Important to Note for our Client's website visitors, tenant applicants, and tenants, whether prospective, current or former ("End Users"):

Entrata provides its Platforms for use by our Clients, which are typically residential and commercial real estate property managers and property owners. Our Clients use our Platforms for many purposes, such as to manage the leasing lifecycle, and to facilitate communication with their End Users. Entrata typically has no direct relationship with our End Users; we only process and store our End Users’ personal data ("Client Data") on our Clients’ behalf, as their service provider (i.e., data processor), while the Clients are responsible for the processing (i.e., data controllers) . Any use of Client Data by us is carried out pursuant to our Client’s instructions, as contained in an agreement (and/or our applicable Terms of Service) in place between Entrata and our Client.

If you, as an End User, have any questions or concerns about the data handling practices of a Client using our Platforms to process and store your personal data, please contact the relevant Client directly. Our ProspectPortal Platform permits our Clients to create their own websites, which facilitate communication and transactions between prospective and current tenants. While these websites are built using our Platforms, and Client Data obtained through these websites are stored on our systems, such Client Data is governed by our Clients’ privacy notices/policies.

Entrata, Inc. and its affiliated entities (collectively, "Entrata", "we", "us," "our") are committed to protecting individual privacy and maintaining the trust of our business clients ("Clients"), the actual users of our services who are employed or contracted by our Clients ("Client Personnel"), and visitors to our websites (collectively, "Visitors"). It is important to us that we provide transparency regarding our collection, use, and disclosure of personal data. "Personal data" is data that identifies you as an individual or relates to an identifiable individual.

To help us meet this commitment to you, we have created this Privacy Policy ("Privacy Policy"). This Privacy Policy governs data protection matters across personal data that we collect through:

1. Our suite of products and services (collectively, the "Entrata Platforms" or "Platforms").
2. Websites we control which link to this Privacy Policy ("Entrata Sites").
3. Offline business interactions that you have with us.

HTML-formatted email messages that we send to you that link to this Privacy Policy or other communications with you.

Collectively, we refer to the Platforms, the Entrata Sites, the offline business interactions, and emails as the "Services"). This Privacy Policy, along with our Terms of Use, form an integral and binding part of our relationship with you.

Please Note: This Privacy Policy only governs our processing of personal data that is covered by the EU General Data Protection Regulation (GDPR). This may be the case if you are an individual located in the EU, or when one our affiliates in the EU is responsible for the processing of your personal data (i.e., a data controller). To access our privacy policies in other regions, please click here.

This Privacy Policy describes how we use, share, and protect the personal data of Client Personnel and Visitors who use the Services. It also describes your rights and choices regarding your personal data.

Our Entrata Sites and Platforms may contain links to other third-party websites. The information practices and content of such third-party websites are governed by their own privacy policies. We encourage you to review the privacy policies of such third-party websites to understand their information practices.

We and our service providers collect personal data in various ways, such as when you: enter into a transaction or contractual arrangement with us; provide us with your personal data via the Services; participate in our programs or activities (e.g., our contests, online webinars, Entrata Connect, and Basecamp); provide personal data at industry events and trade shows; visit our facilities or we visit you at your offices; contact our customer services; or make any inquiries and communications with us. More information is set out below. We also collect personal data from other sources, including our Clients, publicly-accessible databases, and joint marketing partners.

Personal data includes:

1. Contact information: First and last name, email address, employer, phone number (work), physical address (work), job title.
2. Marketing preferences and customer service interactions: Marketing preferences; responses to voluntary surveys.
3. Operational data: Transactions, sales, purchases, uses, supplier information, credentials to online services and platforms, and electronic content produced by individuals using company systems, [including online interactive and voice communications such as blog, chat, webcam use, and network sessions].

We have indicated with an asterisk (*) above those types of data which are mandatory and must be provided in order for us to provide the requested Services to you. If you do not provide the information requested, we may not be able to provide the Services. If you disclose any personal data relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so.

We and our service providers use personal data for the following purposes:

1. Communicating with Clients and Client Personnel for the purpose of our legitimate interest (providing our Clients with market-leading property management tools and Platforms). This includes:
   • Informing Clients about our various Platforms and solutions, and providing access to our Platforms where the Client enters into an agreement with us.
   • Providing back-end access to the Platforms for Clients and Client Personnel.
   • Tracking and responding to Clients’ inquiries, reports, reviews or correspondence regarding products and services.
   • Administering Client account(s).
   • Providing and improving our customer service.
   • Facilitating communications generally in the context of our business activities.
   • Sending administrative information to Clients, such as changes to our terms, conditions and policies.
   • Enforcing our Terms of Use and any other contractual terms and conditions that govern the relationship between Entrata and Clients.
2. Operating our business for the purpose of our legitimate interest (continuously improving, customizing and personalizing our Services). This includes:
   • Analyzing and improving the safety and security of our Services.
   • Supporting internal Entrata operations, including CRM and Client technical support.
   • Providing Clients and Client Personnel with access to our 'App Store' to allow Clients to directly enable third-party application.
   • Carrying out machine learning, data extracting and loading data in data warehouses, in order to support Entrata enterprise software, data access, modifications, operations.
3. Contacting Client Personnel at prospective Clients in order to set up demos of our Platforms with your consent. This includes:
   • For marketing purposes, such as re-engaging with prospective Clients who have expressed an interest in our Services.
   • Administering account access to our Platforms for the purposes of providing demos/tutorials of the Platforms to prospective Clients.
   • Responding to your inquiries, for example, when you send us questions, suggestions, compliments or complaints, or when you request further information about our services.
4. Providing you with our newsletter and/or other marketing materials and facilitating social sharing with your consent or for the purpose of our legitimate interest (making it easier for you to get the benefit of your social sharing functionalities). This includes:
   • Sending you marketing related emails, with information about our services, new products and other news about our company.
   • Facilitating social sharing functionality that you choose to use.
5. Aggregating and/or anonymizing personal data so that it will no longer be considered personal data, for the purpose of our legitimate interest (to anonymize and aggregate for business purposes). We do so to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual.
6. Carrying out general organizational activities, for the purpose of our legitimate interest (to keep the Services updated and relevant and to develop our organization) and where necessary to comply with our legal obligations. This includes:
   • Data analysis, for example, to improve the efficiency of our Services.
   • Audits, to verify that our internal processes function as intended and to address legal, regulatory, or contractual requirements.
   • Fraud prevention and fraud security monitoring purposes, for example, to detect and prevent cyberattacks or attempts to commit identity theft.
   • Enhancing, improving, repairing, maintaining, or modifying our current Services.
   • Identifying usage trends, for example, understanding which parts of our Services are of most interest to users.
   • Operating and expanding our organization's activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests.

We also collect data through our Entrata Sites and Platforms, such as browser and device information, application usage data, information collected through cookies, pixel tags and other similar technologies, and IP addresses.

Entrata does not use personal data for purposes that are materially different to the purposes for which they were originally collected, as set out in Section 2. If these purposes change in the future, we will provide you with relevant notice and the option to opt-out of this use where so required by applicable law.

We will not disclose any personal data we collect from you to any third parties except as indicated below:

1. Our Affiliates. We disclose personal data to any of our subsidiaries and affiliates within the Entrata corporate group (click here for a list of our subsidiaries). Specifically, if our Clients utilize our applicant screening service, we will share Client Personnel's personal data with our subsidiary ResidentVerify, LLC. Additionally, if our Clients utilize our renters insurance agent, we will share Client Personnel personal data with our subsidiary Entrata Insurance Agency, LLC.
2. Service Providers. We disclose personal data to our service providers who perform certain services necessary to run our business (for example, data hosting and development, data analysis, customer service, auditing and other services), provided that these service providers have entered into legally binding agreements with us to protect the personal data shared, limit their use of the personal data, and assist us with our compliance requirements.
3. Professional advisers. We disclose personal data to our advisers in certain circumstances, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
4. Fraud prevention agencies. We disclose personal data to such agencies to detect and prevent fraud.
5. Legal Request. We disclose personal data (i) to comply with applicable law and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), (ii) to respond to requests from public and government authorities (which may include authorities outside your country of residence), (iii) to comply with legal process, (iv) to cooperate with law enforcement, or (v) for other legal reasons.
6. Business Transfer. We will disclose personal data to third parties in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Entrata’s assets, whether as a going concern or as part of bankruptcy, liquidation, receivership, or similar proceeding in which personal data held by Entrata are among the assets to be transferred.
7. Enforcement of Our or Others' Rights. We disclose personal data (i) to the extent they are necessary to enforce or protect our rights, privacy, safety or property, and/or that of our affiliates, you or others, (ii) to enforce our Terms of Use and any other agreements (such as for billing and collection purposes and fraud prevention), and (iii) to allow us to pursue available remedies or limit the damages that we may sustain.

The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect personal data from children under the age of sixteen (16) without authorization by a holder of parental responsibility. If you believe that we may have collected personal data from or about a child under the age of sixteen (16), please send an email to [email protected] with the subject line "Personal Data of a Minor".

We seek to use reasonable organizational, technical and administrative measures to protect personal data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with Section 11 below.

Your personal data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data.

Additional Information Regarding the EEA: Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your personal data. You may obtain a copy of these measures by contacting us in accordance with Section 11 below.

Please note that when your personal data are located outside of the EEA, they may be subject to the laws of the country in which they are hosted.

We retain personal data for as long as needed or permitted in light of the purpose(s) for which they were obtained and consistent with applicable law. The criteria used to determine our retention periods include:

1. The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);
2. Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
3. Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

You have the right to access, correct, change, delete, restrict, exercise your right to data portability, or object to the processing of personal data, to the extent these rights are provided to you by applicable law.

As an End User, you can exercise your rights either directly in your user account, or by contacting our Client with whom you have a direct relationship to request the required changes. We are not responsible for handling any End User requests, because the Client is the data controller for End User personal data; for more information, please refer to the note in Section 1 above, marked "Important to Note for our Client’s website visitors, tenant applicants, and tenants, whether prospective, current or former ("End Users")".

As Client Personnel or Visitors, you can exercise your rights by contacting us directly at [email protected] with the subject line "Exercise of EU Data Subject Right". We will respond to your request consistent with applicable law.

You can also elect not to receive marketing communications by changing your preferences in your account, by following the unsubscribe instructions in each communication, or by contacting us at [email protected].

We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing related emails from us, we may still send you important administrative messages (such as changes to our Terms of Use or privacy practices), from which you cannot opt out.

You may also lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

It is our policy to post any changes we make to our Privacy Policy on this page, with a notice that it has been updated on our main homepage. If we make material changes to how we treat your personal data, we will notify you through a notice on the homepage. The date that this Privacy Policy was last revised is listed at the top of this page. Any changes will become effective when we post the revised Privacy Policy on the Platforms or the Entrata Sites.

If you have any questions or complaints related to our practices with respect to your individual rights (as described in Section 9 above), please feel free to contact us at [email protected].

Entrata, Inc. (a US company located at 4205 Chapel Ridge Road, Lehi, UT 84043) is the company responsible (i.e., the data controller) for the processing of personal data covered by this Privacy Policy and can be contacted at [email protected].