Privacy Policy – Pacto application

Last Updated: 23-June-2023

Introduction

Thank you for using the Verent Solutions’ (“Verent”) Pacto application (“Pacto”) to establish a lease agreement with your Tenant/Property Owner and to manage your relationship with the other party as it pertains to that agreement. Trust is imperative in the establishment of such an arrangement not only between you and your Tenant/Property owner but also trust in Verent, your Sponsoring Organization and the Pacto application. Verent is committed to protecting the privacy and security of your personal data. We only collect this information and data without which the Pacto application would not be able to provide the services and assistance it aims to deliver.

The Pacto application is a product of Verent Solutions, PBC. Verent Solutions designs, develops and deploys products and services to address market inefficiencies and improve the relationships between tenants, property owners, municipalities and housing service providers. We build tools to promote healthier and more equitable housing markets.

Verent Solutions is a private public benefit corporation (PBC) committed to operating responsibly and sustainably. Verent is legally obligated to report to its shareholders on its achievements towards its public benefit statement as included in its articles of incorporation in the state of Delaware.

On the relationship between Verent, Sponsored Users and a Sponsoring Organization.

As per the Legal Notice, the Pacto application is currently available by invitation only. In order to register and use the Pacto application, you must be invited to the platform by a Sponsoring Organization. Verent has no control over the individuals invited to the platform by Sponsoring Organizations nor the Sponsoring Organizations’ selection process for identifying those it invites to utilize the platform. Users invited to the platform by these Sponsoring Organizations are considered to be Sponsored Users (“Sponsored Users”) If we refer to “Users” in this document this expression shall encompass “Sponsored Users”.

Therefore, your Sponsoring Organization is responsible for the processing of your data and is the data controller for all data processed through the Pacto application with the exception of specific user data processed by Verent for their own purposes. These shall encompass the sole purpose of being able to maintain and improve the Pacto application, ensure its safety as well as to handle any complaints addressed directly to Verent. For this data, Verent shall be the data controller.

This Privacy Policy only pertains to the data for which Verent is the data controller. The Privacy Policy which governs the data processing activities of your Sponsoring Organization as a data controller can be found in the Pacto application under the “My Sponsoring Organization” page, through other channels as communicated by your Sponsoring Organization, or by contacting your Sponsoring Organization.

Data Controller

When this policy mentions “Verent”, “we”, “us” or “our” it refers to:

Verent Solutions, PBC  («Data controller»)

8 The Green

Suite 8506

Dover, DE, 19901, USA

 

which is responsible for processing your information in accordance with the applicable national and state laws and rules.

This policy describes how we collect, use process, and disclose your personal information in conjunction with your access to and use of the Pacto application and services.

Verent has designated a law firm Miller Canfield W. Babicki, A. Chełchowski i Wspólnicy Sp. k. with a registered office in Gdynia as Verent’s representative in the EU. Verent’s representative may be reached at:  kontakt@millercanfield.com

Information we collect

There are 2 general categories of information that we collect.

Information we automatically collect from your use of the Pacto application.

When you use the Pacto application, we may automatically collect limited information about the features you use within the Pacto application and how you use them. This information is necessary for fulfillment of legal obligation to report against our public benefit statement and based upon our legitimate interest in protecting, providing and improving the services and functionalities of the Pacto application.  This may relate to the data including log data, usage information (e.g. events, actions, interactions), IP address, type of data connection, access dates, times and lengths, device information (hardware and software, device event information, unique identifiers crash data), as well as approximate location (e.g. city).

We do not intentionally target or monitor individual users at any stage of our data processing, including for the purposes outlined above.

Information you choose to give us that allows us to improve the Pacto experience

You may choose to provide us with additional information to improve your experience (either through designated channels within the Pacto app or at the time you use customer service) or submit feedback, suggestions or complaints addressed to Verent.  Such information will be processed based upon the legitimate interest of Verent or users to improve the Pacto service or, when applicable, your consent.

Personal information: You may choose to provide us with Feedback and Suggestions on how to improve the app. In doing so, you may choose to provide Verent with basic personal information such as your name and contact information so that we may follow-up with you to better understand your Feedback and Suggestions.

Written or verbal information: When providing Feedback and Suggestions, you provide us with data describing your feedback and suggestions. You are responsible for ensuring that in doing so you do not provide us with any data (beyond the above-mentioned personal contact information) that could be considered personally identifiable information for yourself or others. If Verent discovers any such information included in your feedback or suggestions, that specific information will be removed from your feedback or suggestions.

Other information: You may also choose to provide us with screen captures, recordings or illustrations which help you to explain your feedback or suggestions. You are responsible for ensuring that in doing so you do not include any data within the provided captures, recording or illustrations that could be considered personally identifiable information of yourself (except for the above contact information) or others. If Verent discovers any such information included in such captures or images, that specific information will be removed from the captures, recordings, or illustrations if possible and if not, the entirety of the provided captures, recordings or illustrations will be permanently deleted.

Children’s Data

The Pacto application is not directed to children under the age of 18 and we do not knowingly collect any personal information from children. If you believe that we are processing personal information belonging to a child inappropriately, we ask that you contact us immediately using the information provided in the contact section.

How Verent uses the information we collect

Verent may collect, use, store and further process your personal data to (1) understand, improve and develop the services provided by and through Pacto application, (2) create and maintain a safe, secure and trusted environment for all users and (3) report on social impact to investors and/or institutional donors.

(1) Understand, improve, and develop the services provided by, and through, Pacto application such that we can:

·       Enable you to communicate with us

·       Operate, protect, improve and optimize the Pacto application and experience such as by conducting analytics and research

We process this personal information for these legitimate interests in providing and improving Pacto and our users' experience.

(2) Create and maintain a safe, secure, and trusted environment for all Users.

To detect and prevent fraud, spam, abuse, security incidents and other harmful activity.

·       To conduct security investigations and risk assessment

·       Comply with our legal obligations,

·       Enforce our Legal Notice and other policies

In connection with the activities above, we may conduct analysis based on your interactions with the Pacto application, your profile information and other content you submit to the Pacto application, and information obtained from third parties. In limited cases, automated processes may restrict or suspend access to the Pacto application if such processes detect activity that we think poses a safety or other risk to the Pacto application, our Users, or third parties. If you challenge the decisioning based on the automated process, please contact us as provided in the Contact Us section below.

We process this personal information for these purposes mentioned in this section 2 to comply with applicable laws, and given our other parties’ including data subjects’ legitimate interest in protecting the Pacto application as well as our Users As fulfilling the above objectives is either crucial for functioning and security of the Pacto application and/or in line with the Users’ interests we believe we can base data processing on the legitimate interests ground.

Every time we process data on the basis of legitimate interest, we perform a respective test regarding weighing rights.

(3) Measure and report on social impact outcomes

As a public benefit company, Verent has a legal obligation to report to its shareholders, and if chooses to do so, the general public on its contributions and achievements as they pertain to its public benefit statement as included in its articles of incorporation. In order to do so we may report anonymized aggregate data to our investors on the contributions of the service to improving security of tenure and relationships between tenants and property owners.

We may report on the general profile of users and their interactions with the application and other users of the application.

Sharing and Disclosure

Compliance with Law, Responding to Legal Requests, Preventing Harm and Protection of our Rights.

Verent may disclose your information, including personal information, to courts, law enforcement, governmental authorities, tax authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (i) to comply with our legal obligations, (ii) to comply with a valid legal request or to respond to claims asserted against Verent, (iii) to respond to a valid legal request relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability, (iv) to enforce and administer our Legal Notice, or (v) to protect the rights, property or personal safety of Verent, its employees, its Users, or members of the public.

These disclosures may be necessary to comply with our legal obligations, for the protection of your or another person's vital or significant interests or for the purposes of our or a third party’s legitimate interest in keeping the Verent application secure, preventing harm or crime, enforcing or defending legal rights.

Where appropriate, we may notify Users about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon Verent’s property, its Users and the Pacto application. In instances where we comply with legal requests without notice for these reasons, we may attempt to notify that User about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.

Service Providers

The Pacto application uses a variety of third-party services to enable us to provide the services related to the Pacto application to you and your Sponsoring Organization. Service providers may be located inside or outside the EEA. Our service providers are based in the US and European Union.

For example, service providers acting on behalf of Verent as a data controller help us in particular 1) collect, store, organize, analyze and respond to your feedback and suggestion such that we can improve our products and services  2) to secure the application and its services. These providers have limited access to your personal data to the extent necessary to perform the service and are contractually bound by data processor agreements or the legal equivalent to protect your data. These third parties only use personal data in accordance with our instruction. Verent only shares data for the legitimate interest (either ours, data subjects’ or third party’s) for the safety of the Pacto application as well as to ensure that we are able efficiently respond to your feedback.

Verent endeavors for all of the data processing to be carried out in the EEA. If a transfer outside EEA occurs, Verent shall secure it with the appropriate legal safeguards (in particular Model Clauses) as well as implement additional security measures, as the case may be. Should you want a copy of such safeguards except for the information constituting business secret, please contact us using the Contact details.    

Business Transfers.

If Verent undertakes or is involved in any merger, acquisition, divestiture, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer or share some or all of our assets, including your information in connection with such transaction or in contemplation of such transaction (e.g., due diligence). In this event, we will notify you before your personal information is transferred to another entity, which will then be the data controller responsible for the performance of obligations related to data processing.

Aggregated Data.

We may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized information for regulatory compliance, industry and market analysis, research, demographic profiling, marketing and advertising, and other business purposes.

Marketing

Verent does not share or sell any personal information with any third party for the purposes of marketing and advertising.

Other important information

Analyzing your Communications.

Neither Verent nor Sponsoring Organizations have access to the details of specific communication between you and other Users, unless: i) all of the parties who  are communicating with each other consent, ii) either of Party flags an important issue with the communication (i.e. abusive language, threats, spam etc.) iii) we have a justified reason to suspect that our application is being misused, or iv) if we receive a formal legal request by competent authorities/court, (v) there is a specific obligation stemming from applicable law provisions. With respect to prerequisites mentioned under points ii) and iii) there shall be performed a test on weighing rights of the data subjects and other parties’ rights. The details of communication between you and other User shall be accessed only if the outcome of the test justifies such access. Both Verent and your Sponsoring Organization do maintain access to the Subject and metadata in relation to complaints and issues that have been tagged as belonging to a pre-defined category of issue.

Should Verent perform these activities as a data controller, they are carried out based on Verent's legal obligation, data subjects’ consents or legitimate interest in ensuring compliance with our Legal Notice, preventing fraud, promoting safety, and improving and ensuring the adequate performance of our services.

Your Rights

Managing your information

You have the right to manage and update some of your information through your profile settings. You are responsible for keeping your personal information up-to-date and ensuring that the information you have provided is accurate. The application will occasionally send you reminders to verify your information.

Right to request changes to personal information

You have the right to request that we make changes to inaccurate or incomplete personal information about you that you are unable to change yourself through the application.

Your rights to access and data portability

You have the right at any time to request access to the personal data Verent processes about you.

In cases where your data is processed on the basis of a contract as well as on the basis of your consent, you also have a right to receive  the personal data concerning you that you have provided to Verent in a structured, commonly used, and machine-readable format and also to have them transmitted to another controller (if technically feasible) (right to data portability).

Data retention, restriction of processing and erasure.

We generally retain your personal information for as long as is necessary for fulfilling particular purposes justifying data processing. Should a certain retention period result from the generally applicable provisions of law, we shall of course comply with such legal provisions.  

In certain cases, you have a right to request restriction of processing your data.

You can also request to have all your personal information deleted entirely. Please note that if you request the erasure of your personal information:

We may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety. For example, if we suspend an Pacto account for fraud or safety reasons, we may retain certain information from that Pacto account to prevent that User from opening a new Pacto Account in the future.

We may also retain and use your personal information to the extent necessary to comply with our legal obligations. For example, Verent may keep some of your information for tax, legal reporting and auditing obligations.

Some copies of your information (e.g., log records) may remain in our database, but are disassociated from personal identifiers.

We will on a regular basis delete inactive User accounts - and all associated personal data - for which, we no longer have a legitimate interest in data retention.

Retention and erasure of data by third party service providers.

Along with any request to have your personal information deleted, Verent will request that any third-party service provider delete your data as well.

Objection to processing

You have the right to object to the processing of your data for specific purposes in case of data processed on the basis of legitimate interest (either ours or third parties). If you object to processing, Verent will cease to process your data unless we can provide compelling legitimate grounds for continuing to process.

Withdrawal of consent

For any processing based on consent, you may withdraw consent at any time without affecting the lawfulness of the processing that took place before the withdrawal. Such withdrawal may be executed by through the channel used for giving the original consent or by contacting:

pacto.dataprotection@verentsolutions.com

Lodging complaints

You have the right to lodge complaints about our data processing activities by filing out a complaint and raising it with our data protection staff. Information on how to contact can be found in the Contact Us section.

You have the right to lodge a complaint directly with the supervisory authority. Information on how to contact the supervising authority can be found at:

Security

We are continuously implementing and updating administrative, technical, and physical security measures to help protect your information against unauthorized access, loss, destruction, or alteration. Some of the safeguards we use to protect your information are firewalls and data encryption, and information access controls. If you know or have reason to believe that your Pacto account credentials have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorized use of your Pacto account, please contact your Sponsoring Organization following the instructions provided in their Privacy Policy or from within the app itself.

Changes to this Privacy Policy

Verent reserves the right to periodically review and modify this Privacy Policy. Such modifications will most often be introduced for safety reasons, due to legal and regulatory requirements, modification of the scope of the Pacto app features or introduction of new features to the Pacto application. They shall be effective after a set effective date calculated from the date of publication of the notice in the Pacto application or sending the appropriate information to your e-mail address assigned to your account in the system. If we make changes to this Privacy Policy, we will post the revised Privacy Policy on the Pacto Application and the Verent Solutions website and update the “Last Updated” date at the top of this Privacy Policy.

Contact Us

If you have any inquires on how we process your personal data or want to exercise your rights, send an email to the Verent Data protection team:

pacto.dataprotection@verentsolutions.com