360 Property Data
CoreLogic powers businesses with unrivaled property data, insights and technology.
Explore Our DataEffective: April 29, 2024
CoreLogic, Inc. and our U.S. entities and subsidiaries Symbility Solutions Corp., Next Gear Solutions, LLC, and CoreLogic Solutions, LLC (together, “CoreLogic,” “our,” “we” or “us”) have certified our participation in the EU-U.S. Data Privacy Framework, the UK extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (together, “DPF”) with the U.S. Department of Commerce. This certification relates to CoreLogic’s processing of personal data received from the European Economic Area (“EEA”), the United Kingdom and Gibraltar, and Switzerland. The Swiss-U.S. Data Privacy Framework will not be relied upon for transfers of any personal data to the U.S. from Switzerland until the date of entry into force of Switzerland’s recognition of adequacy (i.e., entry into force of the recognition by the Swiss Federal Administration that the Swiss-U.S. DPF ensures data protection consistent with Swiss law). If there is any conflict between the terms of this notice and data subject rights under the DPF Principles, the DPF Principles shall govern.
To learn more about the DPF program, please visit https://www.dataprivacyframework.gov/s/. The U.S. Department of Commerce maintains an authoritative list of U.S. organizations that have self-certified to the DPF (“DPF List”). The DPF List can be found at https://www.dataprivacyframework.gov/s/participant-search. With respect to personal data received or transferred pursuant to the DPF, CoreLogic is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Please also see the CoreLogic Privacy Policy and California Privacy Notice for more information regarding our data handling practices. With respect to personal data subject to the DPF, this Data Privacy Framework Notice (“DPF Notice”) shall govern in the event of a conflict with any other policy or notice.
In this DPF Notice:
“Data Subject” means an identified or identifiable individual who is subject to the GDPR, UK GDPR, or FADP.
“EU DPF” means the EU-U.S. Data Privacy Framework.
“FADP” means Federal Data Protection Act of Switzerland.
“GDPR” means the Regulation (EU) 2016/679 (General Data Protection Regulation).
“Personal Data” means data about an identified or identifiable individual that are within the scope of the GDPR, UK GDPR, or FADP, received by CoreLogic in the United States from the EEA, United Kingdom and Gibraltar, or Switzerland, and recorded in any form.
“Sensitive Personal Data” means Personal Data regarding an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, or sexual life.
“Services” means online and offline services provided by CoreLogic, including insurance solutions, data solutions, real estate solutions, and mortgage solutions.
“Swiss DPF” means the Swiss-U.S. Data Privacy Framework.
“UK DPF” means the UK Extension to the EU DPF.
“UK GDPR” has the meaning in section 3 of the UK Data Protection Act 2018.
CoreLogic commits to comply with the DPF Principles with respect to Personal Data concerning or received from Data Subjects in connection with the Services. This DPF Notice does not apply to Personal Data transferred under Standard Contractual Clauses or any approved derogation under EU data protection law.
This DPF Notice also does not apply to human resources (“HR”) Personal Data, defined as Personal Data about our employees (past or present) collected in the context of the employment relationship. Please see our HR DPF Notice for more information about our treatment of HR Personal Data.
CoreLogic commits to processing Personal Data in accordance with the DPF Principles as follows:
CoreLogic’s Privacy Policy notifies Data Subjects covered by this DPF Notice about the categories of Personal Data that CoreLogic collects and the purposes for collection and use of their Personal Data. CoreLogic will only process Personal Data in ways that are compatible with the purpose for which CoreLogic collected it or for purposes later authorized.
The types of Personal Data CoreLogic collects from or receives concerning Data Subjects depends on the purpose for which each Data Subject chooses to use the Services.
All Personal Data is collected or received to operate, manage, and improve the Services and ensure the technical functionality and security of the Services. CoreLogic may use your Personal Data to customize your experience with the Services, serve specific content that is relevant to you, contact you regarding your use of the Services, provide you with Service-related notices, send you advertisements and marketing for CoreLogic products and Services, notify you about changes to our Services, respond to enquiries and complaints, comply with legal or regulatory requirements, understand user trends and patterns, administer our business, or for other purposes with your consent.
Before CoreLogic uses Personal Data for a purpose that is materially different from the purpose for which we collected it or that was later authorized, CoreLogic will provide Data Subjects with the opportunity to opt out.
Please also see the CoreLogic Privacy Policy and California Privacy Notice for more information regarding our data handling practices.
When CoreLogic directly collects Personal Data from Data Subjects, we will give Data Subjects the ability to opt-out whenever DPF requires, including before we disclose Personal Data to third parties or use Personal Data for a different purpose than that purpose for which it was collected or subsequently authorized by the Data Subject. In the event that we disclose Personal Data to a third party acting as our agent to perform tasks on our behalf and under our instruction, we may not provide an opportunity to opt-out. In such cases, we will always enter into a contract with the agent to ensure that Personal Data processing is compliant with DPF.
If CoreLogic collects Sensitive Personal Data, we will obtain opt-in consent whenever DPF requires, including before we disclose Sensitive Personal Data to a third party or use Sensitive Personal Data for a purpose other than that for which it was originally collected or later authorized. We may not be required to obtain opt-in consent with respect to Sensitive Personal Data where (i) the processing is in the vital interests of the Data Subject or another person, (ii) it is necessary for the establishment of legal claims or defenses, (iii) it is required to provide medical care or diagnosis, (iv) it is carried out in the course of legitimate activities by a foundation, association or any other non-profit body provided that the processing relates solely to the members of the body or to persons who are regularly in contact with it in connection to its purposes, (v) it is necessary to carry out our employment law obligations, or (vi) it is related to Personal Data that are made public by the Data Subject.
CoreLogic also provides Data Subjects with the ability to opt-out of having their Personal Data used for direct marketing.
Please send requests to limit the uses or disclosures of Personal Data and Sensitive Personal Data to [email protected] (for insurance solutions) or [email protected] (for data solutions, real estate solutions, or mortgage solutions).
Please also see the CoreLogic Privacy Policy and California Privacy Notice for more information regarding our data handling practices.
If CoreLogic discloses Personal Data covered by this DPF Notice to a third party, CoreLogic takes reasonable and appropriate steps to ensure that each third-party recipient processes Personal Data in a manner consistent with our obligations under the DPF Principles. CoreLogic will ensure that each disclosure is consistent with any notice provided to Data Subjects and any consent they have given. CoreLogic requires a written contract with any third party receiving Personal Data that ensures that the third party (i) processes the Personal Data for limited and specified purposes consistent with any notice provided to or consent provided by Data Subjects, (ii) provides at least the same level of protection as is required by the DPF Principles, (iii) notifies CoreLogic if it cannot comply with DPF, and (iv) ceases processing Personal Data or takes other reasonable and appropriate steps to remediate such processing once the purposes for processing and any legal requirement to maintain the Personal Data are fulfilled.
Under certain circumstances, CoreLogic may be required to disclose Personal Data in response to valid requests by public authorities, including to respond to for national security or law enforcement requests.
CoreLogic remains liable under the DPF Principles if an agent processes Personal Data covered by this DPF Notice in a manner inconsistent with the DPF Principles unless CoreLogic is not responsible for the event giving rise to the damage.
CoreLogic takes reasonable and appropriate measures to protect Personal Data covered by this DPF Notice from loss, misuse and unauthorized access, disclosure, alteration, unavailability, and destruction. In determining these measures, CoreLogic considers the risks involved in the processing and the nature of the Personal Data.
When CoreLogic directly collects Personal Data from Data Subjects, we take reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. CoreLogic adheres to the DPF Principles for as long as it retains Personal Data in identifiable form. CoreLogic takes reasonable and appropriate measures to comply with the requirement under the DPF to retain Personal Data in identifiable form only for as long as it serves a permissible purpose of processing.
CoreLogic limits the collection of Personal Data covered by this DPF Notice to information that is relevant for the processing purpose. CoreLogic does not process Personal Data in a way that is incompatible with the purpose for which it was collected or subsequently authorized by a Data Subject.
A Data Subject whose Personal Data is covered by this DPF Notice has the right to access their Personal Data and to correct, amend, or delete the Personal Data if it is inaccurate or processed in violation of the DPF Principles. When CoreLogic directly collects the Personal Data from Data Subjects, we will make a good faith effort to provide access to Personal Data upon request. However, CoreLogic is not required to grant the rights to access, correct, amend, and delete Personal Data if the burden or expense of providing access, correction, amendment, or deletion is disproportionate to the risks to the Data Subject’s privacy, if the rights of persons other than the Data Subject would be violated, and for other enumerated reasons. When CoreLogic receives Personal Data in the capacity of a processor or service provider of our customers, we will forward the Data Subject’s request to the applicable customer.
We endeavor to respond to requests within a reasonable time period and in a reasonable manner. If we decline to act on a request, CoreLogic will explain why the request was denied and provide a contact point for further inquiries.
Please submit requests for access, correction, amendment, or deletion to [email protected] (for insurance solutions) or [email protected] (for data solutions, real estate solutions, or mortgage solutions).
In compliance with the DPF Principles, CoreLogic commits to resolve complaints about your privacy and our collection or use of your Personal Data transferred to the United States pursuant to DPF. Data Subjects with DPF inquiries or complaints should first contact CoreLogic at [email protected].
CoreLogic has further committed to refer unresolved privacy complaints under the DPF Principles to an independent dispute resolution mechanism, the Data Privacy Framework Services, operated by the BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the BBB National Programs website here for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See DPF Annex 1 here for more information.
CoreLogic commits to periodically review and verify its compliance with the DPF Principles and to remedy any issues arising out of failure to comply with the DPF Principles. CoreLogic acknowledges that its failure to provide an annual self-certification to the U.S. Department of Commerce will remove it from the Department’s list of DPF participants.
CoreLogic handles HR Personal Data in compliance with the DPF when individually identified or identifiable records are transferred or accessed. We handle HR Personal Data in compliance with the Notice and Choice principles, including by providing Data Subjects with the requisite choice before using HR Personal Data for non-employment related purposes. We also make reasonable efforts to accommodate the privacy preferences of our employees, including offering an opt-in or an opt-out opportunity to restrict third party access to the HR Personal Data for any elective programs or services generally offered to employees if the Data Subject does not wish to participate in such elective programs or services.
Please see our HR DPF Notice for more information.
CoreLogic may amend this DPF Notice consistent with the requirements of the DPF, including providing notice about any amendment.
How to Contact CoreLogic
If you have any questions about this DPF Notice or would like to request access to your Personal Data that CoreLogic collected from you, please contact us as at [email protected].
Contact Information in UK/EU
Symbility Solutions, Ltd. Attention: Data Protection Officer Contact: [email protected]
Symbility Solutions GmbH Attention: Data Protection Officer Contact: [email protected]
CoreLogic Solutions Ltd CoreLogic UK Limited Attention: Data Protection Officer [email protected]