Effective Date: 2 July 2019
StarRez is a global software development company that produces and hosts the world’s leading student housing management software.
Our goal is to maintain your trust and confidence when handling your data, and that of your customers. StarRez promises to protect the individual’s right to privacy and implement safeguards that prevent the misuse of private information.
StarRez is committed to meeting the legislated data protection requirements in all the countries in which it operates, and in particular the US, UK and Australia. These include:
- US Federal Trade Commission Act, FERPA, and applicable state laws
- EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework
- EU General Data Protection Regulation (GDPR)
- Australian Privacy Act 1988
What We Collect
StarRez collects the following information from its customers in order to provide product and support services: contact details, such as name, email address, and phone number, booking data, as well as business information, such as financial and transaction data. Each StarRez customer can configure a wide range of additional fields. You have the right to access your personal data held by us, and to request its correction or deletion.
End User Personal Data
StarRez products enable our customers to process resident’s (“End User”) personal data, for the purposes for providing them with services, such as accommodation, conference venues and food. Personal data collected from End Users varies depending on configuration, but typically includes name, email address, phone number, gender, date of birth and identifiers such as student IDs.
We are considered a Data Processor under the Data Protection Legislation. We work with customers (who are Data Controllers), in accordance with our obligations under the applicable Data Protection Legislation to assist them in providing a robust approach to data protection. End User data protection issues can be raised with us, and will be passed to the appropriate Data Controller for action.
Logs & Telemetry
Who We Share Data With
StarRez doesn’t share your personal information with marketing organisations, or for purposes that aren’t associated with providing our services. When we do share data, what we share is limited, and for a specific purpose. We do aggregate and anonymise personal data for the purposes of providing analytics to our customers. You are welcome to contact us at any stage to express any reasonable limitations on how your data is used, at privacy AT starrez.com. We will never share sensitive personal data (such as health data) with third parties without the individual’s express consent.
For the purposes of providing our services, we engage cloud service providers, which provide the infrastructure for our services. These organisations will host and transmit encrypted personal data, and do so under a contract with StarRez that requires the same standards of protection for the subject’s data rights. In the event of a requirement to disclose data to another third party, or for a purpose which is substantially different from our existing services, you will be given the opportunity to opt-out. With these third parties, and any others, StarRez remains liable for the handling of your personal data.
As members of the EU-US Privacy Shield Framework, StarRez is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
StarRez provides redundancy within the region of the customer and data.
How We Use Data
We use Personal Data to provide our services, and we host End User data so that our Customers can provide services to their customers. Examples of how we may use Personal Data:
- To respond to inquiries and provide customer support
- To improve our existing products or develop new ones
- For audits, regulatory purposes and compliance with industry standards
- To send marketing communications
- Statistical Analysis (with anonymization)
All information that StarRez maintains and hosts for its customers is treated with the utmost care and security. StarRez uses commercially reasonable efforts to ensure that the data is:
- Used fairly and lawfully, for limited and specifically stated purposes
- Used in a way that is adequate and relevant to the business purpose, and not excessive in nature
- Is managed to maintain its integrity
- Kept only for the period for which it is required to provide services
- Handled according to people’s data protection rights
- Kept safe and secure, in accordance with PCI DSS and other information security principles
- Not transferred across borders without the protection of strong encryption, secure storage, and the legal basis to do so, by arrangement with data controllers
You are welcome to contact us at any stage to express any reasonable limitations on how your data is used, at firstname.lastname@example.org. If we can comply and still provide our services, we will. If we are not, we will explain the specific requirements for the data and the legal, technical or other reasons why we require it, and offer you the option of sharing the data or having us delete it from our systems.
We will never share sensitive personal data (such as health data) with third parties without the individual’s express consent. If you do not want us to have your data, we will delete it upon request, except where we are legally required to keep records.
Data Protection Officer
StarRez has appointed an internal data protection officer for you to contact if you have any questions or concerns about StarRez’s personal data policies or practices:
Rafael Hart, DPO
StarRez Pty Ltd
660 Spencer St
West Melbourne, Australia, 3003
dpo AT starrez.com
If any concerns or complaints remain unresolved after contacting the Data Protection Officer, you may raise the issue with the panel provided by the Data Protection Authority (DPA) in your country, as a free, independent resolution mechanism. Under certain circumstances it is possible for you to invoke binding arbitration as a dispute resolution mechanism.
As a participant in the EU-US Privacy Shield framework, StarRez is subject to the investigatory and enforcement powers of the FTC, the Department of Transportation or any other U.S. authorized statutory body.