Privacy Policy StarRez's Privacy Policy

StarRez Privacy Policy

Effective Date: 3 January 2020

About StarRez

StarRez is a global software development company that produces and hosts the world’s leading student housing management software.


Our goal is to maintain your trust and confidence when handling your data, and that of your customers. StarRez promises to protect the individual’s right to privacy and implement safeguards that prevent the misuse of private information.

StarRez is committed to meeting the legislated data protection requirements in all the countries in which it operates, and in particular the US, UK and Australia. These include:

StarRez is a member of the EU-US Privacy Shield and Swiss-US Privacy Shield and is committed to upholding the principles of that framework. If you have any questions regarding our data privacy policy, information security or other measures, please don’t hesitate to contact us at privacy AT

What We Collect

Personal Data

StarRez collects the following information from its customers in order to provide product and support services: contact details, such as name, email address, and phone number, booking data, as well as business information, such as financial and transaction data. Each StarRez customer can configure a wide range of additional fields.  You have the right to access your personal data held by us, and to request its correction or deletion.

End User Personal Data

StarRez products enable our customers to process resident’s (“End User”) personal data, for the purposes for providing them with services, such as accommodation, conference venues and food. Personal data collected from End Users varies depending on configuration, but typically includes name, email address, phone number, gender, date of birth and identifiers such as student IDs.

We are considered a Data Processor under the Data Protection Legislation. We work with customers (who are Data Controllers), in accordance with our obligations under the applicable Data Protection Legislation to assist them in providing a robust approach to data protection. End User data protection issues can be raised with us, and will be passed to the appropriate Data Controller for action.

Logs & Telemetry

As with most web applications, StarRez’s services collect certain information automatically, and stores it in log files and services. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of our services, including a history of the functions you access. We use this information to help us design our services to better suit the needs of our users. We may also use your IP address to help diagnose problems with our services and to administer them, analyse trends, and gather broad demographic information that assists us in identifying visitor preferences. Our websites also use cookies and web beacons.

Who We Share Data With

StarRez doesn’t share your personal information with marketing organisations, or for purposes that aren’t associated with providing our services. When we do share data, what we share is limited, and for a specific purpose. We do aggregate and anonymise personal data for the purposes of providing analytics to our customers. You are welcome to contact us at any stage to express any reasonable limitations on how your data is used, at privacy AT We will never share sensitive personal data (such as health data) with third parties without the individual’s express consent.

For the purposes of providing our services, we engage cloud service providers, which provide the infrastructure for our services. These organisations will host and transmit encrypted personal data, and do so under a contract with StarRez that requires the same standards of protection for the subject’s data rights. In the event of a requirement to disclose data to another third party, or for a purpose which is substantially different from our existing services, you will be given the opportunity to opt-out. With these third parties, and any others, StarRez remains liable for the handling of your personal data.

As members of the EU-US Privacy Shield Framework, StarRez is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

StarRez provides redundancy within the region of the customer and data.

How We Use Data

We use Personal Data to provide our services, and we host End User data so that our Customers can provide services to their customers. Examples of how we may use Personal Data:

  • To respond to inquiries and provide customer support
  • To improve our existing products or develop new ones
  • For audits, regulatory purposes and compliance with industry standards
  • To send marketing communications
  • Statistical Analysis (with anonymization)

All information that StarRez maintains and hosts for its customers is treated with the utmost care and security. StarRez uses commercially reasonable efforts to ensure that the data is:

  • Used fairly and lawfully, for limited and specifically stated purposes
  • Used in a way that is adequate and relevant to the business purpose, and not excessive in nature
  • Is managed to maintain its integrity
  • Kept only for the period for which it is required to provide services
  • Handled according to people’s data protection rights
  • Kept safe and secure, in accordance with PCI DSS and other information security principles
  • Not transferred across borders without the protection of strong encryption, secure storage, and the legal basis to do so, by arrangement with data controllers

Your Rights

You are welcome to contact us at any stage to express any reasonable limitations on how your data is used, at If we can comply and still provide our services, we will. If we are not, we will explain the specific requirements for the data and the legal, technical or other reasons why we require it, and offer you the option of sharing the data or having us delete it from our systems.

We will never share sensitive personal data (such as health data) with third parties without the individual’s express consent. If you do not want us to have your data, we will delete it upon request, except where we are legally required to keep records.

In compliance with the Privacy Shield Principles, StarRez commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact StarRez at

StarRez has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.

Data Protection Officer

StarRez has appointed an internal data protection officer for you to contact if you have any questions or concerns about StarRez’s personal data policies or practices:

Rafe Hart
660 Spencer St
West Melbourne, Australia, 3003
privacy AT

If any concerns or complaints remain unresolved after contacting the Data Protection Officer, you may raise the issue with the panel provided by the Data Protection Authority (DPA) in your country, as a free, independent resolution mechanism. Under certain circumstances it is possible for you to invoke binding arbitration as a dispute resolution mechanism.

As a participant in the EU-US and SW-US Privacy Shield frameworks, StarRez is subject to the investigatory and enforcement powers of the FTC.

StarRez complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom and Switzerland to the United States. StarRez has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit