Data Protection — Overview
How Locari manages applicant data in compliance with GDPR: consent, retention periods, and data subject rights — all in one place.
Locari handles the data protection administration in your rental process: consent is collected automatically, deadlines are monitored, and data subject rights are fulfilled at the click of a button. You retain full control at all times.
What Locari does automatically: send consent emails, send reminders (day 1, 3, 5), monitor deadlines, delete data after expiry. What you decide: when to delete manually, whether to approve a deletion request, which retention periods to configure.
Common Tasks
- Check an applicant's consent status
- Configure retention periods
- Delete an applicant on request
- Export consent documentation
- GDPR checklist for your team
- Understand consent emails and language
How To
Check data protection at first contact
- A new applicant contacts you — Locari automatically sends the consent email.
- Example: Applicant Schmidt receives an email in German (listing in Germany) to consent to AI-assisted profile evaluation.
- Open the applicant profile under Applicants > tab Data Protection — status shown as "Consent pending", "Consent granted", or "Consent withdrawn".
Handle a manual deletion request
- Applicant writes: "Please delete my data."
- Locari shows you the request in the applicant profile.
- Check whether an active process is still running — Locari flags this automatically.
- Approve: deletion is executed within 30 days (Art. 17 GDPR).
What Locari Manages Automatically
Consent (Art. 6(1)(a) and Art. 22 GDPR)
- Consent email at first contact — in the language of the listing (DE/AT/CH: German, FR: French, GB: English)
- Reminders on day 1, 3, and 5 for outstanding consent
- Automatic expiry after 10 days without response
Retention Periods
| Data Type | Period After Process End |
|---|---|
| Contact data | 6 months |
| Communication | 6 months |
| Documents | 30 days |
| Notes | 6 months |
Periods can be adjusted under Settings > Data Protection > Deletion Periods. Tax-relevant contract documents may be subject to statutory retention of up to 10 years — Locari marks such records and prevents premature deletion.
Data Subject Rights at the Click of a Button
- Art. 15 Access: generate and release a data export
- Art. 16 Rectification: edit data inline
- Art. 17 Erasure: manually or automatically after period expiry
- Art. 20 Data portability: export in machine-readable format
- Art. 21 Objection: consent revocable at any time via the withdrawal link
Views and Fields
"Data Protection" Tab in Applicant Profile
- Consent status (pending / granted / declined / withdrawn / expired)
- Timestamp of the last status change
- Consent channel (email link, chatbot entry, manual entry)
- Reminder count (0–3)
- Button: Send reminder manually (only when status is "pending")
Settings > Data Protection
- Retention period configuration
- Export of consent documentation
- Download DPA
- View deletion log
Audit and History
Every data protection action — consent granted, withdrawn, deletion executed — is documented in the applicant profile under History. After a complete deletion, the consent record remains anonymized (email is replaced by an anonymized identifier) to provide proof to supervisory authorities (Art. 7(1) GDPR).
If you delete an applicant manually, all data including the audit trail is removed immediately and irreversibly. Only administrators can perform this action.
Permissions and Multi-select
- Visible to: all team members of the owner account.
- View consent status: all members.
- Configure retention periods and approve deletion: only administrators — the action is irreversible.
- Delete multiple applicants at once: Applicant List — bulk reject, filter by phase and status, sort by score.