Who we are
Our website address is: https://nelsonmanagementgroup.net.
What personal data we collect and why we collect it
The personal data that we collect and why we collect it is determined by which services you use while on our website.
We only collect that information so we know to whom we need to respond so we can respond to your requests/complaints/comments and, where needed, obtain your contact information to schedule service/repair appointments.
Although we do not currently allow comments on our website, should we enable this feature, we would collect the data shown in the comments form and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Personal information that you provide to us (via contact forms, and online payments handled via a secure 3rd party payment processor), which may include your name, postal address, phone number or e-mail address, is collected and not sold but only used for the purposes of communication between Nelson Management Group and the website user.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Cookies are very small text files that are stored on your computer when you visit some websites. We use a combination of session cookies and persistent cookies in order to track how you use and experience our website, build anonymous statistical data about how our website is performing, and to power the personalization of website content to you.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
You can find more information about cookies at www.allaboutcookies.org.
Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Embedded content from other websites in the form or news articles or press releases about our company or our holdings is identified by source at the beginning of the posted article.
Third parties providing us with data
Our site contains links to various real estate related and news sites, including the New York Times, Crain’s New York Business, Real Estate Weekly, GlobeSt.com; Curbed New York, New York YIMBY, Commercial Observer, The Real Deal, and 6sqft.com. These external media sources do not provide us with any information. We simply link to them in the context of a source article posted to our press and news blog.
We also receive data from TravtusAdvantage.com, as discussed above.
We receive data from our web hosting service to enable our website to respond to you as you navigate throughout our site.
What automated decision making and/or profiling we do with user data
When you click on various links on our site, the website determines which pages you wish to access and how to display that content in a format supported by your web browser. We do not profile your actions on our website. We provide accessible content for your information and promotion of our company to you.
This website uses the Google Analytics by MonsterInsights plugin to connect to the Nelson Management Group Google Analytics account and track user activity on the website. Based upon your interaction, while on our site, Google Analytics shows us which country our visitors are from, what they are most interested in, which device and browser they are using, and other general visitor session and pageview stats. No name, or personal data is collected or measured. Just how you got to the website, what your behavior is, as well as interests.
Who we share your data with
Analytics Data is shared with Google Analytics for measuring.
Users and analytics reporting is shared with all website administrators.
Data is shared with TravtusAdvantage.com for the purposes discussed above.
How long we retain your data
Should we enable the comment feature, if you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
Should we enable a user registration feature, we would store the personal information they provide in their user profile. All users could see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators could also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an overview of the personal data we hold concerning you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
In addition to the Analytics and other data referrals discussed above, visitor comments may be checked through an automated spam detection service.
Your contact information
Your contact information which you enter when requesting additional information, applying for an apartment, or leaving a comment is retained indefinitely.
How we protect your data
We know how important your personal information is to you and we take our responsibility to safeguard any personal information you provide to us seriously.
While we make reasonable attempts to protect the personally identifiable information that you share with us, no transmission over the Internet is ever 100% secure, nor is information stored electronically 100% immune from attack, so we cannot guaranty the security of information you may provide to us.
Transactions involving sensitive information occur on a secure server. You can look for the “lock” symbol at the bottom of your browser window to verify that you are on a secure server. Our secure socket layer (SSL) software uses state-of-the-art 128-bit encryption to reduce the risk that your personal and financial information can be intercepted during transmission to our server.
What data breach procedures we have in place
A personal data security breach is any event that has the potential to affect the confidentiality, integrity, or availability of personal data held by the Institute in any format. Personal data security breaches can happen for a number of reasons, including: the disclosure of confidential data to unauthorized individuals; loss or theft of data or equipment on which data is stored; loss or theft of paper records; inappropriate access controls allowing unauthorized use of information; suspected breach of the Institute’s IT security and Acceptable Use policies; attempts to gain unauthorized access to computer systems, e.g. hacking; records altered or deleted without authorization by the data owner or data custodian; viruses or other security attacks on IT equipment systems or networks; breaches of physical security e.g. forcing of doors or windows into secure room or filing cabinet containing confidential information; confidential information left unlocked in accessible areas; leaving IT equipment unattended when logged-in to a user account without locking the screen to stop others accessing information; emails containing personal or sensitive information sent in error to the wrong recipient.
We have two procedures in place for dealing with data breaches: One for reporting the data breaches and a second for managing and containing data breaches.
To prevent, and/or mitigate any possible data breach we have security software in place, malware detection and brute force attack dynamic lockout tools.
IN THE EVENT OF A DATA BREACH BEING DISCOVERED:
If a member of our staff becomes aware of an actual, potential or suspected breach of personal data security, he/she must report the incident to management immediately. Management will immediately notify the IT Department and the webhosting company for our website.
This will enable all the relevant details of the incident to be recorded consistently and communicated on a need-to-know basis to relevant staff so that prompt and appropriate action can be taken to resolve the incident.
Upon discovery and reporting of the data breach: In line with best practice, the following five steps will be followed in responding to a data security breach:
Step 1: Identification and initial assessment:
If a personal data security breach has (or is suspected of having) taken place; we will first determine: whether there was in fact a data breach; what personal data is involved in the breach; the cause of the breach; the extent of the breach (how many individuals are affected); the harms to affected individuals that could potentially be caused by the breach; and how the breach can be contained.
Step 2: Containment and Recovery:
Once it has been established that a data breach has occurred, we will take immediate and appropriate action to limit the breach.
We will determine whether there is anything that can be done to recover any losses and limit the damage the breach may cause (including physical recovery of equipment/records and the use of back-up tapes to restore lost/damaged data).
Then, we will determine if it is appropriate to notify affected individuals immediately where there is a high level of risk of serious harm to individuals).
Then, where appropriate (for example, in cases involving theft or other criminal activity), we will notify the proper authorities.
Step 3: Risk Assessment:
We will then: assess the risks and consequences of the breach:
For individuals: What are the potential adverse consequences for individuals? How serious or substantial are these consequences? How likely are they to happen?
For the Company: Strategic & Operational; Compliance/Legal Financial; Reputational; Continuity of Service Levels; we will also determine, where appropriate, what further remedial action should be taken on the basis of the incident to mitigate the impact of the breach and prevent repetition.
Step 4: Notification:
We will determine whether and how to contact individuals (data subjects) who affected by the breach; we will notify the appropriate authorities, where necessary; we will also notify the Company’s insurers and any bank(s) or credit card issuer(s) affected or potentially affected by the data breach; and outside counsel so any other required measures can be taken. We will undertake a messaging and deployment schedule for notifying those whose data was compromised, based on counsel from lawyers who will review state laws, compliance regulations, and other mandates affecting what the messaging must say and how soon notification must occur, as well as what compensation to affected victims should be provided.
Step 5: Evaluation and Response:
Finally, we will determine: What action needs to be taken to reduce the risk of future breaches and minimize their impact; whether policies procedures or reporting lines need to be improved to increase the effectiveness of the response to the breach; whether there are weak points in security controls that need to be strengthened; whether staff and users of our services aware of their responsibilities for information security and are adequately trained; and whether any additional investment in hardware or software is required to address the particular breach(es) that occurred and to reduce the risk of future recurrence(s).
Industry regulatory disclosure requirements
Our company participates in Fair Housing and does not discriminate against renters or applicants for apartments. In addition, many of the apartments managed by our company are covered by state, city or federal rent regulation.
Anonymous statistical data may be required to be compiled and provided to appropriate regulatory agencies to confirm compliance with Fair Housing Laws and those rent regulations. Any data compiled for this purpose will be deleted once its retention is no longer required by any of those regulatory agencies.
Nelson Management Group Ltd
118-35 Queens Boulevard, 14th Floor
Forest Hills, New York 11375
Phone: (718) 997-9500
Fax: (718) 997-1781
TTY: (718) 263-2037