Privacy Policy

Effective Date: January 1, 2022

Essex Property Trust, Inc. is a real estate investment trust (REIT) that, along with our affiliates (“Essex,” “we,” “our,” or “us”) acquires, develops, redevelops, and manages multifamily apartment communities in California and Washington. This Privacy Policy describes our data practices regarding information that could be used to identify you or that is associated with information that identifies you (“Personally Identifiable Information” or “PII”). This Privacy Policy applies to PII that we gather or collect via any Services or online service that posts this Privacy Policy (“Service”). It does not apply to any PII collected by third-party Services or online service not operated by Essex, or by us It also does not apply to our collection of information in a human resources or business-to-business context.

California Consumers: For details on your privacy rights, and how to exercise them, please click here.

WHAT INFORMATION DOES ESSEX GATHER ABOUT ME?

General

We and our Service Providers collect certain PII you voluntarily provide in order to deliver services, or that is automatically collected via our Services.

PII You Provide

For example, you may be asked to provide PII such as name, email address, and phone number when requesting a tour of an Essex apartment community. If you do not provide this PII, we may not be able to assist you in scheduling a tour of an Essex apartment community or consider you for residence in an Essex apartment community. We may collect your email address so that we can send you information you have requested. We may also use your email address to inform you about current events or to send you updates regarding information that was previously sent to you.

Automatically Collected Data

When you visit our Services, we or our Service Providers, may collect information to administer the Services and analyze its usage.

Examples of this information include:

  • Your IP address and/or device ID.
  • The kind of browser or computer you use.
  • Number of links you click within the Services.
  • State or country from which you accessed the Services.
  • Date and time of your visit.
  • Name of your Internet service provider.
  • Web page you linked to our Services from.
  • Pages you viewed on the Services.
  • Other usage activities information.

This information is collected to help us administer and operate the Services, better understand how users interact with and access the Services, and understand the types of users that access the Services.

HOW DOES ESSEX USE PII?

Business Purposes

We collect and use PII for the following purposes:

  1. to provide you with Services or process transactions that you have requested;
  2. to communicate with you regarding information, features or offers that we believe will be of interest to you;
  3. to respond to your questions or other requests;
  4. to contact you with regard to the Services;
  5. to process any applications, payments or changes to your account information;
  6. to process other information or PII that you submit through the Services;
  7. to conduct user surveys;
  8. to contact you regarding a sweepstakes, contest or promotion in which you have participated,
  9. to evaluate your application for employment; and
  10. to fulfill other purposes disclosed at the time you provide your PII.

We may also use the information you provide to improve the Services, to customize your experience on the Services, to serve you specific content, or for other purposes subject to applicable law.

We may use the contact information you provide to communicate with you through email and other means, including mobile text messages, telephone calls, and push notifications. If you provide your telephone number, you agree that doing so is request to be contacted and we may contact that number even if it is registered on a corporate, state, or national Do Not Call Registry.

Sharing with Third Parties

We may share your PII with third parties who perform services on our behalf or on behalf of our many affiliates (e.g., the legal owner of one of our properties), including sending advertising to you. This includes, without limitation, third parties that send communications, process payments, analyze data, assist with utility billing or renter's insurance, provide credit checks, resident screening, or collection services, manage package deliveries, provide marketing and advertising services, including marketing and analytics, to Essex, or create, host and/or provide customer service on our behalf. These third parties may have access to certain PII in order to provide these services to us or on our and our affiliates’ behalf. We and our service providers may convert PII to aggregate or deidentified data and use and share with except as may be limited by applicable law.

For more information about Essex’s third-party service providers, please contact us via email at privacy@essex.com.

Essex may also disclose PII we collect from you to third parties in order to:

  • Fulfill your service requests for services,
  • Facilitate your directions,
  • Protect ourselves from liability,
  • Protect the safety and security of Essex and its users,
  • Respond to legal process or comply with law,
  • Provide information in connection with a merger, acquisition, or liquidation of our company; and/or
  • As permitted or required by applicable law.

Affiliated and Subsidiary Companies

We may share PII with our affiliated or subsidiary companies who use PII for business purposes related to your tenancy or to process any application, request, inquiry, or as otherwise permitted bay applicable law This includes the owner of any community where you submit an application or where you lease, as well as the management company for such community.

PARCEL LOCKER PROVIDERS

Essex has partnered with various parcel locker providers in some of Essex’s apartment communities. These universal lockers allow for deliveries and returns of packages from and to third parties in a dedicated storage unit. Essex may share the names, addresses, and email addresses of residents in those apartment communities with parcel locker vendors to facilitate the registration process for the universal locker. You will be contacted to register for the universal locker when you first receive a package, and as such your direct us to share your PII with these shippers. If your community has a parcel locker provider, we encourage you to read that provider’s privacy notice and as well as their terms and conditions prior to registering.

COOKIES

Essex may engage and work with Service Providers and other third parties to serve advertisements on the Service and/or on other online services. Some of these ads may be tailored to your interests based on your browsing of the Service and elsewhere on the Internet, which may include use of precise location and/or Cross-device Data, sometimes referred to as “interest-based advertising” and “online behavioral advertising” (“Interest-based Advertising”), which may include sending you an ad on another online service after you have left the Service (i.e., “retargeting”).

Essex may use Google Analytics or other Service Providers for analytics services. These analytics services may use cookies and other Tracking Technologies to help Essex analyze Service users and how they use the Service. Information generated by these analytics services (e.g., your IP address and other Usage Information) may be transmitted to and stored by these Service Providers on servers in the U.S. (or elsewhere) and these Service Providers may use this information for purposes such as evaluating your use of the Service, compiling statistic reports on the Service’s activity, and providing other services relating to Service activity and other Internet usage.

Essex is not responsible for, and makes no representations regarding, the policies or business practices of any third parties, including, without limitation, analytics Service Providers and Third-Party Services associated with the Service, and encourages you to familiarize yourself with and consult their privacy policies and terms of use. See the following sections for more on certain choices offered by some third parties regarding their data collection and use, including regarding Interest-based Advertising and analytics.

Tracking Technologies Generally

Essex, its Service Providers, and/or Third-Party Services may also automatically collect certain information about you when you access or use the Service (“Usage Information”). Usage Information may include IP address, device identifier, browser type, operating system, information about your use of the Service, and data regarding network connected hardware (e.g., computer or mobile device). Except to the extent required by applicable law, or to the extent Usage Information is combined by or on behalf of Essex with information collected by Essex, Essex does not consider Usage Information (including, without limitation, unique device identifiers) to be PII.

The methods that may be used on the Service to collect Usage Information include:

  • Log Information: Log information is data about your use of the Service, such as IP address, browser type, Internet service provider, referring/exit pages, operating system, date/time stamps, and related data, and may be stored in log files.

  • Information Collected by Cookies and Other Tracking Technologies: Cookies, web beacons (also known as “tracking pixels”), embedded scripts, location-identifying technologies, fingerprinting, device recognition technologies, in-app tracking methods, device and activity monitoring and other tracking technologies now and hereafter developed (“Tracking Technologies”) may be used to collect information about interactions with the Service or e-mails, including information about your browsing and purchasing behavior.

  • Cookies: A cookie is a small text file that is stored on a user’s device, which may be session ID cookies or tracking cookies. Session cookies make it easier for you to navigate the Service and expire when you close your browser. Tracking cookies remain longer and help in understanding how you use the Service and enhance your user experience. Cookies may remain on your hard drive for an extended period of time. If you use your browser’s method of blocking or removing cookies, some but not all types of cookies may be deleted and/or blocked and as a result some features, and functionalities of the Service may not work. To identify certain types of local shared objects on your device and adjust your settings, please visit: https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html. The Service may associate some or all of these types of cookies with your devices.

  • Web Beacons (“Tracking Pixels”): Web beacons are small graphic images, also known as “Internet tags” or “clear gifs,” embedded in web pages and e-mail messages. Web beacons may be used, without limitation, to count the number of visitors to the Service, to monitor how users navigate the Service, and to count content views.

  • Embedded Scripts: An embedded script is programming code designed to collect information about your interactions with the Service. It is temporarily downloaded onto your computer from Essex’s web server, or from a third party with which Essex works and is active only while you are connected to the Service and deleted or deactivated thereafter.

  • Device Recognition Technologies: Technologies, including application of statistical probability to data sets, as well as linking a common unique identifier to different device use (e.g., Facebook ID), which attempt to recognize or make assumptions about users and devices (e.g., that a user of multiple devices is the same user or household) (“Cross-device Data”).

  • Device and Activity Monitoring: Technologies that monitor, and may record, certain of your interactions with the Service, and/or collect and analyze information from your device, such as, without limitation, your operating system, plug-ins, system fonts, and other data, for purposes such as identification, security, fraud prevention, troubleshooting, tracking and/or improving the Services and customizing or optimizing your experience on the Services.

You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on. You may exercise choices regarding the use of cookies from Adobe Analytics by going to http://www.adobe.com/privacy/opt-out.html under the section labeled “Tell our customers not to measure your use of their web sites or tailor their online ads for you.”

Essex is not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

You can opt out of receiving certain promotional communications (emails or text messaging) from Essex at any time by (i) for promotional e-mails, following the instructions provided in emails to click on the unsubscribe link, or if available by changing your communication preferences by logging onto your account; and (ii) for text messages, following the instructions provided in text messages from Essex to text the word, “STOP”. Please note that your opt-out is limited to the e-mail address or phone number used and will not affect subsequent subscriptions. If you opt-out of only certain communications, other subscription communications may continue. Even if you opt out of receiving promotional communications, Essex may, subject to applicable law, continue to send you non-promotional communications, such as those about your account, transactions, servicing, or Essex’s ongoing business relations.

CHILD PROTECTION AND PRIVACY

Essex does not knowingly seek to collect PII from children under the age of 13 online. We will use commercially reasonable efforts to delete any PII or other information later determined to be provided by a child under the age of 13 online, as required by applicable law. Use of the Services by children under the age of 13 is not permitted. If you become aware that a child has provided PII through our Services, please email us at privacy@essex.com.

YOUR CHOICES

In general, you may browse the Services without providing PII. However, if you choose not to provide certain PII through the Services, Essex may not be able to provide certain services or process certain of your requests. You may not be able to submit an application for employment, access resident services online, or otherwise use all of the features and products that Essex offers through the Services.

Depending on the functionality associated with the Service feature you are using, you may be able to update certain aspects of your PII on the Services. If you no longer wish to receive marketing emails from us, you can opt out of these communications by clicking on the “unsubscribe” link included in those emails. Please see the “Contact Us” section of this Privacy Policy for information about how to contact us with questions.

LEGAL REQUIREMENTS AND LAW ENFORCEMENT

We may disclose PII when we believe in good faith that the law requires it; at the request of governmental authorities conducting an audit or investigation; pursuant to a court order, subpoena, or discovery request in litigation; to verify or enforce compliance with our Terms of Use or other agreements or policies governing the Services and applicable laws, rules, and regulations; or whenever we believe disclosure is necessary to limit our legal liability or to protect or enforce the rights, interests, or safety of the Services, its users or other third parties. We also reserve the right to report to law enforcement agencies any activities that we, in good faith, believe to be unlawful.

SWEEPSTAKES AND PROMOTIONS

If you choose to enter a sweepstakes, contest or other promotion, your PII may be disclosed to third parties in connection with the administration of such promotion, including, without limitation, in connection with winner selection, prize fulfillment, and as required by law, such as on a winners list. Also, by entering a promotion, you are agreeing to the official rules that govern that promotion, which may contain specific requirements of you, including, except where prohibited by law, allowing the sponsor(s) of the promotion to use your name, voice and/or likeness in advertising or marketing associated with the promotion.

SECURITY

Essex will take reasonable steps to secure the PII you provide via the Services. Please note that no transmission of PII over the Internet or the subsequent electronic storage of this information can be absolutely guaranteed to be free from unauthorized use or access. Before submitting any PII via the Services, please be aware of these inherent risks and know that you do so at your own risk.

INFORMATION RETENTION

We will retain your PII for as long as it is needed to fulfill the purpose for which it was collected or as required by the law. We are under no obligation to store such information indefinitely and disclaim any liability arising out of, or related to, the destruction of such information.

CHANGES TO THIS PRIVACY STATEMENT

We reserve the right to prospectively alter, modify, update, add to, subtract from or otherwise change this Privacy Policy at any time, which will become effective as of posting on the Services. We encourage you to periodically review this privacy statement to stay informed about how we are helping to protect the PII we collect.

JURISDICTION

The Services is operated in the United States of America (U.S.) and is only intended for use by individuals accessing it from the U.S. If you are located in another jurisdiction, then please be aware that any PII you elect to supply will be transferred from your current location to the U.S. – to our servers, offices, and/or to the third parties described above (see “How Does Essex Use PII?”), and be subject to U.S. laws regarding data privacy and collection, which may be less stringent than or otherwise different from the laws in effect in the country in which you are located. By using this Services or by voluntarily providing us with your PII, you acknowledge and agree with your PII being processed and transferred as described above.

CONTACT US

If you have any questions regarding our Privacy Policy, please contact us at privacy@essex.com.


California Consumer Privacy Notice

Effective Date: January 1, 2023 

This California Consumer Privacy Notice (“Notice”) applies to “Consumers” as defined under the California Consumer Privacy Act, including as amended by the California Privacy Rights Act (together, the “CCPA”) and all laws implementing, supplementing or amending the foregoing, including regulations promulgated thereunder. Capitalized terms used but not defined in this Notice shall have the meanings given to them under the CCPA.

This Notice is designed to meet our obligations under the CCPA and supplements the general privacy policies of Essex Property Trust, Inc. and our affiliates (“Company,” “our,” “us,” or “we”) or including, without limitation, our Website Privacy Policy. In the event of a conflict between any other Company policy, notice, or statement and this Notice, this Notice will prevail as to Consumers unless stated otherwise.

The section titled “Notice of Data Practices” provides notice of our data practices, including our collection, use, disclosure, and sale of Consumers’ Personal Information or Personal Data (collectively, “PI”). It does not apply to our job applicants, current employees, former employees, or independent contractors (“Employees”). Our California Employees can learn about our data practices as relates to them in our California Employee Privacy Notice. The section titled “Your Consumer Rights and How to Exercise Them” provides information regarding Consumer rights and how you may exercise them. It also provides information regarding rights of our California Employees. The section titled “Additional Notices for California Residents” provides additional information for California residents, other than our Employees.

For California residents the term “Consumer” is not limited to data subjects acting as individuals regarding household goods and services and includes data subjects in a business-to-business context. This is not the case in the other states. 

NOTICE OF DATA PRACTICES

The description of our data practices in this Notice covers the twelve (12) months prior to the Effective Date and will be updated at least annually. Our data practices may differ between updates, however, if materially different from this Notice, we will provide supplemental pre-collection notice of the current practices, which may include references to other privacy policies, notices, or statements. Otherwise, this Notice serves as our notice at collection.

We may Collect your PI directly from you; your devices; your email or social media accounts; service providers; data providers; utility management providers; analytics and marketing providers; public sources of data such as government databases; credit reporting agencies; or other businesses or individuals (e.g., friends or family).

Generally, we Process your PI to provide you services and as otherwise related to the operation of our business, including for one or more of the following Business Purposes: Providing Products and Performing Services; Managing Interactions and Transactions; Security; Debugging; Advertising & Marketing; Quality Assurance; Processing Interactions and Transactions; and Research and Development. For example, we may use your PI for the following purposes:

  • Provide our services/communicate about our services: to provide you with info or services, to send you electronic newsletters (if you have elected to receive such), qualify you to enter into a lease at one of our communities; service calls to your apartment home; and ensure that you comply with lease terms
  • Enable additional features of our sites: to enable you to participate in a variety of our site’s features, such as user profiles and content postings
  • Contact You: to contact you about your use of our services and, in our discretion, changes to our services or our service’s policies
  • Account management: to process your registration with our services, verify your info is active and valid, and manage your account
  • Resident Service: to respond to any questions, comments, or requests you have for us or for other resident service purposes
  • Payment: to facilitate rent and other payments
  • Security/fraud prevention: to protect the security of Company, our services, or its users and to prevent and address fraud
  • Content and offers customization: to customize your experience on our websites apps, or other services, or to serve you specific content and offers that are relevant to/customized for you
  • Advertising, marketing, and promotions: to assist us in determining relevant advertising and the success of our advertising campaigns; to help us determine where to place our ads, including on other websites; for promotional activities such as running sweepstakes, contests, and other promotions.
  • Research and analytics: to better understand how users access and use our services, both on an aggregated and individualized basis, to improve our services and respond to user preferences, and for other research and analytical purposes
  • Market research and satisfaction surveys: to administer surveys and questionnaires, such as for market research or resident satisfaction purposes
  • Compliance with legal obligations: to comply with legal obligations, as part of our general business operations, and for other business administration purposes
  • Prevention of illegal activities, fraud, injury to others, or violation of our terms and policies: to investigate, prevent or take action if someone may be using info for illegal activities, fraud, or in ways that may threaten someone’s safety or violate of our terms or this Notice
  • Purposes disclosed at PI collection: We may provide additional disclosures at the time of PI collection
  • Related or compatible purposes: for purposes that are related to and/or compatible with any of the foregoing purposes

We may also use PI for “Additional Business Purposes” in a context that is not a Sale or Share under the CCPA, such as:

  • Disclosing it to our Service Providers, Contractors, or Processors that perform services for us (“Vendors”);
  • Disclosing it to the Consumer or to other parties at the Consumer’s direction or through the Consumer’s action;
  • For the additional purposes explained at the time of collection (such as in the applicable privacy policy or notice);
  • As required or permitted by applicable law; to the government or private parties to comply with law or legal process or protect or enforce legal rights or obligations or prevent harm;
  • To assignees as part of an acquisition, merger, asset sale, or other transaction where another party assumes control over all or part of our business (“Corporate Transaction”).

Subject to restrictions and obligations under the CCPA, our Vendors may also use your PI for Business Purposes and Additional Business Purposes, and may engage their own vendors to enable them to perform services for us.

We may also use and disclose your PI under this Notice for Commercial Purposes, which may be considered a “Sale” or “Share” under applicable the CCPA, such as when Third-Party Digital Businesses (defined below) Collect your PI via third-party cookies, and when we Process PI for certain advertising purposes. In addition, we reserve the right to make your PI available to Third-Parties for their own use.

We provide more detail on our data practices in the chart that follows.

PI Collection, Disclosure, and Retention - By Category of PI

We collect, disclose, and retain PI as follows:

Category of PI

Examples of PI Collected and Retained

Categories of Recipients

Identifiers

Real name, alias, postal address, prior address, unique personal identifiers, online identifier, Internet Protocol address, e-mail address, and account name.

Disclosure for Business Purposes:

  • Vendors (e.g., internet listing services, analytics providers, operating system and platform providers, payment processors, fraud prevention and security providers, collection agencies, legal counsel, or external auditors); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share:

  • Third-Party Digital Businesses 

Personal Records

Rental application information including resident names, signature, contact information, date of birth, address, telephone number, emergency contact details, insurance policy information, credit and/or criminal history, financial information (e.g., payment card number), or status as victim of domestic violence, assault, or stalking. Some PI included in this category may overlap with other categories.

Disclosure for Business Purposes:

  • Vendors (e.g., Internet listing services, analytics providers, operating system and platform providers, collection agencies, financial institutions, legal counsel, and external auditors); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share: None

Consumer Characteristics

In some circumstances, we may Collect PI that is considered protected under U.S. law, such as date of birth, citizenship status, disability or medical condition, gender, martial status, military status, or veteran status.

Disclosure for Business Purposes:

  • Vendors (e.g., analytics providers, operating system and platform providers, collection agencies, and legal counsel); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share: None

Customer Account Details / Commercial Information

Account profile, properties rented, services requested, properties viewed or considered, or other purchasing or consuming histories or tendencies.

Disclosure for Business Purposes:

  • Vendors (e.g., analytics providers, operating system and platform providers, collection agencies, legal counsel, and marketing providers); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share: None

Internet Usage Information

When you browse our sites or otherwise interact with us online, we may Collect browsing history, browsing time, search history, and other information regarding your interaction with our sites, applications, or advertisements.

Disclosure for Business Purposes:

  • Vendors (e.g., analytics providers, operating system and platform providers, external auditors, and marketing providers); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share:

  • Third-Party Digital Businesses 

Geolocation Data

If you interact with us online, or access our facilities we may gain access to the approximate, and sometimes precise, location of the device or equipment you are using, or the location from which you are accessing our systems or facilities.

Disclosure for Business Purposes:

  • Vendors (e.g., analytics providers, operating system and platform providers, external auditors, and marketing providers); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share:

  • Third-Party Digital Businesses 

Sensory Data

We may Collect audio, electronic, or similar information such as CCTV footage and recordings when you contact us through our customer service line.

Disclosure for Business Purposes:

  • Vendors (e.g., analytics providers, operating system and platform providers, customer support providers, security providers, legal counsel, and external auditors); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share: None

Professional or Employment Information

Professional or employment-related information, such business unit or division, employer, job title or role, office location, previous work history, reference or background check information, or salary or compensation.

 

Disclosure for Business Purposes:

  • Vendors (e.g., analytics providers, operating systems and platform providers, legal counsel, external auditors, and collection agencies); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share: None

Inferences from PI Collected

 

Inferences about attitudes, behavior, characteristics, or preferences

Disclosure for Business Purposes:

  • Vendors (e.g., analytics providers, marketing providers, operating system and platform providers, legal counsel, and external auditors); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share: None

Sensitive PI

 

Government Issued Identification Numbers (e.g., social security, driver’s license, state identification card, or passport number)

Disclosures for Business Purposes:

  • Vendors (e.g., operating systems and platform providers, legal counsel, external auditors, and collection agencies); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share: None

Account Log-In (e.g., username and password to online account with Company)

Disclosures for Business Purposes:

  • Vendors (e.g., analytics providers, operating systems and platform providers); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share: None

Precise Geolocation (any data that is derived from a device and that is used or intended to be used to locate an individual w/in a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet)

Disclosures for Business Purposes:

  • Vendors (e.g., analytics providers, operating systems and platform providers, and legal counsel ); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes

Sale / Share: None

Health Information (PI collected and analyzed concerning a consumer’s health)

Disclosures for Business Purposes:

  • Vendors (e.g., operating systems and platform providers and legal counsel); and/or
  • Other parties (e.g., litigants, government entities, and public authorities) within the limits of Additional Business Purposes.

Sale / Share: None

There may be additional information we Collect that meets the definition of PI under applicable the CCPA but is not reflected by a category above, in which case we will treat it as PI as required, but will not include it when we describe our practices by PI category.

As permitted by applicable law, we do not treat deidentified data or aggregate consumer information as PI and we reserve the right to convert, or permit others to convert, your PI into deidentified data or aggregate consumer information, and may elect not to treat publicly available information as PI. We will not attempt to reidentify data that we maintain as deidentified.

Because there are numerous types of PI in each category of PI, and various uses for each PI type, our retention periods for each category of PI vary. We retain specific PI pieces based on how long we have a legitimate purpose for the retention.

YOUR CONSUMER RIGHTS AND HOW TO EXERCISE THEM

As described more below, subject to meeting the requirements for a Verifiable Consumer Request (defined below), Company provides Consumers and Employees the privacy rights described in this section.

To submit a request to exercise your privacy rights:

  • To submit a request as a Consumer, use our Consumer Rights Request Portal or call us at (833) 591-5938, and respond to any follow-up inquiries we make.
  • To submit a request as an Employee or Applicant, use our Employee Rights Request Portal or call us at (833) 591-5938, and respond to any follow-up inquiries we make.
  • To submit a request as an authorized agent, use our Agents Request Portal or call us at (833) 591-5938, and respond to any follow-up inquiries we make.

Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.). More details on the request and verification process is in the section titled “How to Exercise Your Consumer Privacy Rights” below. The Consumer rights we accommodate are as follows:

Right to Limit Sensitive PI Processing

We only Process Sensitive PI for purposes that are exempt from Consumer choice under the CCPA.

Right to Know / Access

You are entitled to access PI up to twice in a 12-month period.

Categories

You have a right to submit a request for any of the following for the period that is 12-months prior to the request date:

  • The categories of PI we have Collected about you.
  • The categories of sources form which we Collected your PI.
  • The Business Purposes or Commercial Purposes for our Collecting, Selling, or Sharing your PI.
  • The categories of Third Parties to whom we have disclosed your PI.
  • A list of the categories of PI disclosed for a Business Purpose and, for each, the categories of recipients, or that no disclosure occurred.
  • A list of the categories of PI Sold or Share about you and, for each, the categories of recipients, or that no Sale or Share occurred.

Specific Pieces

You may request to confirm if we are Processing your PI and, if we are, to obtain a transportable copy, subject to applicable request limits, of your PI that we have collected and are maintaining. For your specific pieces of PI, as required by applicable the CCPA, we will apply the heightened verification standards as described below. We have no obligation to re-identify information or to keep PI longer than we need it or are required to by applicable law to comply with access requests.

Do Not Sell / Share

California has an opt-out from Selling and from Sharing for Cross-Context Behavioral Advertising (use of PI from different businesses or services to target advertisements). We may Sell or Share your PI, as these terms apply under the CCPA. However, we provide you an opt out of Sale/Sharing.

Third-Party digital businesses (“Third-Party Digital Businesses”) may associate cookies and other tracking technologies that Collect PI about you on our services, or otherwise Collect and Process PI that we make available about you, including digital activity information. We understand that giving access to PI on our services, or otherwise, to Third-Party Digital Businesses could be deemed a Sale and/or Share and thus we will treat such PI (e.g., cookie ID, IP address, and other online IDs and internet or other electronic activity information) collected by Third-Party Digital Businesses, where not limited to acting as our Service Provider (or Contractor or Processor), as a Sale and/or Share and subject to a Do Not Sell/Share opt-out request. We will not Sell your PI or Share your PI for Cross-Context Behavioral Advertising, if you make a Do Not Sell/Share opt-out request. 

Opt-out for non-cookie PI: If you want to opt-out of the Sale/Sharing of your non-cookie PI (e.g., your email address), make an opt-out request here.

Opt-out for cookie PI: If you want to opt-out of the Sale/Sharing of your cookie-related PI, you need to exercise a separate opt-out request on our cookie management tool here. This is because we have to use different technologies to apply your opt-out of cookie PI and to non-cookie PI. Our cookie management tool enables you to exercise such an opt-out request and enable certain cookie preferences on your device. You must exercise your preferences on each of our websites you visit, from each browser you use, and on each device that you use. Since your browser opt-out is designated by a cookie, if you clear or block cookies, your preferences will no longer be effective and you will need to enable them again via our cookie management tool. Beware that if you use ad blocking software, our cookie banner may not appear when you visit our services and you may have to use the link above to access the tool.

Opt-out preference signals (also known as global privacy control or GPC): The CCPA requires businesses to process GPC signals, which is referred to as opt-out preference signals (“OOPS”), which are signals sent by a platform, technology, or mechanism, enabled by individuals on their devices or browsers, that communicate the individual’s choice to opt-out of the Sale and Sharing of personal information. To use an OOPS/GPC, you can download an internet browser or a plugin to use on your current internet browser and follow the settings to enable the OOPS/GPC. We have configured the settings of our consent management platform to receive and process GPC signals on our website, which is explained by our consent management platform here. We process OOPS/GPC with respect to Sales and Sharing that may occur in the context of Collection of cookie PI by tracking technologies online by Third-Party Digital Businesses, discussed above, and apply it to the specific browser on which you enable OOPS/GPC. We currently do not, due to technical limitations, process OOPS/GPC for opt-outs of Sales and Sharing in other contexts (e.g., non-cookie PI). We do not: (1) charge a fee for use of our service if you have enabled OOPS/GPC; (2) change your experience with any product or service if you use OOPS/GPC; or (3) display a notification, pop-up, text, graphic, animation, sound, video, or any interstitial in response to the OOPS/GPC.

We do not knowingly Sell or Share the PI of Consumers under 16, unless we receive affirmative authorization (“opt-in”) from either the Consumer who is between 13 and 16 years old, or the parent or guardian of a Consumer who is less than 13 years old. If you think we may have unknowingly collected PI of a Consumer under 16 years old, please contact us at privacy@essex.com.

We may disclose your PI for the following purposes, which are not a Sale or Share: (i) if you direct us to disclose PI; (ii) to comply with a Consumer rights request you submit to us; (iii) disclosures amongst the entities that constitute Company as defined above, or as part of a Corporate Transaction; and (iv) as otherwise required or permitted by applicable law.

Right to Delete

Except to the extent we have a basis for retention under applicable law, you may request that we delete your PI. Our retention rights include, without limitation:

  • to complete transactions and services you have requested;
  • for security purposes;
  • for legitimate internal Business Purposes (e.g., maintaining business records);
  • to comply with law and to cooperate with law enforcement; and
  • to exercise or defend legal claims.

Please also be aware that making a deletion request does not ensure complete or comprehensive removal or deletion of PI or content you may have posted.

Note also that, depending on where you reside (e.g., California and Utah), we may not be required to delete your PI that we did not Collect directly from you.

Correct Your PI

Consumers may bring inaccuracies they find in their PI that we maintain to our attention and we will act upon such a complaint as required by applicable law. You can also make changes to your online account in the account settings section of the account. That will not, however, change your information that exists in other places.

How to Exercise Your Consumer Privacy Rights

To submit a request to exercise your privacy rights:

  • To submit a request as a Consumer, use our Consumer Rights Request Portal or call us at (833) 591-5938, and respond to any follow-up inquiries we make.
  • To submit a request as an Employee, use our Employee Rights Request Portal or call us at (833) 591-5938, and respond to any follow-up inquiries we make
  • To submit a request as an authorized agent, use our Agents Request Portal or call us at (833) 591-5938, and respond to any follow-up inquiries we make.

Please be aware that we do not accept or process requests through other means (e.g., via fax, chats, social media etc.).

Your Request Must be a Verifiable Consumer Request

As permitted or required by applicable the CCPA, any request you submit to us must be a Verifiable Consumer Request, meaning when you make a request, we may ask you to provide verifying information, such as your name, e-mail, phone number and/or account information. We will review the information provided and may request additional information (e.g., transaction history) via e-mail or other means to ensure we are interacting with the correct individual. We will not fulfill your Right to Know (Categories), Right to Know (Specific Pieces), Right to Delete, or Right to Correction request unless you have provided sufficient information for us to reasonably verify you are the Consumer about whom we collected PI. We do not verify opt-outs of Sell/Share or Limitation of Sensitive PI requests unless we suspect fraud.

We verify each request as follows:

  • Right to Know (Categories): We verify your Request to Know Categories of PI to a reasonable degree of certainty, which may include matching at least two data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you. If we cannot do so, we will refer you to this Notice for a general description of our data practices.
  • Right to Know (Specific Pieces): We verify your Request To Know Specific Pieces of PI to a reasonably high degree of certainty, which may include matching at least three data points provided by you with data points maintained by us, which we have determined to be reliable for the purpose of verifying you together with a signed declaration under penalty of perjury that you are the Consumer whose PI is the subject of the request. If you fail to provide requested information, we will be unable to verify you sufficiently to honor your request, but we will then treat it as a Right to Know Categories Request if you are a California resident.
  • Do Not Sell/Share/Target & Limit SPI: No specific verification required unless we suspect fraud.
  • Right to Delete: We verify your Request to Delete to a reasonable degree of certainty, which may include matching at least two reliable data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three reliable data points provided by you with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the Consumer posed by unauthorized deletion. If we cannot verify you sufficiently to honor a deletion request, you can still make a Do Not Sell/Share and/or Limit SPI request.
  • Correction: We verify your Request to Correct PI to a reasonable degree of certainty, which may include matching at least two reliable data points provided by you with data points maintained by us, or to a reasonably high degree of certainty, which may include matching at least three reliable data points provided by you with data points maintained by us, depending on the sensitivity of the PI and the risk of harm to the Consumer posed by unauthorized correction.

To protect Consumers, if we are unable to verify you sufficiently we will be unable to honor your request. We will use PI provided in a Verifiable Consumer Request only to verify your identity or authority to make the request and to track and document request responses, unless you also gave it to us for another purpose.

Agent Requests

You may use an authorized agent to make a request for you, subject to our verification of the agent, the agent’s authority to submit requests on your behalf, and of you. You can learn how to do this by visiting the agent section of our Consumer Rights Request Portal. Once your agent’s authority is confirmed, they may exercise rights on your behalf subject to the agency requirements of applicable the CCPA.

Our Responses

Some PI that we maintain is insufficiently specific for us to be able to associate it with a verified Consumer (e.g., clickstream data tied only to a pseudonymous browser ID). We do not include that PI in response to those requests. If we deny a request, in whole or in part, we will explain the reasons in our response.

We will make commercially reasonable efforts to identify Consumer PI that we Process to respond to your Consumer request(s). In some cases, particularly with voluminous and/or typically irrelevant data, we may suggest you receive the most recent or a summary of your PI and give you the opportunity to elect whether you want the rest. We reserve the right to direct you to where you may access and copy responsive PI yourself. We will typically not charge a fee to fully respond to your requests; provided, however, that we may charge a reasonable fee, or refuse to act upon a request, if your request is excessive, repetitive, unfounded, or overly burdensome. If we determine that the request warrants a fee, or that we may refuse it, we will give you notice explaining why we made that decision. You will be provided a cost estimate and the opportunity to accept such fees before we will charge you for responding to your request.

Consistent with applicable the CCPA and our interest in the security of your PI, we will not deliver to you your Social Security number, driver’s license number, or other government-issued ID number, financial account number, any health or medical identification number, an account password, or security questions or answers in response to a Consumer privacy rights request; however, you may be able to access some of this information yourself through your account if you have an active account with us.

Non-Discrimination / Non-Retaliation

We will not discriminate or retaliate against you in a manner prohibited by applicable the CCPA for your exercise of your Consumer privacy rights. We may charge a different price or rate, or offer a different level or quality of good or service, to the extent that doing so is reasonably related to the value of the applicable PI.

Notice of Financial Incentive Programs

We do not currently offer discounts or rewards to Consumers for providing us PI, or set price or service differences related to the collection, retention, sale, or sharing of PI.  If we offer such programs in the future, we will update this Notice to describe such program(s), including how you may opt-in and how we value the PI required.

Our Rights and The Rights of Others

Notwithstanding anything to the contrary, we may collect, use and disclose your PI as required or permitted by applicable law and this may override your rights under the CCPA. In addition, we are not required to honor your requests to the extent that doing so would infringe upon our or another person’s or party’s rights or conflict with applicable law.

ADDITIONAL NOTICES FOR CALIFORNIA RESIDENTS

In addition to the CCPA, certain Californians are entitled to certain other notices, as follows:

This Notice provides information on our online practices and your California rights specific to our online services. Without limitation, Californians that visit our online services and seek to acquire goods, services, money or credit for personal, family or household purposes are entitled to the following notices of their rights:

California Minors

Although our services are intended for an audience over the age of majority, any California residents under the age of eighteen (18) who have registered to use our services, and posted content on the service, can request removal by contacting us at privacy@essex.com, detailing where the content is posted and attesting you posted it. We will then make reasonably good faith efforts to remove the post from prospective public view or anonymize it, so the minor cannot be individually identified to the extent required by applicable law. This removal process cannot ensure complete or comprehensive removal. For instance, third parties may have republished or archived content by search engines we do not control.

Shine the Light

California's “Shine the Light” law permits California residents to request certain information regarding our disclosure of “personal information” (as defined by the “Shine the Light” law) to third parties for their own direct marketing purposes. If you are a California resident, you may request information about our compliance with Shine the Light by contacting us at privacy@essex.comor by sending a letter to us at Essex Property Trust, Attention Legal Department, 1100 Park Place, Suite 200, San Mateo, California 94403. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year. This right is different than, and in addition to, CCPA rights, and must be requested separately. However, a Do Not Sell/Share opt-out is broader and will limit our disclosure to third parties for their own direct marketing purposes without the need for making a separate Shine the Light request.

CONTACT US

If you have any questions, comments, or concerns about our privacy practices, please contact us by e-mail at privacy@essex.comPlease note that e-mail communications will not necessarily be secure; accordingly, you should not include sensitive information in your e-mail correspondence with us.