This Privacy Statement applies to both GRESB BV and Asset Impact and was last updated on January 21, 2020.
1. DATA CONTROLLER
1.1. The entity controlling the processing of your Personal Data is GRESB B.V. We have our registered office at Barbara Strozzilaan 374, 1083 HN Amsterdam, The Netherlands. We are registered with the trade register of the chamber of commerce under company number 55416071.
1.2. You may contact us at the above address or at the following email address: dataprotection@gresb.com.
2. PRIVACY OFFICER
2.1. For any questions relating to this statement or to exercise your rights on your Personal Data, including but not limited to provisions of the GDPR, please contact GRESB’s Privacy Officer at the above postal address or at the following e-mail address: dataprotection@gresb.com.
3. INFORMATION WE MAY COLLECT FROM YOU
3.1. We may collect information about you by the following means:
3.2. We may collect and process the following information about you:
3.3. For the same reason, we may obtain information about your general internet usage by using a cookie file, which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalized service. They enable us to estimate our audience size and usage pattern, to store information about your preferences, and also allow us to customize our site according to your individual interests. In addition, they help speed up your searches and recognize you when you return to our site. (Please see Cookie Policy).
3.4. You may refuse cookies by activating the setting on your browser that allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to/ visit our site. (Disclaimer: This site takes reasonable precautions to protect our users’ information. Please note, however, that electronic transmissions via the Internet are not necessarily secure from interception, and We do not guarantee the security or confidentiality of transmissions. We reserve the right to update or otherwise alter our security practices if and when it seems appropriate to do so.)
3.5. We may also collect, directly or indirectly via google analytics, details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
3.6. We may also keep a record of correspondence, in the event you contact us, and/or complete forms in response to our annual consultation period.
3.7. We may retain details of products and services provided by us to you including details of invoices and receipts, and records of transactions you carry out through our site and of the fulfillment of your orders.
3.8. Any and all of this information may be defined as ‘Personal Data’. Our site includes password-protected areas of our site known by as the GRESB Portal, which may be web pages hosted by our external information technology service providers appointed by us. However, this statement only applies to Personal Data provided in the GRESB Portal and the public website for GRESB. Our website does not include the third party websites described below.
4. PURPOSE AND LEGAL BASIS FOR PROCESSING
4.1. GRESB is committed to protecting the personal data of:
4.2. The Personal Data we collect concerning you are processed in full compliance with European regulations.
4.3. When processing your personal data, the purposes pursued are:
4.4. Where the processing of your Personal Data is based on your consent only, you have the right to withdraw this consent at any time. We will then erase your Personal Data and stop processing it.
5. THE TIME WE KEEP YOUR DATA
Your personal data is kept for the time required for the pursuance of the above purposes as follows:
6. STORAGE
6.1. The Personal Data that we collect from you may be transferred to, and stored at, outside the European Economic Area (“EEA”), currently limited to the USA, Singapore, or to authorized employees in Canada, USA and Australia.
6.2. It may also be processed by staff operating outside the EEA that work for us or for one of our suppliers, or our parent company based in the United States. Such staff maybe engaged in, among other things, the fulfillment of your order, the processing of your payment details and the provision of support services.
6.3. All information you provide to us is stored using a password-protected system managed either by us or by independent contractors appointed by us. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share such passwords with anyone.
7. RECEIPT AND TRANSFER OF YOUR PERSONAL DATA
7.1. We may disclose your Personal Data to any parent, subsidiary or group company that may be located outside the EEA, currently limited to the USA, Singapore, or to authorized employees in Canada, USA and Australia.
7.2. Please note that some of the abovementioned countries are not recognized by the European Commission as ensuring an adequate level of protection of Personal Data. GRESB B.V. implemented appropriate safeguards for the protection of your rights and interests in these countries, by executing standard contractual clauses and binding corporate rules, a copy of which can be requested by contacting the following e-mail address: dataprotection@gresb.com.
7.3. We may disclose your Personal Data to third parties:
7.4. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement
8. YOUR RIGHTS
8.1. You have the right to request from GRESB B.V., among others,
8.2. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.
9. VOLUNTARY SUBMISSION OF INFORMATION
9.1. For clients of GRESB, Participants and Members of the GRESB Portal and vendors of GRESB, the provision of your personal data is a statutory and/or contractual requirement, and/or a requirement necessary to enter into the contract with GRESB. Not providing them may result in not entering into the contract with GRESB, or not enabling GRESB to perform its services.
9.2. For any other casual browsers, the provision of your Personal Data is purely voluntarily-based. You may use the GRESB website without disclosing personally identifiable information, and we will not obtain such information about you unless you choose to submit it to us. Any information you submit will be used internally only; however, submission of information authorizes such internal use by us and our employees.
9.3. Not providing your Personal Data may only prevent you to receive information on and activities of GRESB B.V.
9.4. Clients of GRESB, Participants and Members completing the Membership Form will be automatically added to GRESB’s Newsletter list. They can unsubscribe from receiving the GRESB Newsletter at any time.
10. COMPLAINT
10.1. If you believe your data are unlawfully processed by GRESB B.V., you may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
11.1. Any changes we may make to our Privacy Statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Changes to the Privacy Statement will be dated and will be effective from the date specified forward.