State Privacy Notice
Effective Date: January 1st, 2025
CONTENTS
U.S. State Privacy Notice
This U.S. State Privacy Notice (“Notice”) describes how Equity Residential and its affiliates,
subsidiaries, and related entities (collectively, “Equity Residential,” “we,” “our” or
“us”) processes Personal Information of Consumers through our website at equityapartments.com and our mobile application (the
“Online Services”), as well as your offline interactions with us (together with the Online Services,
the “Services”).
This Notice applies to “Consumers” as defined under applicable U.S. state privacy laws, including the
California Consumer Privacy Act (the “CCPA”), the Colorado Privacy Act, the Texas Data Privacy and Security
Act, and all laws implementing, supplementing, or amending the foregoing, including regulations promulgated
thereunder (collectively, “U.S. Privacy Laws”). Capitalized terms used but not defined in this Notice shall
have the meanings given to them under U.S. Privacy Laws.
For purposes of this Notice, “Personal Information” means information that identifies, relates to, or could
reasonably be linked with an individual. Personal Information does not include publicly available,
deidentified, or aggregated information.
This Notice does not apply to our job applicants, current employees, former employees, or independent
contractors. California job applicants can learn about our data practices as relates to them in our
California Applicant Privacy Notice. California employees and independent contractors should see our
California Employee Privacy Notice for additional disclosures. This Notice supplements our privacy policies,
including, without limitation, our Website Privacy Policy. In the event of a conflict between any other
Equity Residential policy, notice, or statement and this Notice, this Notice will prevail as to Consumers
unless stated otherwise.
We may update this Privacy Policy from time to time, as indicated by the “Effective Date” date at the top of
this Privacy Policy. Any changes to this Privacy Policy will be effective as of the “Effective Date” date at
the top of this page, unless otherwise expressly indicated. We encourage you to review this Privacy Policy
whenever you visit the Site.
Unless otherwise stated, the description of our data practices in this Notice covers our current practices
and our practices in the twelve (12) months prior to the Effective Date.
1. Collection of Personal Information
We may collect your Personal Information directly from you; from security systems at our properties;
automatically when you interact with our Online Services; from our service providers; from public sources of
data such as government databases; and from other businesses or individuals.
We collect the following categories of Personal Information about Consumers. Note that the Personal
Information we collect about you may vary depending on the nature of your interactions with us, and may not
include all of the examples below.
- Identifiers, including real name, alias, postal address, unique personal identifiers, online
identifier, Internet Protocol address, email address, account name, or other similar identifiers.
- Personal Records, including name, signature, physical characteristics or description, address,
telephone number, education, employment, employment history, insurance policy number, and financial
information (e.g., bank account or credit card number).
- Characteristics of Protected Classifications Under State or Federal Law, including sex, marital
status, veteran status, familial status, disability, age, gender identity, or creed, but only when that
information is relevant for our Business Purposes.
- Commercial Information, including records of services purchased, obtained, or considered, or
other purchasing or consuming histories or tendencies.
- Internet or Other Electronic Network Activity, including device identifiers, mobile network,
operating system details, language preferences, referring URLs, length of visits, traffic data, pages
viewed, and information regarding interactions with the Services.
- Geolocation Data, including approximate location of the device or equipment you are using.
- Sensory Data, including audio recordings of customer support calls, video security footage,
photographs, and other electronic, visual, or similar information.
- Professional or Employment Information, including professional or employment-related information
to determine income eligibility for leasing.
- Inferences drawn from other Personal Information we process to create a profile about you
reflecting your preferences, characteristics, psychological trends, predispositions, behavior,
attitudes, intelligence, abilities, and aptitudes.
We do not use or disclose Sensitive Personal Information for purposes to which the right to limit use and
disclosure applies under the CCPA.
As permitted by applicable law, we may convert your Personal Information into deidentified data or aggregate
Consumer information. We will not attempt to reidentify data that we maintain as deidentified.
2. Use of Personal Information
We or our vendors may use the Personal Information described above for the following purposes:
- Provide Services or Process Transactions, including by maintaining or servicing your account;
operating and maintaining our Services; providing information about our Services; processing your
payments and other transactions; communicating with you about our Services; and responding to your
requests and questions.
- Communicate With You, including providing account notifications or service order updates;
responding to your questions or feedback; confirming your preferences; providing you information about
our Services; and contacting you regarding Services, billing, and transactions.
- Operate Our Business, including performing system administration and technology management;
carrying out internal administration, such as recordkeeping and auditing; identifying prospective
tenants, partners, service providers, and vendors; managing our relationships with our tenants,
partners, service providers, and vendors; and fulfilling purposes that we describe to you at the time we
collect your Personal Information.
- Conduct Business Analytics, including evaluating how our Services perform; tracking and
responding to quality and security issues; forecasting and planning; developing statistics on engagement
with our Services; and measuring how well marketing and promotional activities perform.
- Maintain Security and Integrity, including protecting our Services from cyber risks;
authenticating users; preventing, identifying, investigating, and responding to fraud, illegal or
malicious activities, and other liabilities; enforcing our policies and terms; protecting our rights;
fulfilling our legal obligations; and generally providing you with a secure experience when using our
Services.
- Perform Quality, Safety, and Internal Research, including evaluating how our Services perform;
repairing or improving the quality of our Services; tracking and responding to quality and security
issues; and developing new or enhanced products and service offerings.
- For Advertising and Marketing, including measuring the use of our Services and effectiveness of
our advertising and marketing; and uncovering insights to improve our Services and provide our users
with enhanced features and functionalities, such as personalized experiences.
- For Legal and Compliance Purposes, including complying with applicable law, court order,
governmental regulations, or other legal obligations; assisting in an investigation, regulatory
requests, litigation, or arbitration; protecting and defending our rights and property, or the rights or
safety of parties; enforcing our terms, policies, or any agreements with parties; comply with health and
safety obligations; and prevent crime.
- For Corporate Restructuring Purposes, including evaluating or executing a merger, divestiture,
restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, as
part of regular business operations or pursuant to a bankruptcy, liquidation, or similar proceeding.
3. Disclosure of Personal Information
We may disclose Personal Information for the purposes described above to the following parties:
- Our group of companies, including with our affiliates, subsidiaries, locations, and brands.
- Agents, vendors, consultants, and other service providers so that they may provide their services to us,
including customer service, business operation and maintenance, product and customer service improvement,
promotional support, payment processing, auditing and quality control, communication, and other business
operations.
- Other parties at the Consumer’s direction or through the Consumer’s action.
- Vendors and other parties for marketing purposes, to improve our Services, or to provide you with products
and services that may interest you.
- Advertising partners for the purposes of ad targeting, remarketing, and customized advertising content.
- Government or private parties to comply with law or legal process, respond to requests from public and
government authorities, enforce our terms and conditions, protect our operations and our rights, privacy,
safety or property of you or others, and allow us to pursue available remedies or limit the damages that we
may sustain.
- Our insurers and professional advisors to manage risk, exercise or defend against legal claims, and
otherwise obtain professional advice.
- Parties as part of or during negotiations of any reorganization, acquisition, merger, sale, joint venture,
assignment, transfer, or other transaction where another party assumes control over all or part of our
business, assets, or stock (including in connection with any bankruptcy or similar proceeding).
4. Retention of Personal Information
We retain Personal Information for as long as necessary for the purposes described in this Notice or
otherwise authorized by law. This generally means holding the information for as long as one of the
following apply:
- Personal Information is reasonably necessary to manage our operations, to manage your relationship with
us, or to satisfy another purpose for which we collected the Personal Information;
- Personal Information is reasonably necessary to carry out a disclosed purpose that is reasonably
compatible with the context in which the Personal Information was collected;
- Personal Information is reasonably required to protect or defend our rights or property (which will
generally relate to applicable laws that limit actions in a particular case); or
- Personal Information may be maintained indefinitely according to legal or regulatory requirements,
including applicable legal holds, or for data backup or recovery purposes.
Where Personal Information is used for more than one purpose, we will retain it until the purpose with the
latest period expires. For more information about our retention policies, please contact us using the
contact details below.
5. State Consumer Rights
(a) Exercising Your Rights
To submit a request to exercise your Consumer privacy rights, or to submit a request as an authorized agent:
- If you are a California, Colorado, or Texas Consumer, use our Privacy Rights Request Form, or call us at
(866) 869-5413 and respond to any follow-up inquiries we make.
- If you are a business-to-business data subject, use our HR and B2B Privacy Rights Request Form or call
us at (866) 869-5413 and respond to any follow-up inquiries we make.
If you submit certain requests, we may request additional information to verify your identity, which may
require you to log into your account or to provide 2-3 pieces of Personal Information that we will match
against our records.
Depending on your state of residence, you may be able to designate an authorized agent to make certain
privacy rights requests on your behalf. Such privacy rights requests may have to undergo our verification
process, which includes verifying the identity of the agent and their authorization to make the request. An
authorized agent may submit a request on your behalf using the email address or toll-free number listed
above.
If you need special accommodation, please let us know by contacting us over the phone toll-free at (866)
869-5413, via email at consumerprivacy@eqr.com, or by mail at Two North Riverside Plaza, Suite 400, Chicago
IL 60606 Attention: Privacy Compliance. Please be aware that we do not accept or process requests through
other means (e.g., fax, chats, social media).
We will not discriminate or retaliate against you for your exercise of your Consumer privacy rights.
(b) Consumer Rights
Depending on your state of residence, you may have the following rights related to your Personal Information:
- Right to Confirm and Access: You may have the right to confirm that we process your Personal
Information, know details about the Personal Information we process, and access your Personal
Information. California Consumers may also request:
- The categories of sources from which the Personal Information was collected.
- Our Business or Commercial Purposes for collecting, Selling, Sharing, or disclosing Personal
Information The categories of recipients to which we disclose Personal Information.
- The categories of Personal Information that we Sold or Shared, and for each category identified, the
categories of Third Parties to which we Sold or Shared that particular category of Personal
Information.
- The categories of Personal Information that we disclosed for a Business Purpose, and for each
category identified, the categories of recipients to which we disclosed that particular category of
Personal Information.
- Right to Data Portability: You may have the right to request a copy of your Personal Information
in a portable format.
- Right to Correct: You may request that we correct Personal Information that we maintain about you
if you believe such Personal Information is inaccurate.
- Right to Deletion: You may request that we delete your Personal Information.
- Right to Opt Out of Sales, Targeted Advertising, and Cross-Context Behavioral Advertising: You
may have the right to opt out of the sale of Personal Information, Targeted Advertising, or
Cross-Context Behavioral Advertising. To opt out of the Sale or disclosure of your Personal Information
for Targeted Advertising or Cross-Context Behavioral Advertising, please use our Cookie preference
center. If you choose to use the Global Privacy Control browser signal, you will only be opted-out of
online Sales or Sharing of Personal Information, and will need to turn it on for each browser you use.
- Right to Appeal: You may have the right to appeal a decision that we have made regarding your
Consumer privacy request.
We do not Profile in furtherance of decisions that produce legal or similarly significant effects so do not
offer this right.
6. Additional Disclosures for California Residents
(a) Selling and Sharing Personal Information
Under California law, we Sell and Share the following categories of Personal Information: Identifiers,
Personal Records, Internet or Other Electronic Network Activity, Geolocation Data, and Inferences. We have
Sold and Shared Personal Information to Third Parties, including our vendors and other Third Parties for
Cross-Context Behavioral Advertising and other marketing and advertising services that we utilize on our
Online Services. We do not have actual knowledge that we Sell or Share the Personal Information of Consumers
under 16 years of age.
(b) Shine the Light
We may disclose “Personal Information” of California residents as defined by California’s “Shine the Light”
law to our affiliates, for their own direct marketing purposes. California residents may also request
information about our compliance with the Shine the Light law, and obtain a disclosure of Third Parties we
have disclosed information to in accordance with the law for their direct marketing purposes absent your
choice (i.e., Equity Residential affiliates) and the categories of information disclosed, by contacting us
at consumerprivacy@eqr.com or by sending a letter to us at Two
North Riverside Plaza, Suite 400, Chicago, IL 60606, (Attention: Legal Counsel). Requests must include
“California Shine the Light Request” in the first line of the description and include your name, street
address, city, state, and ZIP code. Please note that we are only required to respond to one request per
customer each year, and we are not required to respond to requests made by means other than through the
provided email address or mail address.
Washington Consumer Health Data Privacy Policy
This Washington Consumer Health Data Privacy Policy (“Washington Policy”) explains how Equity
Residential and its affiliates, subsidiaries, and related entities (collectively, “Equity
Residential,” “we,” “our” or “us”) Processes the Consumer Health Data of
Washington residents and individuals whose Consumer Health Data is Collected in Washington (“Washington
Consumers”) pursuant to the Washington My Health My Data Act (the “MHMD Act”).
For purposes of this Washington Policy, “Consumer Health Data” means Personal Information that is
linked or reasonably linkable to a Washington Consumer and that identifies the Washington Consumer’s past,
present, or future physical or mental health status.
Capitalized terms that are not otherwise defined in this Washington Policy shall be defined as they are in
the MHMD Act.
In the event of a conflict between any other policy, statement, or notice and this Washington Policy, this
Washington Policy will prevail as to Consumer Health Data Collected under the MHMD Act.
1. Consumer Health Data Collection, Use, and Purpose
Per the MHMD Act, we collect self-reported health-related information from you or your healthcare provider,
such as disability status or accommodation requirements. We use this Consumer Health Data for accommodation
purposes, including fulfilling requests.
We may also use Consumer Health Data to prevent, detect, protect against, and respond to security incidents,
identity theft, fraud, harassment, malicious or deceptive activities, or any activity that is illegal under
Washington state or federal law; preserve the integrity and security of our systems; and investigate,
report, or prosecute those responsible for any illegal action under Washington state or federal law.
2. Sharing Consumer Health Data
We Share Consumer Health Data among our Affiliates to carry out our operations and provide services to
Washington Consumers, specifically Equity Residential; Equity Residential Management, LLC; and ERP Operating
Limited Partnership.
We do not Sell Consumer Health Data.
3. Consumer Health Data Rights
(a) Exercising Your Rights
To submit a request to exercise your privacy rights, use our Washington Consumer Rights Request Form and
respond to any follow-up inquiries we make.
If you submit certain requests, we may request additional information to verify your identity, which may
require you to log into your account or to provide additional data that we will match against our records.
If you need special accommodation, please let us know by contacting us over the phone toll-free at (866)
869-5413, via email at consumerprivacy@eqr.com, or by mail at
Two North Riverside Plaza, Suite 400, Chicago IL 60606 Attention: Privacy Compliance. Please be aware that
we do not accept or process requests through other means (e.g., fax, chats, social media).
If you choose to exercise any of your privacy rights, we will not discriminate against you.
(b) Washington Consumer Rights
Washington Consumers have the right to submit certain requests relating to your Consumer Health Data as
described below.
- Right to Confirm: Washington Consumers have the right to confirm whether we are Collecting,
Sharing, or Selling your Consumer Health Data. At this time, we do not Sell Consumer Health Data.
- Right to Access: Washington Consumers have the right to access your Consumer Health Data.
- Right to Deletion: Washington Consumers have the right to request that your Consumer Health Data
be deleted.
- Right to Withdraw Consent: Washington Consumers have the right to withdraw Consent from our
Collection and Sharing of your Consumer Health Data.
- Right to Obtain Sharing Information: Washington Consumers have the right to obtain a list of all
Third Parties and Affiliates with whom we have Shared your Consumer Health Data and an active email
address or other online mechanism to contact Third Parties. We do not Share Consumer Health Data with
Third Parties, as those terms are defined in the MHMD Act. We only Share Consumer Health Data with our
Affiliates.
You may be able to appeal a decision made regarding your privacy request using our Washington Consumer Rights
Request Form. In the event we deny your appeal, we will provide a written explanation of the decision, and
instructions on how to contact your local Attorney General for further review.
Contact Us
For more information on your privacy rights, or for disability access assistance,
contact us at (866) 869-5413, email us at
consumerprivacy@eqr.com,
or write to us at Two North Riverside Plaza, Suite 400, Chicago, IL 60606 Attention: Privacy Compliance.
©
Equity Residential. All Rights Reserved.