Privacy Policy

Section 01

Introduction

REA Network values your privacy and is committed to protecting your personal data with the utmost professionalism and care. This Privacy Policy ("Policy") explains how we collect, use, store, and disclose your information — and how you can control it.

This Policy applies to all services provided by REA Network ("REA", "we", "us", "our"), including our websites, membership portals, talent platforms, and recruitment-related services. Given REA's role as a global talent network connecting students and young professionals with leading real estate firms, we handle personal and career-sensitive data with particular diligence.

REA operates in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and, where applicable, other national and international data protection frameworks. By registering with or using REA's services, you acknowledge and accept the practices described in this Policy. You may withdraw your consent at any time by contacting us as described in Section 12.

This Policy covers:

• Who we are
• What personal data we collect
• How we collect it
• Our legal bases for processing
• How we use your data
• With whom we share it
• International data transfers
• How long we retain it
• How we secure it
• Your rights
• How to contact us

Section 02

Who We Are

REA Network is an international alliance of elite real estate student associations, operating across more than 50 cities and 150 universities worldwide. We act as a talent platform, facilitating connections between our members — students and young professionals — and leading real estate firms, institutional investors, and industry partners globally.

Our registered entity, REA Network nodibinājums (registration no. 40008353333), is headquartered in Rotterdam, Netherlands. As a global organisation, REA processes personal data across multiple jurisdictions, and our privacy practices are designed to meet the standards of the most comprehensive applicable frameworks, including the GDPR.

We may share and process your personal data across our network of affiliated local chapters, subject to the confidentiality and data protection obligations set out in this Policy.

Section 03

What Personal Data We Collect

Depending on how you interact with REA, we may collect the following categories of personal data:

• Identification data: Full name, date of birth, nationality, and academic affiliation or institution
• Contact data: Email address, phone number, and mailing address
• Payment data: Credit or debit card information and billing address, processed exclusively via secure third-party payment processors
• Membership data: Application responses, selection status, and membership type (Passive or Active)
• Recruitment and career data: CVs, academic transcripts, references, motivation letters, and professional profiles — collected where REA facilitates talent introductions or recruitment processes on behalf of partner firms
• Communications data: Emails, support requests, event registrations, and messages exchanged with REA or its chapters
• Event-specific data: Dietary requirements, accessibility needs, or other preferences required for event participation
• Usage data: Pages visited, session duration, and device or browser information collected automatically when you use our platform

REA does not knowingly collect personal data from individuals under the age of 16.

Section 04

How We Obtain Your Personal Data

We collect personal data through the following means:

• Directly from you: When you apply for membership, register for events, submit forms, or communicate with us
• Through our platform: Automatically via cookies, analytics tools, and similar tracking technologies when you browse our website or portal
• From third parties: Including partner universities, affiliated chapters, event co-organisers, or professional networking platforms, where you have given consent or where REA has a legitimate interest
• From partner firms: Where REA acts in a recruitment facilitation capacity, firms may share candidate or contact information with us for the purpose of introductions or programme administration

Section 05

Lawful Bases for Processing

We process your personal data under one or more of the following legal bases:

• Contract: To fulfil our obligations in connection with your membership, subscription, or participation in REA programmes
• Legitimate interests: For network administration, security, event operations, alumni engagement, talent platform operations, and improving member experience — where such interests are not overridden by your rights
• Consent: For optional marketing communications, non-essential cookies, and certain recruitment-related introductions where explicit consent is required
• Legal obligation: To comply with applicable laws, regulatory requirements, or enforceable governmental requests

You may withdraw consent or object to processing based on legitimate interests at any time without affecting the lawfulness of prior processing.

Section 06

How We Use Your Personal Data

We use your personal data for the following purposes:

• Administering your membership, subscription, and access to REA's platform
• Processing payments and managing billing securely
• Organising and operating events, workshops, case competitions, and project collaborations
• Facilitating talent introductions between REA members and partner firms, including in the context of internship and full-time recruitment
• Sending essential service communications and, where consent has been given, promotional or editorial content
• Evaluating and continuously improving the quality of our services and platform
• Managing applications for board positions, project roles, and REA leadership programmes
• Enabling cross-chapter collaboration and network-wide initiatives
• Complying with legal, financial, and regulatory obligations

Aggregated or anonymised data — which cannot identify you individually — may also be used for analytics, platform optimisation, or reporting purposes.

Section 07

Who We Share Your Personal Data With

REA shares personal data only where necessary and appropriate. Recipients may include:

• Payment processors (e.g., Stripe) for secure billing and subscription management
• Communication and collaboration tools (e.g., Notion, Slack, email providers) used in REA's internal operations
• Cloud and hosting providers (e.g., Google Cloud, Netlify) that underpin our platform infrastructure
• Partner real estate firms and employers, where you have consented to or requested a talent introduction, or where such sharing is necessary to administer a recruitment programme you have enrolled in
• REA local chapters, subject to strict confidentiality obligations and alignment with this Policy
• Event sponsors and co-organisers, only to the extent necessary and where you have been informed in advance
• Legal or regulatory authorities, where required by law or to protect REA's legitimate legal interests

REA does not sell, rent, or trade your personal data. All third-party disclosures are governed by appropriate data processing agreements.

Section 08

International Data Transfers

REA is a global organisation operating across Europe, the Americas, Asia-Pacific, the Middle East, and Africa. As a result, your personal data may be transferred to, stored in, or processed in countries outside your country of residence — including countries outside the European Economic Area (EEA).

Where such international transfers occur, REA ensures that appropriate safeguards are in place in accordance with applicable law, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognised transfer mechanisms.

If you would like further information about the specific mechanisms used for any particular transfer, please contact us using the details in Section 12.

Section 09

Data Retention

We retain your personal data for as long as is reasonably necessary to fulfil the purposes for which it was collected, including to:

• Deliver the services and subscriptions you have requested
• Comply with applicable legal, financial, and regulatory obligations
• Maintain alumni and network records, unless deletion is requested and legally permissible
• Resolve disputes and enforce our agreements

Recruitment-related data (such as CVs or transcripts) shared in connection with a specific opportunity will be retained only for as long as required for that process, after which it will be securely deleted unless you request otherwise or consent to longer retention. Retention periods are otherwise aligned with REA's operational needs and applicable regulatory requirements.

Section 10

Data Security

REA implements appropriate technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• Encrypted data transmission using TLS/SSL protocols
• Role-based access controls and authentication requirements
• Secure and reputable third-party service providers with their own data protection commitments
• Regular review of security practices and infrastructure

While no system can be made entirely infallible, REA is committed to maintaining a high standard of data protection and to promptly addressing any security incidents in accordance with applicable law.

Section 11

Your Rights

Depending on your jurisdiction, you may have the following rights in relation to your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data, subject to applicable legal obligations
• Restriction: Request that we restrict processing of your data in certain circumstances
• Portability: Receive your data in a structured, machine-readable format where technically feasible
• Objection: Object to processing based on legitimate interests, including for direct marketing purposes
• Withdrawal of consent: Withdraw any consent you have previously given, without affecting prior lawful processing
• Complaint: Lodge a complaint with your local data protection authority (for EEA residents, this is typically the supervisory authority in your country of residence)

To exercise any of these rights, please contact us using the details provided in Section 12. We will respond within the timeframes required by applicable law.

Section 12

How to Contact Us

For questions, concerns, data requests, or to exercise any of your rights under this Policy, please reach out to us at: