(last updated December 14, 2019)
At LTAS Technologies (the creators of Harmari), your privacy is important to us. We are compliant with privacy laws around the world including GDPR, CCPA, PIPEDA and MFIPPA. Here’s what we did to comply with these laws.
Protecting your privacy
- No advertising appears on Harmari search results
- When you sign up for a Harmari account, you are treated as a Customer. Customer Contact Information such as name, title, department, company, email, phone number, mailing address are kept confidential internally. If your contact information represents a law enforcement, or a city, county or municipal government agency, your contact information may be provided to one of our affiliates but only if you first inquired about our products or our services and needed assistance with that.
- If you submit an online tip of a short term rental nuisance complaint, we will only share it with the specific municipal Customer for your jurisdiction. If the Customer allows anonymous nuisance tips to be submitted, then we will not disclose your contact information.
- If you submit a support request, we may contact you by email or phone in some circumstances to help resolve your support question
- The listings posted on harmaristr.com may provide links to third party websites, which may have different privacy practices. We are not responsible for, nor have any control over, the privacy policies of those third party websites, and encourage all users to read the privacy policies of each and every website visited
- No effort is made from Harmari to contact the person who posted any listings or advertisements that are returned in Harmari search results. Some Customers that are municipalities contract with the Harmari service may be contacted by direct mail, email or phone calls to notify Individuals that may be operating short term rentals within the municipality about the bylaw or ordinance in effect and to assist the individual or corporation with complying with that bylaw or ordinance.
- All web browser access to our website and web portal is automatically redirected to a secure HTTP connection (HTTPS), which includes a minimum of 128-big encryption keys and using SSL certificates.
- Customer passwords are stored in a one way hash, and are never logged in clear text
- User access logs are stored for each login, date, time, URL, and IP. We will comply with any unauthorized login by providing this information to you for investigation.
Data we collect
- As a Website Visitor
- If you choose to disclose your name, email, phone number, or address to us in a Contact Form
- If you provide feedback or comments, post responses to our blog posts we may collect your name, email, phone number or IP address. Please do not post any confidential information on our blog
- We also have an email subscription list for sending newsletters relevant to industry trends, product updates, information pertinent to municipal bylaw or ordinance enforcement, but only if you opt-in to receiving such communications.
- We employ an IP lookup service to learn about specific business Corporations, entities or agencies that are visiting its website for the purposes of identifying marketing opportunities without targeting specific Individuals
- Our web servers collect standard web log entries for each page served, including your IP address, search parameters, page URL, and timestamp. Web logs help us to diagnose problems with our server and Harmari search engine, to ensure the security and integrity of our server, and to perform standard website maintenance and administration
- As a Customer,
- Harmari collects your email address and phone number if provided, for notifying you of matching listings if you choose to subscribe to the notifications feature of specific results that match your search
- If you provide information of owners, residents, or occupants of dwellings in your community that may own or operate short term rentals, Harmari will collect and use the information to identify the names and locations of short term rental operators that are in compliance with the bylaw or ordinance. This information is never sold or disclosed to third parties for any other purpose other than your objectives for regulating short term rentals in your community
- As an Individual or Corporation
- If you currently own, operate or have recently owned and operated a short term rental and/or advertise short term rental accommodations online, then Harmari may be collecting names, email addresses, phone numbers, and locations that are openly advertised online with publicly available information
- If you advertise items for sale, offer services or housing to the general public on certain websites pertinent to our Customers, then Harmari may be collecting names, email addresses, phone numbers, and locations that are openly advertised online with publicly available information
- Our Customers use Harmari software to investigate social media websites, collect publicly available social media information, which may include your profile. They are exempt from obligations of GDPR, CCPA or PIPEDA due to their role as law enforcement officers. Those Customers may request technical assistance from time to time with an investigation that may also include downloading publicly accessible information disclosed on your social media website such as names, email addresses, phone numbers, and locations that are openly accessible by other social media account holders without having the privileged access of being connected, friended, linked with you
Data we store
- For online classifieds / marketplaces, Harmari stores all listings that match the supported categories in the Harmari Search FAQ page for each respective classifieds site in our database, even after deletion, flagging or expiry and are strictly used for investigation purposes only by our Customers via password-protected access. Some listing photos are also stored as defined on our Harmari Search FAQ page
- For online short term rental advertisements, Harmari stores the title, operator name, operator contact information, description, reviews, and images that could be considered a short term rental for our Customers in our database, even after deletion or being “put to sleep”, and are strictly used for investigation purposes only by our Customers via password-protected access.
- Our web logs and other records are stored indefinitely, again password-protected
- Although we make good faith efforts to store the information in a secure operating environment that is not available to the public, Harmari cannot guarantee complete security. Should there be a compromise of our server’s integrity, we have an action plan to notify you of any such event, and to take as many reasonable steps as possible to minimize risk
Data Storage, Architecture and Supplier Compliance
- Harmari Customer data is stored and hosted by Inap or its subsidiaries to ensure the geographic storage obligations of each geo-zone. Each Customer’s data is stored in a way to segregate data from other Customers
- Harmari’s architecture employs an access control layer (ACL) which restricts access to only those with minimum authorization required to access them, and the smallest applicable geographic area represented by each Customer’s jurisdiction and User role.
- Harmari segregates the publicly available functional pages from the Customer-only pages and redacts sensitive Customer Data from publicly available pages
Exemptions to GDPR, CCPA and PIPEDA
Our Customers are exempt from the “Right to be Forgotten”, “Right to be Deleted” or “Do Not Sell My Personal Information” language in each respective law because of their obligations to investigate a breach or contravention of law, and in so using our software to perform those investigations.
Our Municipal Customers may request us to perform mail or telephone outreach to short term rental owners and operators on their behalf to notify Individuals and Corporations of their obligations of the bylaws and ordinances of their community, and thus represents a “transactional relationship” between us and the Individual or Corporation acting on behalf of the Municipal Customer.
What we have done to comply with laws
- Regarding Customers, Registration, and our Contact Forms
- Our account registration page has the subscription opt-in button unchecked by default, requiring you to check it to opt-in
- We will not sell your personal information
- By clicking on your Account after logging in, you will be able to access your account and profile information
- By emailing our privacy department with your request, we will execute any request for deletion of your personal information, so long as it does not apply to one of the exemptions applicable to our Customers
- Regarding online marketing
- We have restricted importing contact information of known EU citizens, and of email addresses ending in a domain suffix that belongs to a EU member state (e.g. .es, .fr, .de) into our email marketing system
- For email addresses that belong to an EU citizen or end in an EU domain suffix, we send a periodic permission request (no more than once per year) to ask for permission to opt-into receiving email marketing. Once consent is given, we record that consent action. That consent can be revoked at any time using the “Unsubscribe” feature in the email marketing system
- Regarding Website Visitors
- We have placed the text “Do Not Sell My Personal Information” link on our homepage, with the Exemptions noted above
- We have trained our staff to not discriminate against you for exercising your privacy rights, and to direct you to our email us your questions to our privacy department (see bottom of page)
- We have reviewed existing Agreements between itself and Suppliers (those that provide publicly available records to report to its Customers) and has vetted each Supplier for data collection, storage and usage equivalent to our own Privacy Standards
- When asked to assist with investigations, Harmari staff shall proceed in a comprehensive manner to look for both positive and negative indicators of evidence in relation to the investigation, and shall not discriminate on the Website Visitor, Individual or Corporation in performing the troubleshooting duties related to social media
- Specific to Canadian Customer data, our main server is in Canada
- Specific to US data storage standards, we do have server storage solutions available to Customers to comply with FedRAMP and NIST standards, through Inap hosting.
- Specific to EU data storage standards, we have server storage solutions available to Customers to comply with GDPR EU-restricted standards, through Inap hosting.
Circumstances in which Harmari may release information
- Harmari may disclose information about its users if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to respond to subpoenas, court orders, or other legal process.