Revised version in January 2020
WHAT PERSONAL INFORMATION DOES GREYSTAR-RESA COLLECT?
We collect Personal Information from our website in order to provide you with information on the Greystar-RESA products and services you have expressed an interest in to provide you with information on other similar Greystar products and services we believe will be of interest to you and to better understand how we can help prospective residents (hereafter, “User”) Please see the section “RGPD Information” below.
The type of Personal Information we collect will depend upon what we will need to provide you properly with the particular product or service you are interested in. In the case of prospective residents, the information requested on our registration form includes, among others, some or all of the following Personal Information: name and address, age or date of birth, email address, occupation/studies, telephone number, educational background and national identity card/Passport/NIE and university/institute/academic center where you plan to study. Those interested in becoming residents will be asked to include most of the following further information: the kind of service you are requesting, the apartment/ studio size you are looking for, where you want to live, if you want to share a room with another person, etc.
USAGE TRACKING: USE OF IP ADDRESSES
An IP address is a number that is automatically assigned to your computer whenever you are surfing the Internet. Web servers, the main computers that serve up web pages, automatically identify your computer by its IP address. As permitted under applicable law, Greystar and RESA collects IP addresses for the purposes of system administration, gathering and analyzing aggregated information, creating a better experience for users and auditing the use of our site.
We do not normally link IP addresses to anything personally identifiable, which means that your session will be logged, but you remain anonymous to us. We will seek to link your IP address when we feel it is necessary to protect this site and other users from harm and to prevent criminal misconduct. Please see the section on Use of “Cookies.”
USE OF “COOKIES”
WHAT INFORMATION DO WE SHARE OR DISCLOSE?
As a general rule, Greystar-RESA will not disclose Personal Information except when we have your permission or under special circumstances, such as when we believe, in good faith, that the law requires our disclosure. We may also disclose Personal Information for some business operations as described below.
We do not commercialize or share your Personal Information with third parties, unless:
- Such information is shared and/or commercialized following receipt of a specific request and/or permission from users;
- Such information is shared with affiliated companies and/or potential investors (in any form of business transaction, including purchase or merger) pursuant to an specific agreement which contains reasonable confidentiality arrangements;
- Such information is shared with contractors who work with us pursuant to an agreement which contains reasonable confidentiality arrangements;
- Such information is shared in order to comply with or in accordance with any applicable law and/or court orders and/or in order to prevent suspected illegal acts, frauds, situations involving potential threats to the safety of any person, or as otherwise required by law. This includes responding to lawful requests by public authorities, including to meet national security or law enforcement requirements;
- Such information is shared in order to help Greystar defend against claims and/or establish or exercise any legal right that Greystar may have;
Greystar-RESA may be liable to you for any transfer of your Personal Information by Greystar-RESA in violation of applicable laws.
THIRD-PARTY SITE LINKS
You should be aware that when you are on the Greystar website you could be directed to other third party sites that are beyond our control. There are links to other sites from Greystar -RESA, which take you outside our service. For example, if you “click” on a banner, an advertisement or a search result, the “click” may take you off the Greystar-RESA web site. These other web sites may include sites of other advertisers, sponsors and partners that may use their logo with ours as part of a co-branding agreement. These other sites may send their own cookies to visitors to collect data or solicit information. Greystar does not control these sites and therefore is not responsible for their content. The inclusion of hyperlinks to any other sites by Greystar-RESA does not imply any endorsement of the material on such sites, nor any association with their operators.
Greystar policies do not extend to anything that is inherent in the operation of the Internet, which is beyond our control. Remember that whenever you give out/provide Information online, that information may be collected and used by people you do not know.
Greystar takes reasonable technical and organizational measures in accordance with applicable laws to safeguard Users’ “Personal Information”. While Greystar strives to protect your Personal information and therein your privacy, we cannot guarantee the security of any Personal Information you disclose online and you therefore disclose such Personal Information at your own risk.
We limit access to “Personal Information” only to employees who we believe reasonably need to receive such information to provide or manage our services or in order to do their jobs, and we take the precautions we deem reasonable to protect the security of Users’ Personal Information. We also work very hard to ensure that our employees are aware of the sensitivity of the data send by the users and submitted to us and that they handle it with extreme care, being careful not to allow any improper access by third parties. However, as in many computer systems, internet applications and software programs, unauthorized use, failure of hardware or software, etc. may be injurious to the confidentiality of users’ Personal Information.
If users have any questions about Security, please contact us using the information in the “Contact Information” section below.
EMAIL CONSENT AND OPT-OUT
You may choose to opt out of receiving future commercial email messages from us as a result of your registrations with us. Each mass commercial email sent by us contains a link with instructions on how to remove yourself from our email list. Please see the section on “Third-Party Site Links” here below.
We do not collect or maintain information at our site from those Users we know are under 16 unless such information is provided by their parents or guardian, and we do not permit children under 16 years of age to become registered users of our site. No part of our site is structured to attract anyone under 16 years old. By using our site, you represent that you are not under 16 years of age. If you are a parent or guardian and you believe that your child under age 16 may have provided personally identifiable information through the Website, please contact us using the information in the “Contact Information” section.
DATA TRANSFERS TO THIRD PARTIES-OTHER COUNTRIES
Please be aware that if you provide “Personal Information” to us, it may be transferred to and processed on computers in the U.S. and other countries which are not in the EEA. Please do not provide your Personal Information to us if you do not want this information to be transferred outside of your country, or if the laws in your country restrict these types of transfers.
We mainly transfer your Personal Information to our affiliate in the United States, Greystar Real Estate Partners. Greystar Real Estate Partners (“Greystar US”) complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce (“Privacy Shield”) regarding the collection, use, and retention of personal information from European Union member countries. Greystar US has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the “Privacy Shield” program, and to view our certification page, please visit https://www.privacyshield.gov/.
Greystar US has further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.
Greystar has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship.
Please note if your EU originating complaint concerning Greystar US is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.
Greystar US is subject to the Federal Trade Commission in respect of its compliance with the “Privacy Shield”
CORRECTING AND DEACTIVATING PERSONAL INFORMATION
You have the right, freely and at reasonable intervals, to request that Greystar inform you as to whether Personal Information relating to you is being processed. You have the right to request that Greystar correct, supplement, delete or block your Personal Information in the event that the data are factually inaccurate, incomplete or irrelevant to the purposes of the processing activities or if the Personal Information is being processed in any other way which infringes a legal provision. If you wish to exercise your rights or if you have any questions or suggestions regarding the use, collection, or security of your Personal Information, please contact us using the contact details in the “Contact Information” section.
When a request for user deletion is received, we will make all reasonable efforts to purge that data from our systems. Due to the nature of our service, some information may not be fully removed due to backups or archived copies; however, such information will only be used for the purpose of performing a contract that the user has entered into with us.
NOTIFICATION OF CHANGES
If a user’s Personal Information changes (such as zip/postal code, phone, email or postal address), or if a user no longer desires to be registered with this site, we provide a way to correct, update or delete/deactivate Users’ Personal Information. This can usually be done at the Registered User account settings page or by emailing: firstname.lastname@example.org.
You may also contact us at RESA, Paseo de la Castellana nº163 3º izq., 28046 Madrid. If you contact us by mail, your communication should clearly be marked as a data protection query.
A. Responsible for the processing of personal data:
RESA informs Users that the Company “Residencias de Estudiantes S.L.”, (hereinafter, RESA), with registered address at Paseo de la Castellana nº 163 3º izq. 28046 Madrid (Spain), with Tax ID number B-60109188, and e-mail address: email@example.com, will be responsible for the data collected on this page, except for data collected for emergency situations which, once the user has been admitted to the selected residence hall, will be processed by the Owner’s residence Hall Company. You can see the Company’s details in the “Legal Warning” on the website www.resa.es (link: www.resa.es/en/legal-warning/) .
B. Purposes of the collection of personal data
RESA and Greystar processes the data collected on this website for the following purposes:
– The data collected through the forms found on the website will be used to manage the success of the request made through the form itself. Specifically:
- The data coming from the contact form will be used to manage the queries/form that the Users have sent through this form.
- The data coming from the “Visit Us” form will be used to manage the visit with the Residence in which the User is interested.
- The data coming from the “Suggestions” form will be used to manage the comments or suggestions that the Users have sent through this form.
-The data collected through the chat will be used to manage the queries that the Users submit through the chat.
– The data collected through the booking process will be used to manage the booking as well as the admission process in the selected residence and the accommodation contractual process. Likewise, once the resident has been admitted, the data obtained in the booking process can be used for the activities of RESA HUB and the contact data provided for emergency situations will be used by the selected residence and by the Company that owns the establishment. If third party data is provided, the applicant of the reservation guarantees to have informed and obtained the authorization of the third party for the communication of their data to the Company.
Also, in the event that the User consents to the processing of their data for commercial purposes (through the boxes provided for this purpose in the booking process and forms), the data provided will be used to send the User commercial information and offers of RESA-Greystar products and services.
The personal data provided will be retained:
- Personal data provided solely for the purpose of handling a query via a contact/suggestion form or chat will be kept for a period of one month, unless legally required to retain the information for a longer period.
- Personal data provided for commercial purposes will be retained as long as no request for deletion is made by the data subject consistent with Greystar’s Data Retention Policy.
- The personal data provided to manage the reservation of accommodation will be kept as long as the business relationship is maintained and, once it is completed, as long as possible legal actions related to the reservation can be derived.
- The data provided to manage the visit to the residence hall will be kept as long as the visit is being managed and as long as possible legal actions related to the visit can be derived.
- Contact details for emergency situations will be used for the duration of the accommodation contract and, once completed, for as long as legal obligations or liabilities may arise from the contractual relationship.
C. Legal basis for the processing of personal data
The legal basis on which RESA relies for the processing of the data to carry out the management of the reservation as well as for the activities of RESA HUB, is the execution of the accommodation contract. The same legitimate basis applies to the transfer of data that RESA carries out to manage the User’s admission to the chosen residence.
In the case of data collected for emergency situations, we protect ourselves in the legitimate interest so that the Director or the rest of the staff of the residence can contact in cases of emergency.
In the case of other uses, RESA will rely on the consent given by the User through checking the boxes that appear on the forms, together with the action of validating and sending the form. In this respect, RESA notes that in order to carry out the aforementioned treatments, it is only necessary to fill in the fields marked as obligatory with the symbol *.
Likewise, in order to send the form, RESA informs the User that it will not be necessary to tick the boxes for accepting the sending of commercial communications and the transfer of data for commercial purposes, so that the refusal to tick these boxes will not impede the purpose of the form.
In this sense, RESA relies on the consent to transfer the User’s data to the company that manages the accommodation selected in this form. Likewise, the User’s consent is also required for the sending of commercial communications.
D. Recipients of personal data
In accordance with what is mentioned in the previous section, RESA will transfer the data to the residence in which the User has chosen to stay in the event of completing the booking process. Likewise, in order to carry out the activities of Resa Hub, the data of the resident who registers for an activity will be transferred to the organizing companies involved in the activities of Resa Hub.
On the other hand, if the User consents to this in the form filled in, RESA will transfer the data to the entities of the Resa-Greystar Group as well as to other entities owning the residence halls managed by the Greystar Group, for commercial purposes. You can consult the list of affiliated entities at the following URL: https://www.resa.es/es/aviso-legal/
The processing of personal data may include the international transfer of data to countries outside the EU. As required by law, we will only make such transfers to countries or organizations that provide an adequate level of protection for personal data. The transfer of this data will not affect your rights or our obligations under the RGPD, as our international data transfers are covered by the “Privacy Shield”.
By virtue of the RGPD, RESA and Greystar informs Users that they have rights in relation to the processing of their personal data, including the right to portability, access, rectification, suppression or limitation of the data. RESA also informs about the User’s right to lodge a complaint with a data protection authority.
The User can exercise the aforementioned rights by contacting RESA-Greystar through firstname.lastname@example.org.
ACCEPTANCE OF THESE TERMS