GRESB B.V (“GRESB”, “Us”, “We”, “Our”) is committed to protecting and respecting Your privacy. This statement (together with Our Portal Terms & Conditions, and any other documents referred to on it) sets out the basis on which any Personal Data (defined below) We collect from You, or that You provide to Us, will be processed by Us. This statement is applicable to You, as a casual browser and/or as an account user (“You”) on Our Site (defined below). Please read the following carefully to understand Our views and practices regarding Your Personal Data and how We will treat it.
- DATA CONTROLLER
1.1. The entity controlling the processing of Your Personal Data is GRESB B.V, a Dutch company whose main registered office is located at 1083 HN Amsterdam, 101 Barbara Strozzilaan. GRESB B.V is registered in the Business Register under number: (KvK) 55416071
1.2. You may contact Us at the above address or at the following email address: firstname.lastname@example.org
- PRIVACY OFFICER
2.1. For any question relating to this statement or to exercise Your rights on Your Personal Data, including but not limited to provisions of the GDPR, please contact Our Privacy Officer at the above postal address or at the following e-mail address: email@example.com.
- INFORMATION WE MAY COLLECT FROM YOU:
3.1. We may collect information about You by the following means:
- Cookies; and
- Forms in Our website (gresb.com) (“Site”) including but not limited to creation of user accounts.
3.2. We may collect and process the following information about You:
- Information regarding Your name, employer name, email address, postal address and telephone number that You provide in connection with the use of Our Site and/or services;
- Information about Your computer, including where available Your IP address, operating system and browser type, for system administration. (Disclaimer: This is statistical data about our users’ browsing actions and patterns, and typically does not identify any individual, however it may constitute as Personal Data, as defined below.)
3.3. For the same reason, We may obtain information about Your general internet usage by using a cookie file, which is stored on the hard drive of Your computer. Cookies contain information that is transferred to Your computer’s hard drive. They help us to improve Our Site and to deliver a better and more personalized service. They enable Us to estimate our audience size and usage pattern, to store information about Your preferences, and also allow Us to customize Our Site and/or services according to Your individual interests. In addition, they help speed up Your searches and recognize You when You return to Our Site. (Please see Our Cookies Statement, available at this link: )
3.5. We may also collect, directly or indirectly via google analytics, details of Your visits to Our Site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that You access.
3.6. We may also keep a record of correspondence, in the event You contact us, and/or complete forms in response to our annual consultation period.
3.7. We may retain details of products and services provided by us to You including details of invoices and receipts, and records of transactions You carry out through Our Site and of the fulfillment of Your orders.
3.8.Any and all of this information may be defined as “Personal Data”. Our Site includes password-protected areas of Our Site known as the GRESB Portal, which may be web pages hosted by our external information technology service providers appointed by us. However, this statement only applies to Personal Data provided in the GRESB Portal and the public website for GRESB. Our website does not include the third party websites described below.
- PURPOSE AND LEGAL BASIS FOR PROCESSING
4.1. The Personal Data We collect concerning You are processed in full compliance with European regulations.
4.2. The purposes of processing Your Personal Data are:
- Ensuring that content from Our Site is presented in the most effective manner for You and for Your computer;
- Providing You with information, products or services that You request from us or which we feel may interest You, where You have consented to be contacted for such purposes;
- Carrying out our obligations arising from any contracts entered into between You and us;
- Allowing You to participate in interactive features of our website and services, when You choose to do so;
- Notifying You about changes to our website, products and/or services; and
- Tracking Your use of our products and services, and to be able to create newer and better products and services, as needed.
4.3. Where the processing of Your Personal Data is based on Your consent only, You have the right to withdraw this consent at any time. We will then erase Your Personal Data and stop processing it.
5.1. The Personal Data that We collect from You may be transferred to and stored outside the European Economic Area (“EEA”), currently limited to the USA and Singapore, or to authorized employees in Canada, USA and Australia.
5.2. It may also be processed by staff operating outside the EEA that work for Us or for one of Our suppliers, or Our parent company, GBCI, based in the United States. Such staff may be engaged in, among other things, the fulfillment of Your order, the processing of Your payment details and the provision of support services.
5.3. All information You provide to Us is stored using a password-protected system managed either by us or by independent contractors appointed by Us. Where We have given You (or where You have chosen) a password that enables You to access certain parts of Our Site, You are responsible for keeping this password confidential. We ask You not to share such passwords with anyone.
- RECIPIENT AND TRANSFER OF YOUR PERSONAL DATA
6.1. We may disclose Your Personal Data to any parent, subsidiary or group company that may be located outside the EEA, currently limited to the USA and Singapore, or to authorized employees in Canada, USA and Australia.
6.2. Please note that some of the abovementioned countries are not recognized by the European Commission as ensuring an adequate level of protection of Personal Data. GRESB has implemented appropriate safeguards for the protection of Your rights and interests in these countries, by executing appropriate agreements, a copy of which can be requested by contacting the following e-mail address: firstname.lastname@example.org
6.4 We may disclose Your Personal Data to third parties:
- In the event that we transfer, buy or otherwise deal with any business or assets, such as in a merger or an acquisition, in which case We may disclose Your Personal Data to the prospective transacting party or parties of such business or assets;
- If GRESB B.V or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets;
6.5. By submitting Your Personal Data, You agree to this processing, including the aforementioned transfer and storage. We will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this privacy statement.
- YOUR RIGHTS
7.1. You have the right to request from GRESB B.V., among other things,
- Clear information concerning Your data and the way we are processing it;
- Rectification, correction or completion of inaccurate, incorrect or incomplete data and ;
- Erasure or restriction of the processing of inaccurate data or data unlawfully processed;
- Oppose and cease all processing of Your Personal Data for any direct marketing purpose;
- To receive Your Personal Data in a structured, commonly used and machine-readable format, enabling You to transmit the data to another controller.
To exercise Your rights or for more information on the full extent of Your rights, please contact our Privacy Officer by mail or e-mail at the addresses indicated above. Please attach to Your request a copy of an official identity document.
7.2. Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If You follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before You submit any Personal Data to these websites.
- THE TIME WE KEEP YOUR DATA
8.1. Your Personal Data is kept with GRESB for the time of:
- VOLUNTARY SUBMISSION OF INFORMATION
9.1. For clients of GRESB, Participants and Members of the GRESB Portal and vendors of GRESB, the provision of Your Personal Data is a statutory and/or contractual requirement, and/or a requirement necessary to enter into the contract with GRESB. Not providing them may result in not entering into the contract with GRESB, or not enabling GRESB to perform its services.
9.2 For any other casual browsers, the provision of Your Personal Data is purely voluntarily-based. You may use the GRESB website without disclosing personally identifiable information, and we will not obtain such information about You unless You choose to submit it to us. Any information You submit will be used internally only; however, submission of information authorizes such internal use by us and our employees.
9.3. Not providing Your Personal Data may only prevent You from receiving information on the activities of GRESB B.V.
10.1. If You believe Your data are unlawfully processed by GRESB B.V, You may lodge a complaint with the Autoriteit Persoonsgegevens (https://autoriteitpersoonsgegevens.nl/en).
- DATA SECURITY MEASURES
11.1 We maintain technical, physical, and administrative security measures designed to provide reasonable protection for Your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, and information access authorization controls. We follow best practices to make sure data is served over secure platforms only. While We are dedicated to securing our systems and services, You are responsible for securing and maintaining the privacy of Your password(s) and verifying that the Personal Data We collect and maintain about You is accurate and current. We are not responsible for protecting any Personal Data that We share with a third-party based on an account connection that You have authorized. For instance, credit-card transactions on Our website are currently managed via a third-party vendor and credit card information does not traverse Our network.
- CHANGES TO OUR PRIVACY STATEMENT
12.1. Any changes We may make to Our Privacy Statement in the future will be posted on this page and, where appropriate, notified to You by e-mail. Changes to the Privacy Statement will be dated, and will be effective from the date specified forward.
This Privacy Statement was last updated on: May 24, 2018