Data Protection Policy

Stuva Properties (“Stuva,” “we,” “us,” or “our”) is committed to protecting the personal data of our clients, partners, and employees. This Data Protection Policy outlines our approach to data privacy, including the types of data we collect, how we use it, and your rights regarding your personal information.

1. Scope and Purpose
This Data Protection Policy applies to all personal data processed by Stuva Properties, regardless of the format or where it is stored. Our aim is to ensure that we handle personal data in a manner that complies with applicable data protection laws, including the General Data Protection Regulation (GDPR) and relevant U.S. privacy laws where applicable.

2. Data We Collect
The types of personal data we may collect include:

• Contact Information: Name, email address, phone number, mailing address.
• Identification Data: Date of birth, nationality, and other identifiers.
• Financial Information: Bank details, payment card information (collected and processed securely).
• Usage Data: Data on how you use our website, services, and products.
• Technical Data: IP address, device information, browser type, and other metadata collected through cookies and similar technologies.
• Communication History: Records of your communications with us via email, phone, and other channels.

We collect personal data directly from you when you engage with our services, visit our website, or communicate with us.

3. How We Use Personal Data
We process personal data for the following purposes:

• Provision of Services: To deliver, manage, and personalize the services you have requested.
• Client Relationship Management: To communicate with you, respond to inquiries, and provide customer support.
• Transaction Processing: To process payments, send invoices, and manage billing.
• Marketing and Communications: To send newsletters, promotions, and other information related to our services (subject to your consent where required by law).
• Legal Compliance: To meet legal and regulatory obligations, such as financial reporting and fraud prevention.
• Improvement of Services: To understand how our services are used, improve user experience, and develop new offerings.

We only process personal data when we have a legal basis to do so, which may include your consent, our contractual obligations, our legitimate interests, or compliance with legal requirements.

4. Legal Basis for Processing
Depending on the data and purpose, we may rely on one or more of the following legal grounds:
• Consent: Where required by law, we will obtain your consent before processing your data for specific purposes, such as sending you promotional emails.
• Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: We process data to comply with legal obligations, such as tax and accounting requirements.
• Legitimate Interests: We may process your data to pursue legitimate interests, provided that these interests are not overridden by your rights and freedoms (e.g., improving our services and customer experience).

5. Data Retention
We retain personal data only as long as necessary to fulfill the purposes outlined in this Policy or as required by law. For instance:

• Transactional Data: Retained for as long as needed to complete the transaction and for financial reporting obligations.
• Communication Records: Retained for up to three years following the last interaction, unless legally required to keep longer.
• Usage Data: Retained for analytics purposes for a period of 12 months, after which it is anonymized or deleted.

6. Data Security
We have implemented appropriate technical and organizational security measures to safeguard personal data against unauthorized access, disclosure, alteration, or destruction. These measures include:

• Data Encryption: All sensitive data is encrypted both in transit and at rest.
• Access Controls: Access to personal data is limited to authorized personnel only and based on the principle of least privilege.
• Regular Audits: We conduct regular audits and assessments of our data security practices.
• Incident Response: In case of a data breach, we have an incident response plan in place to mitigate the impact and notify affected individuals and authorities as required by law.

7. Sharing and Disclosure of Personal Data
We do not sell, rent, or lease personal data to third parties. However, we may share personal data with:

• Service Providers: Third-party vendors who provide essential services such as payment processing, data storage, or IT support. These vendors are contractually obligated to safeguard your data.
• Legal Authorities: Governmental or regulatory authorities when required by law or in response to valid legal processes, such as a court order or subpoena.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, personal data may be transferred to the acquiring entity.

We ensure that any third-party service providers we work with are compliant with relevant data protection laws and handle personal data responsibly.

8. Your Rights
Depending on your location and applicable laws, you may have the following rights regarding your personal data:

• Right to Access: Request access to and obtain a copy of your personal data.
• Right to Rectification: Correct any inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal exceptions.
• Right to Restrict Processing: Limit the processing of your personal data under certain conditions.
• Right to Data Portability: Receive your data in a structured, commonly used format or have it transferred to another controller.
• Right to Object: Object to the processing of your data when based on legitimate interests, including profiling.
• Right to Withdraw Consent: Withdraw any consent you have previously given for data processing.

To exercise any of these rights, please contact us at [email protected]. We may request additional information to verify your identity before processing your request.

9. International Data Transfers
We primarily process data within the United States. However, if your personal data is transferred to a country outside of your own, we will ensure it is protected in accordance with applicable data protection laws. We implement safeguards such as Standard Contractual Clauses approved by regulatory authorities or rely on your explicit consent for such transfers where required.

10. Cookies and Tracking Technologies
Our Website uses cookies and similar tracking technologies to improve user experience, analyze traffic, and support marketing efforts. For more information on our use of cookies, please review our Cookie Policy.

11. Changes to This Data Protection Policy
We may update this Data Protection Policy periodically to reflect changes in our data practices or legal requirements. We will notify you of significant changes through our Website or, when required, via email. The date of the last update is listed at the top of this policy.

12. Contact Us
If you have any questions about this Data Protection Policy or our data handling practices, please contact us at:

• Email: [email protected]
• Mail: Stuva Properties, Fort Collins, Colorado

13. Filing a Complaint
If you believe we have not complied with this Data Protection Policy or applicable data protection laws, you may file a complaint with your local data protection authority or regulatory body.

By using Stuva Properties’ services, you acknowledge and agree to this Data Protection Policy. Thank you for trusting us with your personal information; we are committed to handling it responsibly and in compliance with all relevant regulations.