PRIVACY POLICY

 

 

Last Modified: June 21, 2021

 

Please read this policy carefully to understand our policies and practices regarding your

information and how we will treat it. If you do not agree with our policies and practices, do not

download, register with, or use the Program or access the Site. BY DOWNLOADING, REGISTERING WITH, OR USING THE PROGRAM OR ACCESSING THE SITE, YOU ARE ACCEPTING THIS

PRIVACY POLICY AND AGREEING TO BE BOUND BY THE TERMS AND CONDITIONS

OF THIS PRIVACY POLICY. This policy may change from time to time (see Section XI for

more information on changes to the policy).

 

ONR Applications, INC is committed to providing clear and concise information regarding our privacy policies and practices. This Privacy Statement describes how ONR Applications, INC and its subsidiaries (“ONR,” “Company,” “we,” or “us”) collect, use, and disclose certain personal information in the course of providing our services. By accessing our website (https://onrapp.com), (“Site”), or when you purchase, download, install, register with, access, or use the ONR APP (the “Program”) or utilize any of our services, you consent to the information collection and handling practices outlined in this statement.

 

Users are: (i) the condominiums or homeowner associations who have a Program and/or Site

account (“Client”); (ii) an owner, renter, lessee, tenant of an apartment or unit that opts-in to use

the Site and Program (“Participant”); and (iii) any third party (other than a Participant) with an

account created by the Client (“Third-Party Users”). This Terms and Conditions apply to all Users except as specifically provided otherwise.

You understand that for the use of the Site and Program, the Client has also entered into a separate Software Subscription License Agreement which governs certain aspects of the relationship between ONR and the Client and which may affect the Participants’ and Users’ relation with the Client, their Privacy and their use of the Program and Site.

 

 

This policy applies to information we collect in the App, the Site, through email, text,

and other electronic communications sent through or in connection with the Program and Site. This may include:

  • Information you provide to us directly.
  • Information we gather automatically when use the App, the Site, or any of our other services.
  • Information we gather based on the surveys conducted through the App, the Site, or any of our other services.

 

This policy DOES NOT apply to information that:

 

  • We collect offline or on any other companies’ apps or websites, including websites you may access through the Program or Site.
  • You provide to or is collected by any third party. These other third parties may have their own privacy policies, which we encourage you to read before providing information on or through them.

 

  1. Services and Scope

 

ONR provides comprehensive property management software solutions and services to property owners, property managers, in the rental housing, cooperative, and condominium industries (our “Clients”). Our product line covers the full spectrum of accounting, leasing, operations, resident engagement, and marketing services (collectively “ONR Services”). In providing this suite of services, ONR acts as a service provider under contract to our Clients. As a service provider, ONR does not control any of the personal information we process on behalf of our Clients. Our Clients collect and control all such personal information, and ONR is required to provide our products and services in accordance with Clients’ contractual provisions and instructions regarding data collection, privacy, processing, and security.

 

Our Clients may administer ONR Services access for their employee end users. This administration may include control over end user account access and functionality, as well as access and monitoring of end user data and activity. ONR is not responsible for the privacy or security practices of our Clients, and this Privacy Statement is not intended to cover those Client practices. Furthermore, this Privacy Statement does not apply to the privacy or security practices of any third party.

 

  1. Information Collection

 

ONR Services involve the collection and processing of personal information for business purposes. This includes Client resident and prospect information (either provided by Clients to ONR or collected directly from residents by ONR acting on behalf of Clients) and Client employee information (collected by ONR to establish user account access to ONR Services). This personal information varies depending on the individual ONR Services being utilized, and multiple services may be integrated at a Client property. The information you provide is used to fulfill the functions of the Program and Site, and to fulfill the Client’s specific request or for billing purposes. The information collected may include the following:

 

  • Information that you provide by filling in forms in the Program or Site, information

provided at the time of registering to use the Program or Site, requesting more

information, registering or requesting quotes, and subscribing to our service, and

requesting further services. We may also ask you for information when you report a

problem with the Program or Site.

  • Contact Information & Identification: name, address, telephone number, email address, and emergency contact information.
  • Personal Details: date of birth, social security number, driver’s license/state-issued ID/military ID/passport number, employment history/income, gender, and marital status
  • Credentials and Authentication Information: usernames, passwords, password hints and security questions.
  • Financial Account Information: bank account, credit/debit card, and insurance policy/surety bond information.
  • Property Ledger Information and Documents: resident leases, resident ledger history, utility consumption/expense, property notices and communications, rent/fee payment receipts, and other Client-generated content related to property management and resident history.
  • Information that is about you, but individually does not identify you – such as your responses to surveys that we might ask you to complete for research purposes, and or surveys related to the purpose and use of the Program or Site or related to third-party services.
  • Records and copies of your correspondence (including email addresses and phone

numbers) if you contact us.

  • Details of transactions you carry out through the Program or Site and of the fulfillment of your orders. You may be required to provide financial information before placing an order through the Program or Site (please read the User Agreement for more information for payments done through our Program or Site processed by our third-party providers).
  • Location Information: real-time information about the location of your mobile device, including GPS coordinates and associated geolocation data.
  • Technical Information: IP address, device and hardware specifications, and web browser type.
  • Usage Data: logging data that tracks service access, usage, performance metrics, and error reports.

 

You may also provide information for publication or display (“Posted”) on public areas of

websites or other apps you access through the Program or the Site (collectively, “User

Contributions”). Your User Contributions are Posted and transmitted to others at your own risk.

We cannot control the actions of third parties with whom you may choose to share your User

Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not

be viewed by and or distributed by unauthorized persons.

 

  • Information Use

 

The personal information collected by ONR Services is used for a variety of purposes, including:

 

  • To fulfill the purpose for which the personal information was collected and provide the requested ONR Services.
  • To integrate with apartment community services offered by ONR or third-party service providers contracted by Clients.
  • To process service requests, transactions, and payments.
  • To distribute communications and legally required notices regarding the status of ONR Services via phone, email, and SMS text.
  • To activate, connect to, and operate “smart” devices and Bluetooth-supported services, including locks, thermostats, and other “connected” electronic devices (where applicable).
  • To provide ONR Services maintenance, enhancement, security, support, and website optimization.
  • To maintain compliance with federal and state laws related to software-as-a-service, background screening, financial institutions, and money services businesses.
  • To create, maintain, customize, and secure ONR Services user accounts.
  • To provide you with notices regarding your account/subscription, including expiration and renewal notices.
  • To carry out our obligations and when necessary, enforce our rights arising from contracts entered into between you and us, including for billing and collection.
  • To notify you when the App/Site or any other ONR Services get updated, and of changes to any products or services we offer or provide through the App/Site, when applicable.

 

  1. Information Sharing & Disclosure

 

We may disclose and sell to third parties aggregated, anonymized information about our Users, that does not identify any individual or device, without restriction. Thus, non-personal information may be provided to other parties for marketing, advertising, or other uses. WITH THE BELOW EXCEPTION, WE DO NOT SELL, TRADE, OR OTHERWISE TRANSFER TO OUTSIDE PARTIES YOUR PERSONAL INFORMATION. In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also release your information when we believe release is appropriate to comply with the law, such as to comply with a subpoena, or similar legal process, enforce our policies, and when we believe in good faith that disclosure is necessary to protect ours or others’ rights, property, or safety. However, as mentioned above, non-personal, aggregated, anonymized data information may be provided to other parties for marketing, advertising, or other uses, and we may disclose and sell to third parties aggregated information about our Clients and Users, and information that does not identify any individual or device, without restriction.

 

We may provide your personally identifiable information to companies that provide services to help us with our business activities such as processing payments. These companies are authorized to use your personal information only as necessary to provide these services.

 

  • We may be required to share your data with a merchant if you open a Payment Dispute for a transaction with said merchant or through your bank.

 

If the Company is involved in a merger, acquisition, or sale of all or a portion of its assets, we will notify our clients/users by email (sent to the e-mail address specified in the account) or by means of a notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personally identifiable information.

 

  1. Cookies, Web Beacons, and Other Technologies – Do Not Track

 

When you access ONR Services or our Site, our servers may place small text files (“cookies”) on your computer for recordkeeping purposes. Among other things, cookies enable us to gather information about your activity on our Site for the purposes of improving your online experience, establishing secure user accounts, remembering your preferences and settings, and for other similar customization purposes.

 

In addition to cookies, the ONR Services and our Site may utilize web beacons, clear gifs, or other technologies to gather information on how users interact with and utilize various features. For example, these technologies can identify popular pages, viewing patterns, click-through, conversion rates, and other information that can be used to improve, monitor, and operate our Sites, products, and services.

 

Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers, and our sites are not currently set up to respond to those signals. Most internet browsers provide controls that allow users to directly manage or disable the placement and usage of cookies on their computer. Please note that disabling cookies may deactivate or otherwise restrict certain features of ONR Services or our Site.

 

When using our mobile applications, you have the option to opt out of the collection and use of location information via the settings within the mobile application. If you choose to opt out of the collection and use of location information, the portion of the mobile application that relies upon location-based services will be disabled and any associated functionality and features will be deactivated.

 

  1. Third Party Links to Other Sites

 

ONR Services may include links to third party service providers contracted by us or our Clients. These linked services are operated by unaffiliated third parties that have separate and independent privacy statements, terms of use, and related notices or disclosures regarding information handling practices. We cannot be responsible for the information handling practices of independent parties and encourage you to review their practices prior to information disclosure.

 

  • Data Security

 

ONR implements and maintains appropriate physical, administrative, technical and organizational measures to protect the information we process against unauthorized or unlawful access, use or disclosure, and against accidental loss, damage, alteration or destruction. Under our security policies and practices, access to personal information is restricted and authorized only for those who have a business need for such access. ONR strives to protect the personal information that we process; however, no security program is 100% secure and we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use, or disclose personal information. We maintain security incident response policies and procedures to handle incidents involving unauthorized access to personal data we process.

 

  • Accessing and Updating Personal Information

 

In the event your personal information is determined to be outdated, incomplete, or inaccurate, you may access and update your information by logging into your ONR Services account or contacting your property manager. If you require verification that your requested changes have been completed, and such verification is not readily displayed in your ONR Services account, you may request confirmation at the email address listed below (See “Contact Us”). We will retain User information for as long as your account is active or as needed to provide you services. We will further retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. (See Section X for more information regarding your rights as a California resident).

 

  1. Children’s Online Privacy

 

ONR does not target children under the age of 13 for the collection of information online, and our services are not designed to attract children’s attention or interaction.

 

  1. California Residents – Privacy Rights

 

ONR is committed to providing clear and concise information regarding our privacy policies and practices. California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice. By accessing our Site or utilizing ONR Services, you consent to the information collection and handling practices outlined in this Policy.

 

ONR collects and processes personal information for business purposes. In particular, ONR collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular user or device (collectively deemed “personal information” under the CCPA).

 

Personal information does not include:

 

  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like: health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

 

The CCPA provides California residents with specific rights regarding their personal information. Each right includes the ability to make a specific consumer request and corresponding obligation of the receiving party to (i) verify the identity of the requestor and (ii) respond in accordance with CCPA guidelines. This section describes your CCPA rights and explains how to exercise those rights.

 

ONR collects the categories of personal information listed above from the following categories of sources:

 

  • Resident personal information is collected (i) from Clients’ residents during enrollment in or utilization of ONR Services, (ii) from Clients via direct input into ONR Services or integration with Client software systems and third-party service providers, and (iii) indirectly from credit reporting agencies/bureaus, payment processors/gateways/banks, and Site analytics services integrated with ONR Services.
  • Client employee personal information is collected (i) from Client’s employees during setup of ONR Services user accounts, and (ii) from Client during activation and implementation of ONR Services.

 

Access to Specific Information Regarding Personal Information Use/Disclosure and Portability

  • You have the right to request a summary of the collection, use, and disclosure of your personal information over the past 12 months. Under most circumstances, this request for disclosure should be submitted to the property manager or board that operates your apartment community or rental property. ONR is merely a service provider for our Clients, and we do not control the collection, use, and disclosure of your personal information.

 

However, ONR Program and Site California users’ requests should be submitted directly to ONR. In response to a verifiable consumer request for these services, we will disclose the following information for the applicable ONR Services:

 

  • The categories, specific types, and sources of personal information we collected about you.
  • Our business purpose for collecting the personal information.
  • The categories of third parties with whom we share that personal information and the purpose for the disclosure.

 

You also have the right to request a copy of this personal information in a readily useable format that is transferable to other entities (frequently referred to as “data portability”). If you make a data portability request, ONR may be (i) restricted from providing certain sensitive personal information in response to the request or (ii) prohibited from granting the request entirely if it presents an unreasonable security risk.

 

Deletion of Personal Information

You have the right to request that ONR delete any of your personal information that we collected and retained, subject to certain exceptions. Under most circumstances, this request for disclosure should be submitted to the property manager or board that operates your apartment community or rental property.

 

We may deny your deletion request if retaining the information is necessary for ONR or our service providers to:

 

  1. Complete the transaction for which we collected the personal information, provide the ONR Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you or your property manager, or otherwise perform our contract with you or your property manager.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug ONR Services to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us or your property manager.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

Only you (or someone legally authorized to act on your behalf) may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. To make such requests, you can send us an email or write to us at our mailing address. (Section XIII). We will consider and handle all requests in accordance with applicable laws.

 

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

 

  • Provide sufficient information that allows us to confirm your identity as the person about whom we collected personal information (and, if applicable, the authority and identity of an authorized representative).
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

 

Please note, we cannot respond to your request or provide you with personal information if we cannot (i) verify your identity or authority to make the request and (ii) confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

 

Personal Information Sales – Opt Out Rights

Pursuant to Section IV of this Policy, non-personal, aggregated, anonymized data information may be provided to other parties for marketing, advertising, or other uses, and we may disclose and sell to third parties aggregated information about our Clients and Users, and information that does not identify any individual or device, without restriction. To comport with the requirements of CCPA, we offer the ability for California residents to opt in/out of personal information sales. (See Section XIII for more information regarding contacting us to invoke your rights as a California resident).

 

Responses and Timeline(s)

We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require additional time beyond the 45 days, we are entitled to an extension up to an additional 45 days (for a total response timeline capped at 90 days). In the event that an extension is necessary, we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account where possible. If you do not have an account with us, or your existing account lacks a communication feature, we will deliver our written response to your designated email address. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

 

  1. European Union Residents – General Data Protection Regulation

 

To our EU Users, we are committed to complying with the General Data Protection Regulation

(GDPR) and partnering with other businesses that share our commitment to privacy and compliance. We will continue to make changes to our policies and practices to protect your privacy and ensure ongoing compliance with the GDPR. NOTE: ONR SERVICES ARE AT THIS TIME NOT ENVISAGED AS BEING ADVERTISED TO OR OFFERED TO USERS IN THE EU. However,

 

With respect to EU Personal Data, Client is the data controller and ONR is the data processor. Each party shall strive to comply with their respective obligations under the EU Directive 95/46/EC and the superseding Regulation 2016/679 (“GDPR”) that went into effect on May 25th, 2018. Terms such as “personal data breach”, “supervisory authority”, “processor”, “data subject”, etc. shall have the definitions specified in the EU Directive and/or GDPR. As it relates to EU Personal Data, ONR, Clients, and their users agree:

 

  • ONR shall only process EU Personal Data upon instructions from Clients and users, such instruction is inferred through configuration or signing up for the ONR Services;
  • ONR’s data centers are located in the United States and Clients and users hereby instruct ONR to process EU Personal Data in the United States as needed to perform the service or as otherwise instructed by Clients and users;
  • ONR and Clients shall ensure that persons authorized to process EU Personal Data are committed to a duty of confidentiality;
  • ONR shall implement appropriate technical and organizational measures to ensure that the level of security is appropriate to the risk in the performance monitoring and the analytics processing involved in the service;
  • Taking into account the nature of the processing, ONR will use reasonable efforts to assist Clients in responding to requests by data subjects to exercise data subject rights;
  • Upon receipt of Client or user written request, ONR shall return EU Personal Data or close user account and delete all EU Personal Data;
  • Upon receipt of Client or user written request, ONR will make available to Client or user information reasonably necessary to demonstrate compliance with the obligations in this Policy and contribute to audits, including inspections, conducted by Clients or another auditor mandated by Clients to the extent required by law. Clients shall give ONR at least ninety (90) days’ prior written notice and promptly reimburse ONR for expenses incurred in connection with audits conducted by Clients or a third-party auditor beyond those that ONR already conducts, including but not limited to time reasonably expended for such audits at ONR then current professional services rates (made available to Clients upon request). Prior to commencement of work, ONR and Client shall mutually agree upon scope, timing, and duration of the audit. Client shall promptly notify ONR with information regarding any non­compliance discovered during the course of an audit.

 

For EEA persons/users only:

 

Personal Data shall not be transferred to a country or territory outside the EEA unless the transfer is made to a country or territory recognized by the EEA as having an adequate level of data security or is made with the consent of the Data Subject, or is made to satisfy the Legitimate Interest of ONR in regard to its contractual arrangements with its Clients. ONR’s data centers are located in the United States and Clients and users hereby instruct ONR to process EU Personal Data in the United States as needed to perform the service or as otherwise instructed by Clients and users. If you are using ONR Service from the EEA, you may have broader rights to access and delete your personal data, to object to or restrict processing of your personal data, or request portability of your personal information. To make such requests, you can send us an email or write to us at our mailing address. (Section XIII). We will consider and handle all requests in accordance with applicable laws.

 

  • Privacy Statement Changes

 

ONR reserves the right to amend this privacy statement at our sole discretion at any time. When we make changes to this privacy statement, we will post the updated content to our applicable Site(s) and ONR Services along with the effective date of the change. Your continued use of ONR Services following the posting of changes constitutes your acceptance of such changes.

 

  • Contact Us

 

If you have any questions or concerns about this Privacy Statement or its implementation, you may contact us via the following methods:

 

Via Certified Mail at:

 

ONR Applications, INC

Attn: Privacy (Legal)

 

370 NE 75 St. Suite 127

Miami, FL, 33138

 

OR

 

Via email at: [email protected]