Last modified: January 3, 2009
- Information we collect and how we use it
- Choices for personal information
- Information sharing
- Information security
- Data integrity
- Accessing and updating personal information
- Changes to this policy
- OwnerRez and GDPR
Here at OwnerRez, we recognize that privacy is important.
OwnerRez adheres to the US safe harbor privacy principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce's safe harbor program.
If you have any questions about this Policy, please feel free to contact us through our website or write to us at Privacy Matters, c/o OwnerRez, 113 Cherry Street #81829, Seattle, WA 98104.
In the future, we may offer services that do not require you to register for an account or provide any personal information to us, such as a search or reporting service. Currently, for our flagship service, we require users to register. In order to provide our full range of services, we may collect the following types of information:
Information you provide
When you sign up for OwnerRez service or promotion that requires registration, we ask you for personal information (such as your name, email address and an account password). We also request credit card or other payment account information which we may maintain in encrypted form on secure servers. We may combine the information you submit under your account with information from other OwnerRez services or third parties in order to provide you with a better experience and to improve the quality of our services. For certain services, we may give you the opportunity to opt out of combining such information.
When you use OwnerRez services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
When you send email or other communication to OwnerRez, we may retain those communications in order to process your inquiries, respond to your requests and improve our services.
We may offer services in connection with other web sites. Personal information that you provide to those sites may be sent to OwnerRez in order to deliver the service. We process such information in accordance with this Policy. The affiliated sites may have different privacy practices and we encourage you to read their privacy policies.
OwnerRez may present links in a format that enables us to keep track of whether these links have been followed. We use this information to improve the quality of our services. For more information about links and redirected URLs, please see our FAQs.
- Providing our products and services to users, including the display of customized content and advertising;
- Auditing, research and analysis in order to maintain, protect and improve our services;
- Ensuring the technical functioning of our network; and
- Developing new services.
You can find more information about how we process personal information by referring to the privacy notices for particular services.
OwnerRez processes personal information on our servers in the United States of America and in other countries. In some cases, we may process personal information on a server outside your own country. We may process personal information to provide our own services. In some cases, we may process personal information on behalf of and according to the instructions of a third party, such as our advertising partners.
When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.
If we propose to use personal information for any purposes other than those described in this Policy and/or in the specific service notices, we will offer you an effective way to opt out of the use of personal information for those other purposes. We will not collect or use sensitive information for purposes other than those described in this Policy and/or in the specific service notices, unless we have obtained your prior consent.
You can decline to submit personal information to any of our services, in which case OwnerRez may not be able to provide those services to you.
OwnerRez only shares personal information with other companies or individuals outside of OwnerRez in the following limited circumstances:
We have your consent. We require opt-in consent for the sharing of any sensitive personal information.
We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.
We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of OwnerRez, its users or the public as required or permitted by law.
We may share with third parties certain pieces of aggregated, non-personal information, such as the number of users who searched for a particular term, for example, or how many users clicked on a particular advertisement. Such information does not identify you individually.
Please contact us at the address below for any additional questions about the management or use of personal data.
We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.
We restrict access to personal information to OwnerRez employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
OwnerRez processes personal information only for the purposes for which it was collected and in accordance with this Policy or any applicable service-specific privacy notice. We review our data collection, storage and processing practices to ensure that we only collect, store and process the personal information needed to provide or improve our services. We take reasonable steps to ensure that the personal information we process is accurate, complete, and current, but we depend on our users to update or correct their personal information whenever necessary.
When you use OwnerRez's services, we make good faith efforts to provide you with access to your personal information and either to correct this data if it is inaccurate or to delete such data at your request if it is not otherwise required to be retained by law or for legitimate business purposes. We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Some of our services have different procedures to access, correct or delete users' personal information. We provide the details for these procedures in the specific privacy notices or FAQs for these services.
OwnerRez regularly reviews its compliance with this Policy. Please feel free to direct any questions or concerns regarding this Policy or OwnerRez's treatment of personal information by contacting us through this web site or by writing to us at Privacy Matters, c/o OwnerRez, 113 Cherry Street #81829, Seattle, WA 98104. When we receive formal written complaints at this address, it is OwnerRez's policy to contact the complaining user regarding his or her concerns. We will cooperate with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that cannot be resolved between OwnerRez and an individual.
If you have any additional questions or concerns about this Policy, please feel free to contact us any time through this web site or at Privacy Matters, c/o OwnerRez, 113 Cherry Street #81829, Seattle, WA 98104.
The General Data Protection Regulation (GDPR) is a European Union regulation governing the privacy of consumer data.
OwnerRez, Inc. is a US-based company, with no subsidiaries or legally-registered operations in the European Union. As such, we are not directly subject to European regulations.
However, our European clients are. As such, OwnerRez has been designed to be compliant with the requirements of the GDPR.
First, to resolve one common misunderstanding - the GDPR doesn't require a consent checkbox for the use of personally identifiable information (PII). A consent checkbox is one way, perhaps the most common one, to bypass all other GDPR restrictions and do whatever you want with the data -- track them with cookies and Google Analytics, add them to mailing lists etc. (as the data subject has given consent to that).
But, the GDPR allows the use of PII for necessary operations without a checkbox. Consent is only required for unnecessary data collection, and we carefully only collect necessary data from your guests during the booking process.
Our booking Widgets, and the overall OwnerRez booking process, is built with good data-handling requirements and best practices in mind. We designed the flow years ago before GDPR was even an idea, but because we are a company that values privacy, it follows the same principles as the GDPR of minimum data usage and progressive collection of data as more is needed to complete an operation:
- A guest can come to the widget and enter just dates, or dates and guest counts, and get a quote without providing any PII at all.
- If after seeing the quote, the guest chooses to continue the booking process, either by sending inquiry or starting an instant book, the name, phone, and email are collected so that the guest can receive the quote and be communicated with during the booking process. The guest has clearly communicated their intent to send an inquiry or book the property at that point by entering their email address and clicking the button labeled "Send Inquiry" or "Book Now". You can't respond to an inquiry without an email address, neither can you book without an email address, so that's a required bit of information to collect - which is allowed by the GDPR.
- During the reservation process, no other information is sent to OwnerRez until after the guest has signed the renter agreement and pressed the final "confirm" button at the end of the process to run the booking. The signed rental agreement, just as with a common checkbox, provides you all necessary legal authority to receive and use the guest's PII under GDPR rules.
Any additional information that the guest enters during the booking process is not saved by OwnerRez until they press that "confirm" button in the final step. You can verify this by creating a quote with yourself as a guest and walking through the process.
The acceptances are kept on record with dates in the form of the inquiry/quote/booking/signed-agreement records for the guest in OwnerRez. Upon receipt of a data removal request, it is straightforward for you to pull up OwnerRez, search for the guest by name or email and remove any PII from their record.
OwnerRez is not designed as a bulk email marketing program, and cannot be used for that purpose. It is of course possible for you to export data collected through OwnerRez and then to use that in any other marketing system you prefer, but in that case, you are responsible for following all applicable regulations in your local jurisdiction. This is not an OwnerRez function. At the least, you should be getting separate consent for the use of their data in a mailing list, and provide a clear, effective means for them to unsubscribe. Most major email marketing systems (e.g. Constant Contact, MailChimp, etc.) provide these functions and are themselves compliant with GDPR requirements.