PROTECTING YOUR INFORMATION
Your privacy is important to us.
Every day we work with personal information about our investors, our customers, our people, and other stakeholders. Our business depends on building and maintaining their trust.
We recognise that your confidentiality and security needs to be protected, which is why we take our obligations under the Australian Privacy Principles (APPs) and the Privacy Act 1988 (Cth) seriously.
What do we mean by personal information?
We’re open and transparent about the information we collect.
Tailored experiences are now a normal part of business. To provide you with products and/or services that meet these expectations, we may need to collect personal information.
Depending on the actual products and/or services, that personal information can include your name, gender, date of birth, phone numbers, postal and residential addresses, email address, occupation, professional experience and qualifications, financial information (including credit or debit card details) and bank account details.
Where possible, we will collect this personal information directly from you. We will also explain, in general terms, why we are collecting it and how we will use or disclose it. If we collect personal or sensitive information from someone other than you, where practicable, we will tell you that we have it, who it came from and the circumstances of the collection. We will only collect sensitive information, such as country of origin or health status, with your express consent.
We may also collect information about you from third parties, including but not limited to:
- financial advisers;
- unit registrars and administrators;
- suppliers, consultants or contractors;
- potential, current or former employers and contractors; and/or
Where possible, we will only use personal and sensitive information for the purpose we collected it. Occasionally we may use the information for another purpose, such as marketing. In these situations, we will only do so with your consent or if the use is, or could reasonably be expected to be, directly related to the purpose it was initially collected.
If you don’t want to receive our direct marketing messages, or want to change your contact preferences, you can follow the “unsubscribe” instructions on the communication, change your preferences on any user account, or contact the sender using the details set out in the communication.
Tenants and prospective tenants
If you are looking to become a tenant, we use personal information about you to evaluate whether we will grant you a lease and/ or enter into an agreement, how we document your lease/agreement, and how we manage the relationship.
If you are already a tenant, we use personal information to manage your tenancy, maintain contact details and records, respond to queries or complaints, process transactions and for security and risk management purposes including incident investigation, loss prevention, claims management and litigation and to comply with laws and regulations.
If you hold securities in Charter Hall or units in an investment product offered by Charter Hall, we use your personal information to carry out registry functions. These include making distribution payments, sending you corporate communications, keeping you updated about Charter Hall and our products and services or your investment, maintaining records and contact details, processing transactions, responding to queries or complaints, and to comply with laws and regulations.
Visitors to Charter Hall owned or managed properties
Our properties and sites may use camera surveillance systems (CCTV) and visitor contractor management systems (VMS) to maintain the safety and security of the assets and individuals working at or visiting our properties. We will only use CCTV footage or still images to personally identify you for security, risk management, loss prevention and/or incident investigation purposes. Images collected by CCTV and by other means may be provided to tenants, law enforcement bodies and insurers. If you are involved in an incident, we may ask for medical information and information from other consultants and third parties.
We offer a free Wi-Fi Service at certain properties, including our shopping centres. If you are carrying a Wi-Fi enabled device within range of one of our Wi-Fi networks, we will automatically pick up location data transmitted from your device so we can give you access to our network. We collect a range of information about the devices including, for example, the type of device, its ID number or ‘MAC address’, and its movement throughout the centre. We will not use information from your device to personally identify you unless you connect to our free Wi-Fi network.
We are proud of our culture and the people who work here. If you apply for a position with us, we may collect information (including your name, contact details, working history and relevant records checks) from you, from a recruitment consultant, your previous employers and from others who may be able to provide information to assist us in our decision on whether or not to make you an offer of employment or engage you under a contract. If your application is not successful, we may keep this information so we can contact you if an opportunity arises in the future.
Users of our applications and websites
If you sign-up to access or use any of our mobile or digital applications (including our Charli App and websites), in addition to the general personal information collected above, we may also collect technical identity data including your IP address, data derived from your IP address, browser type and versions, and information about other technology on the device you use. We use this information to help you access our applications or the products and/or services we, or other third parties offer through the applications, including mobile device identifiers (e.g., ‘MAC’ address) and, potentially, cookie identifiers. We may also collect location data from your device to enable us to provide our services to you. You have a right to opt-out of any collection or use of location data, but this may result in us being unable to offer all or part of products and/or services to you through the applications.
Third party links
We’re careful about how we use your information
We may share information with other members of the Charter Hall Group without disclosing this to you. We may also disclose your personal information to third parties who assist us in the operation of our business and/or the provision of our products and services such as custodians and unit registry providers. We may also disclose your personal information to:
- financial institutions for payment processing;
- valuers where we are seeking to value a property or lease;
- credit reporting agencies or guarantors;
- claims management services;
- injury management services;
- property management services;
- vendors, advertisers, and affiliated business partners - for example when you sign up for any digital application or service – in order to facilitate orders, payments, promotions and marketing for the products or services they offer;
- third party service providers, contractors and partners who help us manage our business and deliver our services, including IT service providers who manage our applications, systems, and networks and/or provide hosting, storage and maintenance and support services; and/or
- regulatory authorities or government agencies or bodies where required by law.
Where possible, Charter Hall will not transfer personal or sensitive information to a party in a foreign country outside the Charter Hall Group, unless:
- we are reasonably satisfied that whoever is receiving the information is subject to information privacy requirements similar to those of Australia;
- they agree to abide by Australian privacy laws in how they handle your personal and/or sensitive information;
- you have consented to the transfer;
- the disclosure is required or permitted by Australian law or court/tribunal order; or
- the information is required under a foreign law or regulation.
We take security seriously
We take reasonable steps to protect your personal information from misuse, interference, and loss, as well as unauthorised access, modification or disclosure.
We retain your personal information in our computer systems and databases, and in our physical files. We use technologies and processes such as access control procedures, network firewalls, encryption, password protected databases and physical security measures to protect your personal information.
If we establish that your personal information has been accessed or disclosed without authorisation, Charter Hall has an obligation under the Privacy Amendment (Notifiable Breaches) Act 2017 (Cth) to investigate the circumstances of the breach and take appropriate corrective actions. “Serious harm” is defined as a situation where the person affected could suffer serious physical, psychological, emotional, economic, or financial harm, or serious harm to their reputation. In such situations, where it seems reasonable to conclude that the access to or disclosure of your personal information is likely to result in serious harm to you, we will advise you and the Office of the Australian Information Commissioner (OAIC) of the incident and provide details of the actions we are taking. In assessing the data breach, we will carefully consider the list of relevant matters included in legislation. Where serious harm cannot be determined, we will assess the circumstances of the breach and may still act to fix the issue and report the details of the breach to you.
You can access and check your personal information
We want to make sure the information we collect, use, and disclose is relevant, accurate, up-to-date, and complete. In some cases, the accuracy of that personal information largely depends on the details you provide to us. Please keep us up to date with any changes.
You have the right to ask us what personal information we hold about you and to request changes to that information. To request access to the personal information we hold, please contact our Privacy Officer.
If you believe that the personal information we hold about you is incorrect, incomplete or inaccurate, you can ask us to amend it. If we have to correct personal or sensitive information about you that was previously provided to a third party, and you want us to notify the third party of the correction, we will take all reasonable steps to give that notification, unless it is impracticable or unlawful to do so.
Before we make a correction, we will review the information to ascertain if such a correction is required. In some circumstances, we may not agree that the information should be changed. If this happens, we will provide you with an explanation add a note to the personal information stating that you disagree.
We may charge a reasonable fee for responding to a request for personal information. This is to cover our costs in locating and supplying the information. There is no cost for asking for access to information.
There are several exceptions in the Privacy Principles that allow us to refuse your request for access to your personal information. These are summarised in Privacy Fact Sheet 17: Australian Privacy Principles which was released by the Office of the Australian Information Commissioner. If we deny a request for access, we will explain why.
Google Analytics Advertising Features
Charter Hall has integrated Google Analytics components into our website. The operator of Google Analytics is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, U.S. We have enabled Google Signals which comprises session data from sites and apps that Google associates with users who have signed into their Google accounts, and who have turned on Ads Personalization. This association of data with these signed-in users is used to enable cross-device reporting, cross-device remarketing, and cross-device conversion export to Ads.
Google Signals enables:
- Cross Platform reporting
- Remarketing with Google Analytics
- Advertising Reporting Features
- Demographics and Interest Reporting
Other Website Tracking Services
Below is a non-exhaustive list of the other website tracking services employed by Charter Hall:
- Microsoft Clarity
- The Trade Desk
- Yahoo Web Analytics/Dot
- Bing Universal Event Tracking
- LinkedIn Insights
- Click Cease
Specific rights for European Union (EU) residents
You may have additional rights around privacy if you are an EU citizen. Some of these rights will only apply in very limited circumstances.
- You can ask us to confirm if we are using or holding your personal information.
- You can ask us to delete your personal information. This right applies only on limited circumstances and will not usually apply where it remains necessary for is to use your information for the purposes for which it was collected, we are required by law to retain your information or your information is relevant to a legal dispute.
- You can ask us to help you move your personal information to other companies, where this is technically possible and only if we have collected and used your data via automatic means.
You have the right to be informed about any protections that we have in place where we are transferring your data overseasSpecific rights for California Consumer (CC) residents
You may have additional rights around privacy if you are a Californian (U.S.) resident, under the California Consumer Privacy Act (CCPA) 2018. Some of these rights will only apply in very limited circumstances.
- You can ask us to confirm what personal information has been collected about you and how it’s used and shared.
- You can ask us to delete your personal information. This right applies only on limited circumstances and will not usually apply where it remains necessary for is to use your information for the purposes for which it was collected, we are required by law to retain your information, or your information is relevant to a legal dispute.
- You have the right to opt-out of the sale of your personal information.
- You have the right to non-discrimination for exercising your CCPA rights.
Find out more
Please contact our Privacy Officer if you would like to know more about the Privacy Act, or if you would like more information about the way we use personal information.
If you feel we have breached your privacy, or if you wish to make a complaint about the way we have handled your personal information, please contact our Privacy Officer using the contact details set out below.
|Charter Hall Privacy Officer |
GPO Box 2704
Sydney NSW 2001
Phone: 02 8651 9000
|Office of the Australian Information Commissioner|
GPO Box 5218
Sydney NSW 2001
Phone 1300 363 992
We will investigate your complaint and contact you to advise the outcome once we have completed our investigation. If you are not happy with how your complaint has been resolved, you may apply to the Office of the Australian Information Commissioner (OAIC) to have the complaint heard and determined.
Policy review and ownership
Risk & Compliance will undertake a review of the Policy for accuracy, currency and alignment with the products and services we offer. Such reviews will take place at least every three years or sooner as appropriate considering any change in legislative or regulatory requirements, changes to the industries in which we operate and/or changes to our operations.