GDPR Privacy Rights
If you are a resident of one of many European countries, including the United Kingdom and Switzerland, an important European privacy law (or an equivalent counterpart to it) the General Data Privacy Regulation (the “GDPR”) provides you with certain rights, and places certain obligations on companies regarding how your “personal data” (as the GDPR uses that term) is used. We describe those rights and obligations below, and how and in what circumstances we honor them.
We set out our compliance with the GDPR and, to the extent applicable, those other laws, in this section.
Legal Basis
The GDPR requires us to tell you about the legal ground we’re relying on to process any personal data about you. The legal grounds for us processing your personal data for the purposes set out in Section IV above will typically be because:
- You provided your (legally sufficient) consent;
- It is necessary for our contractual relationship, e.g., in order to provide you services or features you’ve requested and we’ve promised;
- The processing is necessary for us to comply with our legal or regulatory obligations – for instance, to communicate with you about or to help honor your legal rights; and/or
- The processing is in our legitimate interest. For instance, we may process and share business data collected from our website for our own internal marketing purposes, or other information for purposes of security, data hygiene or validation, in a manner that constitutes a “legitimate interest”.
Your Data Subject Rights
A. Right to Rectify, Delete, Restrict or Object to the Processing
Your rights to deletion or revocation of consent (sometimes referred to as a right to be forgotten, to restrict processing, or to otherwise object to processing). You have the right to request that we delete your personal data (or where applicable, withdraw your prior consent to our processing of your data). You may also request that we correct or rectify your personal data if it is inaccurate, incomplete or false.
If you request that we delete your personal data, or withdraw your consent, we will customarily retain a copy of your data sufficient to suppress it from our active databases in the future: but if that is not what you wish, you may indicate that to us (in which case your information may be added to our database later, because we will not have “suppressed” it).
Moreover, when we delete your personal data, we may retain it (to the extent legally permissible) for certain important (but narrow) internal purposes such as legal, compliance, accounting or auditing purposes, and in some cases, for security purposes.
B. Personalized Online Advertising Opt-Outs
You may object to profiling by online advertising platforms with whom we sometimes partner to help generate (and measure or analyze) “personalized” online advertising. These platforms are generally separate third party “controllers” of your data.
You may unsubscribe from marketing and other communications that we may send (on behalf of ourselves or others) by clicking the “opt-out” or “unsubscribe” link in the footer of those emails.
C. Your Right to Access
In some jurisdictions, you may have the right to request access to a copy of your personal data. When you request access to your personal data, we are required — for privacy and other important compliance reasons — to verify your identity in a legally sufficient manner: if we cannot do so, we will not be able to satisfy your access request.
Please note that as part of the verification process, we may not be able to sufficiently “verify” your identity in a manner sufficient to safeguard against the potential adverse privacy effects on disclosure of personal data to the wrong individual (or a person who is purposefully seeking the information of another). Because such improper disclosure would likely adversely affect the privacy rights and freedoms of a relevant data subject/consumer, we limit certain personal data we make available.
Questions or Concerns
If you have a complaint or concern or question about how we handle your personal data, please contact us as at the above contact addresses, and we will seek to address any concerns you may have. If you are not happy with how we have attempted to resolve your complaint, you may contact the relevant data protection authority.
When We are a Processor
EU data protection law (and certain other data protection laws) makes a distinction between organizations that process personal data for their own purposes (known as “data controllers”) and organizations that process personal data on behalf of other organizations (known as “data processors”). We sometimes act as data controller (for instance, when we make decisions about the data that comprises our own datasets) and most of the times act as a processor (for instance, if we process the personal data of guests/tenant/renters of our Client, such as to collect, store, analyze or use it solely for our Client’s benefit and at their direction as part of the Services we provide. We generally are only able to help data subjects exercise their rights as to the personal data we are a data controller of. If you have a question or request as to data we’re a processor of, you should generally address that to the relevant data controller.