Privacy Policy
Effective Date: 12-01-2023
Important Note for our Clients’ customers, including tenant applicants, and tenants, whether prospective, current or former ("End Users"):
Entrata, Inc. and its affiliates (collectively, "Entrata", "we", "us," "our") provide its Platforms for use by our business clients (“Clients”), which are typically residential and commercial real estate property managers and property owners. Our Clients use our Platforms for many purposes, such as to manage the leasing lifecycle, and to facilitate communication with their End Users. Entrata typically has no direct relationship with the End Users; we only process and store the End Users’ personal data ("Client Data") on our Clients’ behalf, as their service provider (i.e., data processor), while the Clients are responsible for the processing (i.e., data controllers). Any use of Client Data by us is carried out pursuant to our Client’s instructions (and/or our applicable Terms of Service) in place between Entrata and our Client.
If you, as an End User, have any questions or concerns about the data handling practices of one of our Clients using our Platforms to process and store your personal data, please contact the relevant Client directly. Our ProspectPortal Platform permits our Clients to create their own websites, which facilitate communication and transactions between prospective and current tenants. While these websites are built using our Platforms, and Client Data obtained through these websites are stored on our systems, such Client Data is governed by our Clients’ privacy notices/policies.
This Privacy Policy only governs our processing of Personal Data that is covered by the EU General Data Protection Regulation (GDPR). This may be the case if you are an individual located in the EU, or when one of our affiliates located in the EU is responsible for the processing of your Personal Data. To access our privacy policies in other regions, please click here.
Entrata is committed to protecting individuals’ privacy. It is important to us that we provide transparency regarding our collection, use, and disclosure of Personal Data.
"Personal Data" is data that identifies you as an individual or relates to an identifiable individual. This Privacy Policy describes our processing practices of Personal Data that we collect and use in connection with:
- Our suite of products and services made available to our customers in the European Union (“EU”) by us for use on or through computers and mobile devices (collectively, the “Platforms”).
- Websites operated by us relating to the Platforms which link to this Privacy Policy (“Entrata Sites”).
- Our social media pages relating to the Platforms from which you are accessing this Privacy Policy (collectively, our “Social Media Pages”).
- Offline business interactions that you have with us about the Platforms.
- HTML-formatted email messages that we send to you that link to this Privacy Policy or other communications with you.
Collectively, we refer to the Platforms, the Entrata Sites, the Social Media Pages, the offline business interactions, and emails as the "Services").
1. What Does This Privacy Policy Apply to?
This Privacy Policy describes how we use, share, and protect the Personal Data of individuals who use the Services. It also describes your rights and choices regarding your Personal Data.
Our Services may contain links to other third-party websites. This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any third parties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates. The information practices and content of such third-party websites are governed by their own privacy policies. We encourage you to review the privacy policies of such third-party websites to understand their information practices.
In addition, we are not responsible for the data collection, use, disclosure, or security policies or practices of other organizations, such as Meta, Apple, or Microsoft, or any other social media platform provider, operating system provider, or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or in connection with the Platforms or our Social Media Pages.
2. Which Categories of Personal Data Do We Process?
We collect Personal Data in various ways, including through our Services and from other sources, as set out in the grids below.
We need to collect certain Personal Data in order to provide the requested Services to you. If you do not provide the data requested, we may not be able to provide the Services. We will note which Personal Data is required to provide the Services at the time of its collection.
If you disclose any Personal Data relating to other people to us, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.
Personal Data we receive directly from you
| Name & Contact Details | Such as first and last name, email address, telephone number, postal address, country of residence. |
| Business Contact Details | Such as company name, job title, business email address, business telephone number, business postal address, country of business. |
| Account Information | Such as your chosen username and password, and other information you share as part of your account. |
| Billing Information | Such as debit or credit card details, bank account details, billing address. |
| User Content | Such as reviews about our Services, and other content you may create or share on our Services, including posts on our Social Media Pages, blogs, and comment sections. |
| Preferences | Such as language, interests, and other customer feedback/preferences that you might express during your use of our Services. |
| Marketing Data | Such as your choices regarding our newsletters, surveys, and other marketing/advertising displayed or provided to you, and preferred methods of such promotional communication. |
| Relationship History | Such as details of your communications with us, and details of your claims, complaints and queries in general. |
| Transaction Information | Such as details of the Services you have purchased from us. |
| Visitor and Event Information | Such as dietary restrictions, travel and accommodation details, and other details specific to a particular event that you share with us. |
| User Photographs and Videos | Such as photos and videos submitted by you while using our Services. |
| Telephone Call Recordings | Such as audio recordings of telephone calls when you contact us. |
Personal Data we collect through your use of our Services or from other sources
| Social Media Information | Such as profile pictures, social media account ID, and other social media profile information, including lists of friends/followers on social media. |
| Event Photographs and Videos | Such as photos and videos taken at one of our events. |
| Device Information | Such as information about your devices and your use of our Services. |
3. Why Do We Collect Personal Data?
We use your Personal Data for legitimate business purposes as described in the grids below. Entrata does not use personal data for purposes that are materially different to the purposes for which they were originally collected. If these purposes change in the future, we will provide you with relevant notice and the option to opt-out of this use where so required by applicable law.
Making our Services available to you
| Purpose | Examples of Processing Activities | Personal Data Categories | Legal Basis | Third Party Sources |
|---|---|---|---|---|
| Providing the functionality of the Services | Provide the functionality of the Services to you, such as arranging access to your online account, providing prospective clients access to our Platforms for the purposes of providing demos/tutorials of the Platforms, and administering your account(s); facilitating your purchases of our Services; verifying your information; processing your purchases and related payments. | Name & Contact Details; Business Contact Details; Account Information; Billing Information; Preferences; Relationship History; Transaction Information; Device Information. | Performance of the contract, including the Terms of Use we enter into with you to provide the Services. | Publicly available databases. |
| Customer service | Administering customer-care services to facilitate and address inquiries, requests, comments, suggestions, compliments, and complaints about any of our Services (such as in person, through phone lines, email, or on social media), for example, to send you documents or information you request or assist you in using the Services. | Name & Contact Details; Business Contact Details; Account Information; Billing Information; Relationship History; Transaction Information; Device Information; Telephone Call Recordings; and Preferences. | Performance of the Terms of Use we enter into with you to provide the Services. Legitimate interests, such as responding to inquiries or complaints. Legal obligations*, such as when you submit a request to access your Personal Data. | N/A |
| Communicating important changes / Service messages | Sending you important information regarding our relationship with you, our Services, any changes to our terms, conditions, policies and procedures, and/or other administrative information. | Name & Contact Details; Business Contact Details; Account Information; Preferences; Relationship History; Transaction Information; Device Information; and Social Media Information. | Legitimate interests, such as to ensure our Services are used in accordance with our terms, conditions, and policies. Performance of contract, where provided in our Terms of Use. Legal obligations*, such as to inform you of material changes to our Terms of Use to comply with applicable consumer and/or data protection laws. | N/A |
| Operations and general business | Supporting internal Entrata operations, including CRM and Client technical support; administering our online Services (such as troubleshooting and diagnostic testing, conducting performance analyses of our systems and Services, testing new system features to evaluate their impact, system and log maintenance, technical support, system debugging, the hosting of data); employee training and managing work activities and personnel generally; facilitating mergers, acquisitions and other reorganizations and restructurings of our business (including prospective transactions).** | Personal Data as relevant for the specific business operation. | Legitimate interests, such as responding to customer complaints and concerns. Legal obligations*, for example, relating to financial transactions, such as the obligation to maintain books and records. | Third party organizations, when they share personal data with us to, for example, facilitate mergers, acquisitions and other reorganization and restructurings of our business. |
Events, Programs and Visits
| Purpose | Examples of Processing Activities | Personal Data Categories | Legal Basis | Third Party Sources |
|---|---|---|---|---|
| Online webinars, Entrata Connect, Basecamp and other events | Facilitating your participation in our programs and activities, such as online webinars, Entrata Connect and Basecamp; facilitating your participation in industry events and trade shows; welcoming visitors to our premises. | Name & Contact Details; Business Contact Details; Account Information; Relationship History; Preferences; Visitor and Event Information; Marketing Data; and Event Photographs and Videos. | Performance of a contract with you, such as collecting information regarding a planned event in which you participate. Legitimate interests, such as responding to customer complaints or concerns relating to an event. | Event management service providers. |
Marketing and engagement
| Purpose | Examples of Processing Activities | Personal Data Categories | Legal Basis | Third Party Sources |
|---|---|---|---|---|
| Marketing | Sending you promotional information about our Services, newsletters, promotions, offers and other news about our Company; engaging with prospective clients who have expressed interest in our Services. | Name & Contact Details; Business Contact Details; Account Information; Relationship History; Transaction Information; Preferences; Marketing Data; Event Photographs and Videos; User Content; Device Information; and Social Media Information. | Legitimate interests, such as to promote our Services. Consent, for example, where we would like to send you email marketing communications, but do not have an existing relationship with you, we will ask for and rely on your prior opt-in consent. | Publicly available databases. Marketing / advertising service providers. |
| Promotions and contests | Conducting contests and other promotional offers. NOTE: Some of these promotions have additional rules containing information about how we will use and disclose your Personal Data, which we will communicate to you separately. | Name & Contact Details; Business Contact Details; Account Information; Relationship History; Transaction Information; Preferences; Marketing Data; Device Information; User Content; User Photographs and Videos; Event Photographs and Videos; and Social Media Information. | Legitimate interests, such as to promote our Services. Performance of contract, such as fulfilling obligations associated with a contest. | Publicly available databases. Marketing / advertising service providers. |
| Relationship building and engagement | Facilitating and responding to any reviews, social sharing and posts on our Services. | Name & Contact Details; Business Contact Details; Account Information; Marketing Data; Social Media Information; and User Content. | Legitimate interests, such as engaging with individuals who post on our Social Media Pages. | Marketing / advertising service providers. |
Personalization and improving our Services
| Purpose | Examples of Processing Activities | Personal Data Categories | Legal Basis | Third Party Sources |
|---|---|---|---|---|
| Personalizing our Services | Carrying out machine learning, data extracting and loading data in data warehouses to support Entrata enterprise software, data access, modifications, operations. | Name & Contact Details; Business Contact Details; Account Information; Marketing Data; Social Media Information; Relationship History; Transaction Information; Device Information; and Preferences. | Legitimate interests, such as providing tailored Services based on past usage and/or preferences, and such tailoring would be based on basic and privacy-non-intrusive segmentation. | Publicly available databases. |
| Improving Services | Conducting data analysis, for example, monitoring and analyzing usage of Services and using data analytics to improve the efficiency of our Services; considering ways for enhancing, improving, repairing, maintaining or modifying our current Services; identifying usage trends, for example, understanding which parts of our Services are of most interest to users; operating and expanding our business activities, for example, understanding which parts of our Services are of most interest to our users so we can focus our energies on meeting our users’ interests; determining the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users; developing new products and services. | Name & Contact Details; Business Contact Details; Account Information; Relationship History; Transaction Information; Preferences; User Content; Device Information; Telephone Call Recordings; and Social Media Information. | Legitimate interests, such as developing new Services. | Publicly available databases. Marketing / advertising service providers. Data broker service providers. |
| Aggregating and/or anonymizing Personal Data | Aggregating and/or anonymizing Personal Data so that it will no longer be considered Personal Data. | Personal Data as relevant for the specific business purpose. | Legitimate interests, such as to generate other data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual. | N/A |
Security and legal reasons
| Purpose | Examples of Processing Activities | Personal Data Categories | Legal Basis | Third Party Sources |
|---|---|---|---|---|
| Fraud prevention and security | Conduct audits, verify that our internal processes function as intended and are compliant with legal, regulatory or contractual requirements; monitor for and prevent fraud; and security purposes, including system security and on-site security of our premises. | Name & Contact Details; Business Contact Details; Account Information; Billing Information; Device Information; Relationship History; Telephone Call Recordings; CCTV and Site Security Information; and Transaction Information. | Legal obligations*, such as to detect and prevent cyberattacks. Legitimate interests, such as identifying and/or preventing fraudulent transactions. | N/A |
| Legal and compliance | Fulfilling our legal and compliance-related obligations, including complying with applicable laws; complying with legal processes; responding to requests from public and government authorities; meeting national security or law enforcement requirements. | |||
| Enforcing our Terms of Use and any other contractual terms and conditions that govern the relationship between you and us; protecting our operations; protecting the rights, privacy, or property of Entrata; and allowing us to pursue available legal remedies, defend claims and limit the damages that Entrata may sustain. | Personal Data as relevant for the specific legal action, regulatory investigation, and/or legal processes in question, which may include: Name & Contact Details; Business Contact Details; Account Information; Billing Information; User Content; Preferences; Marketing Data; Relationship History; Transaction Information; Visitor and Event Information; User Photographs and Videos; Social Media Information; Event Photographs and Videos; Telephone Call Recordings; and Device Information. | Legal obligations*, such as complying with legal processes. Legitimate interests, such as enforcing terms and conditions to protect trademarks and bringing or defending legal claims. | Public and/or government and/or regulatory authorities, including courts, tribunals, regulators and government authorities. Third persons (legal or natural), as relevant for the specific legal action and/or processes in question (such as lawyers, auditors, insurers, advisory firms etc.). | |
| Emergency and incident response | Ensuring the safety of on-site personnel and visitors; responding to and documenting on-site accidents and medical and other emergencies; actively monitoring facilities to ensure adequate incident prevention, response and documentation; requesting assistance from emergency services; and sending notifications and alerts in the event of incidents or emergencies. | Name & Contact Details; and Visitor and Event Information. | Legal obligations*, for example, relating to health and safety regulations and documenting on‑site accidents. Legitimate interests, such as monitoring properties to ensure individuals’ safety. Protect individuals’ vital interests, such as contacting medical or emergency services where an individual’s life is at risk. | N/A |
- For more information on our legal obligations, please see section ‘Other Disclosures’ below.
** For more information on disclosure of Personal Information in connection with a sale or business transaction, please see ‘Other Disclosures’ below.
Other Disclosures
We also disclose your Personal Data as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so, as set out in further detail below.
| Purpose | Further Detail |
|---|---|
| To comply with applicable law and regulations | This may include laws outside your country of residence, which could give rise to a legal obligation requiring us to process your Personal Data, including: - Civil and commercial matters: where we are in receipt of a court order to disclose information for the purposes of court proceedings, such as under Regulation (EU) No 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters. - Criminal matters: to comply with requests and orders from EU and EU Member State law enforcement to provide information in relation to a criminal investigation in compliance with applicable local laws, or to take steps to report information we believe is important to law enforcement where so required or advisable under applicable local laws. - Corporate and taxation matters: to comply with our obligations under applicable EU Member State corporate and tax legislation, such as where a national tax law of an EU Member State requires collection of specific transactional Personal Data for tax purposes. - Regulatory matters: to respond to a request or to provide information we believe is necessary or appropriate to comply with our obligations to engage with regulators, such as when relevant EU Member State data protection supervisory authorities initiate investigation under the GDPR into our Company. These can include authorities outside of your country of residence. - Compliance and internal investigations: to comply with whistleblowing requirements under Directive (EU) 2019/1937 and its implementing laws in EU Member States. - Health and safety regulations: to comply with health and safety reporting obligations in accordance with applicable local laws, such as in relation to accidents involving members of the public on our premises. |
| For other legal reasons | - For dispute resolution purposes; - To protect our rights, privacy, safety or property, and/or that of our affiliates, you or others. |
| In connection with a sale or business transaction | For disclosing or transferring your Personal Data to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings). You will be notified of any such business transaction and of possible changes to the processing of your Personal Data in accordance with applicable law and Section 11. |
4. Which Recipients Receive Personal Data?
| Recipients | Purpose |
|---|---|
| Payment processing service providers | - Fraud prevention and security - Providing the functionality of the Services - Events, Programs and Visits |
| Our affiliates (including Entrata Europe B.V. and Entrata India Private Limited) | - Aggregating and/or anonymizing Personal Data - Communicating important changes - Customer service - Fraud prevention and security - Improving the Services - Legal and compliance - Marketing - Operations and general business - Personalizing our Services - Promotions and contests - Providing the functionality of the Services - Relationship building and engagement - Events, Programs and Visits |
| Data hosting service providers | - Improving the Services - Operations and general business - Providing the functionality of the Services |
| Fraud prevention agencies | - Fraud prevention and security - Improving the Services - Operations and general business - Providing the functionality of the Services |
| Analytics service providers for our Services | - Aggregating and/or anonymizing Personal Data - Customer service - Fraud prevention and security - Improving the Services - Marketing - Operations and general business - Personalizing our Services - Promotions and contests - Relationship building and engagement |
| Law enforcement, public, regulatory and government authorities, courts or tribunals | - Emergency and incident response - Fraud prevention and security - Legal and compliance |
| Auditing service providers and professional advisers | - Fraud prevention and security - Legal and compliance |
| Other service providers assisting us with the Services | - Provision of the Entrata Academy |
5. Use of Services by Children
The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Data from individuals under the age of sixteen (16). If you believe that we may have collected personal data from or about a child under the age of sixteen (16), please send an email to dataprivacy@entrata.com with the subject line "Personal Data of a Minor".
6. How Do We Protect Your Personal Data?
We seek to use reasonable organizational, technical, and administrative measures to protect Personal Data within our organization. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with Section 12 below.
7. Transfers outside of the EEA
Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you understand that your Personal Data will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.
Where this will involve transferring your Personal Data outside the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Adequacy Decisions: Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here.
- Standard Contractual Clauses: For transfers of Personal Data from the EEA to countries which are not considered adequate by the European Commission, we have put in place standard contractual clauses adopted by the European Commission to protect your Personal Data. You may obtain a copy of these measures by contacting us in accordance with Section 12 below.
8. Retaining Your Personal Data
We retain Personal Data for as long as necessary to fulfill the purpose(s) for which they were obtained unless a longer retention period is required or permitted by law, for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services);
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
- Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain Personal Data, even after your account has been deleted and/or we no longer provide the Services to you; for example:
- To cooperate with law enforcement or public, regulatory, and government authorities: If we receive a preservation order or search warrant, related to your Services account, we will preserve Personal Data subject to such order or warrant after you delete your Services account.
- To comply with legal provisions on tax and accounting: We may retain your Personal Data, such as Billing Information, Relationship History, and/or Transaction Information for up to 10 years after you delete your Services account, as required by tax law and to comply with bookkeeping requirements.
- To pursue or defend a legal action: We may retain relevant Personal Data in the event of a legal claim or complaint, including regulatory investigations or legal proceedings about a claim related to your Personal Data, or if we reasonably believe there is a prospect of litigation (whether in respect of our relationship with you or otherwise) for up to 10 years after the dispute has been settled or decided by a court or tribunal from which there is no further right of appeal.
In some circumstances we will anonymize Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
9. Your Individual Rights
You have the right to access, correct, change, delete, restrict your Personal Data, exercise your right to data portability, object to or opt out of the processing of Personal Data or withdraw your consent (which will not affect the lawfulness of processing prior to the withdrawal) to the extent these rights are provided to you by applicable law.
- You can elect not to receive marketing communications by changing your preferences in your account, by following the unsubscribe instructions in each communication, or by contacting us at dataprivacy@entrata.com. Please note that if you opt out of receiving marketing related emails from us, we may still send you important administrative messages (such as changes to our Terms of Use or privacy practices), from which you cannot opt out.
- If you would prefer that we discontinue sharing your Personal Data on a going-forward basis with our affiliates for their direct marketing purposes, you may opt out of this sharing by contacting us at dataprivacy@entrata.com.
You can exercise your rights by contacting us directly with your request at dataprivacy@entrata.com with the subject line "Exercise of EU Data Subject Right". We will respond to your request consistent with applicable law.
You may also lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available here.
Please note that we are not responsible for handling any End User individual rights requests, because the relevant Client is the data controller of the End User’s Personal Data. As an End User, you can exercise your rights by contacting the respective Client with whom you have a direct relationship. For more information, please refer to the note at the top of the page, marked " Important to Note for our Clients’ customers, including tenant applicants, and tenants, whether prospective, current or former ("End Users")".
10. Sensitive Information
Unless we request it, we ask that you not send us, and you not disclose, any sensitive Personal Data (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us.
11. Updates to this Privacy Policy
It is our policy to post any changes we make to our Privacy Policy on this page, with a notice that it has been updated on our main homepage. The date that this Privacy Policy was last revised is listed at the top of this page. Any changes will become effective when we post the revised Privacy Policy on the Platforms or the Entrata Sites.
12. Contacting Us
If you have any questions or complaints related to our practices under this Privacy Policy, please feel free to contact us at dataprivacy@entrata.com. Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
Entrata, Inc. (a US company located at 4205 Chapel Ridge Road, Lehi, UT 84043) is the company responsible (i.e., the data controller) for the processing of Personal Data covered by this Privacy Policy and can be contacted at dataprivacy@entrata.com.