller. That processing is described in our Privacy Policy.
The customer authorises Novola to engage subprocessors to deliver the Service, including Amazon Web Services (hosting, AWS Region eu-west-3, Paris) and Postmark (transactional email). Novola imposes data protection obligations on each subprocessor no less protective than those in the DPA and remains responsible for their performance.
The current subprocessor list is maintained and updated in our Privacy Policy. We notify workspace administrators at least 14 days before onboarding a new subprocessor with access to customer data and provide a mechanism to object.
Core customer databases and ledger data are hosted within AWS Region eu-west-3 (Paris, France). Where limited data must be transferred outside the EU/EEA to a subprocessor (for example, transactional email delivery via Postmark in the United States), the transfer is governed by the European Commission's Standard Contractual Clauses (SCCs), supplemented by technical and organisational measures. Full details are in our Privacy Policy.
On termination, and for a period of 90 days thereafter, the customer may export its data. After that period, Novola deletes or anonymizes the personal data it processes on the customer's behalf, except where retention is required by law (for example, accounting records retained under French commercial law). These mechanics align with the Terms of Service and the Privacy Policy.
To sign the DPA or request the full text and subprocessor annex, contact legal@ppty.one. For questions about how personal data is processed, our Data Protection Officer can be reached at dpo@ppty.one.