PDPL guide for Egyptian real-estate marketplaces, brokers and developers. Lead-buyer marketplaces, agent CRMs, ID copies, mortgage referrals, ad pixels.
Yes, if the user was clearly informed at the form, gave consent for that distribution, and can withdraw it. 'Selling' the data to an unlimited list without that disclosure is exactly what PDPL is designed to stop.
Only as long as needed for the documented purpose (e.g., until the contract is signed + statutory retention). Indefinite storage 'just in case' is a clear violation.
If you transfer their data to Egyptian developers or partners, you need a transfer basis under Article 14 — and you may need to give those buyers GDPR-equivalent rights depending on their country.
No. Any processing of named buyers, sellers, or owners is in scope, regardless of how informal the listing channel is.
If brokers act on your instructions and only on your instructions, yes. If they decide what to do with the data themselves (which is more typical), they're separate controllers and you need a controller-to-controller framework, not just a DPA.