This Privacy Policy describes how we collect, use, disclose and store information you provide to us. The Privacy Policy applies to https://hamiltonzanze.com, http://www.grahamstreetrealty.com (together, the “Site”), the Hamilton Zanze and/or Graham Street Realty investor portal (the “Portal”), and any website, application, service or tool on or in which they are posted, linked or referenced (collectively, the “Services”). The Portal is owned and/or operated by Juniper Square, Inc. and its affiliates.

This Privacy Policy describes:

• Information that we receive from you when you interact with the Services
• How we use and process the information that we receive
• Whether and why such information may be disclosed to third parties
• Your choices regarding the collection and processing of your personal information

Please note that this Privacy Policy does not apply to information collected through third-party websites or services that you may access through the Services.

PLEASE REVIEW THIS PRIVACY POLICY CAREFULLY. When you submit information to or through the Services, you consent to the collection and processing of your information as described in this Privacy Policy. By using the Services, you accept the terms of this Privacy Policy and consent to our collection, use, disclosure and retention of your information as described in this Privacy Policy.

IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS OF SERVICE, THEN PLEASE DO NOT USE ANY OF THE SERVICES.

The Effective Date of this Privacy Policy is set forth at the top of this webpage. Whenever possible, we will provide you with advance written notice of our changes to this Privacy Policy. We will not make retroactive changes that reduce your privacy rights unless we are legally required to do so. Your continued use of the Services after the Effective Date constitutes your acceptance of the amended Privacy Policy. The amended Privacy Policy supersedes all previous versions.

“Personal Information” means information associated with or used to identify or contact a specific person. Personal Information includes: (1) contact data (such as e-mail address, telephone number and employer); (2) demographic data (such as gender, date of birth and zip code); and (3) certain Usage Data (defined below), such as IP address.

“Usage Information” or “Usage Data” is information about an individual’s online activity that, by itself, does not identify the individual, such as browser type, operating system and webpages visited. Generally, we do not consider Usage Data as Personal Information because Usage Data by itself usually does not identify an individual. Personal Information and Usage Data may be linked together. Different types of Usage Information also may be linked together and, once linked, may identify an individual person. Also, some Usage Data may be Personal Information under applicable law.

“Sensitive personal information” is certain Personal Information, such as information about personal health or finances, that is characterized as sensitive and subject to stricter regulation than other personal information. Before providing it to use, we urge you to carefully consider whether to disclose your sensitive Personal Information to us. If you do provide sensitive Personal Information to us, you consent to its use and disclosure for the purposes and in the manner described in this Privacy Policy.

“Location Data” is a category of Personal Information collected about the location of a mobile device or computer, including:

• the location of the mobile device or computer used to access the Services derived from GPS or WiFi use;
• the IP address of the mobile device or computer or internet service used to access the Services,
• other information made available by a user or others that indicates the current or prior location of the user.

We may combine the information we collect from you with information from other sources and use the combined information as described in this Privacy Policy.

We collect information that you provide to us and from your use of the Services. The information that we collect and how we process it depends on how you use and access the Services. Some information is collected automatically through use of cookies and similar data collection tools. To learn more about how and why we use cookies and similar tools to collect information, please see below.

From You. We collect information from you when you:

• Use the Services: We collect Personal Information and Usage Data from you when you create an account to use one of the Services, contact us for help or information or otherwise voluntarily provide your Personal Information.
• From our Business Partners and Service Providers: Third parties that assist us with our business operations, such as Google Analytics, also collect information (including Personal Information and Usage Data) about you through the Services and share it with us. For more information about Google Analytics and how it collects and processes your data, click here.
• Usage Data: We also automatically collect Usage Data when you interact with the Services.

Cookies

We and the service providers that help us provide the Services use small text files called cookies. “Cookies” are small computer files sent to or accessed from your web browser or your computer’s or tablet’s hard drive that contain information about your computer, such as a user ID, user settings, browsing history and activities conducted while using the Services. Cookies are not themselves personally identifiable, but may be linked to Personal Information that you provide to us through your interaction with the Services. A Cookie typically contains the name of the domain (internet location) from which the Cookie originated, the “lifetime” of the Cookie (i.e., when it expires) and a randomly generated unique number or similar identifier.

How We Use Data Collection Tools

Cookies help us improve the Services by customizing users’ experience with the Services; enabling us to analyze technical and navigational information about the Services; and helping to detect and prevent fraud.

Control of Cookies

Web browsers allow some control of most Cookies through the browser settings.

Some web browsers (including some mobile web browsers) provide settings that allow a user to reject Cookies or to alert a user when a Cookie is placed on the user’s computer, tablet or mobile device. Most mobile devices also offer settings to reject mobile device identifiers. Although users are not required to accept Cookies or mobile device identifiers, blocking or rejecting them may prevent access to some features available through the Services.

Online Advertising

Our advertising management partners use Data Collection Tools through the Services to enable them to recognize a unique Cookie that has been placed on a user’s browser, which in turn enables us and these ad management partners to learn which advertisements bring users to the Services. In addition, we and our ad management partners may use these Data Collection Tools to track the actions of users of the Services, to measure statistics of our marketing efforts, and to deliver advertisements on the Services that may be more relevant to you.

Data Collection by Third Parties

Certain third parties that we do not control may use Data Collection Tools on the Services. This Privacy Policy does not apply to those third parties or their Data Collection Tools.

We may use the information we collect for any of the following purposes:

• to provide the Services to you;
• to operate, improve and personalize the products and services we offer, and to give each user a more consistent and personalized experience when interacting with us;
• for customer service, security, to detect fraud or illegal activities, or and for archival and backup purposes in connection with the provision of the Services;
• to communicate with users by e-mail;
• to better understand how users access and use the Services, for the purposes of trying to improve the Services and to respond to user preferences, including language and location customization, personalized help and instructions, or other responses to users’ usage of the Services;
• to help us develop our new products and services and improve our existing products and services;
• to provide users with advertising and direct marketing that is more relevant to you; and
• to assess the effectiveness of and improve advertising and other marketing and promotional activities on or in connection with the Services.

We may share and disclose information as described at the time information is collected or as follows:

To Perform Services. We may disclose Personal Information to third parties in order to perform services requested or functions initiated by users, such as distributing marketing communications.

With Third Party Service Providers Performing Services on Our Behalf. We share information, including Personal Information, with our service providers to perform the functions for which we engage them (such as hosting and data analyses). We may share information as needed to operate other related services.

For Legal Purposes. We also may share information that we collect from users, as needed, to enforce our rights, protect our property or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. We will disclose Personal Information as we deem necessary to respond to a subpoena, regulation, binding order of a data protection agency, legal process, governmental request or other legal or regulatory process. We may also share Personal Information as required to pursue available remedies or limit damages we may sustain.

Corporate Changes. We may transfer information, including your Personal Information, in connection with a merger, sale, acquisition or other change of ownership or control by or of us or any affiliated company (in each case whether in whole or in part). When one of these events occurs, we will use reasonable efforts to notify users before your information is transferred or becomes subject to a different privacy policy.

If you have any questions about how to access your Personal Information, please contact us at [email protected].

We retain information as long as it is necessary and relevant for our operations. In addition, we retain personal information to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, and other actions permitted by law. After it is no longer necessary for us to retain information, we dispose of it according to our data retention and deletion policies.

We employ industry standard security measures designed to protect the security of all information submitted through the Services. However, the security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our digital services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected. Access to and use of password protected and/or secure areas of any of the Services are restricted to authorized users only. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.

The Services may contain links to third-party websites and services (“Third Party Services“) with which we have no affiliation. A link to any Third Party Service does not mean that we endorse it or the quality or accuracy of information presented on it. If you decide to visit a Third Party Service, you are subject to its privacy policy and practices and not this Privacy Policy. We encourage you to carefully review the legal and privacy notices of all other digital services that you visit.

The Services are not intended for use by children. If you are under the age of majority in your place of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian.

Consistent with the requirements of the Children’s Online Privacy Protection Act (COPPA), if we learn that we have received any information directly from a child under age 13 without first receiving his or her parent’s verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services and subsequently we will delete that information.

How We Respond to Browser “Do Not Track” Signals: Some web browsers (including Safari, Internet Explorer, Firefox and Chrome) incorporate a “Do Not Track” (DNT) or similar feature that signals to digital services that a visitor does not want to have his/her online activity tracked. If a digital service that responds to a particular DNT signal receives the DNT signal, the browser can block that digital service from collecting certain Personal Information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we and many other digital service operators do not respond to DNT signals.

Any personal information collected about EU visitors through the Services is processed in the United States by us or by a party acting on our behalf. When you provide personal information to us through the Services, you consent to the processing of your data in the United States. The Services are hosted in the United States.

Under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”), residents of the state of California have certain rights with respect to their personal information. For purposes of this section, “personal information” has the meaning given to such term under the CCPA. Please note that the rights under the CCPA do not apply to personal information collected, processed, sold or disclosed subject to the Gramm-Leach-Bliley Act (Public Law 106-102), the Fair Credit Reporting Act (12 CFR 1022) and/or the California Financial Information Privacy Act. Under the CCPA you may have the right to:

• Request that we disclose, free of charge, the categories and specific pieces of personal information we collect about you (and, if applicable, sell or otherwise disclose to a third party and the categories of such third parties), the sources from which such personal information was collected, and the business purpose for collecting, selling or disclosing such personal information;
• Choose to opt out of the sale of your personal information. We do not currently sell your personal information or share your personal information with third parties for purposes of cross-context behavioral advertising;
• Request that we delete the personal information we have collected about you; and
• Request that we correct any inaccurate personal information we have collected about you.

We will not discriminate against any California resident who exercises the rights set forth in this section. These rights are not absolute and each is subject to certain exceptions or qualifications.

You have the right to appoint an authorized agent to exercise these rights on your behalf. If you want to exercise any of these rights, or have your authorized agent exercise any of these rights on your behalf, you may contact us using the contact information below. Please note that we may request additional information from you to verify your identity before we disclose any personal or account information.

For consumers with disabilities who need to access this policy in an alternative format, please contact us using the contact information below.

Under the EU’s General Data Protection Regulation “GDPR” and the UK General Data Protection Regulation (i.e., the GDPR as implemented into UK law, the “UK GDPR”), individuals located in the European Economic Area (“EEA”) or the UK, as applicable, have certain additional rights with respect to their personal data. For purposes of this section, “personal data” has the meaning given to such term in the GDPR or UK GDPR, as applicable. For the purposes of applicable data privacy legislation, we are a “controller” of such individuals’ personal data.

Under certain conditions, you may have the right to:

• Access and obtain a copy of your personal data;
• Request correction of your personal data if it is incorrect or incomplete;
• Request restriction of the processing of your personal data;
• Object to the processing of your personal data;
• Request erasure or deletion of your personal data; and
• Request the transfer of your personal data to another party in a machine-readable, commonly used and structured format.

Where possible, we obtain and rely on user consent as a lawful basis for processing personal data. In some cases, we may process and retain personal data pursuant to a legal obligation or another legitimate interest under the GDPR or UK GDPR, to protect your vital interests, our interests, or those of another person, or where necessary for the performance of a contract with you for provision of our services. If we have obtained your consent, then you may withdraw it any time by contacting us.

These rights are not absolute and each is subject to certain exceptions or qualifications.

Residents of the EEA or UK may contact our Data Protection Officer with questions or requests regarding their personal data using the contact information below. Please note that we may request additional information from you to verify your identity before we disclose any personal or account information.

Who Can I Contact Regarding Data Protection Issues?

We have designated a Data Protection Officer to assist with data privacy and data protection issues. You may contact him/her by emailing [email protected] and addressing your questions or concerns to the Data Protection Officer. If you are not satisfied with any response that we have provided, or if you otherwise wish to raise a concern or issue about our data processing practices, you may contact your local data protection authority. For example, in the UK you should contact the Information Commissioner’s Office: https://ico.org.uk/global/contact-us/ or 0303 123 1113.