Last Updated: 02/28/2020

This Privacy Policy of Veritas Investments, Inc. and its affiliated entities, including RentSFNow, Inc. (“RentSFNow”), and Greentree Property Management Inc. (“Greentree”) (collectively, the foregoing entities are referred to as “Veritas”, “we” or “us” in this Privacy Policy) describes how we collect, use, and protect your data in connection with your use of the Services (as defined below) and our websites and applications. We may also at times in this Privacy Policy refer to the foregoing entities as “Veritas entities.”

By visiting our Websites or by using the Applications or other aspects of the Services (each defined below in Section 1 titled “Applicability of this Policy”), or by in any manner using, installing or downloading the Veritas software or applications associated with the Services, you acknowledge that the data you provide to us, including Personal Information (as defined below in Section 2 titled “Data We Collect From You”), will be treated according to the policies and procedures set forth in this Privacy Policy and any applicable incorporated notices.


1. Applicability of this Privacy Policy

This Privacy Policy applies to your use of the services provided on our websites including Greentree’s website and resident portal (https://www.greentreepmco.com/), the RentSFNow website (https://www.rentsfnow.com/), the Veritas Investments website (https://www.veritasinvestments.com/) and the RetailSF website (https://retail-sf.com/) (the “Websites”). This Privacy Policy also applies to your use of any web and mobile applications associated with the Websites and all functionality provided by such applications, along with any other interactions (e.g., support inquiries, etc.) you may have with Veritas related thereto (collectively, the services and functionality described in this sentence are referred to as the “Services”). Individual users of the Services are sometimes referred to in this Privacy Policy as “users.” This Privacy Policy is designed to tell you what information we gather from you in connection with your use of the Services, and how we may use and disclose that information. This Privacy Policy is incorporated into and subject to any terms of use or other agreements, including but not limited to any applicable lease agreement, between you and us or our Affiliates, relating to your use of the Services.

Except as expressly stated herein, this Privacy Policy does not apply to any third-party applications or technologies that integrate with our Services, or any other third-party products, services, or businesses, or to third-party websites that you access via links or otherwise while using the Services (“Third-Party Services”). This Privacy Policy does not apply to data collected from, or provided by you to, Third-Party Services, and instead such data is subject to the practices of the provider(s) of the applicable Third-Party Services. You should review the privacy policies of such Third-Party Services (and any other applicable terms and conditions) to determine how your data will be used before sharing any of your data with them.

This Privacy Policy also does not apply to our collection and use of certain employment-related information that we receive and use in connection with our hiring and employment activities. Please contact us at the contact information provided in this Privacy Policy with any inquiries related to our use of such information.

If you are a California resident, our use, retention and disclosure of your personal information is also subject to our Privacy Notice for California Residents (our “CA Privacy Notice”) in order to comply with the California Consumer Privacy Act, California Civil Code Title 1.81.5, Sections 1798.100 et seq. (the “CCPA”). The CA Privacy Notice is incorporated as a part of this Privacy Policy with respect to our use, retention and disclosure of personal information of California residents, and in the event of a conflict between this Privacy Policy and the CA Privacy Notice, the terms of the CA Privacy Notice will control with respect to users who are California residents.


2. Data We Collect

In connection with your use of the Services, we may receive various types of information related to you, as well as information you provide us about others, that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Sometimes you provide us with this data and sometimes data about you is collected automatically or received by us from a third party to whom you provided the information. To the extent data is associated with an identified or identifiable natural person and is protected as personal information (or substantially equivalent terms) under applicable data protection laws, including in particular the CCPA, it is referred to in this Privacy Policy as “Personal Information.” You acknowledge and agree we may collect, process, store, access, and disclose Personal Information disclosed by you to facilitate the provision of Services and related support for the Services in the manner described in this Privacy Policy.

When you create, update, and/or an account for the Services with us, you provide us with data, including Personal Information, about yourself, which may include, without limitation:

  1. your name
  2. your date of birth
  3. your email address(es)
  4. your physical address
  5. your device’s unique identifier
  6. your user name
  7. your password or other log-in credentials
  8. any other information that you elect to share or provide us access to, including Personal Information that may identify you individually

We also may collect Personal Information that you post, upload, store, display, transmit, or submit through the Services in any other manner. For example, this may include information you submit relating to maintenance or service requests submitted in connection with a property managed by Greentree, information you submit to us in connection with a lease application for a property available through RentSFNow (such as move-in date, reference contacts, co-applicants, guarantors, pets, residence history, employment history, annual income, proof of income, driver’s license, vehicle information, Social security number, and date of birth) or any other information contained in any forms or requests that you submit through the Services. Although we will treat such information consistent with this Privacy Policy, we are not responsible for the content of any information, including Personal Information, that you provide to us, and by using the Services, you assume full responsibility for obtaining, and you represent that you have obtained, all necessary consent to provide such information to us.

We also receive information, including Personal Information, from third parties to whom such information was provided. Our third-party sources of such information include the following:

  • Background Information. We may receive information about you, such as demographic data and criminal and credit history, from our trusted background screening and fraud prevention partners. For example, if you complete a lease application in connection with an apartment available through RentSFNow, you may provide information to a screening vendor in connection with the application process, and we may receive this information and additional information pertaining to you from the applicable vendor. We collect this information only in accordance with applicable law and, when required, with your consent. Although we reserve the right to change the vendors we use for these services at our discretion and without further notice, we currently contract with vendors including TransUnion LLC with respect to screening services as described in this paragraph.
  • Public Information. We may collect information about you from publicly accessible sources, such as information posted about you on the internet, news stories, and information available from governmental entities.
  • Marketing Information. We may collect information about you from our trusted marketing partners who provide us with information about potential customers and partners. For example, we work with various third parties (our “ILS Vendors”) who provide marketing and related services with respect to apartments offered on RentSFNow and, as part of those relationships, we receive information, including Personal Information, that these ILS vendors receive relating to potential customers. Although we reserve the right to change the ILS Vendors we use at our discretion and without further notice, the vendors we contract with in connection with these services currently include the following: apartments.com, apartmentlist.com, Zillow, Zumper.
  • Other Services Involving Collection of Personal Information. In addition to the items described above, certain vendors that we work with perform services for us that include the gathering of Personal Information. For example, in connection with its property management activities, Greentree contracts with security services vendors to provide security services, including appropriate video monitoring, at our properties, and we may receive access to such imagery data pursuant to our agreements with the applicable vendors. To the extent we receive such information, treat it consistent with the terms of this Privacy Policy.

We treat Personal Information that we receive from third-party sources described above consistent with the descriptions of use and disclosure set forth in Sections 4 and 5 of this Privacy Policy.

Additionally, if and when you use the Services to make payments of any kind, you may provide us (or our third-party payment processors) additional Personal Information including financial information (such as your credit/debit card information). We endeavor to store very little, if any, financial information that we collect from you and instead, such financial information is typically stored by our third-party payment processors, and we encourage you to review their privacy policies and to contact them directly if you have questions relating to your data, including Personal Information, as it relates to such payments. Although we reserve the right to select different or additional payment processors, our payment processors as of the date of this Privacy Policy include ClickPay.

Veritas may also collect other information from you related to your use of the Services and your interactions with our Services (while this information may not typically contain Personal Information, we are not responsible for the content of such information). This information includes any such information that you affirmatively provide to Veritas, and may include the following:

  • Location Information. Certain of our Third-Party Providers may request permission to and track location-based information from your mobile device, either continuously or while you are using the Services, to provide location-based services, and we may receive this information from our Third-Party Providers. If you wish to change our access or permissions, you may do so in your device’s settings.
  • Log Data. Like most websites, our servers may automatically collect data when you access or use the Services and record it in log files. Such may include your Internet Protocol (IP) address, Internet service provider (ISP), geographic location, browser type and settings, information about browser plugins, language preference, default email application, referring/exit websites, operating system, date and time stamp, cookie data, and certain user activities.
  • Technical Data. Veritas may collect technical data, such as information about devices accessing the Services, including the type of device, device settings, operating system, application software, peripherals, and unique device identifiers, phone number, country, location, and any other data you choose to provide. We do not intentionally relate this to any individual user of the Services.
  • Cookie Information. We and certain of our service providers collect information through the use of “cookies” and similar technologies to understand how you interact with our Websites. Cookies are small text files that web servers place on your device; they are designed to store basic information and to help websites and apps recognize your browser. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be accessed every time you use our Websites. We also use cookies for data analytics purposes, including from Google Analytics. You can find more information on how Google uses data from these cookies at https://policies.google.com/technologies/partner-sites. You should consult your web browser to modify your cookie settings. Please note that if you delete or choose not to accept cookies from us, you may be missing out on certain features of our Websites.
  • Information Provided to Third-Party Services. You may elect to use certain Third-Party Services that we make available in connection with your use of the Services. As noted above, information you provide to such Third-Party Services is subject to the privacy policies and practices of the provider of the applicable Third-Party Service. Additionally, once enabled, it is possible that the Third-Party Services may share certain data with Veritas to effectuate integration between our Services and theirs. You should check the privacy settings and notices of any Third-Party Services you elect to use in connection with the Services to understand what data may be disclosed to Veritas. We may receive data regarding your credentials for and use of the applicable Third-Party Services, such as your user name, your unique identifier, and your information transmitted from or made available with permissions by such Third-Party Services (e.g., account profile, gender, age range, language, geographic region, etc.).
  • Your Business Data. While it may not constitute Personal Information, if you use or interact with our Services in relation to the activities of your business, we likely host data you provide us related to your business (“Business Data”). We treat your Business Data as sensitive and treat such Business Data except as set forth in Sections 3 through 5 of this Privacy Policy.
  • Any Additional Information Provided to Us. Veritas receives data when submitted to or through our Services, or if you contact us (whether by email, telephone, written correspondence, web-based forms, or otherwise), request support, interact with our social media accounts, or otherwise communicate with Veritas.

3.3. No Children’s Data

Our Services are not directed to or intended for children, and Veritas does not intentionally collect, process, or store through the Services any Personal Information from any person under 13 years of age without parental/guardian consent. In the event we discover we have inadvertently collected, processed, or stored any Personal Information from a person under 13 years of age without verifiable parental consent, we will promptly take the appropriate steps to delete such data or seek the necessary verifiable parental consent for that collection in compliance with the Children’s Online Privacy Protection Act (“COPPA”).


4. How and Why We Use Data

We use the information collected from you, including Personal Information, to administer the Services and to communicate with you about the Services. Veritas’s use of information from you may include the following:

  • Providing the Services. To make the Services available, to manage user requests and interactions with the Services (e.g., login and authentication, modifying settings, etc.) including by our Third-Party Providers, to facilitate hosting and back-end infrastructure, to analyze and monitor usage, and to monitor and address service performance, security, and technical issues.
  • Improving and Developing New Services. To test features, manage landing pages, heat mapping, traffic optimization, data analysis and research, including profiling and the use of machine learning and other techniques over your data and in some cases using Third-Party Providers to do this.
  • Support Services. To respond to support requests and otherwise provide support for and resolve problems with the Services.
  • Communications. To send service, technical, and administrative emails, messages, and other communications. Service-related communications about changes to the Services and important Services-related notices, such as maintenance and security announcements, are essential to delivery of the Services and you cannot opt-out of these communications. Marketing communications, if any, about new product features, offerings, and other news about Veritas are optional; you have the choice whether or not to receive them and you may opt out by using the unsubscribe mechanism in such communications, or by changing the email preferences in your account.
  • Analytics. In connection with our use of cookies described above, we may also partner with Third-Party Providers, such as Mixpanel, Google Analytics and others to allow tracking technologies and remarketing services on the Services through the use of first party cookies and third-party cookies (as further described under “Cookie Information” above), to, among other things, analyze and track users’ use of the Services, and to better understand online activity. By accessing the Services, you consent to the collection and use of your information by these third-party vendors. You are encouraged to review such vendors’ policies and contact them directly for responses to your questions. If you do not want any information to be collected and used by tracking technologies, you may be able to install and/or update your settings control such use.
  • Marketing Our Services. We may also use your information, including Personal Information, inform you (and if applicable, your users and your clients) of available services we offer, to send you marketing, advertising and other information that we think may be of interest to you.
  • Account Management. To contact you in connection with account management, feedback, and other administrative matters.
  • Security Purposes. To help prevent and investigate security issues and abuse.
  • Legal Obligations. To comply with legal obligations as required by applicable law, legal process, or regulations as described above.

Except as described in this Privacy Policy, Veritas will not use or disclose your Personal Information except as reasonably necessary to perform the Services and related support for the Services.

We cooperate with inquiries by law enforcement, as well as other third parties, to enforce laws such as those regarding intellectual property rights, fraud and other personal rights. WE CAN (AND YOU AUTHORIZE US TO) DISCLOSE ANY INFORMATION ABOUT YOU TO LAW ENFORCEMENT, OTHER GOVERNMENT OFFICIALS OR ANY OTHER THIRD PARTY THAT WE, AT OUR SOLE DISCRETION, BELIEVE NECESSARY OR APPROPRIATE IN CONNECTION WITH AN INVESTIGATION OF FRAUD, INTELLECTUAL PROPERTY INFRINGEMENT OR OTHER ACTIVITY THAT IS ILLEGAL OR MAY EXPOSE US, OR YOU, TO LIABILITY.

Subject to the above paragraphs, we may share or disclose information about you as follows:

  • With Your Consent. Veritas may disclose your data, including Personal Information, to third parties when we have your express consent to do so.
  • By Law or to Protect Rights. If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.
  • Rendering the Services. Veritas employees and contractors may have access to your data on a need to know and confidential basis to the extent necessary to render the Services and related support for the Services. We require such employees and contractors to treat your information consistent with this Privacy Policy.
  • Interactions with Other Users; Postings. If you interact with other users of the Services, those users may see identifying information and descriptions of your activity, including, if the applicable functionality is made available, sending invitations to other users, chatting with other users, liking posts, following blogs. If you post comments, contributions or other content in any way connected to the Services, such content may be viewed by other users and may be publicly distributed outside the Services.
  • Affiliates. We may share your information with our affiliated entities, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, companies with an ownership interest in a Veritas entity, joint venture partners, or other companies that we control or that are under common control with us.
  • Third-Party Providers. We engage certain third-party to process data in support of delivering of the Services (“Third-Party Providers”). We may share your data, including Personal Information, with these Third-Party Service Providers (e.g., email services, platform hosting, cloud computing services, data storage and processing facilities, and other providers of products and services related to the Services) to the extent appropriate to let them perform business functions and services for us or on our behalf in connection with the provision of the Services. For example, servers used by Veritas entities in connection with providing the Services are not physically located at our facilities, but rather are managed and located at a third-party Infrastructure-as-a-Service provider (an “IAAS Provider”). We also may provide our ILS Vendors with certain information pertaining to internet and browsing activity and related information in performance of our contracts with such vendors. We have taken commercially reasonable steps to choose a professional and reputable IAAS Provider and to ensure that such IAAS Provider and our other Third-Party Providers use appropriate security measures in light of the risks and nature of the data being protected and consistent with industry norms. Still, it is impossible to guarantee that the security measures taken by our Third-Party Providers will be adequate in all circumstances, and by using the Services, you understand and agree that we have no liability for the action, behaviors or failings of such Third-Party Providers. Although we reserve the right to select different or additional Third-Party Providers, our Third-Party Providers include, as of the date of this Privacy Policy, vendors such as Amazon Web Services, Heroku, Typeform, RENT Café, Rent Dynamics and the ILS Vendors listed above.
  • Third-Party Services. You may enable or permit integrations with or use of Third-Party Services in connection with the Services. When you have enabled such integrations, we may share certain data with the relevant Third-Party Services as requested to effectuate the integration, including data regarding your credentials related to the Services. As mentioned above, Third-Party Services are not owned or controlled by Veritas and third parties that have been granted access to your data may have their own policies and practices for its collection and use; you should check the privacy settings and notices of these Third-Party Services to understand their privacy practices.
  • Changes to Our Business. If a Veritas entity engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of its assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), Veritas may share or disclose data in connection therewith, subject to standard confidentiality obligations.
  • Aggregated or De-Identified Data. If any data is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, we may use or disclose such aggregated or de-identified data for any purpose. For example, we may share aggregated or de-identified data with prospects or partners for business or research purposes, such as statistical analysis, to research trends and predictive analysis, or to develop or improve the Services.
  • Enforcement of Agreements. Veritas may disclose data to ensure compliance with and to enforce contractual or legal obligations with respect to the Services and our business, including any applicable lease agreements.
  • Protection of Rights. Veritas may disclose data to protect and defend our rights and property, including intellectual property rights, and to ensure compliance with applicable laws and enforce third-party rights, including intellectual property and privacy rights.
  • Safety and Security. Veritas may disclose data to protect your safety and security; to protect the safety, security and property of our users; and to protect the safety, security, and property of Veritas and our employees, agents, representatives, and contractors.
  • Transactions Relating to Certain Analytics Information. We may also sell or otherwise disclose certain information relating to internet or other similar electronic network information to third parties in connection with advertising its Services and those of certain third-party vendors.

6. Data Retention

Generally, we maintain all information you submit to us until you affirmatively change or delete such information or otherwise terminate your registration with our Services. This allows us to help ensure full functionality of the Services. We do, however, subject certain categories of Personal Information to more frequent deletion or overwriting. To dispose of Personal Information, we may anonymize it, delete it, or take other appropriate steps. Your data, potentially including Personal Information, may persist in copies made for backup and business continuity purposes for additional time.


7. Security Measures

We maintain physical, technical, and administrative procedures to protect the data we collect and to secure it from improper of unauthorized use. We work hard to protect data in our custody and control from loss, misuse, and unauthorized access, use, disclosure, modification, or destruction, and to use industry-standard security measures in order to ensure an appropriate level of security in light of reasonably available methods in relation to the risks and nature of the information we collect.

However, please remember:

  • You provide information to us, including your Personal Information, at your own risk.
  • No data transmission over the Internet is guaranteed to be 100% secure, and we cannot guarantee that unauthorized access, hacking, data losses, or other breaches will never occur.
  • You are responsible for protecting your account information related to the Services, including any applicable credentials, log-ins, passwords, etc. and for ensuring that they are not used by others to access the Services.

8. International Data Transfers

Veritas primarily processes and stores data in connection with the Services in the United States. However, it is possible that data may be processed other countries by our Third-Party Providers. We will take measures to ensure that your Personal Information remains protected to the standards described in this Privacy Policy and any such transfers comply with applicable data protection laws. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information.


9. European Union Resident Data

Even though we do not intentionally collect information about residents of the European Union (“EU”), some EU residents’ data may be inadvertently collected through marketing channels or by virtue of our customers’ legitimate use of our Services. Collection and storage of any EU resident’s data by us is minimal and incidental.

Notwithstanding the foregoing, if you are an EU resident and would like to request that your data be securely removed from our systems, however collected, please send an email with proof of EU residency to privacy@veritasinv.com. We will endeavor to remove all relevant data, so long as that removal is technically feasible, does not impact the legitimate accounting or business practices of our customers, and does not violate other regulatory or legal standards with which we must comply. We will also cooperate with our customers in good faith to address any requests they receive or that may impact them directly.


10. Nevada Residents

Nevada residents may have the right under applicable law to opt out of the sale of their Personal Information that we have collected or will in the future collect. If you are a Nevada resident and wish to make such a request, please contact us at the contact information provided below in this Privacy Policy.


11. Enforcement

Veritas will actively monitor its relevant privacy and security practices to verify adherence to this Privacy Policy. Any agents, contractors, service providers, or other third parties subject to this Privacy Policy that Veritas determines to be in violation of this Privacy Policy or applicable data protection laws will be subject to disciplinary action up to and including termination of applicable services. Please contact us immediately at privacy@veritasinv.com if you believe there has been a material violation of this Privacy Policy.


12. Changes to this Privacy Policy

We reserve the right make changes to this Privacy Policy from time to time, in whole or in part, in our sole discretion, at any time without prior notice by posting an updated version of this Privacy Policy on the applicable Website(s) or by making the updated version available when you access the Services. When we do, we will revise the “last updated” date at the beginning of the Privacy Policy. We will make commercially reasonable efforts to notify you by email, through the Services (at log-in or otherwise), or by posting a prominent notice on our applicable Website(s). Any changes, modifications, or updates to this Privacy Policy will become effective immediately upon posting. By continuing to use the Services, you agree to be bound changes we make to this Privacy Policy.


13. Contact Us

Please do not hesitate to contact us with any questions, complaints, or requests with respect to your Personal Information, this Privacy Policy, and/or our privacy practices.

You may contact us here: Online Privacy Portal

Telephone: 1-877-845-0011

Mail:
Veritas, attn.: Risk Management
One Bush Street, Suite 900
San Francisco, CA 94104