PRIVACY POLICY + TERMS OF USE

Effective Date: January 1, 2023


Mecca is committed to providing clear and concise information regarding our collection and processing of personal information by Mecca Residential LLC.. By accessing our website or utilizing Mecca software services (collectively, “Mecca Services”), you consent to the information collection and handling practices outlined in this policy.


I. Personal Information Collection


Mecca collects and processes personal information as a service provider to property landlords, residents, and tenants (collectively, “Clients”). This personal information includes a broad range of data elements.

In particular, Mecca Services have collected the following categories of personal information from our Clients within the last twelve (12) months:

Category: Identifiers

Examples: Name, mailing address, email address, phone number, Social Security number, driver's license number number/image, state identification card, passport number, or other similar personal identifiers associated with the residential and commercial real estate leasing activities.
Note: Some personal information included in this category may overlap with other categories.


Category: Sensitive Personal Information

Examples: Social Security number, driver’s license number/image, state identification card, or passport number;

Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;

Precise geolocation for Bluetooth-enabled application connectivity;

Racial or ethnic origin; and

Personal information collected and analyzed concerning a consumer’s health (for senior living services).


Category: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Examples: Name, electronic signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, employment status, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, and similar personal identifiers associated with the residential and commercial real estate leasing activities.

Note: Some personal information included in this category may overlap with other categories.


Category: Protected classification characteristics under California or federal law

Examples: Age (40 years or older), race, color, national origin, citizenship, marital status, medical condition, physical or mental disability, gender identity, veteran/military status, and similar personal identifiers associated with the residential and commercial real estate leasing activities.


Category: Commercial information

Examples: Rental ledger data and payment history, record of applications and services utilized, customer support records and communications, and similar personal identifiers associated with the residential and commercial real estate leasing activities.


Category: Biometric information

Examples: Voice call recordings from product services, contact center, and similar call center and support operations.


Category: Internet or other similar network activity.

Examples: Information pertaining to an individual's interaction with a Mecca website, application, or service.


Category: Geolocation data

Examples: Physical location for localized search/application functionality or Bluetooth-enabled application connectivity


Category: Sensory data

Examples: Voice call recordings from product services, contact center, and similar call center and support operations.


Category: Professional or employment-related information

Examples: Current or past job history and income, and similar personal identifiers associated with the residential and commercial real estate leasing activities.


Category: Inferences drawn from other personal information

Examples: Profile reflecting a person's preferences, characteristics, predispositions, behaviors, and personal identifiers associated with the residential and commercial real estate leasing activities.


II. Personal Information Exceptions


Personal information does not include:


  • Publicly available information from government records.
  • De-identified or aggregated consumer information.
  • Information excluded from state privacy law scope, like:
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA); and
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.


III. Personal Information Sources

Mecca collects the categories of personal information listed above from the following sources:

  • Resident and prospective renter personal information is collected (i) from residents during enrollment in or utilization of Mecca Services, (ii) from Clients via direct input into Mecca Services or integration with Mecca software systems and third party service providers, and (iii) indirectly from credit reporting agencies/bureaus, payment processors/gateways/banks, and website analytics services integrated with Mecca Services.
  • Client and Client employee end user personal information is collected (i) from Client’s employees during setup of Mecca Services user accounts, and (ii) from Client during activation and implementation of Mecca Services.


IV. Personal Information Use & Processing


We may use or disclose the personal information we collect for one or more of the following purposes:

  • To fulfill the purpose for which the personal information was collected and provide the requested Mecca Services
  • To integrate with apartment community services offered by Mecca or third-party service providers contracted by Clients.
  • To distribute communications and legally required notices regarding the status of Mecca Services via phone, email, and SMS text.
  • To provide Mecca Services maintenance, enhancement, research, development, security, support, and website optimization.
  • To maintain compliance with federal and state laws related to software-as-a-service, background screening, financial institutions, and money services businesses.
  • To create, maintain, customize, and secure Mecca Services user accounts.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Mecca's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Mecca is among the assets transferred.

Mecca will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice. Additionally, Mecca processing of sensitive personal information is limited to activities necessary for the delivery and performance of Mecca Services on behalf of our Clients and end users.


V. Personal Information Disclosure

Mecca does not sell personal information collected through Mecca Services, and no such disclosure has occurred in the prior 12 months.

Mecca may provide personal information to third parties for business purposes under limited circumstances, including service providers and vendors that support or integrate with the Mecca Services described in this statement (see chart below). Mecca only discloses personal information to the extent reasonably necessary to support Mecca Services requirements, or for the third-party vendors or service providers to perform the services on our or our Clients’ behalf. We do not permit third party vendors or service providers to use or disclose your personal information except for the purpose of providing the services we request of them. However, please note that Mecca does not maintain direct control over the privacy policies and practices of Clients or any other third-party companies, agents, or contractors.

Category: Identifiers

Third Party Disclosure Business Purposes: Service providers/vendors/subsidiaries


Category: Sensitive Personal Information

Third Party Disclosure Business Purposes: Service providers/vendors/subsidiaries


Category: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Third Party Disclosure Business Purposes: Service providers/vendors/subsidiaries


Category: Protected classification characteristics under California or federal law

Third Party Disclosure Business Purposes:  Service providers/vendors/subsidiaries


Category: Commercial information

Third Party Disclosure Business Purposes:  Service providers/vendors/subsidiaries


Category: Biometric information

Third Party Disclosure Business Purposes: Service providers/vendors/subsidiaries


Category: Internet or other similar network activity.

Third Party Disclosure Business Purposes: Service providers/vendors/subsidiaries


Category: Geolocation data

Third Party Disclosure Business Purposes: Service providers/vendors/subsidiaries


Category: Sensory data

Third Party Disclosure Business Purposes: Service providers/vendors/subsidiaries


Category: Professional or employment-related information

Third Party Disclosure Business Purposes: Service providers/vendors/subsidiaries


Category: Inferences drawn from other personal information

Third Party Disclosure Business Purposes: Service providers/vendors/subsidiaries


VI. Personal Information Rights and Choices – State Privacy Rights


Certain state jurisdictions (California, Virginia, Colorado, Connecticut, and Utah) provide their legal residents with specific rights regarding their personal information. Each right includes the ability to make a specific consumer request and corresponding obligation of the receiving party to (i) verify the identity of the requestor and (ii) respond in accordance with statutory guidelines. This section describes your rights and explains how to exercise those rights.


Accessing and Updating Personal Information

In the event your personal information is determined to be outdated, incomplete, or inaccurate, you may access and update your information by logging into your Mecca Services account or contacting your property manager. If you require verification that your requested changes have been completed, and such verification is not readily displayed in your Mecca Services account, you may request confirmation at the email address listed below (See “Contact Us”).


Access to Specific Information Regarding Personal Information Use/Disclosure and Portability

You have the right to request a summary of the collection, use, and disclosure of your personal information over the past 12 months. 

In response to a verifiable consumer request for these services, we will disclose the following information for the applicable Mecca Services:

  • The categories, specific types, and sources of personal information we collected about you.
  • Our business purpose for collecting the personal information.
  • The categories of third parties with whom we share that personal information and the purpose for the disclosure.

You also have the right to request a copy of this personal information in a readily useable format that is transferable to other entities (frequently referred to as “data portability”). If you make a data portability request, Mecca may be (i) restricted from providing certain sensitive personal information in response to the request or (ii) prohibited from granting the request entirely if it presents an unreasonable security risk.

Deletion of Personal Information

You have the right to request that Mecca delete any of your personal information that we collected and retained, subject to certain exceptions. 

Once we receive and confirm your verifiable consumer request, we will delete or de-identify (and direct our service providers to delete or de-identify) your personal information from our records, unless one of the following exceptions applies:

We may deny your deletion request if retaining the information is necessary for Mecca or our service providers to:

  1. Complete the transaction for which we collected the personal information, provide the Mecca Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you or your property owner, or otherwise perform our contract with you or your property owner.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug Mecca Services to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  6. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us or our Clients.
  7. Comply with laws, regulations, statutes, codes, ordinances, or other legal obligations.
  8. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.


VII. Submitting Consumer Requests - Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

  • Calling us at: 801.858,0600

OR

  • Via the secure webform linked here

Only you (or someone legally authorized to act on your behalf) may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to confirm your identity as the person about whom we collected personal information (and, if applicable, the authority and identity of an authorized representative).
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Please note, we cannot respond to your request or provide you with personal information if we cannot (i) verify your identity or authority to make the request and (ii) confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. However, we do consider requests made through your password protected account sufficiently verified when the request relates to personal information associated with that specific account.

We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.


VIII. Consumer Request Responses and Timelines

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please journeyfoward@meccapm.com. We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require additional time beyond the 45 days, we are entitled to an extension up to an additional 45 days (for a total response timeline capped at 90 days). In the event that an extension is necessary, we will inform you of the reason and extension period in writing.


If you have an account with us, we will deliver our written response to that account where possible. If you do not have an account with us, or your existing account lacks a communication feature, we will deliver our written response to your designated email address.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request's receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.


IX. Personal Information Sales and Sharing – Opt Out Rights

Mecca does not sell personal information collected through Mecca Services, and no such activity has occurred in the prior 12 months. In the event that Mecca changes its practices and engages in the sale of personal information as regulated by law, we will provide advance notification to impacted individuals and offer the ability to opt in/opt out in accordance with regulatory requirements.

Mecca utilizes cookies and tracking technologies. Under some circumstances, these technologies may be deemed a “sharing” of personal information under applicable privacy laws.


X. Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Unless permitted by law, we will not engage in any of the following practices in response to your exercise of privacy rights:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.


XI. Other California Privacy Rights

The State of California also grants California residents privacy rights via laws unaffiliated with the CCPA/CPRA. Those rights include the following:

California's "Shine the Light" law (Civil Code Section § 1798.83) permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to journeyfoward@meccapm.com.

California’s Investigative Consumer Reporting Agencies Act (ICRAA – Civil code Section § 1786.10 -1786.40) requires certain privacy disclosures related to investigate consumer reporting agencies operations, including the following:


XII. Cookies, Web Beacons, and Other Technologies – Do Not Track

When you access Mecca Services or our website, our servers may place small text files (“cookies”) on your computer for recordkeeping purposes. Among other things, cookies enable us to gather information about your activity on our website for the purposes of improving your online experience, establishing secure user accounts, remembering your preferences and settings, and for other similar customization purposes.

In addition to cookies, the Mecca Services and our website may utilize web beacons, clear gifs, or other technologies to gather information on how users interact with and utilize various features. For example, these technologies can identify popular pages, viewing patterns, click-through, conversion rates, and other information that can be used to improve, monitor, and operate our websites, products, and services.


Some web browsers have a “Do Not Track” feature. This feature lets you tell websites you visit that you do not want to have your online activity tracked. These features are not yet uniform across browsers, and our sites are not currently set up to respond to those signals. Most internet browsers provide controls that allow users to directly manage or disable the placement and usage of cookies on their computer. Please note that disabling cookies may deactivate or otherwise restrict certain features on Mecca Services or our website.


XIII. Third Party Links to Other Sites

Mecca Services may include links to third party service providers contracted by Clients. These linked services are operated by unaffiliated third parties that have separate and independent privacy statements, terms of use, and related notices or disclosures regarding information handling practices. We cannot be responsible for the information handling practices of independent parties and encourage you to review their practices prior to information disclosure.

Mecca Services that offer mobile applications do not include third-party ad partners, campaigns, or personalized ad delivery.


XIV. Data Security

Mecca implements and maintains appropriate physical, administrative, technical and organizational measures to protect the information we process against unauthorized or unlawful access, use or disclosure, and against accidental loss, damage, alteration or destruction. Under our security policies and practices, access to personal information is restricted and authorized only for those who have a business need for such access. Mecca strives to protect the personal information that we process; however, no security program is 100% secure and we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use, or disclose personal information. We maintain security incident response policies and procedures to handle incidents involving unauthorized access to personal data we process.


XV. Children's Online Privacy

Mecca Services do not target or attract the attention of children under the age of 13 for the online collection of personal information.


XVI. Changes to Our Privacy Statement

Mecca reserves the right to amend this privacy statement at our sole discretion at any time. When we make changes to this privacy statement, we will post the updated content to our applicable websites and services along with the effective date of the change. Your continued use of Mecca Services following the posting of changes constitutes your acceptance of such changes.


XVII. Contact Us

If you have any questions or concerns about this Privacy Statement or its implementation, you may contact us via the following methods:

Via US Postal Service at:

Mecca Residential LLC
Attn: Privacy (Legal)
6925 S Union Park Center Suite 500
Cottonwood Heights, UT 84047

OR Via email at: journeyfoward@meccapm.com

Share by: