RealPage GDPR Data Privacy Framework Policy

RealPage GDPR Data Privacy Framework Policy

Last updated: October 19, 2023

RealPage is committed to providing our product and service users with clear and concise information regarding our privacy policies and practices. This Data Privacy Framework Policy describes how RealPage and its subsidiaries and affiliates in the United States (“we,” or “us”) collect, use, and disclose certain personal data that we receive from the European Union (EU), United Kingdom (UK), and Switzerland. This statement supplements our Privacy Policy located at www.realpage.com, and unless specifically defined in this statement, the terms in this statement have the same meaning as given in the Privacy Policy.

By accessing our websites or utilizing our products and services, you consent to the information collection and handling practices outlined in this statement.

I. Data Privacy Framework Participation

RealPage, Inc. and its U.S. subsidiaries1 (collectively “RealPage”) comply with the EU-U.S. Data Privacy Framework program (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework program (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RealPage has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. RealPage has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework program Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. By participating in the DPF program as described herein, RealPage is subject to the investigatory and enforcement powers of the Federal Trade Commission with respect to the activities covered by this Policy.

II. Scope

RealPage provides comprehensive property management software solutions to property owners and managers (our “Clients”) in the multifamily, commercial, and single-family rental housing industries. Our on-demand product line covers the full spectrum of accounting, leasing, marketing services, purchasing, and other operational areas. In providing this suite of services, RealPage acts as a data processor under contract to our Clients, the data controllers. As a data processor, RealPage does not control any of the personal data we process on behalf of our Clients. All such personal data is controlled by our Clients. We are required to provide our products and services to our Clients in accordance with their contractual provisions and instructions regarding data privacy, handling, and security.

Our Clients may administer our software solutions to their employee end users. This administration may include control over end user account access and functionality, as well as access and monitoring of end user data and activity. RealPage is not responsible for the privacy or security practices of our Clients, and this Policy is not intended to cover those Client practices.

III. Notice

RealPage works with our Clients to help them provide notice of data processing to individuals, including information concerning (1) the purposes for which personal data is collected and used; (2) a contact person to whom enquiries or complaints may be directed; (3) the types of third parties to whom personal information is disclosed; and (4) the choices and means that individuals are offered for limiting use and disclosure of personal information.

IV. Choice

As a data processor handling personal data at the direction of our Clients, RealPage has no direct relationship with the individuals whose personal data we process. RealPage processes personal data only for purposes that are compatible with those for which it was originally collected or as lawfully directed by our Clients. If and when disclosure of personal data to a third party is necessary, RealPage works with our Clients to help them inform individuals about the possibility of such disclosures and provide individuals with the choice and means of opting-out. If the personal data in question is necessary to provide a product or service, the choice to opt-out may preclude the further use of that product or service.

V. Collection of Personal Data

The personal data that we process on behalf of our Clients varies based on the products and services that Clients implement. We also process personal data as part of the Client sales and product support functions. As a general matter, RealPage processes the following types of personal data for our Clients:

  • Contact Information: name, address, telephone number, and email address
  • Personal Details: government-issued ID number, date of birth, passport number, visa information, National Insurance Number, employment status and income, and prior tenancy history
  • Personal Preferences: monthly housing budget, preferred move-in and move-out dates, communication preferences, and special housing accommodation requests
  • Financial Account Information: bank account information and credit card information
  • Credentials and Authentication Information: usernames, passwords, password hints and security questions
  • Technical Information: IP address, device and hardware specifications, and web browser type
  • Usage Data: logging data that tracks service access, usage, performance metrics, and error reports

VI. Personal Data Usage

In providing the suite of RealPage services, RealPage acts as a service provider under contract to our Clients. As a service provider, RealPage does not control any of the personal information we process on behalf of our Clients. Our Clients collect and control all such personal information, and RealPage is required to provide our products and services in accordance with Clients’ contractual provisions and instructions regarding data collection, privacy, processing, and security.

Accordingly, we may use or disclose the personal information we collect for one or more of the following purposes:

  • To fulfill the purpose for which the personal information was collected and provide the requested RealPage services.
  • To integrate with apartment community services offered by RealPage or third-party service providers contracted by Clients.
  • To distribute communications and legally required notices regarding the status of RealPage services via phone, email, and SMS text.
  • To provide RealPage services maintenance, enhancement, research, development, security, support, and website optimization.
  • To maintain compliance with federal and state laws related to RealPage services and Client operations.
  • To create, maintain, customize, and secure RealPage services user accounts.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of RealPage's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by RealPage is among the assets transferred.

VII. Disclosure and Onward Transfer of Personal Data

RealPage complies with the notice and choice principles as described above for all personal data disclosed or transferred to a third party.

RealPage may provide personal data to third-party service providers and vendors that perform tasks on our behalf to support the products and services described in this statement. We also share personal data among the RealPage-controlled subsidiaries identified in this statement for purposes of integrating our various product and service offerings. We take reasonable and appropriate steps to ensure that third-party service providers and vendors process personal data in accordance with our DPF obligations and to stop and remediate any unauthorized processing. Under the DPF, RealPage may be liable for the onward transfer of personal data to third parties.

In addition, if RealPage enters into any business transition, restructuring, merger, sale, or other transferring of assets, we reserve the right to transfer all product and service information, including all personal data, as part of or in connection with the transaction.

Finally, RealPage will access, transfer, disclose, and preserve personal data when we have a good faith belief that doing so is necessary to:

  • Comply with applicable law or respond to valid requests by public authorities, including law enforcement, national security agencies, or other government entities;
  • Operate and maintain the security of our products and services; and
  • Protect the rights and property of RealPage, including both intellectual property and physical systems infrastructure.

VIII. Access Rights & Data Integrity

RealPage acknowledges the right of individuals to access their personal data. However, as a data processor handling personal data at the direction of our Clients, RealPage has no direct relationship with the individuals whose personal data we process. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should therefore direct his or her request to the Client that transferred such data to RealPage for processing. The Client will then provide the necessary access to the individual as determined under the applicable local data protection law. RealPage will assist its Clients as needed to fulfill any such request.

IX. Data Security

RealPage implements and maintains appropriate physical, administrative, technical and organizational measures to protect the personal data we process against unauthorized or unlawful access, use or disclosure, and against accidental loss, damage, alteration or destruction. Under our security policies and practices, access to personal data is authorized only for those who have a business need for such access. RealPage strives to protect the personal data that we process; however, no security program is 100% secure and we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use, or disclose personal data. RealPage maintains security incident response policies and procedures to handle incidents involving unauthorized access to personal data we process.

X. Questions or Complaints

In compliance with the Data Privacy Framework Principles, RealPage commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the DPF Principles. European Union, Swiss and United Kingdom individuals with DPF inquiries or complaints should first contact:

Via US Postal Service at:

RealPage, Inc.
Attn: Privacy-Legal
2201 Lakeside Blvd.
Richardson, TX 75082

or

Via email at:
privacy@realpage.com

RealPage has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

XI. Changes to This Statement

RealPage reserves the right to amend this statement from time to time consistent with the Data Privacy Framework requirements.


1RealPage subsidiaries include: ActiveBuilding, LLC; Stratis IoT, Inc; LeaseStar LLC; and RP On-Site LLC.