Privacy Policy

Effective: September 2020

Any references to "BuildingLink," "we," "our" or "us" refer to BuildingLink.com, LLC.

BuildingLink respects your privacy as a user of this site. This Privacy Policy explains what personal information we collect from you, how we use and share that information and, for our users whose personal information is governed by European Union (EU) law, our legal basis for doing so. This policy also details the choices available to you regarding your personal information that we have collected (which may vary depending on the law of the jurisdiction governing the processing of your personal information) as well as how you can exercise those choices. For purposes of this Privacy Policy, the term "personal information" shall include all personal information as defined in the California Consumer Privacy Act ("CCPA") and all "personal data" as such term is defined in the EU General Data Protection Regulation ("GDPR").

This Privacy Policy will be easy to find on the BuildingLink public homepage and on any page where we require information for use of the website.

Services this Privacy Policy covers

This statement applies to all BuildingLink products including the BuildingLink website (www.buildinglink.com), as well as all custom domains created for your building to take you to your BuildingLink site. This Privacy Policy also covers the BuildingLink Blog, the BuildingLink Services and Offers service (the "BuildingLink S&O Service") and all BuildingLink apps and software, including KeyLink (all of the foregoing collectively the BuildingLink "Platform").

Customers and Users

Our "Customer" is typically a legal entity (a company) representing a building or property. Customers purchase or license one or more products or services that are part of the Platform. We also affiliate with certain service providers ("S&O Providers") to provide our BuildingLink S&O Service. Unless specifically noted or implied otherwise by context, references to Customers in this notice include S&O Providers

You are a user of the Platform. BuildingLink collects information from our Customers and users on behalf of our Customers. There are many types of users, and each one has a unique relationship to the information that we collect. Users can include our Customers' employees (building staff, maintenance personnel, managers, etc.), residents (tenants, owners, subtenants, guests, etc.), service providers (outside contractors, local businesses, etc.) and others. Each of these (and generally anyone who has a BuildingLink username and password) is considered a "Registered User". Some users may not be Registered Users, such as a visitor to our public website. Any use of personal information on behalf of our Customers by us is carried out pursuant to an agreement (and/or our applicable Terms and Conditions) in place between BuildingLink and our Customer.

Most Registered Users will be affiliated with one or more BuildingLink Customers (i.e., your building(s)). As described below, BuildingLink is the custodian of data on behalf of our Customers with respect to most of the information we collect.

When a user uses our BuildingLink S&O Service we collect information on behalf of our S&O Provider affiliates prior to linking users directly to the sites of such S&O Providers, where they may collect further information on their own websites. The privacy policies of our S&O Providers govern such personal information collected by or on behalf of our S&O providers.

Our Platform permits our Customers to create their own websites, which facilitate communication and transactions between prospective and current residents. While these websites are built using our Platform, and personal information obtained through these websites are stored on our systems, the processing of such personal information is governed by our Customers. Each Customer determines its own policies regarding information processing, including policies with respect to collection, access, sharing and retention. Please contact the Customer with which you are associated or access its published privacy policy if you have any questions regarding its privacy practices.

Except as described in the table below under the heading "Personal information we process as a controller or business," our Customers determine the purposes and means of the processing of your personal information; and, consequently, are the "controllers" or "businesses" and we are a "processor" or "service provider" with respect to such personal information if the GDPR or CCPA applies to the processing of such personal information. With respect to the personal information under the caption "Personal information we process as a processor or service provider on behalf of our Customers," the processing of your information and your choices with respect to such processing are governed by the privacy policy of our Customer with which you are affiliated, and any requests with respect to your personal information should be directed to such Customer.

Personal information we process as a controller or business

We have created the following table to help you understand the categories of personal information that we are responsible for, and process:

Categories of Personal Information

Specific Types of Personal Information

Source

Why We Collect It - Our Purposes

Customer personnel information

Contact Information: First and last name, email address, employer, phone number (work), physical address (work), job title.

Marketing Preferences and Customer Service Interactions: Marketing preferences; responses to voluntary surveys.

Operational Data: Transactions, sales, purchases, uses, supplier information, credentials to online services and platforms, and electronic content produced by individuals using company systems, including online interactive and voice communications such as blog, chat, webcam use, and network sessions.

Directly from our Customers and Customer personnel

Communicate with Customers and Customer personnel for the purpose of supporting our contractual relationship. This includes:

  1. Informing Customers about our Platform and solutions and providing access to our Platform where the Customer enters into an agreement with us.
  2. Providing back-end access to the Platform for Customer and Customer personnel
  3. Tracking and responding to Customer's inquiries, reports, reviews or correspondence regarding products and services.
  4. Administering Customer account(s).
  5. Providing and improving our customer service.
  6. Facilitating communications generally in the context of our business activities.
  7. Sending administrative information to Customer, such as changes to our terms, conditions and policies.
  8. Enforcing our Terms and Conditions and any other contractual terms and conditions that govern our relationship with our Customers.
  9. Continuously improving, customizing and personalizing our Platform.
  10. Analyzing and improving the safety and security of our Platform.
  11. Supporting our internal operations, including CRM and Customer technical support.
  12. Connecting with vendors via APIs to allow vendors to provide specific services directly to Customers.
  13. Providing Customers and Customer personnel with access to our 'App Store' to allow Clients to directly enable external applications.
  14. Carrying out machine learning, data extracting and loading data in data warehouses, in order to support our enterprise software, data access, modifications, operations, and provide access to third parties via secure integrations.

Prospective Customer personnel information

First and last name, email address, employer, phone number (work), physical address (work), job title.

Directly from prospective Customer personnel.

Contact prospective Customers in order to set up demos of our Platform. This includes:

  1. For marketing purposes, such as re-engaging with prospective Customers who have expressed an interest in our Platform.
  2. Administering account access to our Platforms.
  3. Responding to inquiries, for example, when you send us questions, suggestions, compliments or complaints, or when you request further information about our services

End users

Contact Information: First and last name, email address

Survey Responses

Directly from end users in response to voluntary surveys.

Platform improvement and marketing purposes (to potential Customers).

End users of BuildingLink S&O Service

Contact Information: First and last name, email addresses, mailing addresses, phone numbers

Information useful for facilitating connection with relevant S&O Providers or otherwise for marketing purposes such as transaction history, marketing preferences and responses to voluntary surveys.

Directly from end users in the course of their use of the BuildingLink S&O Service.

For marketing purposes, such as targeting offers distributed by us on behalf of S&O Providers or other third parties.

Personal information we process as a processor or service provider on behalf of our Customers

Our Customers' privacy policies apply to the processing of personal information described below, and we are providing this description for your and our Customers convenience.

In order for you to use the BuildingLink Platform we need to collect and process certain personal information on behalf of our Customers. Most of this information is provided by our Customers in their configuration, administration and use of the Platform or by you when you use our Platform in association with a Customer.

Some information is obtained through your use of our Platform, for example, when we receive error reports or use cookies (see below).

We may also collect personal information on behalf of our Customers from other sources, including data companies, publicly accessible databases, and joint marketing partners.

We also receive some personal information from other Registered Users. An example would be when a Registered User submits or modifies the information and settings for various non-Registered User 3rd parties, such as family members, roommates, or other people who are relevant to the building's management and who they wish to submit through BuildingLink (e.g. housekeepers, cleaners, caretakers). There may be personal information submitted by our Customers about our Registered Users that Registered Users cannot access directly through their accounts.

The types of information we process on behalf of our Customers depend on your level of access and engagement with BuildingLink, as well as what BuildingLink products and services you and the Customer are using, and can include:

Cookies

We use cookies on this site to provide users with customized and personalized services. Cookies are small amounts of data that are sent to a user's browser from a website and stored on a user's hard drive for record-keeping purposes. This information does not necessarily identify the user but does identify the computer being used which in certain circumstances may in and of itself constitute personal information. The cookies used will not collect any personal information like name, address or telephone number.

Our use of cookies and other tracking technologies

We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your Internet browser's "help" directory. If you reject cookies, you may still use our site, but your ability to use some areas of our site will be limited.

Web Beacons / GIFs

Third party tracking technology companies employ a software technology called clear gifs (a.k.a. Web Beacons), that help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user's computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We do not link the information gathered by clear gifs to an identifiable person.

Analytics / Log Files

As is true of most web sites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users' movements around the site and to gather demographic information about our user base as a whole. We do not link this automatically collected information to an identifiable person.

3rd Party Tracking

The use of tracking technologies by our service providers, technology partners or other 3rd party assets (such as social media widgets and plug-ins) on the site is not covered by this Privacy Policy. These 3rd parties may use cookies, clear gifs, images, and scripts to help them better manage their content on our site. We do not have access or control over these technologies. We do not link the information gather through such technologies to an identifiable person.

How we use the information we process on behalf of our Customers

Our Customers determine the purposes and means of the processing of personal information we process on their behalf. The uses of personal information described below summarize our typical uses of personal information on the instruction of our Customers. We are providing this description for your and our Customers convenience. We use the information we process on behalf of our Customers to, for their benefit:

For visitors requesting information about our products and services or services of our affiliates from one of our websites (where we are the controller or business), we use the information we receive to:

If you provide us personal information about others, or if others give us your information, we will only process such information to the extent permitted by applicable law and only use that information for the specific reason for which it was provided to us.

How we disclose personal information

We will not disclose any personal information that we collect from you to any external parties except as indicated below:

  1. Our affiliates. We may disclose personal information to any of our subsidiaries and affiliates within the BuildingLink corporate group.
  2. Service providers/sub-processors. We may disclose personal information to our service providers and sub-processors who perform certain services necessary to run our business (for example, data hosting and development, data analysis, customer service, auditing and other services), provided that these service providers and sub-processors have entered into legally binding agreements with us to protect the personal information shared, limit their use, retention, and disclosure of the personal information, and assist us with our compliance requirements under applicable law. For example, we transfer anonymous phone numbers to our communications provider Twilio, which completes calls and text messages for our Emergency Broadcast module. You can view Twilio's Privacy Policy here.
  3. Legal request. We may disclose personal information to comply with applicable law and our regulatory monitoring and reporting obligations (which may include laws outside your country of residence), to respond to requests from public and government authorities (which may include authorities outside your country of residence), to cooperate with law enforcement, or for other legal reasons.
  4. Business transfer. We may disclose personal information to a buyer or successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of BuildingLink's assets, whether as a going concern or as part of bankruptcy, liquidation, receivership, or similar proceeding in which personal information held by BuildingLink are among the assets to be transferred. If BuildingLink is involved in any such transaction, you will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
  5. Enforcement of our or others' rights. We may disclose personal information to external parties the extent that this is necessary to enforce or protect our rights, privacy, safety or property, and/or that of our affiliates, you, or others, including enforcing our Terms and Conditions and any other agreements (such as for billing and collection purposes and fraud prevention).

European Union Data Subjects

Lawful basis for processing personal information

Data protection law in Europe under the GDPR requires a "lawful basis" for collecting, processing and transferring personal information from citizens or residents of the European Economic Area (EEA). We collect and process personal data about you only where we have a legal basis for doing so. Our legal bases for processing personal data are dependent on the purpose and context of the processing activity.

Our legal bases include:

Other than as described above on behalf of our Customers, we do not collect sensitive personal information such as data concerning health, gender, racial or ethnic origins, or genetic or biometric information (known as special categories of data in the European Union). We do not collect or otherwise process personal information from children.

Processing of Information in the United States

BuildingLink is headquartered in the United States. Information we collect from you will be processed in the United States. As described below, the United States has not sought or received a finding of "adequacy" from the European Union.

Transfer of personal information to the United States and other countries

Your personal information may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Platform you understand that your information will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data.

Adequacy Decision. Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as standard contractual clauses adopted by the European Commission to protect your personal data (see below). You may obtain a copy of these measures by contacting us in accordance with the "Contact Us" section below.

Standard Contractual Clauses. The European Commission has approved the use of standard contractual clauses as a means of ensuring adequate protection when transferring data outside of the EEA. By incorporating standard contractual clauses into a contract established between the parties transferring data, personal data can be protected when transferred outside the EEA to countries which have not been deemed by the European Commission to adequately protect personal data. We, and some of our affiliates, may rely on standard contractual clauses for transfers of personal data from the EEA to the US.

General derogations under the GDPR. The GDPR provides for certain derogations for specific situations where transfer to a third country is permitted, such as with explicit consent or as necessary for performance of a contract with a data subject. Subject to the conditions for such transfers, BuildingLink may rely on such derogations from time to time for transfers of personal information.

The EU-U.S. Privacy Shield.

We are aware that on July 16, 2020, the European Court of Justice struck down the EU-US Privacy Shield (Privacy Shield) that provided US businesses with a legal mechanism for transferring personal data from the EU to the US in compliance with the GDPR.

BuildingLink continues to comply with the E.U.-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information from the European Union and the United Kingdom. BuildingLink has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the E.U.-U.S. Privacy Shield, and to view our certification, please visit www.privacyshield.gov.

BuildingLink is responsible for the processing of information we receive pursuant to the Privacy Shield Framework, and subsequently transfer to a third party acting on our behalf (e.g., a sub-processor or service provider to BuildingLink). It is our responsibility to ensure that any sub-processors or service providers we use also adhere to the Principles. You can request a current list of service providers (sub-processors) here.

The Federal Trade Commission (FTC) has jurisdiction over BuildingLink's compliance with the Privacy Shield.

Resolution of issues relating to personal information

For questions, comments, complaints, access requests or other issues relating to the Privacy Shield or our Privacy Policy, please email privacy@buildinglink.com or call +1-877-501-7117. For any issues that cannot be resolved through BuildingLink directly, you may contact JAMS at https://www.jamsadr.com/eu-us-privacy-shield. If your concerns are still not addressed by JAMS, you may be entitled to a binding arbitration under the Privacy Shield Principles.

You may also lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs. A list of data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Data subject rights. Under the GDPR (subject to any relevant exceptions) you have the right to access, correct, change, delete, restrict, exercise your right to data portability, or object to the processing of personal data. Please see the information beneath the caption "Data subject rights; user access and choice" for information on how to exercise your choices with respect to your personal information and on submitting requests relating to your personal information.

Please see the note beneath the caption "Data subject rights; user access and choice." When BuildingLink maintains personal information for end users with whom BuildingLink does not have a direct relationship (i.e., because BuildingLink is maintaining the personal data in its role as a processor for its Customers), such end users should submit complaints and requests concerning the processing of their personal information to the relevant Customer, in accordance with the Customer's privacy policy.

California Residents' Privacy Notice

The following user access and choice rights are obligations of BuildingLink where we are the "business" under the CCPA (i.e., with respect to the personal information described above under the caption "Personal information we process as a controller or business"). With respect to all other personal information described herein, the access and choice rights are properly addressed between you and our relevant Customer subject to such Customer's privacy policy.

Residents of the State of California may request a list of categories of third parties to which we have disclosed certain personal information during the preceding year for those third parties' direct marketing purposes, if any. In addition, upon verifiable written request, we will provide to you information regarding the categories of personal information we gather about you, the categories of sources from which we obtain the personal information, the business or commercial purposes for which the personal information is gathered (and, in the event we ever sell personal information, the business or commercial purpose for such sales), and the categories of third parties with which we share or, in the event we ever sell personal information, the categories of personal information sold and categories of third parties to whom we sell the information, by category of personal information sold to such parties, respectively.

Upon verifiable request or when required or otherwise appropriate, and within periods (if any) set by applicable law, we will grant you reasonable access to or copies or other compilations of the specific items of personal information that we hold about you provided that you establish to our reasonable satisfaction that you are the person whose personal information is requested. We may deny such access where the denial is permitted by applicable law and every request from an individual will be assessed on a case by case basis. In the event a request is denied, we will notify you regarding the reasons for the denial in writing. Consistent with how your personal information is maintained in the ordinary course of our business, we will provide the information in an understandable form, and to the extent feasible in a format that permits you to use the information on other systems. We may impose a reasonable charge when a request is made (e.g., for photocopying or postage) to the extent permitted under applicable law.

We will take reasonable steps to permit you to correct or amend personal information that is demonstrated to be inaccurate or incomplete. We also will delete personal information we have gathered about you when you make a verifiable request that we do so, except to the extent applicable law permits or requires us to maintain that information.

To guard against fraudulent requests for access, we will require sufficient information to allow us to confirm the identity of the individual making the request before granting access or deleting the information. We will not discriminate against consumers who exercise their rights under California law. However, we may charge different prices or provide a different quality of goods or services if the difference is reasonably related to the value provided by your personal information and may offer financial incentives to an individual for the collection, sale, or deletion of personal information if the individual provides its prior consent to the terms of those incentives.

California's Do Not Track Notice: At this time, there is no worldwide uniform or consistent industry standard or definition for responding to, processing, or communicating Do Not Track signals. Thus, like many other websites and online services, our Platform is currently unable to respond to Do Not Track signals. To find out more about "Do Not Track", you may wish to visit http://www.allaboutdnt.com.

Please see the note beneath the caption "Data subject rights; user access and choice." When BuildingLink maintains personal information for end users with whom BuildingLink does not have a direct relationship (i.e., because BuildingLink is maintaining the personal data in its role as a service provider for its Customers), such end users should submit complaints and requests concerning the processing of their personal information to the relevant Customer, in accordance with the Customer's privacy policy.

We do not sell personal information; use of aggregated personal information

Your personal information is neither sold nor rented to third parties without your express permission. We do retain the right to share non-identifying aggregated demographic and/or statistical information with partners, advertisers and sponsors.

We may use non-identifying and aggregated information to improve your experience on the website and to share with partners, advertisers and sponsors. For example, any personal information will remain with us, however, your visit may be counted to demonstrate the number of visitors to a particular page or area of the site.

Data subject rights; user access and choice

Note: These rights are generally exercisable against BuildingLink's Customers and not against BuildingLink because BuildingLink is acting as a processor or service provider to our Customers. These rights are only exercisable directly against BuildingLink when we are determining the purposes and means of processing of your Personal Information (which we generally only do if you are an employee of one of our Clients or someone we are sending marketing communications to, as described under the caption "Personal information we process as a controller or business"). Thus, the description provided below is for your and our Customers' convenience - please reach out to our Customers directly if you wish to exercise any of these rights. Some of the information that our Customers are required to provide to you can be found in our Customers' respective privacy notices.

Data subjects whose personal information is governed by the laws of certain jurisdictions, such as the GDPR with respect to member states of the EU and the CCPA with respect to California in the U.S., are afforded certain rights regarding their personal information. These rights include (to varying degrees and subject to varying conditions depending on the relevant legislation) the right to access, correct, restrict or object to processing and request deletion of your personal information. While these rights are not applicable worldwide, all BuildingLink users can manage their personal information as described below.

Where you have set up an account on our Platform through one of our Customers, it is up to you to keep your personal information up to date. If you are unable to update your personal information, please contact our relevant Customer with which you have a primary relationship. If our Customer is unable to assist you, we will endeavor to assist our Customer with updating your information.

You may access, correct, update, amend or remove certain personal information by making the change on your user account settings page or by requesting that our Customer (your property manager or other program administrator) make such change on your behalf. Your account is protected by a password. We encourage you to choose your password carefully and keep it secure. If you have trouble accessing your account or your information, you can contact BuildingLink by emailing our customer support team at support@buildinglink.com, or calling +1-877-501-7117.

If you wish to request your personal information be deleted/removed or its processing restricted or ceased or to exercise any other rights you have with respect to your personal information, please contact the BuildingLink Customer with whom you are affiliated (your building), or, if you are a representative of a BuildingLink Customer or your personal information is otherwise of the nature described above under the caption "Personal information we process as a controller or business," please contact us at privacy@buildinglink.com.

If you are a BuildingLink Customer and no longer require our service, please contact support@buildinglink.com. Termination of service proceedings are conducted offline and are subject to approval by our Customer, if you are a resident or staff user. We will respond to your request within thirty (30) days.

Links to third party Web sites

Our Platform includes links to other Web sites whose privacy practices may differ from those of BuildingLink. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any Web site you visit.

Our commitment to children's privacy

Protecting the privacy of the very young is especially important. Our Platform is intended for use only by persons 18 years of age or older. By using the Platform, you represent that you are at least 18 years of age. Furthermore, we never collect or maintain information at our website from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.

Data Protection Addendum

To assist our Customers in the EEA in complying with applicable data protection legislation, we offer a Data Processing Addendum (DPA) to our Subscription Agreement. To request a DPA, click here.

Personal Information Protection and Electronic Data Act ("PIPEDA")

For our Canadian Customers, BuildingLink shall act in accordance with the privacy provisions contained in the PIPEDA.

Changes to this policy

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account), by post-login message on the BuildingLink Platform and/or by means of a notice on this page prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. The most recent version of this Privacy Policy supersedes all other versions.

Contact us

Data Protection Officer
dpo@buildinglink.com

Postal Address
BuildingLink.com, LLC
85 Fifth Avenue, Floor 3
New York, N.Y. 10003

Phone
(877) 501-7117 or (212) 501-7117
Available 9am-5pm Eastern Time

Fax
(212) 501-8222

General User Support Email
support@buildinglink.com