This Privacy Notice describes how CORT Business Services Corporation (collectively, “We”, “Us”, and “Our”) collects, uses, shares, and secures the personal information you provide, or we collect, when you interact with our Websites, Services and Products and any other sites or Services (“Services”) under our control where this Privacy Notice is displayed. It also describes your choices regarding use, access, and correction of your personal information.

Our Websites may contain links to sites that are not affiliated with CORT and that may or may not have similar practices in place to protect the privacy of your personal information. We encourage you to review the privacy statements of each of the sites that are linked to or accessed from our Websites so that you will be aware of how each visited site processes such personal information.

1. Categories of Personal Information We Collect
2. How We Collect Personal Information
3. Cookies and Tracking Technologies
4. How We Use Personal Information
5. How We May Disclose Your Personal Information
6. Marketing Email Communication
7. Security
8. Retention
9. Children’s Data
10. Individuals in the European Union, European Economic Area, Switzerland, and the United Kingdom
11. Notice to California Residents
12. Your Privacy Rights and How to Exercise Them
13. Data Privacy Framework (DPF)
14. Updates to the Privacy Notice
15. Contact Us

1. Categories of Personal Information We Collect

We process different types of personal information depending on how you engage with CORT.

If you are a direct customer of CORT, we may collect the following personal information to engage with you and to process transactions:

• When you register for an account, we collect your name, email address, and password.
• When you rent or purchase furniture, we collect your name, email address, postal address, delivery address, lease length (if applicable), and financial information for bill payment, including your payment methods and preferences such as credit card number or debit card number, and billing and credit history, where applicable.
• When you engage with our Websites and provide your email address, use the “Favorites” tools or complete a transaction, we may collect information about the products or services you considered and/or purchased.
• When you fill out an online Contact Us form, we collect your name, email address, and phone number.
• We may collect personal information contained within your interactions with us, including audio, electronic, or visual information, screen sharing views, and any files provided to us via email, chat functionality, social media, telephone, or otherwise.
• When you email, text, or tweet us a question or request, we collect your email address, phone number, or handle to process your request and respond to your question.
• If you reach out to us through our call center, we may record the call for internal purposes only, and will collect your name, email address, phone number, and any information necessary to provide customer service, potentially including your payment information.

If you are the employee of a CORT client, CORT collects personal information to deliver Services on your employer’s behalf that may include:

• Personal contact information such as name, postal address, delivery address (if needed) telephone/mobile number, email address.
• Employment information such as role/title, name of current employer, occupation, work address, work telephone, work email address, fax number.
• Product and Service-related information concerning the Products and Services that we provide to you or programs that we offer.
• Location information for the purpose of locating a place that you may be searching for in your area.
• Business relationship information, including information related to your agreements, preferences, advisors, and decision-makers, feedback and information requested by or provided to you.
• If you reach out to us through our call center, we may record the call for internal purposes only, and will collect your name, email address, phone number, and any information necessary to provide customer service, potentially including your employer and/or payment information.
• Where CORT is procuring an apartment rental for you through CORT Accommodation Service (CAS), the following additional personal information may be collected by CORT as required by the apartment complex’s property management company to complete the rental application: rent payment; reason for moving; previous address; employment status and monthly income; and emergency contact name and phone number.
• Where CORT is procuring an apartment rental for you through CORT Accommodation Service (CAS), the following sensitive personal information may be collected for a credit check and criminal background check, but only if required by the property management company: date of birth, social security number or national identification number, felony conviction, or other pending criminal charges. CORT will not use this information for any purpose other than in connection with procuring your apartment rental.

2.How We Collect Personal Information

• Directly From You – We collect personal information that you provide to us as described above.
• From Third Parties – We may collect personal information from third parties including your employer, our business partners, subcontractors, advertising networks, analytics providers, and search information providers, who may provide us with personal information about you.
• Through Online Tracking Technologies – We use cookies and similar technologies to collect personal information related to activity on our website. For additional information regarding our use of these technologies, see the section below.

3. Cookies and Tracking Technologies

We use cookies or similar technologies to analyze trends, administer the Website, track users’ movements around the Website, and to gather demographic information about our user base as a whole. We also use cookies to identify you as a user of the Website, to permit your access to the Website Services and to monitor your use of the Website. Cookies are text files, stored in your Web browser, that contain information about you relative to your use of the Website. If you configure your Web browser to disable or block cookies, please note that you will be unable to use certain Website Services.

To manage your preferences with respect to these technologies, please visit our preferences page. In addition, most browsers provide you with the ability to block, delete, or disable cookies, and your mobile device may allow you to disable transmission of unique identifiers and location data. If you choose to reject cookies or block device identifiers, some features of our Services may not be available, or some functionality may be limited or unavailable. Please review the help pages of your browser or mobile device for assistance with changing your settings. We do not respond to Do Not Track (“DNT”) signals sent to us by your browser at this time.

4. How We Use Personal Information

To the extent permitted by applicable law, we use personal information:

• To provide and personalize our Services, such as processing or fulfilling orders and transactions, providing our Services, processing payments, providing customer service, maintaining or servicing accounts, providing financing, verifying customer information, creating and maintaining business records, verifying eligibility, and undertaking or providing similar services.
• For internal research and development, such as testing and verifying the quality of our Services, improving the quality of our Services, and creating new Services.
• For marketing, such as sending information about our Services, including using your information to send you messages, notices, newsletters, surveys, promotions, or news about events.
• For communicating with you, such as responding to your questions and comments.
• For legal, security, or safety reasons, such as protecting our and our users’ safety, property, or rights; complying with legal requirements; enforcing our terms, conditions, and policies; detecting, preventing, and responding to security incidents; and protecting against malicious, deceptive, fraudulent, or illegal activity.
• As part of a corporate transaction, such as in connection with the sale of part or all of our assets or business, the acquisition of part or all of another business or another business’ assets, or another corporate transaction, including bankruptcy.

5. How We May Disclose Your Personal Information

We may disclose your personal information to service providers that provide Services on our behalf to help with our business activities. These Services may include:

• Providing our relocation services, fulfilling orders, and delivering packages
• Payment processing
• Providing customer service
• Sending marketing communications
• Conducting research and analysis through online surveys following delivery services

We may disclose your personal information for the following circumstances:

• We may disclose your personal information in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from law enforcement or other government agency
• To establish or exercise our legal rights
• To defend against legal claims
• In connection with a substantial corporate transaction, such as the possible sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy
• Or as otherwise required by law.

6. Marketing Email Communication

Should you wish to stop receiving emails from CORT Business Services, you may remove yourself from receiving marketing email communications by clicking “unsubscribe” within the email. You may also contact us in the following ways:

• CORT.com footer “Communication Preferences” and insert your email address
• Visit https://pages.cort.com/mypreferences
• Phone: +1 800.962. 2678
• Fax: 703.968.8502
• Mail: 14850 Conference Center Drive, Suite 110, Chantilly, VA 20151

Please note that, even if you unsubscribe from certain correspondence, we may still need to contact you with important transactional or administrative information, as permitted by law.

7. Security

We maintain technical and organizational measures, including, but not limited to, reasonably designed administrative, physical, and technical safeguards, designed to protect the personal data obtained as discussed in this Privacy Notice from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, and access. However, no system of safeguards can guarantee the security of your personal information.

8. Retention

We will retain each category of your personal information for as long as necessary to fulfill the purposes described in this Privacy Notice, unless otherwise required by applicable laws. Criteria we will use to determine how long we will retain your personal information include whether we need your personal information to provide you with our Services you have requested; we continue to have a relationship with you; you have requested information or Services from us; we have a legal right or obligation to continue to retain your personal information; we have an obligation to a third party that involves your personal information; our retention or recordkeeping policies and obligations dictate that we retain your personal information; we have an interest in providing you with personal information about our Services; or we have another business purpose for retaining your personal information.

9. Children’s Data

Our Websites, Services, and Products are not intended for use by children under 16 years of age, and we do not knowingly collect personal data, contact, or solicit information of any kind from children under 16. If you believe we have collected a child’s personal information, please contact us so we can delete that information immediately.

10. Individuals in the European Union, European Economic Area, Switzerland, and the United Kingdom

This section provides additional information regarding CORT’s processing of personal data of people located in the European Union (“EU”), European Economic Area (“EEA”), Switzerland, and the United Kingdom (“UK”) in accordance with the EU Data Protection Regulation, UK Data Protection Regulation, and the Swiss Federal Data Protection Act. For purposes of this section, “Personal Data” has the definition set forth in the foregoing data protection laws.

Legal Basis for Processing

Our legal basis for processing Personal Data depends on the Personal Data concerned and the context in which we process it. We process Personal Data from you where we need it to perform a contract with you, where the processing is in our legitimate interests (including the purposes described in this Privacy Notice), where the processing is necessary for us to meet our applicable legal obligations, or if we otherwise have your consent.

Special Category Data

CORT does not intend to collect any Special Category Data, which is any data that reveals your racial or ethnic origin, political opinions, religious, moral or philosophical beliefs, trade union membership, political views, the processing of genetic data, biometric data for the purpose of identifying a person, and data concerning health or a person’s sex life and/or sexual orientation. Please refrain from sending us any Special Category Data.

Transfers to Third Parties and Countries

Personal Data that we process may be transferred to third parties that are located outside of the EU, EEA, Switzerland or the UK, some of which applicable authorities may not consider to have an adequate level of protection for Personal Data. CORT will only transfer Personal Data to third parties in these locations when it has ensured appropriate safeguards for such Personal Data through use of the standard contractual clauses or other lawful and approved methods.

11. Notice to California Residents

This section applies to our collection and use of personal information if you are a resident of California, as required by the California Consumer Privacy Act of 2018 and its implementing regulations, as amended by the California Privacy Rights Act (“CCPA”).

CORT makes the following disclosures regarding the personal information it has collected within the 12-month period preceding the Effective Date of this Privacy Notice:

Sources of Personal Information

We collect personal information from the categories of sources detailed in the How We Collect Personal Information section above.

Use of Personal Information

We collect personal information for the business and commercial purposes detailed in the How We Use Personal Information section above.

Categories, and Disclosure of Personal Information

The categories personal information, and categories of third parties to whom we disclose it for a business or commercial purpose, or to whom we sell or share it, are summarized in the chart below. We do not knowingly sell or share the personal information of minors under the age of 16.

*While we do not sell Personal Information in exchange for monetary consideration, we do share Personal Information for other benefits that could be deemed a “sale” or “sharing” under various data protection laws, because they are sometimes broadly defined to include activities such as the delivery of interest-based advertising on websites or allowing third parties to receive certain information, such as cookies, IP address, and/or browsing behavior. We similarly engage in interest-based advertising when we use data about your activities on our Site to serve you ads on websites owned or controlled by third parties. It is in this context that we have provided advertising networks, data analytics providers, social networks, and video sharing platforms with Personal Information such as your IP address, device information, Internet and other electronic network activity information, and geolocation information in the last twelve months.

Other California Privacy Rights

Under California Civil Code Section 1798.83, individual customers who reside in California and who have an existing business relationship with us may request information about our disclosure of certain categories of personal information to third parties for the third parties’ direct marketing purposes, if any. To make such a request, please contact us using the information in the Contact Us section below. Please be aware that not all information sharing is covered by these California privacy rights requirements and only information on covered sharing will be included in our response. This request may be made no more than once per calendar year.

12. Your Privacy Rights and How to Exercise Them

Depending on where you live, and subject to certain exceptions, you may have the following rights with respect to your personal information:

• Access – You may have the right to know what personal information we have collected about you and to access such data.
• Data portability – You may have the right to receive a copy of your personal information in a portable and readily usable format.
• Deletion – You may have the right to delete your personal information that we process.
• Correction – You may have the right to correct inaccuracies in your personal information.
• Opt out of certain processing – You may have the right to: (a) opt out of the processing of your personal information for purposes of targeted advertising, (b) opt out of the sale or sharing of your personal information; (c) limit the use of your Sensitive personal information (if applicable), and (d) opt out of the processing of your personal information for profiling in furtherance of decisions that produce legal or similarly significant effect concerning you.
• Objection/Restriction of Processing – you may have the right to object or restrict us from processing your personal information in certain circumstances.
• Withdraw Consent – you may have the right to withdraw your consent where we are relying on your consent to process your personal information.
• Lodge a Complaint – you may have the right to lodge a complaint with a supervisory authority or other regulatory agency if you believe we have violated any of the rights afforded to you under applicable data protection laws. We encourage you to first reach out to us so we have an opportunity to address your concerns directly before you do so.
• Opt out of the sale or sharing of your Personal Information - you may have the right to opt out of the sale or sharing of your personal information by clicking here, or via the opt out link on our homepage.

If you withdraw your consent or object to processing of your personal information, or if you choose not to provide certain personal information, we may be unable to provide some or all of our Services to you.

To exercise any of the privacy rights afforded to you under applicable data protection laws, please submit a request to us by one of the following methods:

• Calling us toll free at +1 833.389.0122
• E-mailing us at PrivacyQA@cort.com.
• Clicking on the opt out links at the bottom of our website.

You may also initiate any opt outs by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC). We honor Opt-Out Preference Signals, including GPC. If you choose to use an Opt-Out Preference Signal, you will need to turn it on for each supported browser or browser extension you use.

You will not be discriminated against in any way by virtue of your exercise of the rights listed in this Privacy Notice, which means we will not deny goods or Services to you, provide different prices or rates for goods or Services to you, or provide a different level or quality of goods or Services to you. Only you, or an authorized agent that you authorize to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child.

We must verify your identity before fulfilling your requests, and if we cannot verify your identity, we may request additional information from you. If you are an authorized agent making a request on behalf of another person, we will also need to verify your identity, which may require proof of your written authorization or evidence of a power of attorney. We endeavor to respond to requests within the time period required by applicable law. If we require more time, we will inform you of the reason and extension period in writing.

We do not charge a fee to process or respond to your requests unless they are excessive or repetitive. If we determine that a request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request. We may deny certain requests, or only fulfill some in part, as permitted or required by law. If you are not satisfied with the resolution of your request and you are afforded a right to appeal such decision, you will be notified of our appeal process in our response to your request.

13. Data Privacy Framework (DPF)

CORT Business Services Corporation (“CORT”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

CORT has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. CORT has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

Under the Data Privacy Framework, CORT is responsible for the processing of personal data we receive and subsequently transfer to a third party acting for or on our behalf, and CORT is liable for ensuring that the third parties we engage support our DPF commitments.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Data Privacy Framework Inquiries & Complaints:

In compliance with the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data DPF, CORT commits to resolve DPF Principles-related complaints about our collection and use of your personal data. Individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data DPF should first contact the CORT Privacy Team at: PrivacyQA@cort.com.

Dispute Resolution:

CORT has further committed to refer unresolved DPF complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit: https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Binding Arbitration:

If your dispute or complaint can’t be resolved by us, nor through the recourse mechanism described in the Dispute Resolution section of this Privacy Policy, you may have the right to require that we enter into binding arbitration with you under the DPF’s “Recourse, Enforcement and Liability Principle” and Annex I of the DPF. For additional information, please visit: https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

Oversight:

The U.S. Federal Trade Commission has regulatory enforcement authority and jurisdiction over CORT Business Services Corporation’s compliance with compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).

If you are a resident of the European Economic Area or United Kingdom, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Economic Area member states or the United Kingdom.

14. Updates to the Privacy Notice

We may update this Privacy Notice at any time and amendments will be effective when posted. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this Website prior to the change becoming effective. You should therefore periodically visit this page to review the current Privacy Notice, so that you are aware of any such revisions.

15. Contact Us

CORT Business Services Corporation
ATTN: Privacy Team
14850 Conference Center Drive
Suite 110
Chantilly, VA 20151
Phone: 833.389.0122
Email: PrivacyQA@cort.com.

Roomservice by CORT
ATTN: Privacy Team
28 Barwell Business Park
Leatherhead Road
Chessington, Surrey KT9 2NY
United Kingdom
Phone: 0208 397 9344.
Email: privacy@roomservicebycort.com