When we refer to 'we’ (or 'our’ or 'us’), that means Occu Living Limited. Occu Living Limited is a wholly-owned subsidiary of SW3 Capital Limited. Occu Living Limited is our legal company name but we are trading as Occu. To keep things simple, we will use our trading name 'Occu' throughout this Privacy Notice. Occu is based in Ireland.

Occu is committed to protecting personal information by processing it responsibly and safeguarding it using appropriate technical, administrative, and physical security measures.

This Privacy Notice describes how and why we, as Data Controller, obtain, store and process personal data. 'Personal data’ means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. We commit to processing your personal data fairly, lawfully, and transparently. In the spirit of data privacy principles, we will only collect and use your personal data for the following purposes, to:

• Provide our services
• Improve our services
• Make our marketing more relevant
• Meet our legal responsibilities

Please do not hesitate to contact us if you have questions in addition to the information provided in this Privacy Notice at info@occu.ie.

Depending on the type and level of engagement you have with us, we may collect the following categories of personal data in physical and/or electronic form:

• Identifying and Demographic Information: Your full name, gender, age and date of birth, contact information, such as your address and contact details (including your email and mobile telephone number) and country of residence
• Lifestyle and social circumstances: for example, your pastimes
• Family circumstances: for example, your marital status and dependents
• Employment and education details: the organisation you work for, location, your job title etc.
• Government identifiers: your personal public service number, passport number, driver’s licence
• Financial and tax-related information: for example, your income
• Your postings on any blogs, forums, wikis and any other social media applications and services that we provide;
• Billing Information: such as payment preferences, address, bank account details
• Communications: such as a record of our interactions with you using one or multiple of the following; direct messages, emails, posts, phone conversations
• User Feedback: while using our services, occasionally you may be asked to provide feedback. Providing this feedback is entirely optional

When you visit our website, we collect technical data such as:

• Usage data: (if permitted) we collect certain information related to your device, such as your device’s IP address, what pages your device visited, and the time that your device visited our website (for more information please see 'Our Use of Analytics' section)
• Cookies: (if permitted) your IP Address and other information provided to us by cookies (for more information please see our Cookies Policy)
• Digital Images: such as ID and photographs for verification of identity purposes
• Video Recordings: such as CCTV footage in any of our physical premises. This generally excludes physical premises from which we operate as a contracted agent. Please contact us at info@occu.ie for more information on our data retention policy for CCTV footage.

While our services are designed for a general audience, we will not knowingly collect any data from children under the age of 16 or sell products or services to children, without the consent of a parental guardian to do so. If you are under the age of 16, you are not permitted to use or submit your data to the website.

As part of providing our service to you, we will need to collect and process sensitive data (otherwise known as 'Special Categories of Personal Data'). Sensitive data refers to specific categories of personal information that are considered highly private and require special protection. This includes (but is not limited to) data related to an individual's race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, and any data revealing sex life or sexual orientation. Processing sensitive data requires a higher level of precaution due to its potential impact on an individual's fundamental rights and freedoms.

The sensitive personal data we collect may include details about your:

• dietary requirements (for example, where SW3 Capital would like to provide you with lunch during a meeting);
• health (for example, so that we can make reasonable accommodations for you in our buildings or at our events)
• sexual orientation (for example, if you provide us with details of your spouse or partner)

When it comes to processing sensitive data, we will only process or share your sensitive data with your explicit consent unless there is a specific legal basis that allows processing without consent. Explicit consent means obtaining clear and unambiguous permission from you, presented in a way that is separate from other terms and conditions. You will be fully informed about the purpose of processing the sensitive data and any potential consequences.

If you fail to provide us with this information, or you object to us processing such information (see “Your Rights and Our Commitment to You” section below) the consequences are that we may be prevented from processing your instructions or continuing to provide all or some of our services to you or our client.

Where we are provided with personal data about you by our client or another third party, we take steps to ensure that the client or other third party has complied with the data protection laws and regulations relevant to that information. This may include, for example, that the client or other third party has provided you with notice of the collection (and other matters) and has obtained any necessary consent for us to process that information as described in this privacy notice.

If any information which you provide to us relates to any third party (such as a spouse, people who depend on you financially, or a joint account holder or beneficiary), by providing us with such personal data you confirm that you have obtained any necessary permissions from such persons to the reasonable use of their information in accordance with the above provisions, or are otherwise permitted to give us this information.

We may collect your personal data in one of the following ways:

• When you create an account with us on our Applicant or Resident portal
• When you provide additional information directly into our products and services
• When you visit our website
• When you express an interest to use our services
• When you contact us for service-related queries
• When you engage with us on social media
• When you review our services
• When you interact with our website (see our Cookies Policy for more details)
• When you apply for an employment vacancy with us
• When you subscribe to our newsletter or blog

We may also receive data about you from various third parties, including:

• Technical data from analytics providers. Please see further information in the section entitled 'Our Use of Analytics'
• Technical data from our website and cookies providers. Please see further information in the section entitled 'Our Use of Cookies'
• Contact and/or transactional data from our trusted third party providers. Please see further information in the section entitled 'How We Share Your Data'

We collect and process information about you and/or your business to enable us and other members of Occu’s group to provide our services to you, to enable us to provide you with information that we think may be of interest to you and in order to meet our legal, contractual, or regulatory obligations.

Where we provide you with information that we think may be of interest to you, you have the right to unsubscribe at any time by following the unsubscribe instructions in our communication or by contacting us in the manner set out in Section 12.1 below.

We will only collect and process your personal data where we have a legal basis to do so. As a data controller, the legal basis for our collection and use of your personal data varies depending on the manner and purpose for which we collected it. We will only collect personal data from you when:

• We have your consent to do so, or
• We need your personal data to perform a contract with you, or
• We are pursuing our legitimate interests in a way that you might reasonably expect to be a part of running our business and that does not significantly impact your interests, rights, and freedoms. For example, communicating with you if we have a sufficient legal ground based on the e-marketing laws in your country
• We have a legal obligation to collect or disclose personal data from you (for example, we are legally obligated to register all tenancies with the Residential Tenancies Board or in suspected instances of fraud we may need to give personal data to relevant government bodies).

To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because either:

(i) you have given us your explicit consent to process that data;

(ii) we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations (or other legal obligations imposed on us);

(iii) the processing is necessary to carry out our obligations under employment, social security or social protection law;

(iv) the processing is necessary for the establishment, exercise or defence of legal claims or

(v) you have made the data manifestly public.

Please note that in certain circumstances it may be still lawful for us to continue processing your information even where you have withdrawn your consent, if one of the other legal bases described above is applicable.

If you are a current resident of one of our locations, please be advised that Occu Living Limited may be a designated sub-processor, rather than a Controller. For further information on Data Protection Policies and Procedures for your specific location, please contact your Property Manager.

We process your personal data in order to fulfil any of the activities below:

• Setting up an account with us
• Providing, operating, and maintaining our services
• Providing communications to existing customers or subscribed users
• Processing and completing transactions, and sending related information, including transaction confirmations and invoices
• Managing our customers’ use of our services, responding to enquiries and comments, and provide customer service and support
• Sending customers technical alerts, updates, security notifications, and administrative communications
• Investigating and preventing fraudulent activities, unauthorised access to our services, and other illegal activities
• The enter into a residential tenancy agreement (electronically or otherwise) and the secure storage of such residential tenancy agreement
• Applicable legal, regulatory or professional requirements
• Requests and communications from competent authorities
• Administrative purposes
• Invoicing and risk analysis purposes
• Client and prospect relationship purposes, which may involve: (i) sending you insights, opinions, updates, reports on topical issues or details of our products and services that we think might be of interest to you; (ii) contacting you to receive feedback on services; and (iii) contacting you to invite you to events, seminars, briefings
• Recruitment and business development purposes (for example testimonials from a client’s employees may be used as part of our recruitment and business development materials with that employee’s permission)
• Services we receive from our professional advisors, such as lawyers, accountants and consultants
• Protecting our rights and those of our clients
• We will use your personal data to provide you or our clients or other third parties with services. As part of this, we may use your personal data in the course of correspondence relating to the services. Such correspondence may be with you, other third parties, other SW3 Capital entities, our service providers or competent authorities. We may also use your personal data to conduct due diligence checks relating to the services.

We sometimes share your personal data with our trusted categories of third parties we use to conduct our business. Our trusted categories of third parties include:

• Other entities within the SW3 Capital group of companies, our subsidiaries, related companies and affiliates, including the owners and landlords of Occu locations
• Website provider
• Cloud service (SaaS) providers
• Social media providers
• Professional services providers (e.g., our lawyers, accountants, consultants, auditors and insurance providers)
• E-marketing providers
• Advertising providers
• Recruitment partners
• Payment providers
• Intermediaries, brokers, and other individuals and entities that partner with us;
• Utility providers
• Credit reference agencies or other organisations that help us make credit decisions and reduce the incidence of fraud and other third parties that reasonably require access to personal data relating to you for one or more of the purposes outlined above.
• Any other person or organisation after a restructure, sale or acquisition of any SW3 Capital entity, as long as that person uses your information for the same purposes as it was originally given to us or used by us (or both) (See “Sale or Merger” section below).
• Competent authorities (including courts and authorities regulating us or another SW3 Capital entity);
• Your employer and/or their advisers and/or your advisers

A full list of our data sub-processors can be found in our Privacy Center on our website.

Our Website may host various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Importantly, any personal data that you contribute to these Social Media Applications can be read, collected and used by other users of the application. We have little or no control over these other users and, therefore, we cannot guarantee that any information that you contribute to any Social Media Applications will be processed in accordance with this privacy notice.

As part of fraud monitoring and prevention, we may be legally required to share your personal data with government bodies and law enforcement. Please note that these bodies may retain a record of the information that we provide to them for this purpose.

We may share your personal information as part of a merger or acquisition. If Occu is involved in a merger, financing, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets, or in the event of a liquidation, insolvency, bankruptcy, or receivership, we may share your information with that company before and after the transaction closes. In such a case, unless otherwise directed by applicable law, your information would remain subject to the terms of the applicable privacy policy in effect at the time of such transfer. You will be notified of any such changes in advance.

Data Transfers

For Users from the European Economic Area ("EEA"), your personal data may be processed outside the EEA by staff who work for us or by one of our Data Sub-processors. When we transfer your information outside of the European Economic Area, we ensure it benefits from an adequate level of data protection by:

• relying on an adequacy decisions by the European Commission made under Article 45 of the GDPR, finding that the third country to which the information is being transferred offers an adequate level of data protection; or
• if there is no adequacy decision, using standard contractual clauses approved or permitted under Article 46 of the GDPR.

We will take all steps necessary to ensure that your data is treated securely and in accordance with this privacy notice. Please contact us if you want further information on the countries to which we may transfer personal data and the specific mechanism used by us when transferring your personal data outside the EEA – info@occu.ie

We may send you marketing communications, product information and promotional offers:

• If you have consented to receiving such communications from us, or
• If you have recently created an account with us and not opted out of receiving such communications from us, or
• If you have bought a product or service from us and have not opted out of receiving communications from us, or
• If you are from a country where the laws permit us to send you such communications

You will always have full control of your marketing preferences. If you do not wish to continue receiving marketing information from us at any time:

• You can unsubscribe or 'opt-out’ by using the unsubscribe link included in the footer of any marketing message from us; or
• You can unsubscribe by managing your preferences using the our Privacy Center on our website

We will process all opt-out requests as soon as possible, but please note that due to the nature of our IT systems and servers it may take a few days for any opt-out request to be implemented.

Our website uses cookies. They help us to provide you with the very best experience when you browse our website and to make improvements to our website. You can accept or reject cookies by clicking on the cookie consent banner on our website or by navigating to the 'Cookies Preferences’ Area in our Privacy Center on our website.

For detailed information on the cookies which we use and the reasons why we use them, please refer to our Cookie Policy and Cookie Declaration in our Privacy Center on our website.

We use analytics tools on our website and services. For example, we use tools such as Google Analytics to analyse and improve our suite of product features, website content, knowledge center content and marketing campaigns.

If you would like any further information about the data collected by these third parties or the way in which the data is used, please contact us on info@occu.ie.

We use targeted advertising tools to advertise our services, including (but not limited to):

• Facebook (including Instagram)
• LinkedIn

We use these tools to deliver relevant content to you in marketing communications (where applicable), and to measure the effectiveness of the advertising provided.

If you would like any further information about the data collected by these third parties or would like to opt-out of targeted advertising, please contact us on info@occu.ie.

Our website may include links to social media platforms and other websites. If you follow a link to any of these platforms or websites, please note that they their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to their platforms or websites.

The communication between your browser and our website uses a secure encrypted connection wherever your personal data is involved.

We have put in place physical, electronic and managerial security procedures in the storage and disclosure of your personal data to protect it against accidental loss, destruction or damage. These measures include:

• Education and training to relevant staff to ensure they are aware of our data protection obligations when processing personal data;
• Administrative and technical controls to restrict access to personal data to a ‘need to know’ basis;
• Technological security measures;
• Physical security measures, such as coded access to our premises

In respect of our tenants’ residential tenancy agreements that are signed electronically, such agreements are administered via the ‘Yardi Y-sign’ platform which provides a high degree of security. The process of electronically signing a residential tenancy agreement in the ‘Yardi Y-sign’ platform takes place after the tenant has securely logged on to the ‘Yardi Y-sign’ system and the identity of the tenant is securely authenticated. Additionally, certain data (IP address, time of day, geographic location, etc.) is recorded as part of the signature process to ascertain where and when the signing occurred to ensure enhanced security and authenticity. Once signed, the residential tenancy agreement is rendered non-modifiable, and stored in an encrypted format in ‘Yardi Y-sign’s’ encrypted file storage. Access to the document is secured and documented in an audit log to ensure the integrity of the signed record. Once executed, both the applicant and the landlord will receive an automated email confirmation that the process has been completed/validated attaching the fully signed residential tenancy agreement. This will act as the original document executed in its final fully executed form. The signed residential tenancy agreement will be stored in a safe and secure manner via Yardi Systems Ltd. (UK) and Yardi RENT Café. A copy of this original document can be requested at any time during the term of the Agreement.

Nevertheless, any data transmission over the internet or by any other means can never be fully secure, such is the character of the internet, and provision of personal data by you to us is at your own risk. We take all reasonable measures to protect your personal data by putting appropriate technical and operational security measures in place.

When we disclose your personal data to trusted third parties (for the purposes set out in this Privacy Notice and our list of Data Sub-Processors), we require all third parties to have appropriate technical and operational security measures in place to protect your personal data, and we work with them to ensure that your data privacy rights are respected. Where your personal data is shared with a third party, it must only be used for the purposes for which it was supplied.

In the unfortunate event of a personal data breach, we will notify you and any applicable data protection authority when we are legally required to do so.

We will not keep your personal data for longer than is necessary and when we no longer need to keep it, we will securely destroy, delete or anonymise it in line with our Data Retention policy.

Having obtained your consent (or other legal basis) to contact you, we will retain your personal data for marketing and analysis purposes until you withdraw your consent or unsubscribe. If you choose to withdraw your consent or unsubscribe from marketing, we will delete your personal data from our systems, unless we have another legal basis to retain it, which may include performance of our contract with you or to maintain your contact details on an 'unsubscribed list' to ensure we do not send you further communications.

We may need to retain your personal data to satisfy our legal obligations, to deal with complaints and queries, in order to resolve, litigate or defend a dispute and to prevent fraud and abuse.

You have rights under data privacy laws and Occu is committed to you being able to freely exercise your Rights. Where possible, we have incorporated automated tools on our website that enable you to facilitate your rights in real-time. Use the Occu Privacy Center to access and manage your personal data that we process and manage your preferences. You are not required to pay any charge for exercising your rights. Your rights include, under certain circumstances, the right to:

Be informed: you have the right to be informed if and how your personal data is being processed.

Access, rectification, or erasure: you have the right of access to personal data we hold about you in our records. You are also entitled to have your personal data corrected if it is inaccurate, or to have it erased if we do not have a legitimate reason for retaining your data.

To request data portability: for personal data which you have provided to a controller, where processing was based on your consent, or where processing is done by automated means, you have the right to obtain a digital copy of your personal data, request the transfer of your personal data to another company or request to move your data from one IT system to another in a safe and secure way.

To request restriction of processing: you have the right to restrict the processing of your personal data where you are contesting the accuracy of that information, you have objected to processing (as described below), or where the processing is unlawful. Where processing is restricted, we are may need to retain sufficient information about you to ensure that the restriction is respected in future.

To object to automated decision-making including profiling: you have the right not to be the subject of any automated decision-making or profiling by us.

To withdraw consent: in cases where we are relying on your consent for the processing of your personal data, you have the right to withdraw your consent at any time. In respect of the e-marketing we conduct, an unsubscribe option is included with every e-marketing communication we send.

To object to processing: where your personal data is being processed based on the legitimate interests of a data controller or third party, you have the right to object to that processing.

To complain to the relevant supervisory authority: should you have any concerns or complaints regarding the way in which we process your data, you also have the right to make a complaint to the relevant European Supervisory Authority. We would, however, appreciate the chance to deal with your concerns before you approach a Supervisory Authority, so please do contact us in the first instance info@occu.ie. The contact details of European Supervisory Authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Cookies Preferences: you can accept or reject cookies by navigating to the ‘Cookies Preferences’ Area in our Privacy Center on our website. You can also do so by adjusting your web browser controls. Please consult our Cookie Policy for more information about our use of cookies on the website and how to accept and reject them.

We may update this privacy notice from time to time and we will inform all our paying customers and users subscribed to receive communications from us of any changes.

We welcome feedback and are happy to answer any questions you may have about your data. You can contact us at:

Write to us at: Occu, Embassy House, Ballsbridge, Dublin 4, D04 H6Y0 Ireland, for the attention of the Data Protection Officer.

Email: info@occu.ie

This notice was most recently updated: 28th August, 2023