WHAT PERSONAL INFORMATION DOES GREYSTAR-RESA COLLECT?
We collect Personal Information from our website in order to provide you with information on the Greystar-RESA products and services you have expressed an interest in to provide you with information on other similar Greystar products and services we believe will be of interest to you and to better understand how we can help prospective residents (hereafter, “User”) Please see the section “RGPD Information” below.
The type of Personal Information we collect will depend upon what we will need to provide you properly with the particular product or service you are interested in. In the case of prospective residents, the information requested on our registration form includes, among others, some or all of the following Personal Information: name and address, age or date of birth, email address, occupation/studies, telephone number, educational background and national identity card/Passport/NIE and university/institute/academic center where you plan to study (depending on the establishment). Those interested in becoming residents/customers will be asked to include most of the following further information: the kind of service you are requesting, the apartment/ studio size you are looking for, where you want to live, if you want to share a room with another person (depending on the establishment, etc.
USAGE TRACKING: USE OF IP ADDRESSES
An IP address is a number that is automatically assigned to your computer whenever you are surfing the Internet. Web servers, the main computers that serve up web pages, automatically identify your computer by its IP address. As permitted under applicable law, Greystar and RESA collects IP addresses for the purposes of system administration, gathering and analyzing aggregated information, creating a better experience for users and auditing the use of our site.
We do not normally link IP addresses to anything personally identifiable, which means that your session will be logged, but you remain anonymous to us. We will seek to link your IP address when we feel it is necessary to protect this site and other users from harm and to prevent criminal misconduct. Please see the section on Use of “Cookies.”
USE OF “COOKIES”
WHAT INFORMATION DO WE SHARE OR DISCLOSE?
As a general rule, Greystar-RESA will not disclose Personal Information except when we have your permission or under special circumstances, such as when we believe, in good faith, that the law requires our disclosure. We may also disclose Personal Information for some business operations as described below.
We do not commercialize or share your Personal Information with third parties, unless:
-Such information is shared and/or commercialized following receipt of a specific request and/or permission from users;
-Such information is shared with affiliated companies and/or potential investors (in any form of business transaction, including purchase or merger) pursuant to an specific agreement which contains reasonable confidentiality arrangements;
-Such information is shared with contractors who work with us pursuant to an agreement which contains reasonable confidentiality arrangements;
-Such information is shared in order to comply with or in accordance with any applicable law and/or court orders and/or in order to prevent suspected illegal acts, frauds, situations involving potential threats to the safety of any person, or as otherwise required by law. This includes responding to lawful requests by public authorities, including to meet national security or law enforcement requirements;
-Such information is shared in order to help Greystar defend against claims and/or establish or exercise any legal right that Greystar may have;
Greystar-RESA may be liable to you for any transfer of your Personal Information by Greystar-RESA in violation of applicable laws.
Data used by Google Recaptcha: Google Recaptcha is a service used on the Resa.es website to determine whether or not a visitor is human. The purpose of this service is to prevent a robot or other computer method that mimics human behaviour from filling in contact forms with false information. This is done by using information such as the user’s typing patterns, the number of clicks a user makes, or the answers to open-ended question fields installed on the website. The information from Google Recaptcha and its cookies are not used by Resa to personalise the user experience, nor for the creation of audiences, nor to measure user behaviour. The only consequence of the use of this service at a functional level within the Resa website is to prevent the sending of a form if it is determined that the person filling in the form is a robot. The operation of this tool is governed by Google’s privacy and usage policies: https://policies.google.com/privacy
THIRD-PARTY SITE LINKS
You should be aware that when you are on the Greystar website you could be directed to other third party sites that are beyond our control. There are links to other sites from Greystar -RESA, which take you outside our service. For example, if you “click” on a banner, an advertisement or a search result, the “click” may take you off the Greystar-RESA web site. These other web sites may include sites of other advertisers, sponsors and partners that may use their logo with ours as part of a co-branding agreement. These other sites may send their own cookies to visitors to collect data or solicit information. Greystar does not control these sites and therefore is not responsible for their content. The inclusion of hyperlinks to any other sites by Greystar-RESA does not imply any endorsement of the material on such sites, nor any association with their operators.
Greystar policies do not extend to anything that is inherent in the operation of the Internet, which is beyond our control. Remember that whenever you give out/provide Information online, that information may be collected and used by people you do not know.
Greystar-RESA takes reasonable technical and organizational measures in accordance with applicable laws to safeguard Users’ “Personal Information”. While Greystar-RESA strives to protect your Personal information and therein your privacy, we cannot guarantee the security of any Personal Information you disclose online and you therefore disclose such Personal Information at your own risk.
We limit access to “Personal Information” only to employees who we believe reasonably need to receive such information to provide or manage our services or in order to do their jobs, and we take the precautions we deem reasonable to protect the security of Users’ Personal Information. We also work very hard to ensure that our employees are aware of the sensitivity of the data send by the users and submitted to us and that they handle it with extreme care, being careful not to allow any improper access by third parties. However, as in many computer systems, internet applications and software programs, unauthorized use, failure of hardware or software, etc. may be injurious to the confidentiality of users’ Personal Information.
If users have any questions about Security, please contact us using the information in the “Contact Information” section below.
EMAIL CONSENT AND OPT-OUT
You may choose to opt out of receiving future commercial email messages from us as a result of your registrations with us. Each mass commercial email sent by us contains a link with instructions on how to remove yourself from our email list. Please see the section on “Third-Party Site Links” here below.
We do not collect or maintain information at our site from those Users we know are under 16 unless such information is provided by their parents or guardian, and we do not permit children under 16 years of age to become registered users of our site. No part of our site is structured to attract anyone under 16 years old. By using our site, you represent that you are not under 16 years of age. If you are a parent or guardian and you believe that your child under age 16 may have provided personally identifiable information through the Website, please contact us using the information in the “Contact Information” section.
DATA TRANSFERS TO THIRD PARTIES-OTHER COUNTRIES
Please be aware that if you provide “Personal Information” to us, it may be transferred to and processed on computers in the U.S. and other countries which are not in the EEA. Please do not provide your Personal Information to us if you do not want this information to be transferred outside of your country, or if the laws in your country restrict these types of transfers.
For users residing in the European Economic Area Union or the United Kingdom, Greystar relies on the European Commission approved Standard Contractual Clauses (controller-to-controller) (2004/915//EC) to govern the transfer of Personal Information from these countries to countries outside of the European Economic Area and/or the United Kingdom.
CORRECTING AND DEACTIVATING PERSONAL INFORMATION
You have the right, freely and at reasonable intervals, to request that Greystar inform you as to whether Personal Information relating to you is being processed. You have the right to request that Greystar correct, supplement, delete or block your Personal Information in the event that the data are factually inaccurate, incomplete or irrelevant to the purposes of the processing activities or if the Personal Information is being processed in any other way which infringes a legal provision. If you wish to exercise your rights or if you have any questions or suggestions regarding the use, collection, or security of your Personal Information, please contact us using the contact details in the “Contact Information” section.
When a request for user deletion is received, we will make all reasonable efforts to purge that data from our systems. Due to the nature of our service, some information may not be fully removed due to backups or archived copies; however, such information will only be used for the purpose of performing a contract that the user has entered into with us.
NOTIFICATION OF CHANGES
If a user’s Personal Information changes (such as zip/postal code, phone, email or postal address), or if a user no longer desires to be registered with this site, we provide a way to correct, update or delete/deactivate Users’ Personal Information. This can usually be done at the Registered User account settings page or by emailing: firstname.lastname@example.org.
You may also contact us at RESA, Paseo de la Castellana nº163 3º izq., 28046 Madrid. If you contact us by mail, your communication should clearly be marked as a data protection query.
A. Responsible for the processing of personal data:
RESA informs Users that the Company “Residencias de Estudiantes S.L.”, (hereinafter, RESA), with registered address at Paseo de la Castellana nº 163 3º izq. 28046 Madrid (Spain), with Tax ID number B-60109188, and e-mail address: email@example.com, will be responsible for the data collected on this page, except for data collected for emergency situations which, once the user has been admitted to the selected residence hall, will be processed by the Owner’s residence Hall Company. You can see the Company’s details in the “Legal Warning” on the website www.resa.es (link: www.resa.es/en/legal-warning/) .
B. Purposes of the collection of personal data
RESA and Greystar processes the data collected on this website for the following purposes:
– The data collected through the forms found on the website will be used to manage the success of the request made through the form itself. Specifically:
- The data coming from the contact form will be used to manage the queries/form that the Users have sent through this form.
- The data coming from the “Visit Us” form will be used to manage the visit with the residence/establishment in which the User is interested.
- The data coming from the “Suggestions” form will be used to manage the comments or suggestions that the Users have sent through this form.
-The data collected through the chat will be used to manage the queries that the Users submit through the chat.
– The data collected through the booking process will be used to manage the booking as well as the admission process in the selected residence/establishment and the accommodation contractual process. Likewise, once the resident has been admitted, the data obtained in the booking process can be used for the residence activities of RESA HUB and the contact data provided for emergency situations will be used by the selected residence/establishment and by the Company that owns the establishment. If third party data is provided, the applicant of the reservation guarantees to have informed and obtained the authorization of the third party for the communication of their data to the Company.
Also, in the event that the User consents to the processing of their data for commercial purposes (through the boxes provided for this purpose in the booking process and forms), the data provided will be used to send the User commercial information and offers of RESA-Greystar products and services.
The personal data provided will be retained:
- Personal data provided solely for the purpose of handling a query via a contact/suggestion form or chat will be kept for no longer than is necessary for the purposes for which they are processed and for no longer than 10 months, and unless legally required RESA to retain the information for a longer period.
- Personal data provided for commercial purposes will be retained as long as no request for deletion is made by the data subject consistent with Greystar’s Data Retention Policy.
- The personal data provided to manage the reservation of accommodation will be kept as long as the business relationship is maintained and, once it is completed, as long as possible legal actions related to the reservation can be derived.
- The data provided to manage the visit to the residence hall/establishment will be kept as long as the visit is being managed and as long as possible legal actions related to the visit can be derived.
- Contact details for emergency situations will be used for the duration of the accommodation contract and, once completed, for as long as legal obligations or liabilities may arise from the contractual relationship.
C. Legal basis for the processing of personal data
The legal basis on which RESA relies for the processing of the data to carry out the management of the reservation as well as for the activities of RESA HUB (depending on the establishment), is the execution of the accommodation contract. The same legitimate basis applies to the transfer of data that RESA carries out to manage the User’s admission to the chosen residence/establishment.
In the case of data collected for emergency situations, we protect ourselves in the legitimate interest so that the Director or the rest of the staff of the residence/establishment can contact in cases of emergency.
In the case of other uses, RESA will rely on the consent given by the User through checking the boxes that appear on the forms, together with the action of validating and sending the form. In this respect, RESA notes that in order to carry out the aforementioned treatments, it is only necessary to fill in the fields marked as obligatory with the symbol *.
Likewise, in order to send the form, RESA informs the User that it will not be necessary to tick the boxes for accepting the sending of commercial communications and the transfer of data for commercial purposes, so that the refusal to tick these boxes will not impede the purpose of the form.
In this sense, RESA relies on the consent to transfer the User’s data to the company that manages the accommodation selected in this form. Likewise, the User’s consent is also required for the sending of commercial communications.
D. Recipients of personal data
In accordance with what is mentioned in the previous section, RESA will transfer the data to the residence/establishment in which the User has chosen to stay in the event of completing the booking process. Likewise, in order to carry out the activities of Resa Hub, the data of the resident who registers for an activity will be transferred to the organizing companies involved in the activities of Resa Hub.
On the other hand, if the User consents to this in the form filled in, RESA will transfer the data to the entities of the Resa-Greystar Group as well as to other entities owning the residence halls/other establishments managed by the Greystar Group, for commercial purposes. This consent is not obligatory so the refusal to make this assignment will not prevent the booking process from being carried out. You can consult the list of affiliated entities at the following URL: https://www.resa.es/es/aviso-legal/
As some of our group companies are located outside the European Union, your personal data may be transferred to these companies for administrative purposes. In any case, these international data transfers will be regulated in accordance with the provisions of the General Data Protection Regulation (GDPR) after signing the corresponding standard contractual clauses approved by the European Commission, thus guaranteeing adequate protection for your personal data. On the other hand, it should be noted that, in order to develop our activity, we require the support of service providers. These third parties may have access to your data and will act on our behalf, following our instructions, and in no case will they have your data for their own purposes.
By virtue of the RGPD, RESA and Greystar informs Users that they have rights in relation to the processing of their personal data, including the right to portability, access, rectification, suppression or limitation of the data. RESA also informs about the User’s right to lodge a complaint with a data protection authority.
The User can exercise the aforementioned rights by contacting RESA-Greystar through firstname.lastname@example.org.
ACCEPTANCE OF THESE TERMS