Effective Date: 1-10-2019
Entrata, Inc. and its affiliated entities (collectively, "Entrata", "we", "us", "our") are committed to protecting individual privacy and maintaining the trust of our business clients("Clients"), our Clients' end users and residents (collectively, "End Users"), the actual users of our services who are employed or contracted by our Clients ("Client Personnel"), and visitors to our websites (collectively, "Visitors"). It is important to us that we provide transparency regarding our collection, use, and disclosure of Personal Information (for purposes of this Privacy Policy, we use the California Consumer Privacy Act’s (“CCPA”) definition of “Personal Information”.
To help us meet this commitment to you, we have created this Privacy Policy ("Privacy Policy"). This Privacy Policy governs data protection matters across our suite of products and services (collectively, the "Entrata Platforms" or "Platforms"), including data provided by Visitors to the websites we control and which link to this Privacy Policy ("Entrata Sites"). This Privacy Policy, along with our Terms of Use, form an integral and binding part of our relationship with you.
Please Note: This Privacy Policy does not govern our processing of Personal Information/Personal Data covered by the EU General Data Protection Regulation (GDPR). You can view our EU Privacy Policy here.
This Privacy Policy describes how we use, share, and protect the Personal Information of Clients, Visitors, and End Users who visit the Entrata Sites. It also describes the rights and choices regarding use, access to, and correction of Personal Information available.
Entrata provides its Platforms for use by our Clients, which are typically residential and commercial real estate property managers and property owners. Our Clients use our Platforms for many purposes, such as to manage the leasing lifecycle, and to facilitate communication with their End Users. Entrata typically has no direct relationship with our End Users; we simply process and store our End Users’ Personal Information (“Client Data”) on our Clients’ behalf, as their service provider, while the Clients are responsible for the processing. Any use of Client Data by us is carried out pursuant to an agreement (and/or our applicable Terms of Service) in place between Entrata and our Client.
If you, as an End User, have any questions or concerns about the data handling practices of an Entrata Client using our Platforms to process and store your personal information, please contact the relevant Client directly.
Our ProspectPortal Platform permits our Clients to create their own websites, which facilitate communication and transactions between prospective and current tenants and our Clients. While these websites are built using our Platforms, and Client Data obtained through these websites are stored on our systems, this data is considered Client Data and is governed by our Clients’ privacy notices/policies.
Finally, our Entrata Sites may contain links to other third-party websites. The information practices and content of such third-party websites are governed by their own privacy notices. We encourage you to review the privacy notices of such third-party websites to understand their information practices.
We may collect Personal Information in various ways, such as when you: enter into a transaction or contractual arrangement with us; participate in Entrata’s programs or activities; provide data at industry events and trade shows; visit our facilities or we visit you at your offices; contact our customer services; or in connection with your inquiries and communications with us. We may also collect Personal Information from other sources, including the Client, data companies, publicly accessible databases, and joint marketing partners.
We have created the following table to help you understand the categories of Personal Information that we are responsible for, and process:
| Categories of Personal Information: | Specific Types of Personal Information: | Source: | Why We Collect It – Our Purposes |
|---|---|---|---|
| Client Personnel Information | Contact Information: First and last name, email address, employer, phone number (work), physical address (work), job title. Marketing Preferences and Customer Service Interactions: Marketing preferences; responses to voluntary surveys. Operational Data: Transactions, sales, purchases, uses, supplier information, credentials to online services and platforms, and electronic content produced by individuals using company systems, including online interactive and voice communications such as blog, chat, webcam use, and network sessions. |
Directly from our Clients and Client Personnel | Communicate with Clients and Client Personnel for the purpose of supporting our contractual relationship. This includes: 1. Informing Clients about our various Platforms and solutions, and providing access to our Platforms where the Client enters into an agreement with us. 2. Providing back-end access to the Platforms for Clients and Client Personnel 3. Tracking and responding to Clients’ inquiries, reports, reviews or correspondence regarding products and services. 4. Administering Client account(s). 5. Providing and improving our customer service. 6. Facilitating communications generally in the context of our business activities. 7. Sending administrative information to Clients, such as changes to our terms, conditions and policies. 8. Enforcing our Terms of Use and any other contractual terms and conditions that govern the relationship between Entrata and our Clients. 9. Continuously improving, customizing and personalizing our Platforms. 10. Analyzing and improving the safety and security of our Platforms. 11. Supporting internal Entrata operations, including CRM and Client technical support. 12. Connecting with vendors via APIs to allow vendors to provide specific services directly to Clients. 13. Providing Clients and Client Personnel with access to our App Store’ to allow Clients to directly enable external applications. 14. Carrying out machine learning, data extracting and loading data in data warehouses, in order to support Entrata enterprise software, data access, modifications, operations, and provide access to third parties via secure integrations. |
| Prospective Client Personnel Data | First and last name, email address, employer, phone number (work), physical address (work), job title. | Directly from Prospective Client Personnel. | Contact prospective Clients in order to set up demos of our Platforms. This includes: 1. For marketing purposes, such as re-engaging with prospective Clients who have expressed an interest in our Platforms. 2. Administering account access to our Platforms. 3. Responding to inquiries, for example, when you send us questions, suggestions, compliments or complaints, or when you request further information about our services |
| End Users | Contact Information: Name. Survey Responses |
Directly from End Users in response to voluntary surveys. | Platform improvement and marketing purposes (to Potential Clients). |
We do not use Personal Information for purposes that are materially different to the purposes for which they were originally collected, as set out in Section 2. If these purposes change in the future, we will provide you with notice and a request to consent to (or an opportunity to opt-out of) this new use where so required by applicable law.
“Do Not Track” Notice: “Do Not Track” is a preference that you can set in your browser to let websites you visit know that you do not want them collecting certain information about you. Entrata does not currently respond to, or honor, Do Not Track signals or requests from your browser.
We will not disclose any personal information that we collect from you to any external parties except as indicated below (for CCPA purposes, all of the below categories of data recipients are classified as Service Providers or Third Parties, as those terms are defined):
1. Our Affiliates. We may disclose personal information to any of our subsidiaries and affiliates within the Entrata corporate group (click here for a list of our subsidiaries). Specifically, if our clients utilize our applicant screening service, we will share personal information with our subsidiary ResidentVerify, LLC. Additionally, if you utilize our renters insurance agent, we will share personal information with our subsidiary Entrata Insurance Agency, LLC.
2. Service Providers. We may disclose personal information to our service providers who perform certain services necessary to run our business (for example, data hosting and development, data analysis, customer service, auditing and other services), provided that these service providers have entered into legally binding agreements with us to protect the personal information shared, limit their use, retention, and disclosure of the personal information, and assist us with our compliance requirements.
3. Legal Request. We may disclose personal information to comply with applicable law and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), to respond to requests from public and government authorities (which may include authorities outside your country of residence), to cooperate with law enforcement, or for other legal reasons.
4. Business Transfer. We may disclose personal information to a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Entrata’s assets, whether as a going concern or as part of bankruptcy, liquidation, receivership, or similar proceeding in which personal information held by Entrata are among the assets to be transferred.
5. Enforcement of Our or Others' Rights. We may disclose personal information to external parties the extent that this is necessary to enforce or protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others, including enforcing our Terms of Use and any other agreements (such as for billing and collection purposes and fraud prevention).
We do not knowingly collect personal information from children under the age of seventeen (17) without authorization by a holder of parental responsibility. If you believe that we may have collected personal information from or about a child under the age of seventeen (17), please send an email to dataprivacy@entrata.com with the subject line "Personal Data of a Minor.”
We seek to use commercially reasonable organizational, technical and administrative measures to protect Personal Information within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. Where we have given you (or where you have chosen) a username and password (either as a Client or an End User) to access our Platforms, you are responsible for keeping this information confidential and preventing unauthorized access to your account. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the "How to Contact Us" section below.
Where we collect your payment card information, we will comply with all applicable Payment Card Industry Data Security Standards (PCI-DSS).
We retain personal information for as long as needed or permitted in light of the purpose(s) for which they were obtained and consistent with applicable law. The criteria used to determine our retention periods include:
1. The length of time we have an ongoing relationship with you or our Client, and provide the use of our Platforms to you or our Client (for example, for as long as you have an account with us or keep using the Platforms);
2. Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
3. Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Where you have set up an account on one of our Platforms through our Clients, it is up to you to keep your personal information up to date. If you are unable to update your personal information, please contact our relevant Client with which you have a primary relationship. If our Client is unable to assist you, we will endeavor to assist our Client with updating your information.
The information and rights in this section apply specifically to California residents.
In compliance with the California Consumer Privacy Act (“CCPA”), Entrata does not sell, trade, or rent any Personal Information, nor have we done so in the preceding twelve months. Entrata has not sold the Personal Information of minors under 16 years of age without first attaining affirmative authorization.
California residents are entitled to contact us to request information about whether we have disclosed Personal Information to third parties for the third parties’ direct marketing purposes. Currently Entrata does not disclose Personal Information to third parties for their direct marketing purposes. Thus, upon receipt of such a request by a California consumer, and as required by California state law, we will respond with either (1) a confirmation that we have not disclosed any Personal Information to third parties for their direct marketing purposes in the previous calendar year, or (2) if our practices have changed, provide a list of all third parties to whom Personal Information was disclosed for their direct marketing purposes in the preceding calendar year, whichever is relevant. California consumers may request further information about our compliance with this law by emailing us at dataprivacy@entrata.com.
Under the CCPA, California consumers have various rights regarding the Personal Information that Entrata’s clients collect and process using Entrata’s platforms.
Note: These rights are generally exercisable against Entrata’s Clients and not against Entrata because Entrata is acting as a Service Provider to our Clients. These rights are only exercisable directly against Entrata when we are determining the purposes and means of processing of your Personal Information (which we generally only do if you are an employee of one of our Clients or someone we are sending marketing communications to). Thus, the description provided below is for your and our Clients’ convenience - please reach out to our Clients directly if you wish to exercise any of these rights. Some of the information that our Clients are required to provide to you can be found in various sections of this Privacy Policy, or in our Clients’ respective privacy notices.
California consumers have the right to:
1. Request disclosure of the categories and specific pieces of Personal Information that a Business has collected about you.
2. Request disclosure of the categories of third-party sources, if any, from which a Business has collected Personal Information about you.
3. Disclosure of the Business or Commercial Purpose(s) for which your Personal Information has been collected.
4. Receive a list of the categories of third parties with whom a business has shared your Personal Information.
5. Request that a business delete any Personal Information that it has collected from you (subject to exceptions).
6. Not be discriminated against by a business (e.g. charged different rates, provided different levels of service, denied goods or services, or suggested any of the preceding) for exercising any of the individual rights granted above.
7. Designate an authorized agent to exercise any of the individual rights granted above, on your behalf.
8. Opt-out of the sale of Personal Information, if applicable.
To exercise any of your rights as a California consumer, you should contact the Client with which you have a direct relationship, or contact Entrata directly if your relationship is only with us (e.g. personnel of our Clients or our potential Clients) by sending an email to dataprivacy@entrata.com.
Before complying with your request, our Clients (or Entrata) may need to verify that it is you that is making the request. To accomplish this, you (or your authorized agent) may be requested to (1) confirm specific pieces of Personal Information that our Clients (or Entrata) already know about you, or (2) provide our Clients (or Entrata) with appropriate identification depending on the sensitivity of the information requested. California consumers are limited to two requests for Personal Information per twelve-month period.
Our Clients who utilize our Platforms to create property management websites are responsible for what they do with the Personal Information they collect, directly or through Entrata’s Platforms, about their End Users. If our Clients utilize our payment processing functions, your payment information may be processed via third party payment processors in accordance with such payment processors’ terms and policies. We transmit your complete payment information when you initiate a payment through the Entrata Platform. We collect this information only so that we can pass it along to our payment processors, which you agree to use by submitting a payment through the Entrata Platform. Where we collect your payment card information, we will comply with all applicable Payment Card Industry Data Security Standards (PCI-DSS).
It is our policy to post any changes we make to our Privacy Policy on this page, with a notice that it has been updated on our main homepage. If we make material changes to how we treat your Personal Information, we will notify you through a notice on the homepage. The date that this Privacy Policy was last revised is listed at the top of the page. You are responsible for visiting our site and this Privacy Policy to check for any changes.
If you have any questions or complaints related to our practices with respect to the collection, use, or disclosure of personal information, please feel free to contact us at:
Entrata Legal Department
4205 Chapel Ridge Rd.
Lehi, UT 84043
dataprivacy@entrata.com