Privacy

Privacy Notice

Last updated: May 16, 2024

About StarRez

StarRez is a global software development company that produces and hosts the world’s leading student housing management software.

Overview

At StarRez, we are committed to safeguarding your privacy and protecting the confidentiality of your data, as well as that of your customers. We are committed to protecting the individual’s right to privacy and implement safeguards that prevent the misuse of private information.

StarRez is committed to meeting the legislated data protection and privacy regulations across all regions where we operate, including the European Union (EU), Switzerland, the United States (US), the United Kingdom (UK) and Australia.

Our commitment to data protection encompasses compliance and continuous improvement with the following:

  • European Union: General Data Protection Regulation (GDPR)
  • Switzerland: Federal Act on Data Protection (FADP)
  • United States: Federal Trade Commission Act, Family Educational Rights and Privacy Act (FERPA), and relevant state laws (e.g., California Consumer Privacy Act - CCPA)
  • Australia: Privacy Act 1988
  • South Africa: Protection of Personal Information Act (POPIA)

If you have any inquiries regarding our data privacy policy, information security practices, or any other measures, please do not hesitate to contact us at legal.data@starrez.com.

What We Collect

Personal Data

In order to provide our products and support services, StarRez collects the following information from its customers: contact details (such as name, email address, and phone number), booking data, and business information (including financial and transaction data). Additionally, each StarRez customer can configure a variety of additional fields. You have the right to access your personal data held by us and to request its correction or deletion.

End User Personal Data

StarRez products enable our customers to process personal data of their end-users ("End Users") for the purpose of providing them with services such as accommodation, conference venues, and food. The personal data collected from End Users may include, but is not limited to, name, email address, phone number, gender, date of birth, and identifiers such as student IDs. We act as a Data Processor under the relevant data protection legislations and work with our customers (who act as Data Controllers) to ensure compliance with data protection regulations. Any data protection issues concerning End Users can be raised with us and will be forwarded to the appropriate Data Controller for resolution.

Logs & Telemetry

As with most web applications, StarRez’s services automatically collect certain information and store it in log files and services. This information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system, and other usage information about the use of our services, including a history of the functions you access. We utilize this information to improve our services, analyze trends, diagnose problems, and administer our systems. Additionally, our websites use cookies and web beacons.

Who We Share Data With

StarRez does not share your personal information with marketing organizations or for purposes unrelated to providing our services. We do aggregate and anonymize personal data for analytics purposes to enhance our services and those of our customers. We engage cloud service providers to host and transmit encrypted personal data under contracts that require the same standards of protection for data subjects. If data needs to be disclosed to a third party for a substantially different purpose from our existing services, you will be given the opportunity to opt-out. StarRez remains liable for the handling of your personal data in such instances.

StarRez may be required to disclose personal information in response to lawful requests by public authorities, including those related to national security or law enforcement.

Data Processing Agreement (DPA) and Sub-processors

As part of our commitment to transparency and data protection, we have established a Data Processing Agreement (DPA) that governs our relationship with sub-processors. This agreement outlines the responsibilities and obligations of sub-processors in handling personal data on our behalf.

For details on our sub-processors and the terms of our Data Processing Agreement, please refer to the following link: Data Processing Agreement.

Our current sub-processors include a range of providers who assist us in delivering our services. By accessing the Data Processing Agreement, you can review the specific arrangements and safeguards in place for the processing of personal data by our sub-processors. If you have any questions or concerns regarding our data processing practices or the Data Processing Agreement, please contact us at legal.data@starrez.com.

StarRez shares data with the following sub-processors in order to provide our services:

  • Microsoft Azure (Cloud Hosting)
  • Amazon AWS (Cloud Hosting)
  • Google (Analytics)
  • Pendo (Product Analytics)
  • Sentry (Error Tracking)
  • New Relic (Performance Telemetry)
  • Atlassian (Project Coordination)
  • AbsorbLMS (Training)

How We Use Data

We utilize Personal Data to provide our services and host End User data to enable our customers to provide services to their customers. Examples of how we may use Personal Data include:

  • Responding to inquiries and providing customer support
  • Improving our existing products or developing new ones
  • Conducting audits, ensuring regulatory compliance, and adhering to industry standards
  • Sending marketing communications
  • Conducting statistical analysis with anonymization

All information maintained and hosted by StarRez for its customers is treated with the utmost care and security. We employ commercially reasonable efforts to ensure that data is:

  • Used fairly and lawfully, for limited and specifically stated purposes
  • Managed to maintain its integrity
  • Kept only for the period required to provide services
  • Handled in accordance with individuals' data protection rights
  • Kept safe and secure, in accordance with industry-standard information security principles
  • Not transferred across borders without adequate safeguards, including encryption and secure storage, and in compliance with legal requirements

Your Rights

European Union (EU):

Under the General Data Protection Regulation (GDPR), individuals in the European Union have the following rights regarding their personal data:

  • Right of Access: You have the right to request access to your personal data and information about how we process it.
  • Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to Erasure: In certain circumstances, you have the right to request the erasure of your personal data.
  • Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data.
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to Object: You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Rights in Relation to Automated Decision Making and Profiling: You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

United Kingdom (UK):

Under the UK GDPR, individuals in the United Kingdom have similar rights to those outlined under the EU GDPR, including:

  • Right of Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restriction of Processing
  • Right to Data Portability
  • Right to Object
  • Rights in Relation to Automated Decision Making and Profiling

California:

Under the California Consumer Privacy Act (CCPA), residents of California have the following rights regarding their personal information:

  • Right to Know: You have the right to request information about the categories of personal information we have collected, the sources from which we collected it, the purposes for which we used it, and the categories of third parties with whom we have shared it.
  • Right to Delete: You have the right to request deletion of your personal information.
  • Right to Opt-Out: You have the right to opt-out of the sale of your personal information to third parties.
  • Right to Non-Discrimination: You have the right not to be discriminated against for exercising your CCPA rights.

If you would like to exercise any of these rights, please contact us using the DPO’s information, provided below. We will respond to your request consistent with the applicable data protection laws and regulations.

Children’s Online Privacy Protection Act

At StarRez, we take special care when it comes to the collection and processing of children's data. We recognize the sensitivity and importance of protecting the privacy of children, particularly in online environments. Our services are not directed at children under the age of 13 (or equivalent minimum age as defined by relevant regulations), and we do not knowingly collect personal data from children without obtaining verifiable parental consent where required by applicable laws. If we become aware that we have collected personal data from a child without parental consent, we take immediate steps to delete such data from our systems. We encourage parents and guardians to supervise their children's online activities and to contact us if they have any concerns about their child's privacy or if they need assistance with exercising their rights under applicable data protection laws."

This paragraph underscores StarRez's commitment to protecting children's privacy and outlines the measures taken to comply with regulations such as the Children's Online Privacy Protection Act (COPPA) in the United States and similar laws in other jurisdictions.

Data Protection Officer

StarRez has appointed an internal Data Protection Officer for you to contact if you have any questions or concerns about our personal data policies or practices:

Stephen Muff 6100 Greenwood Plaza Blvd. Greenwood Village, Colorado 80111 United States legal.data@starrez.com

If any concerns or complaints remain unresolved after contacting the Data Protection Officer, you may raise the issue with the relevant Data Protection Authority in your country, which serves as a free and independent resolution mechanism.