This policy applies to individuals who use any website, application, product, software or service from CASAFARI (our “Services”).
Children’s Privacy. Our Services are not generally aimed at children and are not intended to be used by children or minors (under 18 years old), therefore We do not knowingly collect data relating to children or minors.
CONTROLLER NAME & CONTACT INFORMATION
The Controller within the General Data Protection Regulation and national data protection regulation is:
Casafari Europe Ltd
Address: 27 Old Gloucester Street, London
WC1N 3AX, United Kingdom
WHO WE ARE
CASAFARI is a real estate platform powered by Artificial Intelligence that provides property market competitive intelligence through a Software as a Service (SaaS). The CASAFARI company group is composed of CASAFARI LLC, CASAFARI EUROPE LTD and its subsidiaries in Portugal and Hungary.
HOW WE COLLECT INFORMATION FROM YOU
We obtain personal information from you:
- Through your interactions with Us and Our Services, such as when you purchase or use Our Services, create an account, fill in contact forms, subscribe to blog updates, request information or contact us for support (please note that we may record or monitor our calls/chat conversations for compliance and quality assurance purposes);
- Through your system/device and use of Our Services. Our servers, logs and other technologies automatically collect system/device and usage information to help us administer, protect and improve our Services, analyze usage and improve users’ experience;
- Through your IP address, in order to diagnose problems with our server, administer the site and track usage statistics. If you reached Our website by clicking on a link or advertisement on another site, then we also log that information – this helps us maximize Our Internet exposure, and understand users’ interests;
- Through cookies and similar technologies included in our Services, as you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We gather this data by using cookies and similar technologies as further explained in the Cookies and similar technologies section.
We also collect personal information about you from third parties, such as:
- The person(s) arranging for you to access Our Services (e.g., your employer or the subscriber of the Service) in order to set up a user account;
- An organization to which you belong where that organization provides you with access to Our Services;
- Service providers/processors who work with Us with regard to Our Service;
- Publicly available sources such as public websites, open government databases or other data in the public domain, to help us maintain data accuracy and provide and enhance the Services.
You can choose whether or not to provide us with personal information, but if you choose not to, you may not get full functionality from the Services.
WHAT INFORMATION DO WE COLLECT
The personal information we collect consists of the following:
- Name and contact data, such as first and last name, email address, postal address, phone number, job title, employer, and other similar contact data;
- Account Credentials, such as passwords and other security information for authentication and access;
- User content, such as communications and files provided by you in relation to your use of the Services;
- Payment/Invoicing information, such as your company’s billing address, VAT number, and remaining billing information
- Financial Data including your company’s bank account details.
- Device information, such as information about your device, such as IP address, location or provider;
- Usage information and browsing history, such as information about you navigating within Our Services, your browsing history and which elements of Our Services you use the most;
- Location data, for Services with location-enhanced features, such as location derived from your IP address or data that indicates where you are located with less precision, such as at a city or postal code level;
- Demographic information, such as your country and preferred language.
HOW AND WHY WE PROCESS YOUR INFORMATION
We have different purposes and legal grounds upon which We use and process your personal information.
Some laws require us to explain our lawful reason for processing your personal information. We process personal information about you on the basis that it is:
- Necessary for the performance of a contract/order: We will process your personal information in order to fulfil a contract that we have with you (i.e., to provide you with Services);
- In Our or in a third party’s legitimate interests, such as the provision of Services that We are contractually obliged by a third party (such as your employer or Our subscriber, to deliver to you);
- Where you give us your consent: We process personal information based on the consent you expressly grant to us at the time we collect such information;
- For compliance with a legal obligation (i.e., court order).
Legitimate Interests for Use
The lawful basis to process your information under legitimate interest, are:
- To register you as a new customer, manage your account, provide technical and customer support and training, verify your identity, and send you important Service information;
- To manage Our relationship with you, Our business and Our third-party providers (i.e., to send invoices, collect and recover sums owed to Us, manage payments, fees and charges, etc);
- To enhance your user experience. We analyze the way you use Our Services to provide you with suggestions for features or Services that We believe you will also be interested in;
- To provide any third party, who has made Our Services available to you (i.e., your employer or our subscriber), insights about the use of the Services;
- For internal research and development purposes and to improve, test and enhance the features and functions of Our Services. All information is collected and used only in the aggregate. For example, we may combine information you have provided Us directly with information collected automatically. This aggregated information is then entered into Our database, where We can use it to generate overall reports on Our visitors, but not individual reports that identify you personally. This is necessary for the purposes of Our legitimate interests to ensure that we provide you with the most appropriate offers and to personalize your experience;
- Where applicable, we will also aggregate your personal information with that of other individuals, to create comprehensive reports about how customers use Our services and experience Our brand;
- To understand how Our business is performing, and considering how to improve Our performance;
- To provide you with marketing as permitted by law;
- To meet Our internal and external audit requirements, including Our information security obligations (and if your employer or Our subscriber provides for your access to Our Services, to meet their internal and external audit requirements);
- To enforce Our terms and conditions and for the purpose of using certain payment features;
- To protect Our rights, privacy, safety, networks, systems and property, or those of other persons;
- To comply with requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence;
- In order to exercise Our rights, and defend ourselves from claims and comply with laws and regulations that apply to Us or third parties with whom we work.
We do not collect or process any so-called “special categories of personal data”, which according to the GDPR include details about your race or ethnicity, religious beliefs, sexual orientation, political opinions, health, biometric data, nor do we collect any information about criminal convictions and offences.
Where We rely on legitimate interests as a lawful ground for processing your personal information, We balance those interests against your interests, fundamental rights and freedoms.
We deliver marketing communications to you via email and online. Where required by law, We will ask you to explicitly consent to receive marketing from Us. If We send you a marketing communication, it will include instructions on how to opt out of receiving these communications in the future, through an “unsubscribe” link within any email you receive from Us – we will be sad to see you go, but we respect your privacy.
When you opt-in:
- We will send you retention emails and messages tailored to your individual preferences and interests. We use analytics to refine our marketing – these will determine the content of the messages and offers you will receive;
- Re-targeting. Upon your consent, this enables us to show the visitors already interested in Our Services, and advertisements from Us on partner websites. Re-targeting technologies analyze the information We collect about your interactions with us, including your cookies, and display advertisements based on your past web-surfing behaviour;
- We will use your personal information (including by anonymizing and aggregating it with other customers’ personal information) for sales, supply chain, and financial and analysis purposes, to determine how We are performing, where improvements can be made and where necessary to report back to our parent or affiliate group companies.
Honouring your marketing preferences is important to Us. You have the right to opt out of receiving direct marketing and targeted online advertising.
Even if you opt out of receiving marketing communications by email, we may still send you service communications or important transactional information related to your accounts and subscriptions (for such purposes as providing customer support).
You can update, remove and/or exercise other rights related to your personal data by contacting Us at email@example.com.
We aim to ultimately ensure your rights under applicable data protection laws:
- Data subject access request: the right to request and obtain details of your personal information and be provided with a copy of the personal data undergoing processing;
- Right to rectification – update your personal data: the right to obtain without undue delay the rectification of any incomplete or inaccurate personal data;
- Right to erasure (right to be forgotten): the right to have certain personal data about you erased and no longer processed where the personal data is no longer necessary in relation to the purposes for which they were initially collected; where the consent has been withdrawn or objects to the processing; or where such processing does not comply with the applicable legislation;
- Right to restriction of processing: the right to request that your personal information is only used for restricted purposes;
- Right to opt out of marketing: you can manage your marketing preferences by unsubscribing links found in the communications you receive from Us or by visiting the applicable preference centre;
- Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable format (i.e., electronic file);
- Right to object: the right to object to the processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interest.
In response to a request, We will ask you to verify your identity if we need to, and to provide information that helps Us to understand your request better. If We do not comply with your request, whether in whole or in part, We will provide you with a reasonable and appropriate explanation.
WHO DO WE SHARE PERSONAL INFORMATION WITH
We share your information for the purposes set out in this Policy, with the following categories of recipients:
- CASAFARI group companies;
- The person providing your access to our Services (i.e., your employer or our subscriber);
- Third parties, when you give us consent to do so.
To support the delivery of Our services, CASAFARI relies on service providers. Any third-parties engaged by CASAFARI that might have access or process data that may contain Personal Data is considered a processor. CASAFARI performs a security and privacy review of the practices of any processors before engaging with them. Our current processors are:
- Adyen – Payment services
- Amazon Web Services – Cloud service provider
- Casa Safari, Lda – Services provider
- Google Big Query – Cloud data warehouse
- Instantly – Email campaigns outreach
- Invoice Express – Online invoicing software
- Live Agent – Help desk, contact manager
- Looker – Business Intelligence Platform
- PayPal – Cloud-based payment services
- Posthog – Product Analysis Tool
- Ringover – Cloud-based phone system
- Salesforce – Sales CRM
- Slack – Messaging app
- Stitch – Replication Service
- Stonly – In-app experience system
- Streak – Email services
- Zapier – Integration Manager
Any processor and/or subcontractor used by CASAFARI is put under thorough scrutiny to assess their security, confidentiality and privacy policies.
CASAFARI takes the security of personal information seriously and We use appropriate technologies and procedures to protect personal information:
- Access control: All access to CASAFARI’s products and services is encrypted and protected by a firewall.
- Encryption: all data and communications are under thorough security standards, being transported over an encrypted and secure channel. Data is also encrypted at rest, meaning that data is stored within encrypted databases that follow a high level of access security;
- Non-disclosure agreement and security training: All our Community members and employees are bound by NDA and subject to continuous security awareness training.
HOW LONG DO WE KEEP PERSONAL INFORMATION?
In general, We will hold your personal information for as long as necessary for the relevant Service, or as long as is set out in any relevant contract you hold with Us and for a reasonable period of time afterwards, for instance, to pursue Our legitimate business interests, conduct audits, comply with Our legal obligations, resolve disputes, and enforce our agreements.
We calculate retention periods for your personal information in accordance with the following criteria:
- The length of time necessary to fulfil the purposes we collected it for;
- When you or your employer (or other subscriber providing your access to our Services) cease to use Our Services;
- The length of time it is reasonable to keep records to demonstrate that We have fulfilled Our duties and obligations;
- Any retention periods prescribed by law;
- The existence of any relevant proceedings.
We may keep your personal information for a shorter period if you ask Us to delete such information. In that circumstance, CASAFARI will aim to delete your personal information within a maximum period of one month from the date of the request.
COOKIES AND SIMILAR TECHNOLOGIES
A cookie may contain information that allows Us to track your path through the Site. Cookies do not harm your computer or any files on your computer; it cannot be used to read data off of your hard drive and cannot retrieve information from any other cookies created by other websites.
- Authentication/Status: identify when you visit Our website, if you are logged in, and as you navigate through it.
- Analytical/Performance cookies: allow Us to understand how you use Our website, i.e., operating systems used, number of visits, the average duration of visits, pages viewed, etc. Overall, these cookies are used to improve the way Our website works and enhance your user experience.
- Functionality cookies: these cookies allow the website to remember choices you make and provide enhanced, more personal features, i.e., greet you by your chosen user name and remember your preferences.
|CASAFARI||Used to identify returning user||_uuid|
|CASAFARI||Used to store login token||Authentic|
|CASAFARI||Used to subscribe client requests||Breadcrumb|
|CASAFARI||Used to store last search filter preset||LastFilter|
|CASAFARI||Used to store last selected UI language||Language|
|Google Analytics||Used to distinguish users across browsing sessions for Google Analytics, but cannot identify unique users across different browsers or devices.||_ga|
|Live Agent||Used to talk to clients in real time||LaSID|
Do We use any non-cookie tracking technologies?
Although not at all times, We may also use web beacons (including conversion pixels) or other technologies for similar purposes as described on this section, and We may include these on Our websites, marketing e-mails or newsletter, to determine whether messages have been opened and links clicked on. Web beacons do not place information on your device, but they may work in conjunction with cookies to monitor website activity.
Tracking and Do-Not-Track Signals
While browsers allow you to disable the usage of cookies, We do not change our practices in response to a “Do Not Track” signal in the HTTP header from your browser. We will not for any marketing purposes, load cookies/web beacons or any other kind of software that tracks your general behavior while you are visiting third party websites. We do, however, track if you click on advertisements for CASAFARI services on third-party platforms such as search engines and social networks and may use analytics to track what you do in response to those advertisements.
EU-US PRIVACY SHIELD
Privacy shield is a framework for transatlantic exchanges of personal data for commercial purposes that protects the fundamental rights of individuals where their data is transferred to the United States and ensures legal certainty for businesses.
It may occur that some of Our processors are based outside the European Economic Area (EEA) so their processing of your personal data involves a transfer of data outside the EEA. If and whenever this happens, We ensure there are adequate safeguards and a similar degree of security is applied, including relying on Privacy Shield, Model Clauses approved by the European Commission, amongst other legal options, otherwise the transfer only occurs where permitted by applicable law, given that the ultimate aim is to ensure that your privacy rights continue to be protected as per this Policy.
CASAFARI does not sell, provide or disclose any kind of personal data. All the data We store is kept in encrypted databases and transported in secure channels and will not be accessed for any purposes other than provisioning, maintaining and improving our Services. CASAFARI only discloses data to third parties where the disclosure is absolutely necessary to provide the services that Our clients request or in response to a lawful request from an accredited authority.
UPDATES TO THIS POLICY
This Policy may be subject to updates. Any material future changes or additions to the processing of personal information as described in this Policy affecting you will be communicated to you through an appropriate channel.
As of 01 of January 2023, CASAFARI is GDPR compliant.