Data protection
Privacy policy
Last updated: 4 July 2026
This policy explains how HomeKeeper processes personal data through this website, call-back requests, owner enquiries, onboarding discussions, proposal preparation, and property-management operations.
HomeKeeper is a service operated by Wonderkey, Lda., Portuguese corporate taxpayer number 516 841 297, with registered office at Rua da Madalena, n.º 80, 1.º andar, Escritório 5, 1100-404 Lisbon, Portugal. For the activities described here, Wonderkey, Lda. normally acts as data controller, unless a signed agreement states a different role for a specific processing activity.
Use the website contact form for privacy questions, access requests, or other data-protection requests.
1. Personal data we process
The data we process depends on the relationship and service stage. Website enquiries usually require less data than owner onboarding or active property management.
- Identity and contact data: name, email, phone number, language, country, address, NIF or tax identifiers, and identity documents where needed for contracting.
- Property and ownership data: property address, ownership documents, property tax records, registry data, usage licence, energy certificate, insurance, condominium information, keys and access instructions, photographs, inventories, utilities, defects, maintenance history, and lease status.
- Commercial and financial data: selected service level, proposal terms, rent estimates, actual rent received, invoices, payment status, IBAN or payout details, deposits, expenses, supplier costs, and accounting references.
- Tenant, prospective tenant, supplier, condominium, insurer, and operational-contact data where needed to manage the property or prepare a proposal.
- Communications and system data: emails, call notes, WhatsApp or dashboard messages, support tickets, form submissions, document uploads, audit logs, IP address, device/browser data, and consent or preference records.
2. Sources of data
We receive data directly from owners, tenants, prospective tenants, suppliers, partners, Uniplaces, condominium managers, insurers, public authorities, property documents, signed contracts, payment systems, support tools, and operational communications.
If an owner provides personal data about a tenant, co-owner, representative, supplier, emergency contact, or other third party, the owner must have a lawful basis to share it and must inform that person where required by law.
3. Why we process data and legal bases
We process personal data only where we have a lawful basis under data-protection law.
- Pre-contract steps and contract performance: responding to enquiries, preparing proposals, onboarding owners, managing properties, coordinating suppliers, supporting check-ins and check-outs, handling documents, issuing invoices, and providing selected services.
- Legal obligations: accounting, tax, invoicing, record-keeping, anti-fraud checks, responding to authorities, and complying with applicable property, tenancy, or consumer rules.
- Legitimate interests: improving operations, keeping service records, managing disputes, protecting properties and systems, preventing misuse, prioritising urgent maintenance, measuring service quality, and developing owner-management tools where those interests are not overridden by individual rights.
- Consent: optional marketing, non-essential cookies or analytics where required, and any activity where we specifically ask for consent. Consent can be withdrawn at any time, without affecting prior lawful processing.
4. How we use personal data
We use personal data to respond to call-back requests, evaluate whether a property fits the service, prepare and send proposals, generate contracts, onboard owners, manage property operations, coordinate tenants and suppliers, issue invoices, follow rent and expense workflows, produce owner reports, manage disputes, and improve HomeKeeper systems.
We may use software automation and AI-assisted tools to help extract information from documents, draft operational messages, classify requests, prepare reports, or identify follow-up actions. Human review is used where decisions materially affect the owner, tenant, property, or service commitment.
5. Sharing data
We share personal data only where needed for the service, legal compliance, administration, security, or rights protection.
- Within the HomeKeeper team and with authorised Uniplaces or group operational contacts where relevant to owner onboarding, tenant sourcing, booking coordination, reporting, or support.
- With suppliers and service providers such as plumbers, electricians, cleaners, locksmiths, photographers, contractors, insurers, condominium managers, legal/accounting professionals, payment providers, signature platforms, document tools, CRM/support systems, email providers, cloud hosting providers, and analytics/security providers.
- With public authorities, courts, tax authorities, regulators, police, municipalities, AIMA, or other bodies where required by law, necessary for filings, or necessary to protect rights.
- With tenants, prospective tenants, owners, co-owners, authorised representatives, platforms such as Uniplaces, and other parties involved in the property-management workflow.
6. International transfers
Where service providers process personal data outside the European Economic Area, we use appropriate safeguards where required, such as adequacy decisions, standard contractual clauses, contractual protections, and security measures appropriate to the provider and processing activity.
7. Retention
We keep personal data only for as long as needed for the purpose for which it was collected, including service delivery, accounting, tax, legal, audit, dispute-resolution, fraud-prevention, and business-record requirements.
Enquiry data that does not become an active proposal or client relationship may be kept for a shorter period unless follow-up, legal defence, or business-record needs justify longer retention. Contract, invoice, payment, tax, and property-management records may need to be kept for statutory limitation and tax periods.
8. Security and credentials
We use organisational and technical measures designed to protect personal data against unauthorised access, loss, alteration, or misuse. Access is limited to people and service providers who need it for their role.
Owners should not send personal public-authority credentials, Finanças passwords, bank passwords, or other sensitive credentials through the website form or ordinary unstructured messages. Where access to official systems is needed, HomeKeeper will use a more appropriate authorisation, delegation, or secure process.
9. Your rights
Subject to legal conditions and limits, data subjects may request access to their data, rectification of inaccurate data, erasure, restriction of processing, data portability, and objection to processing based on legitimate interests. Where processing is based on consent, consent may be withdrawn at any time.
A data subject also has the right to lodge a complaint with the Portuguese data-protection authority, Comissão Nacional de Proteção de Dados (CNPD), or another competent supervisory authority.
10. Cookies and analytics
The website uses essential technical processing needed to deliver the site and receive form submissions. If HomeKeeper adds non-essential analytics, advertising pixels, or similar tracking tools, the website should provide the required notice and choice before those tools are used where consent is required.
11. Changes to this policy
We may update this policy as HomeKeeper's website, systems, services, or legal obligations evolve. The updated date at the top of the page indicates the latest version.
