Privacy Policy

Last modified: 4/27/2021

CSS Services, Inc. (“CSS” or “We” or “Us”) respects your privacy and is committed to protecting it through our compliance with this private policy (“Policy”).

This Policy describes:

1) The type of information we may collect or that you may provide us when you browse, access, and/or use: i) our website at www.CsSServicesInc.com.com (our “Website”); ii) our OPTIRENT software (“Software”) accessible at www.optirent.cssservicesinc.com.com.com; and/or iii) any of CSS’s services, products, other websites, Software, or mobile applications (collectively referred to as “Services”); and 2) Our practices for collecting, using, maintaining, protecting, and disclosing that information.

This Policy does not apply to: 1) information that you provide to any third party that may be accessible from or on our Website and/or Software; and 2) information collected by any other third party website, as they may have their own privacy policies, which we encourage you to read before providing information on or through them.

Please read this Policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, do not download, register, purchase, access and/or use the Website, Software, or any of our Services. By accessing and using the Website, Software, or any of our Services, you agree to this Policy.

This Policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of our Website, Software, or any of our Services after we revise this Policy means you accept those changes, so please check this Policy periodically for updates.

Information We Collect and How We Collect It

When you interact with our Website and/or Software, we collect information:

  1. When you provide it to us; and/or
  2. Automatically when you interact the Website and Software.

Information You Provide to Us 

When you interact or use our Website and/or Software, we collect:

  1. Information by which you may be personally identified, such as, your name, postal address, email address, telephone number, employer, job title, and/or any other identifier by which you may be contacted online or offline (collectively referred to as “Personal Information“);
  1. Information that is associated with you, but does not individually identify you, such as, for example, information you provide by filling in forms on our Website, registering to use our Software, and/or creating an account, including information about the best way to contact you, the type of Services you are interested in, and/or scheduling a demo of our Software;
  1. Information that you provide in response to surveys that we might ask you to complete for research, advertising, and/or business purposes;
  1. Information you provide when you enter a contest or promotion sponsored by us, or when you report a problem with our Website;
  1. Information you provide in connection with using the Website and/or Software, including property information, such as where a property is located (city and state), owner information, and other property-related information (such as the amount and breakdown of rent owed);
  1. Credit card or other payment account information, which may be required when using our Software, or our Website or Services; and
  1. Information, data, and files that you submit or upload to the Software in connection with one or more properties, such as lease agreements, rent ledgers, and the like.

Automatic Information Collection and Tracking 

The technologies we use for automatic information collection may include:

  1. Cookies. Cookies are small data files that are placed on the hard drive of your computer, which enables a website to recognize the computer or user each time the user returns to the Website. We may set one or more cookies in your browser when you visit our Website to improve the quality of our Website, store user preferences, and track user trends. In addition, we may also use advertising cookies to help advertisers and publishers serve and manage ads across the web. Most browsers now automatically accept cookies by default, but they can also be set so that all or some cookies are rejected automatically or are accepted or rejected on a case-by-case basis at the user’s option. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
  2. Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
  3. Web Beacons. Pages of our Website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs), which allows us to count the number of users: i) who have visited certain pages of our Website; ii) opened emails we may send about our Services, new products, or other updates; and/or iii) collect web related statistics (such as, for example, recording the popularity of certain content on our Website).

Third-Party Use of Cookies and Tracking Technologies

Some content or applications, including advertisements, on the Website may be served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies (along or in conjunction with web beacons or other tracking technologies) to collect information about you when you use our Website. The information they collect may be associated with your Personal Information or they may collect information, including personal data, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your Personal Information will be handled by these providers.

Once you leave our Website or are redirected to a third-party website or application, you are no longer governed by this Policy.Third-Party Use of Cookies [and Other Tracking Technologies] If the website displays advertising or other third-party content, the privacy policy should address these third parties’ use of tracking technologies. The policy typically:

  • Discloses that content (including advertising) provided by third parties may include cookies or other tracking technologies.
  • Clarifies that the site operator does not control and is not responsible for those third parties’ practices.
  • Encourages users to visit the third parties’ websites to learn about their privacy

If the website may collect personal information from California residents, to comply with CalOPPA it must disclose whether third parties may collect personally identifiable tracking information from consumers that use the website (Cal. Bus. & Prof. Code § 22575(b)(6)). This section includes a disclosure that third parties may collect this information. While an operator that does not allow third parties to collect this information from the website may wish to state that instead, unless the operator controls, hosts and serves all content on the website, it is difficult or impossible to control in practice.

Similarly, Nevada’s online privacy law specifically requires covered operators to disclose whether a third party may collect covered information about an individual consumer’s online activities over time and across different websites or online services when visiting the operator’s website or online service (NRS § 603A.340(1)(d)).

Many internet advertisers, ad servers, and ad networks also use tracking technologies to collect information about users’ online behavior and use this information to serve ads aimed to be relevant to particular users, such as OBA. If the website operator allows or may allow OBA to be served on the site, the privacy policy should include disclosures about OBA, with links to information about how to opt out of the various OBA providers. For more information about OBA, see Practice Note, Online Advertising and Marketing: Online Behavioral Advertising. For more on using tracking technologies, see Practice Note, Tracking Technologies: Privacy and Data Security Issues.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any Personal Information:

  1. To present our Website and/or Software and its contents to you.
  2. To provide you with information, products, or Services that you request from us.
  3. To fulfill any other purpose for which you provide it.
  4. To provide you with notices about your account.
  5. To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  6. To notify you about changes to our Website, Software, or any Services we offer or provide though it.
  7. To allow you to participate in interactive features on our Website or Software.
  8. For any other purpose with your consent. For example, based upon your expressed consent, We may interface and/or provide information on your behalf to a third party, such as, for example, a collection agency, an accounting system, and/or a payment processor.

We may use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your Personal Information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.

Close Drafting Note

How We Use Your Information

The privacy policy should disclose the purposes for which the website operator may use the information it collects (for example, order fulfillment, billing, and delivery). This is considered a best practice and some laws require it, including, for example, the CCPA and CalOPPA (Cal. Civ. Code § 1798.100(b); see Drafting Note, Legal Issues and Practice Notes, Drafting Privacy Notices: Applicable Law and Principles and Drafting CCPA Notices and Privacy Policies: Business or Commercial Purpose).

The disclosure can be quite general, but the site operator should specify any non-obvious uses. In particular, the policy should clearly state in this section whether the website operator intends to use the information for:

  • Direct marketing purposes (see Practice Notes, Direct Marketing and CAN-SPAM Act Compliance).
  • OBA (see Practice Notes, Online Advertising and Marketing: Online Behavioral Advertising and Tracking Technologies: Privacy and Data Security Issues. See also the FTC’s OBA Principles).

The disclosure in this section should address the site operator’s own uses of the information for these purposes, which may include uses on behalf of third parties and address any OBA obligations established by self-regulatory codes of conduct. See Practice Notes, Drafting Privacy Notices: Applicable Law and Principles and Direct Marketing: Privacy Principles. This disclosure is distinct from the sharing of personal information with third parties for marketing purposes, which should be addressed in the Disclosure of Your Information section.

The privacy policy and any online form used for collecting personal information should provide the user with choices regarding the use and sharing of their information for marketing purposes. The policy should also describe how users can change their preferences, which may include:

  • Updating their account profiles directly.
  • Sending an e-mail to the site operator.

(See Drafting Note, Choices About How We Use and Disclose Your Information.)

If there is a material change in the type of user information collected or how it may be used, the site operator must amend the policy and notify users of the changes (see Drafting Note, Changes to Our Privacy Policy) before using the information. To minimize the number of notifications made to users, site operators should give careful consideration to how they use the data they collect and ensure that the privacy policy addresses any possible future uses.

Disclosure of Your Information

We may disclose aggregated information about our users and information that does not identify any individual, without restriction.

We may disclose Personal Information and/or confidential information that we collect, or you provide (including aggregated information about our users):

  1. To our subsidiaries and affiliates.
  2. To contractors, service providers, and other third parties we use to support our business.
  3. To fulfill the purpose for which you provide it.
  4. For any other purpose disclosed by us when you provide the information.
  5. With your consent.
  6. To comply with any court order, law, or legal process, including to respond to any government or regulatory request. and
  7. To enforce our rights arising from any contracts entered into between you and us, including for billing and collection.

Close Drafting Note

Disclosure of Your Information

The policy should identify:

  • The categories of third parties with which personal information may be shared.
  • Under what circumstances it may be shared.
  • For what purposes it may be shared (for example, for credit card clearance, credit reference, order fulfillment, delivery, data analysis, or customer support).

This is considered a best practice and is required by some laws, for example the CCPA and CalOPPA (see Drafting Note, Legal Issues, Practice Note, Drafting Privacy Notices: Applicable Law and Principles and Standard Document, CCPA Privacy Policy for California Residents: Sharing Personal Information). Nevada’s online privacy law similarly requires covered operators to provide a privacy notice that identifies the categories of third parties with whom it may share personal information (NRS § 603A.340(1)(a)).

The policy should specify that the site operator has the right to transfer user information in connection with a sale of the business or its assets. This provision should state unambiguously that it includes sales in bankruptcy or liquidation where the business is not continuing as a going concern.

Website operators should not make overly broad promises in their privacy policies that do not reflect the site operator’s actual information collection and sharing practices, for example “we never disclose your information to third parties.”

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the Personal Information you provide to us. We have created mechanisms to provide you with the following control over your information:

  1. Tracking Technologies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s website. If you disable or refuse cookies, please note that some parts of our Website may then be inaccessible or not function properly.
  2. Disclosure of Your Information to Third-Parties. We will not interface with a third party on your behalf or disclose information about you to a third party without your expressed consent. If you do not want us to share your any information about you, including Personal Information with unaffiliated or non-agent third parties, then you can opt-out by not providing your consent and/or by sending us an email with your request to support@cssservicesinc.com.
  3. Promotional Offers from the Company. If you do not wish to have your email address/contact information used by the Company to promote our own or third parties’ products or services, you can opt-out by sending us an email stating your request to support@cssservicesinc.com.

Close Drafting Note

Choices About How We Use and Disclose Your Information

The privacy policy should inform users of their options regarding how the website uses and discloses their information.

The sample paragraphs in the section above may apply depending on how the website is operated and should be modified and supplemented to reflect the website’s actual operations. In particular, the site operator should consider choices relating to:

  • Use of cookies and other tracking technologies like web beacons.
  • Use of information by the site operator for advertising, marketing, and promotional purposes.
  • Disclosure of personal information to third parties for their advertising, marketing and promotional purposes.
  • Use of personal information for OBA.

This website privacy policy takes an opt-out approach for these uses and disclosures. A company may prefer to and, in some cases, must give users an affirmative “opt-in” choice before making certain uses or disclosures of personal information (see Drafting Note, California Consumer Privacy Act of 2018).

A company should always give an opt-in choice for certain uses and disclosures involving sensitive personal information. See Practice Note, Drafting Privacy Notices: FTC Guidance and Enforcement. Depending on applicable law, sensitive information may include:

  • Medical or health conditions.
  • Racial or ethnic origin.
  • Political opinions.
  • Religious or philosophical beliefs.
  • Trade union membership.
  • Sex life.

Alternatively, where appropriate, a site may prefer not to offer any choice to its users concerning how their information is to be used. For example, many US sites that do not involve sales to consumers do not include an opt-out option in the forms that collect information from users (for example, forms that allow consumers to ask questions, request information, or sign-up to receive email alerts or newsletters). Instead, they describe their information practices and instruct users not to submit their information if they do not want it collected, used, and disclosed as described in the privacy policy.

Nevada’s Personal Information Sales Opt-Out Law

Nevada requires commercial internet website operators covered by the state’s online privacy law to provide a designated address through which Nevada residents can submit a verified request to stop certain personal information sales (NRS § 603A.300 to 603A.360; Nevada SB 220). As currently written, this requirement applies to all operators within the law’s jurisdictional scope, even if the operator does not actually sell personal information under the statute’s narrow definition of those terms.

All operators covered by Nevada’s online privacy law should include the section’s optional paragraph disclosing the designated request address. Operators that do not sell covered information under the statute may include the paragraph’s optional sentence disclaiming such sales, but it must ensure the policy gets updated or revised if it ever starts selling personal data. To avoid potential policy inconsistencies, the operator may delete the optional sentence and just explain its current sales practices when it responds to any opt-out requests.

The covered operator can use one or more of the following contact methods for its designated request address:

  • Electronic mail address.
  • Toll-free telephone number.
  • Internet website form.

(Section 1.3, Nevada SB 220).

To learn more about Nevada’s opt-out law, including its coverage scope and exceptions, see Legal Update, Nevada Gives Consumers ‘Do Not Sell’ Rights Under Online Privacy Law and Preparing for Nevada’s Personal Information Sales Opt-Out Law Checklist.

Process Payments

We will use your information and/or Personal Information you give to us in order to process your payment for the purchase of our Software and/or Services from our Website. We only use third party payment processors that take the utmost care in securing data and comply with the GDPR.  Close Drafting NoteAccessing and Correcting Your Personal Information

Allowing individuals the opportunity to review and correct their personal information is also considered a good practice. See Practice Note, Drafting Privacy Notices: FTC Guidance and Enforcement.

The CCPA grants California residents specific rights to know and delete their personal information (see Practice Note, Understanding the California Consumer Privacy Act (CCPA): Consumer Rights). The website may provide notice about those rights through a separate, California-specific disclosure (see Drafting Note, Your California Privacy Rights and Standard Document, CCPA Privacy Policy for California Residents).

CalOPPA does not require website operators to allow individuals an opportunity to review their personal information. However, if a website operator chooses to do so, the privacy policy must provide a description of the process (Cal. Bus. & Prof. Code § 22575(b)(2)). Other California statutes, however, do impose access, correction, and removal obligations on websites directed towards minors. For more information on California’s specific requirements, see Practice Note, California Privacy and Data Security Law: Overview: Online and Mobile Privacy.

Nevada’s online privacy law contains a similar requirement to disclose and describe any process to review or correct personal information collected that exists (NRS § 603A.340(1)(b)).

The sample paragraphs in the section above may apply depending on how the website is operated and should be revised and supplemented to reflect the website’s actual operations. The policy should not include this section if users cannot access or correct their personal information.

Close Drafting Note

Your California Privacy Rights

Several different CCPA sections require the business to make affirmative disclosures to California residents in either their online privacy policy or a California-specific description of consumers’ privacy rights (see Practice Note, Drafting CCPA Notices and Privacy Policies). This optional section provides a link to a California-specific policy addendum describing those rights. For a model CCPA privacy policy, see Standard Document, CCPA Privacy Policy for California Residents. For a model CCPA collection notice, see Standard Document, CCPA Notice at Collection.

Additionally, if the website operator shares the personal information of California residents with third parties for direct marketing purposes, and does not provide users with a free option to opt-out of that information sharing, California’s “Shine the Light” Law may require the website operator to provide the person with specific disclosures upon request (see Practice Note, California Privacy and Data Security Law: Overview: Shine the Light).

Website operators that grant users a free option to opt-out of sharing information with third parties for marketing purposes do not need to include the optional clause describing their “Shine the Light” rights (see Drafting Note, Choices About How We Use and Disclose Your Information).

Data Security & Storage

We have implemented measures designed to secure your Personal Information from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind redundant firewalls in an ISO 9001 certified data center.

The safety and security of your information is important to us. To ensure your Personal Information is secure, our database serves have no direct connection to the Internet. Also, physical access of our database serves is subject to badge, biometric (fingerprint), and physical key access restrictions. Likewise, network access to the servers requires VPN access employing 2 Factor Authentication and Public/Private Key validation

In addition, all data entry and display are transmitted over SSL, where SSL robustness is routinely validated using Qualys SSL Labs. Social Security numbers are encrypted using AES256 encryption and scrubbed when no longer needed. Backups are encrypted using AES256 encryption and stored in a secure storage facility (Carbonite). The web application is routinely subjected to vulnerability scans and web application scanning. Finally, security patches are routinely applied to production and development servers

Please note that we do not currently receive or store any credit card information.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. Lastly, we use reasonable efforts to make sure our data processors are GDPR-compliant.

Unfortunately, the transmission of information via the internet is not completely secure; however, we follow all PCI-DSS requirements and implement additional generally accepted industry standards to protect your Personal Information; however, we cannot guarantee the security of your Personal Information transmitted to our Website. Any transmission of Personal Information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

California Privacy Rights

If you are a California resident, California law may provide you with additional rights regarding our use of your Personal Information. California law permits residents of California to opt-out of our Company’s disclosure of Personal Information to third parties for direct marketing purposes. You may choose to opt-out of the sharing of your Personal Information with third parties for marketing purposes at any time by submitting a request in writing to support@cssservicesinc.com. Please note that this opt-out does not prohibit disclosure made for non-marketing purposes.

In addition, California law also permits residents of California to request from us, once a year, a list of the third parties (if any) to whom we have disclosed your Personal Information for their direct marketing, as well as the type of Personal Information disclosed to those parties. If you are a California resident and would like to request this information, please submit your request in an e-mail to: support@cssservicesinc.com. Requests via written mail, telephone, or facsimile will not be accepted. The e-mail subject line and the content of your request must include the phrase “Your California Privacy Rights,” and include your name and e-mail address. Please allow 30 days to receive a response to your inquiry.

Legal Notice and Disclaimer

CSS is not a law firm or a collection agency. Information listed on our Website and Software is informational only and does not constitute legal advice. All communications sent from CSS or any of its employees is not legal advice or an attempt to collect any debt, including a third-party debt. For all legal questions, we highly recommend that you consult with an attorney qualified to provide you with legal advice in your jurisdiction.

Close Drafting Note

Changes to Our Privacy Policy

The privacy policy should specify how the site operator is notifying users of changes made to the policy. This is required by some laws, such as CalOPPA (Cal. Bus. & Prof. Code § 22575(b)(3)); see Drafting Note, Legal Issues and Practice Note, California Privacy and Data Security Law: Overview: California Online Privacy Protection Act). Nevada’s online privacy law similarly requires the privacy notice to describe the operator’s process for notifying website visitors about material changes (NRS § 603A.340(1)(c)).

As a general matter, website operators must comply with the promises contained in the version of the policy posted when a user provides information. Therefore, any changes to the privacy policy generally apply to information only if either:

  • It is collected after the date of the changes.
  • The user consents to the changes.

Website operators wishing to materially change the use they make of personal information they hold should obtain the users’ opt-in consent by notifying them of the changes and obtaining their affirmative agreement. This notice typically is provided by either or both:

  • Notice posted on the website requesting click-through consent.

Users not responding to an email explaining the changes to the privacy policy are not deemed to have given their consent and a site operator should treat their information according to the privacy policy in effect at the time their information was collected. This means that information collected under different privacy policies may need to be maintained separately.

Website operators should adapt this section to reflect exactly how the site operator notifies users of policy changes.

Contact Information

To ask questions or comment about this Policy and our privacy practices, contact us at: support@cssservicesinc.com.