Privacy Statement

 

Your privacy is important to us

Every day we work with personal information about our investors, our customers, our people, and other stakeholders. Our business depends on building and maintaining their trust.

We recognise that your confidentiality and security needs to be protected, which is why we take our obligations under the Australian Privacy Principles (APPs) and the Privacy Act 1988 (Cth) seriously.

This Privacy Policy explains how we handle the personal information we collect. It sits alongside our Terms of Use and any other terms and conditions that apply to products and/or services we provide.

What do we mean by personal information?

In the context of this Privacy Policy, 'personal information' means any information about you which, when combined with other information, perhaps from sources not even controlled by us, could identify you or make it easier for you to be reasonably identifiable.

We’re open and transparent about the information we collect.

Tailored experiences are now a normal part of business. To provide you with products and/or services that meet these expectations, we may need to collect personal information.

Depending on the actual products and/or services, that personal information can include your name, gender, date of birth, phone numbers, postal and residential addresses, email address, occupation, professional experience and qualifications, financial information (including credit or debit card details) and bank account details.

Where possible, we will collect this personal information directly from you. We will also explain, in general terms, why we are collecting it and how we will use or disclose it. If we collect personal or sensitive information from someone other than you, where practicable, we will tell you that we have it, who it came from and the circumstances of the collection. We will only collect sensitive information, such as country of origin or health status, with your express consent.

We may also collect information about you from third parties, including but not limited to:

  • financial advisers;
  • custodians;
  • unit registrars and administrators;
  • suppliers, consultants or contractors;
  • potential, current or former employers and contractors; and/or
  • tenants.


If we receive personal information we haven’t requested, or information that could be deemed sensitive, we will assess whether that data could have been collected lawfully. If so, we will retain and protect it in accordance with this Privacy Policy. If not, the information will be destroyed or de-identified.

Where possible, we will only use personal and sensitive information for the purpose we collected it. Occasionally we may use the information for another purpose, such as marketing. In these situations, we will only do so with your consent or if the use is, or could reasonably be expected to be, directly related to the purpose it was initially collected.

If you don’t want to receive our direct marketing messages, or want to change your contact preferences, you can follow the “unsubscribe” instructions on the communication, change your preferences on any user account, or contact the sender using the details set out in the communication.

Tenants and prospective tenants

If you are looking to become a tenant, we use personal information about you to evaluate whether we will grant you a lease and/ or enter into an agreement, how we document your lease/agreement, and how we manage the relationship.

If you are already a tenant, we use personal information to manage your tenancy, maintain contact details and records, respond to queries or complaints, process transactions and for security and risk management purposes including incident investigation, loss prevention, claims management and litigation and to comply with laws and regulations.

Investors

If you hold securities in Charter Hall or units in an investment product offered by Charter Hall, we use your personal information to carry out registry functions. These include making distribution payments, sending you corporate communications, keeping you updated about Charter Hall and our products and services or your investment, maintaining records and contact details, processing transactions, responding to queries or complaints, and to comply with laws and regulations.

Visitors to Charter Hall owned or managed properties

Our properties and sites may use camera surveillance systems (CCTV) and visitor contractor management systems (VMS) to maintain the safety and security of the assets and individuals working at or visiting our properties. We will only use CCTV footage or still images to personally identify you for security, risk management, loss prevention and/or incident investigation purposes. Images collected by CCTV and by other means may be provided to tenants, law enforcement bodies and insurers. If you are involved in an incident, we may ask for medical information and information from other consultants and third parties.

We offer a free Wi-Fi Service at certain properties, including our shopping centres. If you are carrying a Wi-Fi enabled device within range of one of our Wi-Fi networks, we will automatically pick up location data transmitted from your device so we can give you access to our network. We collect a range of information about the devices including, for example, the type of device, its ID number or ‘MAC address’, and its movement throughout the centre. We will not use information from your device to personally identify you unless you connect to our free Wi-Fi network.

Job applicants

We are proud of our culture and the people who work here. If you apply for a position with us, we may collect information (including your name, contact details, working history and relevant records checks) from you, from a recruitment consultant, your previous employers and from others who may be able to provide information to assist us in our decision on whether or not to make you an offer of employment or engage you under a contract. If your application is not successful, we may keep this information so we can contact you if an opportunity arises in the future.

Users of our applications and websites

If you sign-up to access or use any of our mobile or digital applications (including our Charli App and websites), in addition to the general personal information collected above, we may also collect technical identity data including your IP address, data derived from your IP address, browser type and versions, and information about other technology on the device you use. We use this information to help you access our applications or the products and/or services we, or other third parties offer through the applications, including mobile device identifiers (e.g., ‘MAC’ address) and, potentially, cookie identifiers. We may also collect location data from your device to enable us to provide our services to you. You have a right to opt-out of any collection or use of location data, but this may result in us being unable to offer all or part of products and/or services to you through the applications.

We may use ‘cookies’ or an equivalent tracking technology on our websites and applications. A cookie is a small text file used to store information on your browser or device. Usually, cookies are used so our websites and applications can remember your preferences and improve your experience. A cookie cannot read data on your hard disk or read cookie files created by other websites. We may also use cookies for profiling purposes to tailor our marketing to users’ interests. Sometimes, cookies may collect and store personal information about you (but not all cookies collect personal information). We treat this information in the same way as any other personal information you provide. You can adjust your browser settings to disable cookies or to warn you when cookies are being used. If you disable cookies, you may not be able to access certain areas or experience the added features offered with the enablement of cookies. We handle personal information collected by cookies in the same way we handle all other personal information as described in this Privacy Policy.

In certain circumstances, we may collect, use and share de-identified, aggregated and/or anonymised data for analytics purposes (“Aggregated Data”) including the usage statistics or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not personal data under privacy laws as it does not directly or indirectly identify you or reveal your identity. For example, we may aggregate your usage data and provide to third party vendors of products or services on any application to calculate the percentage of users accessing a specific application feature, their ordering habits and spending and other anonymised analytics data and research, to enhance the accuracy of our or their digital advertising products and services to you. If we combine Aggregated Data with your personal data and we can identify you or your identity is revealed, we will treat this combined data as personal data. This data will then be used in accordance with this Privacy Policy and all applicable privacy laws.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These are likely to be analytical/performance cookies.

Third party links

Our websites and applications may contain links to websites operated by third parties. Those links are provided for your convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. We note that the privacy policies that apply to those websites may differ from this Privacy Policy. You should check those third-party websites for their respective privacy policies and for information on how they handle your personal information.

We’re careful about how we use your information

We may share information with other members of the Charter Hall Group without disclosing this to you. We may also disclose your personal information to third parties who assist us in the operation of our business and/or the provision of our products and services such as custodians and unit registry providers. We may also disclose your personal information to:

  • financial institutions for payment processing;
  • valuers where we are seeking to value a property or lease;
  • credit reporting agencies or guarantors;
  • claims management services;
  • injury management services;
  • property management services;
  • vendors, advertisers, and affiliated business partners - for example when you sign up for any digital application or service – in order to facilitate orders, payments, promotions and marketing for the products or services they offer;
  • third party service providers, contractors and partners who help us manage our business and deliver our services, including IT service providers who manage our applications, systems, and networks and/or provide hosting, storage and maintenance and support services; and/or
  • regulatory authorities or government agencies or bodies where required by law.

Where we have disclosed personal information to a third party acting on our behalf, we require those third parties not to use the personal information for their own purposes and that they use, disclose, store and otherwise handle personal information only in ways that comply with, and are consistent with, this Privacy Policy. Your personal information will not be shared, sold, rented, or disclosed other than as described in this Privacy Policy.

Where possible, Charter Hall will not transfer personal or sensitive information to a party in a foreign country outside the Charter Hall Group, unless:

  • we are reasonably satisfied that whoever is receiving the information is subject to information privacy requirements similar to those of Australia;
  • they agree to abide by Australian privacy laws in how they handle your personal and/or sensitive information;
  • you have consented to the transfer;
  • the disclosure is required or permitted by Australian law or court/tribunal order; or
  • the information is required under a foreign law or regulation.

We will not disclose your personal information to third parties if we have received a request from you not to do so, unless otherwise outlined in the Australian Privacy Principles.

We take security seriously

We take reasonable steps to protect your personal information from misuse, interference, and loss, as well as unauthorised access, modification or disclosure.

We retain your personal information in our computer systems and databases, and in our physical files. We use technologies and processes such as access control procedures, network firewalls, encryption, password protected databases and physical security measures to protect your personal information.

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Privacy Policy. Where your information is no longer needed, we will make sure it is disposed of in a secure manner.

If we establish that your personal information has been accessed or disclosed without authorisation, Charter Hall has an obligation under the Privacy Amendment (Notifiable Breaches) Act 2017 (Cth) to investigate the circumstances of the breach and take appropriate corrective actions. “Serious harm” is defined as a situation where the person affected could suffer serious physical, psychological, emotional, economic, or financial harm, or serious harm to their reputation. In such situations, where it seems reasonable to conclude that the access to or disclosure of your personal information is likely to result in serious harm to you, we will advise you and the Office of the Australian Information Commissioner (OAIC) of the incident and provide details of the actions we are taking. In assessing the data breach, we will carefully consider the list of relevant matters included in legislation. Where serious harm cannot be determined, we will assess the circumstances of the breach and may still act to fix the issue and report the details of the breach to you.

You can access and check your personal information

We want to make sure the information we collect, use, and disclose is relevant, accurate, up-to-date, and complete. In some cases, the accuracy of that personal information largely depends on the details you provide to us. Please keep us up to date with any changes.

You have the right to ask us what personal information we hold about you and to request changes to that information. To request access to the personal information we hold, please contact our Privacy Officer.

If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, you can ask us to amend it. If we have to correct personal or sensitive information about you that was previously provided to a third party, and you want us to notify the third party of the correction, we will take all reasonable steps to give that notification, unless it is impracticable or unlawful to do so.

Before we make a correction, we will review the information to ascertain if such a correction is required. In some circumstances, we may not agree that the information should be changed. If this happens, we will provide you with an explanation add a note to the personal information stating that you disagree.

We may charge a reasonable fee for responding to a request for personal information. This is to cover our costs in locating and supplying the information. There is no cost for asking for access to information.

There are several exceptions in the Privacy Principles that allow us to refuse your request for access to your personal information. These are summarised in Privacy Fact Sheet 17: Australian Privacy Principles which was released by the Office of the Australian Information Commissioner. If we deny a request for access, we will explain why.

Google Analytics Advertising Features

Charter Hall has integrated Google Analytics components into our website. The operator of Google Analytics is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, U.S. We have enabled Google Signals which comprises session data from sites and apps that Google associates with users who have signed into their Google accounts, and who have turned on Ads Personalization. This association of data with these signed-in users is used to enable cross-device reporting, cross-device remarketing, and cross-device conversion export to Ads.

Google Signals enables:

  • Cross Platform reporting
  • Remarketing with Google Analytics
  • Advertising Reporting Features
  • Demographics and Interest Reporting

Google Analytics uses cookies. The information generated by the cookie about your use of our website is usually   transmitted to a Google server in the U.S. and stored there. Google might transfer the personal information collected via this technical procedure to third parties. You can prevent the storage of cookies in reference to the ‘Users and application of our website’ section above. A cookie already set by Google Analytics can also be deleted at any time via the internet browser or other software programs. The following link provides a further explanation of Google Analytics: https://marketingplatform.google.com/about/.

Other Website Tracking Services

Below is a non-exhaustive list of the other website tracking services employed by Charter Hall:

  • Microsoft Clarity
  • Taboola
  • The Trade Desk
  • DoubleClick
  • Yahoo Web Analytics/Dot
  • Hotjar
  • Bing Universal Event Tracking
  • LinkedIn Insights
  • StackAdapt
  • Click Cease
  • MediaMath

Specific rights for European Union (EU) residents

You may have additional rights around privacy if you are an EU citizen. Some of these rights will only apply in very limited circumstances.

  • You can ask us to confirm if we are using or holding your personal information.
  • You can ask us to delete your personal information. This right applies only on limited circumstances and will not usually apply where it remains necessary for is to use your information for the purposes for which it was collected, we are required by law to retain your information or your information is relevant to a legal dispute.
  • You can ask us to help you move your personal information to other companies, where this is technically possible and only if we have collected and used your data via automatic means.

You have the right to be informed about any protections that we have in place where we are transferring your data overseasSpecific rights for California Consumer (CC) residents

You may have additional rights around privacy if you are a Californian (U.S.) resident, under the California Consumer Privacy Act (CCPA) 2018. Some of these rights will only apply in very limited circumstances.

  • You can ask us to confirm what personal information has been collected about you and how it’s used and shared.
  •  You can ask us to delete your personal information. This right applies only on limited circumstances and will not usually apply where it remains necessary for is to use your information for the purposes for which it was collected, we are required by law to retain your information, or your information is relevant to a legal dispute.
  • You have the right to opt-out of the sale of your personal information.
  • You have the right to non-discrimination for exercising your CCPA rights.

Find out more

Please contact our Privacy Officer if you would like to know more about the Privacy Act, or if you would like more information about the way we use personal information.

 

Complaints

If you feel we have breached your privacy, or if you wish to make a complaint about the way we have handled your personal information, please contact our Privacy Officer using the contact details set out below.

 

Charter Hall Privacy Officer
GPO Box 2704
Sydney NSW 2001
Phone: 02 8651 9000
Email:  privacy@charterhall.com.au
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone 1300 363 992
Visit oaic.gov.au

 

We will investigate your complaint and contact you to advise the outcome once we have completed our investigation. If you are not happy with how your complaint has been resolved, you may apply to the Office of the Australian Information Commissioner (OAIC) to have the complaint heard and determined.

Policy review and ownership

Risk & Compliance will undertake a review of the Policy for accuracy, currency and alignment with the products and services we offer. Such reviews will take place at least every three years or sooner as appropriate considering any change in legislative or regulatory requirements, changes to the industries in which we operate and/or changes to our operations.

 

We encourage you to check this Privacy Policy from time to time.