GRESB Privacy Statement

This Privacy Statement applies to both GRESB B.V. and Asset Impact and was last updated on February 2024.

GRESB B.V. is committed to protecting and respecting your privacy. This statement (together with our Portal Terms & Conditions and any other documents referred to on it) sets out the basis on which any Personal Data (defined below) we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it.

  • 1.1. The entity controlling the processing of your Personal Data is GRESB B.V. We have our registered office at Barbara Strozzilaan 374, 1083 HN Amsterdam, The Netherlands. We are registered with the trade register of the chamber of commerce under company number 55416071.

    1.2. You may contact us at the above address or at the following email address: [email protected].

  • 2.1. For any questions relating to this statement or to exercise your rights on your Personal Data, including but not limited to provisions of the GDPR, please contact GRESB’s Privacy Officer at the above postal address or at the following e-mail address: [email protected].

  • 3.1. We may collect information about you by the following means:

    1. Cookies; and
    2. Forms in the website including but not limited to creation of user accounts.

    3.2. We may collect and process the following information about you:

    1. Information regarding your name, employer name, email address, postal address and telephone number that you provide in connection with the use of our site;
    2. Information about your computer, including where available your IP address, operating system and browser type, for system administration. (Disclaimer: This is statistical data about our users’ browsing actions and patterns, and typically does not identify any individual, however it may constitute as Personal Data, as defined below.)

    3.3. For the same reason, we may obtain information about your general internet usage by using a cookie file, which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalized service. They enable us to estimate our audience size and usage pattern, to store information about your preferences, and also allow us to customize our site according to your individual interests. In addition, they help speed up your searches and recognize you when you return to our site. (Please see Cookie Policy).

    3.4. You may refuse cookies by activating the setting on your browser that allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to/ visit our site. (Disclaimer: This site takes reasonable precautions to protect our users’ information. Please note, however, that electronic transmissions via the Internet are not necessarily secure from interception, and We do not guarantee the security or confidentiality of transmissions. We reserve the right to update or otherwise alter our security practices if and when it seems appropriate to do so.)

    3.5. We may also collect, directly or indirectly via google analytics, details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.

    3.6. We may also keep a record of correspondence, in the event you contact us, and/or complete forms in response to our annual consultation period.

    3.7. We may retain details of products and services provided by us to you including details of invoices and receipts, and records of transactions you carry out through our site and of the fulfillment of your orders.

    3.8. Any and all of this information may be defined as ‘Personal Data’. Our site includes password-protected areas of our site known by as the GRESB Portal, which may be web pages hosted by our external information technology service providers appointed by us. However, this statement only applies to Personal Data provided in the GRESB Portal and the public website for GRESB. Our website does not include the third party websites described below.

  • 4.1. GRESB is committed to protecting the personal data of:

    • Clients and prospective clients;
    • Subcontractors and consultants;
    • Candidates; and
    • Visitors to the website https://www.gresb.com/.

    4.2. The Personal Data we collect concerning you are processed in full compliance with European regulations.

    4.3. When processing your personal data, the purposes pursued are:

    Purpose A To get in contact in the context of a selection and recruitment procedure, in order to take steps prior to entering into a contract with you
    Purpose B To manage accounting requirements (including but not limited to  registration, fee, invoicing process) on the basis of our legitimate interest
    Purpose C To manage contacts and relations with all GRESB clients and subcontractors, on the basis of our legitimate interest
    Purpose D To provide you with information, products or services that you request from us or which we feel may interest you, or to notify you about changes to our services, on the basis of your explicit consent, or your implicit consent if you are already a client
    Purpose E To manage complaints and customer service, on the basis of our legitimate interest
    Purpose F To manage customer orders, on the basis of our legitimate interest
    Purpose G To ensure that content from our website is presented in the most effective manner for you and for your computer, on the basis of your explicit consent
    Purpose H To prepare claims and legal defense, on the basis of our legitimate interest
    Purpose I To manage emails accounts (filed or not filed), on the basis of our legitimate interest
    Purpose J To manage our IT system, on the basis of our legitimate interest

    When the processing of your personal data is based on your consent only, you have the right to withdraw this consent at any time. We will then erase your personal data and stop processing it. If we do no process your personal data, we will not be able to achieve or fully achieve the purposes mentioned above.

    4.4. Where the processing of your Personal Data is based on your consent only, you have the right to withdraw this consent at any time. We will then erase your Personal Data and stop processing it.

  • Your personal data is kept for the time required for the pursuance of the above purposes as follows:

    Purpose A 1 year from the closing of applications or (if spontaneous application) from the processing of the application (with consent)
    Purpose B 7 years after accounting
    Purpose C 3 years from the end of the commercial relationship with you
    Purpose D 3 years from the end of the relationship with you if you are a client or from the last contact with you if you are a potential client
    Purpose E 20 years after the occurrence of the concerned event
    Purpose F 20 years from the order
    Purpose G 1 year maximum after their first deposit in the terminal equipment of the user or 1 year after the consent (if consent-based)
    Purpose H 20 years after the data collection
    Purpose I 6 months after the reception of the email except in cases of legal disputes and investigations
    Purpose J The same storage periods that above-mentioned, depending on the initial purpose of the processing stored in our IT system, ranging from 6 months to 20 years
  • 6.1. The Personal Data that we collect from you may be transferred to, and stored at, outside the European Economic Area (“EEA”), currently limited to the USA, Singapore, or to authorized employees in Canada, USA and Australia.

    6.2. It may also be processed by staff operating outside the EEA that work for us or for one of our suppliers, or our parent company based in the United States. Such staff maybe engaged in, among other things, the fulfillment of your order, the processing of your payment details and the provision of support services.

    6.3. All information you provide to us is stored using a password-protected system managed either by us or by independent contractors appointed by us. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share such passwords with anyone.

  • 7.1.  We may disclose your Personal Data to any parent, subsidiary or group company that may be located outside the EEA, currently limited to the USA and Australia or to authorized employees in UK, Singapore, USA and Australia.

    7.2. Please note that some of the abovementioned countries are not recognized by the European Commission as ensuring an adequate level of protection of Personal Data. GRESB B.V. implemented appropriate safeguards for the protection of your rights and interests in these countries, by executing standard contractual clauses and binding corporate rules, a copy of which can be requested by contacting the following e-mail address: [email protected].

    7.3. We may disclose your Personal Data to third parties:

    • We may disclose your personal data to our subcontractors in order to achieve the various purposes described above in section 4. These categories of subcontractors are the following: IT system provider, complaint management software provider, customer order management software provider, CRM software provider and training providers.
    • In the event that we transfer, buy or otherwise deal with any business or assets, such as in a merger or an acquisition, in which case we may disclose your Personal Data to the prospective transacting party or parties of such business or assets;
    • If GRESB B.V. or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets;
    • If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or other agreements; or to protect the rights, property, or safety of GRESB B.V., our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

    7.4. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement.

  • 8.1. You have the right to request from GRESB B.V., among others,

    • Access to a number of information concerning your data and the way we are processing them;
    • Rectification of inaccurate or incorrect data;
    • Erasure or restriction of inaccurate data or data unlawfully processed;
    • Oppose and cease to use your Personal Data for any direct marketing purpose;
    • To receive your Personal Data in a structured, commonly used and machine-readable format, enabling you to transmit the data to another controller.

    To exercise your rights or for more information on the full extent of your rights, please contact our Data Protection Officer by mail or e-mail at the addresses indicated above.

    8.2. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Personal Data to these websites.

  • 9.1. For clients of GRESB, Participants and Members of the GRESB Portal and vendors of GRESB, the provision of your personal data is a statutory and/or contractual requirement, and/or a requirement necessary to enter into the contract with GRESB. Not providing them may result in not entering into the contract with GRESB, or not enabling GRESB to perform its services.

    9.2. For any other casual browsers, the provision of your Personal Data is purely voluntarily-based. You may use the GRESB website without disclosing personally identifiable information, and we will not obtain such information about you unless you choose to submit it to us. Any information you submit will be used internally only; however, submission of information authorizes such internal use by us and our employees.

    9.3. Not providing your Personal Data may only prevent you to receive information on and activities of GRESB B.V.

    9.4. Clients of GRESB, Participants and Members completing the Membership Form will be automatically added to GRESB’s Newsletter list.  They can unsubscribe from receiving the GRESB Newsletter at any time.

  • 10.1. If you believe your data are unlawfully processed by GRESB B.V., you may lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

  • 11.1. Any changes we may make to our Privacy Statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Changes to the Privacy Statement will be dated and will be effective from the date specified forward.