Privacy and Cookies Policies

PRIVACY POLICY

CASAFARI (collectively, “CASAFARI”, “We”, “Us” or “Our”) respects your privacy and is committed to protecting your personal data. This policy explains how we treat your personal data, protect your privacy when you use our Services and also provides information about your rights under applicable legislation. Please read this policy carefully before you provide us with any personal information. By using our Services, you agree that CASAFARI can use such data in accordance with our privacy policy. CASAFARI complies with the EU General Data Protection Regulation (GDPR) to guarantee you sufficient protection and security of your data.

This policy applies to everyone who uses any website, application, product, software or service from CASAFARI (collectively our “Services”).

Within our Services, there may be links to third-party websites or applications. We do not control and are not responsible for the content or privacy compliance of third-party websites or applications. Therefore, we suggest you check on those websites and/or applications the applicable Privacy Statements and respective Terms of Use

Children’s Privacy. Our Services are not generally aimed at children and are not intended to be used by children or minors (under 18 years old), therefore We do not knowingly collect data relating to children or minors.

CONTROLLER NAME & CONTACT INFORMATION:

The Controller within the General Data Protection Regulation and national data protection regulation is:

Casafari Europe Ltd

Address: 27 Old Gloucester Street, London

WC1N 3AX, United Kingdom

E-mail: [email protected]

WHO WE ARE

CASAFARI is a real estate platform powered by Artificial Intelligence that provides property market competitive intelligence through a Software as a Service (SaaS) and a real estate platform (CRM) for managing listings, clients, and transactions, with integrated market data and automation tools. The CASAFARI company group is composed of CASAFARI LLC, CASAFARI EUROPE LTD and its subsidiaries in Portugal and Hungary.

HOW WE COLLECT INFORMATION FROM YOU

We obtain personal information from you:

Through your interactions with Us and Our Services, such as when you purchase or use Our Services, create an account, fill in contact forms, subscribe to blog updates, request information or contact us for support (please note that we may record or monitor our calls/chat conversations for compliance and quality assurance purposes);
Through your system/device and use of Our Services, our servers, logs and other technologies automatically collect system/device and usage information to help us administer, protect and improve our Services, analyze usage and improve users’ experience;
Through your IP address, in order to diagnose problems with our server, administer the site and track usage statistics. If you reached Our website by clicking on a link or advertisement on another site, then we also log that information – this helps us maximize Our Internet exposure, and understand users’ interests;
Through cookies and similar technologies included on our Services, as you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We gather this data by using cookies and similar technologies as further explained in the Cookies and similar technologies section.

We also collect personal information about you from third parties, such as:

Other application providers where you have permitted us to access information from them via an application programming interface (API), such as from Google Calendar;
The person(s) arranging for you to access Our Services (e.g., your employer or the subscriber of the Service) in order to set up a user account;
An organization to which you belong where that organization provides you with access to Our Services;
Service providers/processors who work with Us with regard to Our Service;
Publicly available sources such as public websites, open government databases or other data in the public domain, to help us maintain data accuracy and provide and enhance the Services.

You can choose whether or not to provide us with personal information, but if you choose not to, you may not get full access to or entire functionality from the Services.

WHAT INFORMATION WE COLLECT

The personal information we collect consists of the following:

Name and contact data, such as first and last name, email address, postal address, phone number, job title, employer, and other similar contact data;
Account Credentials, such as passwords and other security information for authentication and access;
User content, such as communications and files provided by you in relation to your use of the Services;
Payment/Invoicing information, such as your company’s billing address, VAT number, and remaining billing information;
Financial Data including your company’s bank account details;
Device information, such as information about your device, such as IP address, location or provider;
Usage information and browsing history, such as information about you navigating within Our Services, your browsing history and which elements of Our Services you use the most;
Location data, for Services with location-enhanced features, such as location derived from your IP address or data that indicates where you are located with less precision, such as at a city or postal code level;
Demographic information, such as your country and preferred language;
Calendar event information, subject to your consent and authorization, We may access certain Google calendar event information such as event title, event description, event location, time, date, and respective attendees, as well as calendar metadata for application functionality via a Google Calendar integration (the “Google Calendar Event Information”).

HOW AND WHY WE PROCESS YOUR INFORMATION

We have different purposes and legal grounds upon which We use and process your personal information.

Some laws require us to explain our lawful reason for processing your personal information. We process personal information about you on the basis that it is:

Necessary for the performance of a contract/order: We will process your personal information in order to fulfil a contract that we have with you (i.e., to provide you with Services);
In Our or in a third parties’ legitimate interests, such as provision of Services that We are contractually obliged by a third party (such as your employer or Our subscriber, to deliver to you);
Where you give us your consent: We process personal information based on the consent you expressly grant to us at the time we collect such information;
For compliance with a legal obligation (i.e., court order).

Legitimate Interests for Use

The lawful basis to process your information under legitimate interest, are:

To register you as a new customer, manage your account, provide technical and customer support and training, verify your identity, and send you important Service information;
To manage Our relationship with you, Our business and Our third-party providers (i.e., to send invoices, collect and recover sums owed to Us, manage payments, fees and charges, etc).
To enhance your user experience. We analyze the way you use Our Services to provide you with suggestions for features or Services that We believe you will also be interested in. If you give us permission, we may also access your information on third party apps such as Google Calendar in order to improve your user experience by streamlining calendar management and to enable custom features such as reminders, analytics, and integrations;
To provide any third party, who has made Our Services available to you (i.e., your employer or our subscriber), insights about the use of the Services;
For internal research and development purposes and to improve, test and enhance the features and functions of Our Services. All information is collected and used only in the aggregate. For example, we may combine information you have provided Us directly with information collected automatically. This aggregated information is then entered into Our database, where We can use it to generate overall reports on Our visitors, but not individual reports that identify you personally. This is necessary for the purposes of Our legitimate interests to ensure that we provide you the most appropriate offers and to personalize your experience;
Where applicable, we will also aggregate your personal information with that of other individuals, to create comprehensive reports about how customers use Our services and experience Our brand;
To understand how Our business is performing, and considering how to improve Our performance;
To provide you with marketing as permitted by law;
To meet Our internal and external audit requirements, including Our information security obligations (and if your employer or Our subscriber provides for your access to Our Services, to meet their internal and external audit requirements);
To enforce Our terms and conditions and for the purpose of using certain payment features;
To protect Our rights, privacy, safety, networks, systems and property, or those of other persons;
To comply with requests from courts, law enforcements agencies, regulatory agencies, and other public and government authorities, including where they are outside your country of residence;
In order to exercise Our rights, and to defend ourselves from claims and to comply with laws and regulations that apply to Us or third parties with whom we work.

We do not collect or process any so-called “special categories of personal data”, which according to the GDPR include details about your race or ethnicity, religious beliefs, sexual orientation, political opinions, health, biometric data, nor do we collect any information about criminal convictions and offences.

Where We rely on legitimate interests as a lawful ground for processing your personal information, We balance those interests against your interests, fundamental rights and freedoms.

GOOGLE CALENDAR

Certain of our CRM Services may integrate with Google Calendar to provide enhanced functionality to users. Before using such functionality, users must actively opt to integrate their Google Calendar. Users can revoke access at any time through their account settings within our Services interface.

We collect and use the above-mentioned Google Calendar Event Information adhering to the Google API Services User Data Policy, including the Limited Use requirements mentioned thereon and solely to provide core Service functionality, in order to allow users to manage events, schedules, and reminders within our Services and improve user experience by optimising features, enhancing performance and ensuring such Services meet user needs efficiently. We do not collect data unrelated to the functionality of our Services or process such data in a manner inconsistent with the agreed purposes.

Unless as otherwise expressly stated in this Section, we do not use the Google Calendar Event Information for any other purpose other than to provide or improve the Service functionality. We do not share Google Calendar Event Information with third parties, except with the processors indicated herein and only to the extent necessary (i) to operate or improve such Service’s functionality, and (ii) for a purchaser of our company or assets and their professional advisors in the event of a merger or acquisition, in such cases, the service providers are bound and contractually obliged to comply with terms which represent similar obligations as per Google API Services User Data Policy, applicable data privacy regulations, including GDPR. We may also share the Google Calendar Event Information with third parties if required by applicable law, law enforcement authorities or regulators.

MARKETING

We deliver marketing communications to you via email and online. Where required by law, We will ask you to explicitly consent to receive marketing from Us. If We send you a marketing communication, it will include instructions on how to opt out of receiving these communications in the future, through an “unsubscribe” link within any email you receive from Us – we will be sad to see you go, but we respect your privacy.

When you opt in:

We will send you retention emails and messages tailored to your individual preferences and interests. We use analytics to refine our marketing – these will determine the content of the messages and offers you will receive;
Re-targeting. Upon your consent, this enables us to show the visitors already interested in Our Services, advertisements from Us on partner websites. Re-targeting technologies analyze the information We collect about your interactions with us, including your cookies, and display advertisements based on your past web-surfing behavior;
We will use your personal information (including by anonymizing and aggregating it with other customers’ personal information) for sales, supply chain, and financial and analysis purposes, to determine how We are performing, and where improvements can be made and where necessary to report back to our parent or affiliate group companies.

Honoring your marketing preferences is important to Us. You have the right to opt out of receiving direct marketing and targeted online advertising.

Even if you opt out receiving marketing communications by email, we may still send you service communications or important transactional information related to your accounts and subscriptions (for such purposes such as providing customer support).

YOUR RIGHTS

You can update, remove and/or exercise other rights related to your personal data by contacting Us at [email protected].

We aim to ultimately ensure your rights under applicable data protection laws:

Data subject access request: the right to request and obtain details of your personal information and be provided with a copy of the personal data undergoing processing;
Right to rectification – update your personal data: the right to obtain without undue delay the rectification of any incomplete or inaccurate personal data;
Right to erasure (right to be forgotten): the right to have certain personal data about you erased and no longer processed where the personal data is no longer necessary in relation to the purposes for which they were initially collected; where the consent has been withdrawn or objects to the processing; or where such processing does not comply with the applicable legislation;
Right to restriction of processing: the right to request that your personal information is only used for restricted purposes;
Right to opt out of marketing: you can manage your marketing preferences by unsubscribe links found in the communications you receive from Us or by visiting the applicable preference center;
Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable format (i.e., electronic file);
Right to object: the right to object to the processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interest.

In response to a request, We will ask you to verify your identity if we need to, and to provide information that helps Us to understand your request better. If We do not comply with your request, whether in whole or in part, We will provide you with a reasonable and appropriate explanation.

WHO DO WE SHARE PERSONAL INFORMATION WITH

We share your information for the purposes set out in this Policy, with the following categories of recipients:

CASAFARI group companies;
The person providing your access to our Services (i.e., your employer or our subscriber);
Third parties, when you give us consent to do so;
Third parties with whom we are required to share your information by applicable law, such as law enforcement authorities and regulators;
The purchaser of our company or assets and their professional advisors in the event of a merger or acquisition.

Processors

To support the delivery of Our services, CASAFARI relies on service providers. Any third-parties engaged by CASAFARI that might have access or process data that may contain Personal Data is considered a processor. CASAFARI performs a security and privacy review of the practices of any processors before engaging with them. Our current processors are:

Adyen - Payment services
Amazon Web Services - Cloud service provider
Casa Safari, Lda - Services provider
Google Big Query - Cloud data warehouse
Google Cloud – Cloud service provider
Instantly - Email campaigns outreach
Invoice Express - Online invoicing software
Live Agent - Help desk, contact manager
Looker - Business Intelligence Platform
PayPal - Cloud-based payment services
Posthog - Product Analysis Tool
Ringover - Cloud-based phone system
Salesforce - Sales CRM
Slack - Messaging app
Stitch - Replication Service
Streak - Email services
Userguiding – In-app experience system
Vitally – Customer Success Platform
Zapier - Integration Manager

Any processor and/or subcontractor used by CASAFARI is put under thorough scrutiny to assess their security, confidentiality and privacy policies.

DATA SECURITY

CASAFARI takes the security of personal information seriously and We use appropriate technologies and procedures to protect personal information:

Access control: All access to CASAFARI’s products and services is encrypted and protected by a firewall.
Encryption: all data and communications are under thorough security standards, being transported over an encrypted and secure channel. Data is also encrypted at rest, meaning that data is stored within encrypted databases that follow a high level of access security;
Non-disclosure agreement and security training: All our Community members and employees are bound by NDA and subject to continuous security awareness training.

HOW LONG DO WE KEEP PERSONAL INFORMATION?

In general, We will hold your personal information for as long as necessary for the relevant Service, or as long as is set out in any relevant contract you hold with Us and for a reasonable period of time afterwards, for instance to pursue Our legitimate business interests, conduct audits, comply with Our legal obligations, resolve disputes, and enforce our agreements.

We calculate retention periods for your personal information in accordance with the following criteria:

The length of time necessary to fulfill the purposes we collected it for;
When you or your employer (or other subscriber providing for your access to our Services) cease to use Our Services;
The length of time it is reasonable to keep records to demonstrate that We have fulfilled Our duties and obligations;
Any retention periods prescribed by law;
The existence of any relevant proceedings.

We may keep your personal information for a shorter period if you ask Us to delete such information. In that circumstance, CASAFARI will aim to delete your personal information within a maximum period of one month from the date of the request.

COOKIES AND SIMILAR TECHNOLOGIES

We also place a small text file known as a “cookie” on your computer’s hard drive. The use of cookies and other tracking technologies is standard across websites and apps through which information is collected about your online activities across applications, websites, or other services.

A cookie may contain information that allow Us to track your path through the Site. Cookies do not harm your computer or any files on your computer; it cannot be used to read data off of your hard drive and cannot retrieve information from any other cookies created by other websites.

You can manage website cookies in your browser preferences – you will always have the choice to accept, reject or delete cookies. However, if you choose to change your settings, it may result in a loss of functionality for your browser, not only on Our website, but also others. Therefore, for the purposes of enhanced functionality and because cookies do not provide Us with any information from which we can identify you, We suggest you allow Us to place them on your computer.

We use cookies for the following purposes:

Authentication/Status: identify when you visit Our website, if you are logged in, and as you navigate through it.
Analytical/Performance cookies: allow Us to understand how you use Our website, i.e., operating systems used, number of visits, average duration of visits, pages viewed, etc. Overall, these cookies are used to improve the way Our website works and enhance your user experience.
Functionality cookies: these cookies allow the website to remember choices you make and provide enhanced, more personal features, i.e., greet you by your chosen user name and remember your preferences.
Security: We use cookies as an element of security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services in general.

Cookies	Description	Cookie Name
CASAFARI	Used to identify returning user	_uuid
	Used to store login token	Authentic
	Used to subscribe client requests	Breadcrumb
	Used to store last search filter preset	LastFilter
	Used to store las selected UI language	Language
Google Analytics	Used to distinguish users across browsing sessions for Google Analytics, but cannot identify unique users across different browsers or devices.	_ga
		_gat
		_gid
		1P_JAR
		CONSENT
Live Agent	Used to talk to clients in real time	LaSID
		LaUserDetails
		LaVisitorld
		LaVisitorNew

Do We use any non-cookie tracking technologies?

Although not at all times, We may also use web beacons (including conversion pixels) or other technologies for similar purposes as described on this section, and We may include these on Our websites, marketing e-mails or newsletter, to determine whether messages have been opened and links clicked on. Web beacons do not place information on your device, but they may work in conjunction with cookies to monitor website activity.

Tracking and Do-Not-Track Signals

While browsers allow you to disable the usage of cookies, We do not change our practices in response to a “Do Not Track” signal in the HTTP header from your browser. We will not for any marketing purposes, load cookies/web beacons or any other kind of software that tracks your general behavior while you are visiting third party websites. We do, however, track if you click on advertisements for CASAFARI services on third-party platforms such as search engines and social networks and may use analytics to track what you do in response to those advertisements.

EU-US PRIVACY SHIELD

Privacy shield is a framework for transatlantic exchanges of personal data for commercial purposes that protects the fundamental rights of individuals where their data is transferred to the United States and ensures legal certainty for businesses.

It may occur that some of Our processors are based outside the European Economic Area (EEA) so their processing of your personal data involves a transfer of data outside the EEA. If and whenever this happens, We ensure there are adequate safeguards and a similar degree of security is applied, including relying on Privacy Shield, Model Clauses approved by the European Commission, amongst other legal options, otherwise the transfer only occurs where permitted by applicable law, given that the ultimate aim is to ensure that your privacy rights continue to be protected as per this policy.

DATA DISCLOSURE

CASAFARI does not sell, provide or disclose any kind of personal data. All the data We store is kept in encrypted databases and transported in secure channels and will not be accessed for any purposes other than provisioning, maintaining and improving our Services. CASAFARI only discloses data to third parties where the disclosure is absolutely necessary to provide the services that Our clients request or in response to a lawful request from an accredited authority.

UPDATES TO THIS POLICY

This policy may be subject to updates. Any material future changes or additions to the processing of personal information as described in this Policy affecting you will be communicated to you through an appropriate channel.

This privacy policy is effective as of 15 of October 2024.