Effective Date: 08-25-2020
Entrata, Inc. and its affiliated entities (collectively, "Entrata", "we", "us", "our") are committed to protecting individual privacy and maintaining the trust of our business clients ("Clients"), our Clients' end users and tenants (collectively, "End Users"), the actual users of our services who are employed or contracted by our Clients ("Client Personnel"), and visitors to our websites (collectively, "Visitors"). It is important to us that we provide transparency regarding our collection, use, and disclosure of personal data.
Important to Note:
Entrata provides its Platforms for use by our Clients, which are typically residential and commercial real estate property managers and property owners. Our Clients use our Platforms for many purposes, such as to manage the leasing lifecycle, and to facilitate communication with their End Users. Entrata typically has no direct relationship with our End Users; we simply process and store our End Users’ personal data (“Client Data”) on our Clients’ behalf, as their service provider (i.e., data processor), while the Clients are responsible for the processing (i.e., data controllers) . Any use of Client Data by us is carried out pursuant to an agreement (and/or our applicable Terms of Service) in place between Entrata and our Client.
2. What Information Do We Collect and Why?
We may collect personal data in various ways, such as when you: enter into a transaction or contractual arrangement with us; participate in our programs or activities; provide data at industry events and trade shows; visit our facilities or we visit you at your offices; contact our customer services; or in connection with your inquiries and communications with us. We may also collect personal data from other sources, including the Client, data companies, publicly-accessible databases, and joint marketing partners.
We have created the following table to help you understand the categories of personal data that we are responsible for and process as a data controller:
|Categories of Personal Data:||Specific Types of Personal Data:||Why We Collect It – Our Purposes and Legal Bases|
|Client Personnel Data||Contact Information: First and last name, email address, employer, phone number (work), physical address (work), job title.
Marketing Preferences and Customer Service Interactions: Marketing preferences; responses to voluntary surveys.
Operational Data: Transactions, sales, purchases, uses, supplier information, credentials to online services and platforms, and electronic content produced by individuals using company systems, including online interactive and voice communications such as blog, chat, webcam use, and network sessions.
|Communicate with Clients and Client Personnel for the purpose of our contractual relationship or for our legitimate interest. This includes:
|Prospective Client Personnel Data||First and last name, email address, employer, phone number (work), physical address (work), job title.||Contact prospective Clients in order to set up demos of our Platforms with your consent. This includes:
|Visitors||Contact Information: Name; company; business address; business email; business telephone.||Provide you with our newsletter and/or other marketing materials and facilitate social sharing with your consent or where we have a legitimate interest. This includes:
3. What Are Our Legal Bases for Processing Personal Data?
We collect and process personal data about you only where we have a legal basis for doing so. Our legal bases for processing personal data are dependent on the purpose and context of the processing activity.
Our legal bases include:
- Legitimate Interests (Client Data) We process Client Data to further our own legitimate interests, which may include:
- providing our Clients with market-leading property management tools and Platforms;
- continuously improving, customizing, and personalizing our Platforms, including taking steps to protect against fraud, spam, and abuse;
- analyzing and improving the safety and security of our Platforms; and/or
- aggregating and/or anonymizing Client Data, so that they will no longer be considered personal data. We do so to generate other data for our use, which we may use and disclose for any purpose. We will engage in this activity because we have a legitimate interest.
- Consent (Client Personnel Data) We obtain consent to send marketing communications to our potential clients and leads. Where you have provided your consent to receive marketing communications from us, you can withdraw your consent at any time by clicking on an unsubscribe link in each marketing communication or changing settings in your account, but doing so will not affect the processing that has already taken place.
- Contractual Necessity We process Client Personnel Data based on contractual necessity, which may include providing access to our backend platforms for our Client’s employees, agents, and contractors.
- Legal Obligation Entrata may be required, under applicable EU or EU member state law, to obtain and store certain personal data. For example, Entrata may be required to obtain and store data relating to Client Personnel for reporting purposes.
4. How Do We Use Personal Data?
Entrata does not use personal data for purposes that are materially different to the purposes for which they were originally collected, as set out in Section 2. If these purposes change in the future, we will provide you with notice and the option to opt-out of this use where so required by applicable law.
5. How Do We Disclose Personal Data?
We will not disclose any personal data we collect from you to any third parties except as indicated below:
- Our Affiliates. We may disclose personal data to any of our subsidiaries and affiliates within the Entrata corporate group (click here for a list of our subsidiaries). Specifically, if our clients utilize our applicant screening service, we will share personal data with our subsidiary ResidentVerify, LLC. Additionally, if you utilize our renters insurance agent, we will share personal data with our subsidiary Property Solutions Insurance Agency, LLC.
- Service Providers. We may disclose personal data to our service providers who perform certain services necessary to run our business (for example, data hosting and development, data analysis, customer service, auditing and other services), provided that these service providers have entered into legally binding agreements with us to protect the personal data shared, limit their use of the personal data, and assist us with our compliance requirements.
- Legal Request. We may disclose personal data to comply with applicable law and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), to respond to requests from public and government authorities (which may include authorities outside your country of residence), to cooperate with law enforcement, or for other legal reasons.
- Business Transfer. We may disclose personal data to a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Entrata’s assets, whether as a going concern or as part of bankruptcy, liquidation, receivership, or similar proceeding in which personal data held by Entrata are among the assets to be transferred.
We do not knowingly collect personal data from children under the age of sixteen (16) without authorization by a holder of parental responsibility. If you believe that we may have collected personal data from or about a child under the age of sixteen (16), please send an email to email@example.com with the subject line "Personal Data of a Minor".
7. How Do We Protect Your Personal Data?
We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the "How to Contact Us" section below.
8. Transfers outside of the EEA
Your personal data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Platforms you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data.
Adequacy Decision: Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en). For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your personal data. You may obtain a copy of these measures by contacting us in accordance with the "How to Contact Us" section below.
Standard Contractual Clauses: The European Commission has approved the use of standard contractual clauses as a means of ensuring adequate protection when transferring data outside of the EEA. By incorporating standard contractual clauses into a contract established between the parties transferring data, personal data can be protected when transferred outside the EEA to countries which have not been deemed by the European Commission to adequately protect personal data. We, and some of our affiliates, may rely on standard contractual clauses for transfers of personal data from the EEA to the US.
Privacy Shield: We, and some of our affiliates, may rely on the Privacy Shield framework for transfers of personal data from the United Kingdom and Switzerland to the US. Please see Section 9 below for additional information. Please note that when your personal data are located outside of the United Kingdom or Switzerland, they may be subject to the laws of the country in which they are hosted.
9. Privacy Shield (Our Transfers of Personal Data from the UK and Switzerland to the United States)
Entrata and its subsidiary, Property Solutions Insurance Agency, LLC, comply with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework(s), as applicable, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data transferred from the European Union, the United Kingdom, and Switzerland, as applicable, to the United States. Entrata has certified to the Department of Commerce that it adheres to the Privacy Shield Principles, which includes the Supplemental Principles (collectively, the "Privacy Shield Principles"), for personal data transferred from the European Union, the United Kingdom, and Switzerland pursuant to our Privacy Shield certification.
We sometimes contract with other companies and individuals to perform functions or services on our behalf, as described above in Section 5. We are responsible for ensuring our service providers process personal data in a manner consistent with our obligations under the Privacy Shield Principles.
In compliance with the Privacy Shield Principles, Entrata commits to resolve complaints about our collection or use of your personal data. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Entrata at firstname.lastname@example.org. We will investigate and attempt to resolve complaints and disputes regarding our use and disclosure of personal data in accordance with the Privacy Shield Principles.
If we are unable to resolve your question or concern you may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield and they will assist you in resolving your complaint.
These recourse mechanisms are available at no cost to you. Please note that if your complaint is not resolved through these channels, under limited circumstances a binding arbitration option may be available before a Privacy Shield Panel (see here for more information https://www.privacyshield.gov/article?id=ANNEX-I-introduction).
Entrata is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
In cases of onward transfer of personal data of EU or Swiss individuals to third parties received by Entrata pursuant to the Privacy Shield, Entrata is potentially liable.
When Entrata maintains personal data for End Users with whom Entrata does not have a direct relationship (i.e., because Entrata is maintaining the personal data in its role as a processor for its Clients), End Users may submit complaints concerning the processing of their personal data to the relevant Client, in accordance with the Client's dispute resolution process. Entrata will participate in this process at the request of either its Client or the End User.
10. Retaining Your Personal data
We retain personal data for as long as needed or permitted in light of the purpose(s) for which they were obtained and consistent with applicable law. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Platforms to you (for example, for as long as you have an account with us or keep using the Platforms);
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
11. Keeping Your Information Updated
Where you have set up an account on one of our Platforms through our Clients, it is up to you to keep your personal data up to date. If you are unable to update your personal data, please contact our relevant Client with which you have a primary relationship. If our Client is unable to assist you, we will endeavor to assist our Client with updating your information.
12. Your Individual Rights
Under the GDPR (and subject to any relevant exceptions) you have the right to access, correct, change, delete, restrict, exercise your right to data portability, or object to the processing of personal data.
As an End User, you can exercise your rights either directly in your user account, or by contacting our Client with which you have a direct relationship to request the required changes.
As Client Personnel, you can exercise your rights by contacting us directly at email@example.com with the subject line "Exercise of EU Data Subject Right". We may first request verification of your identity prior to facilitating the exercise of your right.
You can also elect not to receive marketing communications by changing your preferences in your account, or by following the unsubscribe instructions in each communication.
We will retain personal data in order to comply with legal requirements, protect our and others' rights, resolve disputes, or enforce our legal terms or policies, to the extent permitted under applicable law.
You may also lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.
How to Contact Us
If you have any questions or complaints related to our practices with respect to the collection, use, or disclosure of personal data, please feel free to contact us at firstname.lastname@example.org.
4205 Chapel Ridge Road
Lehi, UT 84043
Entrata Europe B.V. (Entrata’s EU Representative)
Joop Geesinkweg 901-999,
Amsterdam, 1096 AZ, Netherlands
Property Solutions Insurance Agency, LLC
4205 Chapel Ridge Road
Lehi, UT 84043