Mile High Aerial Properties

Data processing addendum

Last updated: 2026-05-31 · Operated by Mile High Aerial Properties, LLC

This addendum applies when Mile High Aerial Properties, LLCprocesses personal data on behalf of a client (the “Controller”), and forms part of the agreement between the parties for the services provided.

1. Scope and roles

Mile High Aerial Properties, LLCacts as a Processor (or Service Provider under the CCPA) of the Controller’s personal data when performing services such as managing contacts, sending communications, and storing transaction documents.

2. Categories of data

Contact identifiers (name, email, phone), property preferences, transaction milestones, and uploaded documents. We process only the categories of data required to provide the services.

3. Sub-processors

We use a small number of sub-processors to deliver the services (cloud hosting, transactional email, SMS, e-signature, MLS data). The current list is available on request. We notify the Controller of new sub-processors and give a reasonable objection window.

4. Security measures

  • Encryption at rest (database) and in transit (TLS).
  • Role-based access controls + row-level security.
  • Access logging and quarterly access reviews.
  • Backups with documented retention and restore procedures.
  • Background-checked personnel with signed confidentiality terms.

5. International transfers

Where personal data is transferred outside its country of origin, we rely on the European Commission’s Standard Contractual Clauses (or equivalent for the UK, Switzerland, and Canada) plus any required supplementary measures.

6. Assistance with data subject rights

We help the Controller respond to data subject requests within the regulatory deadline (30 days under GDPR; 45 days under CCPA, with the ability to extend once).

7. Breach notification

We notify the Controller without undue delay (and in any case within 72 hours) after becoming aware of a personal data breach affecting the Controller’s data.

8. Return or deletion

On termination of the services, and at the Controller’s choice, we return or delete the personal data we hold for the Controller, subject to legal retention obligations.

9. Audit

We make available the information necessary to demonstrate compliance with this addendum, including third-party audit reports where available.

10. Contact

For a counter-signed copy or to add your organization to the notification list for sub-processor changes, email smoke-dpo@test.local.

Powered byBrokerDriveAgent Sign-In