GDPR Compliance

How we protect the rights of EU citizens and comply with data protection regulations

Last Updated: March 15, 2025

Introduction to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that applies to all individuals within the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

At RentRemind, we are committed to ensuring the protection and privacy of your personal data in compliance with the GDPR. This page outlines how we meet our obligations under the GDPR and details your rights as a data subject.

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right to be informed - You have the right to be informed about the collection and use of your personal data.
  • Right of access - You have the right to request a copy of your personal data that we hold.
  • Right to rectification - You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
  • Right to erasure - You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
  • Right to restrict processing - You have the right to request the restriction or suppression of your personal data.
  • Right to data portability - You have the right to obtain and reuse your personal data for your own purposes across different services.
  • Right to object - You have the right to object to the processing of your personal data in certain circumstances.
  • Rights related to automated decision making and profiling - You have rights related to automated decision making and profiling.

How We Process Your Data

We process your personal data in accordance with the following principles:

  • Lawfulness, fairness, and transparency - We process your data lawfully, fairly, and in a transparent manner.
  • Purpose limitation - We collect your data for specified, explicit, and legitimate purposes and do not process it in a manner that is incompatible with those purposes.
  • Data minimization - We ensure that the personal data we collect is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
  • Accuracy - We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
  • Storage limitation - We keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  • Integrity and confidentiality - We process personal data in a manner that ensures appropriate security of the personal data.

Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

  • Consent - You have given clear consent for us to process your personal data for a specific purpose.
  • Contract - The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal obligation - The processing is necessary for us to comply with the law.
  • Legitimate interests - The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR policy and our privacy practices. If you have any questions about this GDPR policy, including any requests to exercise your legal rights, please contact our DPO using the details set out below:

Data Protection Officer
RentRemind
1827 Bayview Drive
San Francisco, CA 94123
dpo@rentremind.com
(800) 555-1827

International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

Data Breach Procedures

In the event of a personal data breach, we will notify you and any applicable regulator when we are legally required to do so. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so within 72 hours of becoming aware of it.

How to Exercise Your Rights

You can exercise your rights under the GDPR by contacting our Data Protection Officer at the details provided above. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Changes to This GDPR Policy

We may update this GDPR policy from time to time. When we update this policy, we will revise the "Last Updated" date at the top of this page. We will also notify you of any significant changes by email or through a notification on our website.