1.1 Our commitment to protecting your privacy
Members of Vicinity Centres, comprising Vicinity Limited ABN 90 114 757 783 and Vicinity Centres Trust ARSN 104 931 928 (VCT) which are stapled and trade together on the Australian Securities Exchange, and their respective controlled entities, may collect personal and other information in circumstances including those set out below. We refer to each of these entities collectively in this policy as “us”, “we” or “Vicinity”. Vicinity Centres RE Ltd ABN 88 149 781 322 is the responsible entity of VCT.
1.3 Further privacy information
1.4 Overseas products
2. About Vicinity Centres
Vicinity Centres is one of Australia’s leading real estate investment trusts, being a significant owner and manager across the full spectrum of Australian retail assets diversified by retail asset type, geographic location and tenant mix.
For more information about Vicinity Centres, please visit our website www.vicinity.com.au
3. What information we collect and why?
Vicinity maintains a securityholder register through an external service provider, Link Market Services (LMS). Vicinity requires LMS to comply with the Australian Privacy Principles and Privacy Act when performing services for us.
LMS collects information from you that includes contact details, bank account information, tax file numbers and other securityholder information in order that it can carry out registry functions such as the payment of distributions and dividends, send annual and half yearly reports, notices of meetings and notifications to the Australian Taxation Office. Some of this information is collected pursuant to certain laws including the Income Tax Assessment Act and the Corporations Act, which also requires us to make some securityholder details available to members of the public on request.
3.2.1 What we collect
We collect information about individuals including in the following ways:
• when you provide the information directly to us. For example:
• when you register or fill in forms on our websites or mobile applications, social media, wifi and other online services
• when you purchase gift cards or otherwise transact with us, participate in surveys, promotions or competitions and register for or use any of our services
• when you send emails, letters or other correspondence to us
• when you report an incident, make a complaint or provide other feedback to us, and
• from publicly available sources of information or from others.
Where we collect information from you, we will generally do so ourselves. However, in some cases we may collect information through your representatives, information service providers and other third parties. We discuss this further in section 3.6.
3.2.2 Types of information
The information that we collect about you may include:
• your name, date of birth, address and other contact details;
• payment information, which may include bank account or credit card details, and other information that we need in order to provide relevant goods and services to you, such as relevant identification;
• details of your interests and shopping preferences and activity;
• user names, passwords and other registration details that you provide when registering to use any of our websites, mobile applications or other services;
• details of your visits to, and use of, our websites, mobile applications, wifi and other online services, including the different parts of those services that you access during your visits, your IP address and the date and time which you access our websites;
• where you use our wifi or one of our mobile applications, information about your visits to our shopping centres collected through the wifi or mobile application, including device details (including device identifiers, usage and location data) This may include information about the different areas of a centre that you have visited and your present location within a centre;
• information submitted in forms, details of incidents involving you at our properties, enquiry/complaint details and records of communications; and
• other information that you provide to us.
Vicinity’s shopping centres, including those managed on behalf of third parties, are under video and camera surveillance. When entering Vicinity’s shopping centres, the personal information and images of individuals may be collected by Vicinity. This information may be used by Vicinity in connection with the management and security of the property generally, and may be provided to law enforcement and government bodies, insurers, Vicinity staff and subcontractors, third parties who provide Vicinity with services from time to time and retailers for these purposes.
3.2.3 How we use and disclose the information that we collect?
We may use and disclose personal information that we collect about you for the following purposes:
• to verify your identity;
• to provide goods or services, including gift cards, that you order from us;
• to conduct competitions or promotions for which you have registered and to otherwise perform any obligations and / or exercise any rights we have under any contracts between us;
• to meet our legal and regulatory obligations, including responding to lawful information requests from courts, government agencies and lawyers and to protect our lawful interests;
• to help us improve the structure, layout and usability of our websites and mobile applications and to enable you to participate in any interactive features of those websites and mobile applications;
• to help us plan, operate and manage our shopping centres and other retail assets, including planning, product and service development, security, testing, customer relationship management and record management;
• to answer any questions you may raise or respond to any comments you may send us;
• to carry out market analysis and research;
• to market and promote the shopping centres and other retail assets that we manage, and any of the tenants of those shopping centres. We may send marketing or promotional materials to you where you subscribe to one of our newsletters or any other communication service, you request information about our services, you use our wifi or mobile applications or you provide your contact details to us and request that we contact you. If you do not want to receive this type of information, please let us know by contacting us in accordance with section 8 – how to contact us; and
• where you use one of our mobile applications, to provide certain services and other functionality within the application. For example, we may assign you a unique customer identification number in order to collect information about your location within the shopping centre to provide a mapping service within the application.
In relation to mobile applications and other online services, we may also share personal information with other users of one of our online services where you have chosen, through your own use of that service, to share your information with those users. You can control the information that you share through the online service by changing the information sharing settings within the service.
Your personal information will not necessarily be made available to all of our staff. Access to your information will generally be restricted to those staff who require the information for the purposes set out above.
Generally, if you choose not to provide certain information to us, then we may not be able to provide you with certain services and you may not be able to use certain parts of our websites or online services or participate in competitions or promotions that we run.
Cookies and other unique identifiers
Apart from the information mentioned above, we may also collect information about your usage of our websites by using cookie files which are stored on the hard drive of your computer. Cookies, which are small text files that a website may write to your hard drive when you visit the website, may be used for a variety of purposes, for example to manage security and store information about the type of browser being used. We use this information in order to help us recognise you as a unique visitor to the websites and to store your individual preferences, so that we can customise the websites to reflect your particular interests, and also for system administration purposes. You can accept or reject cookies by changing the relevant settings in your browser. However, if you decline cookies, you may be unable to access certain parts of our websites.
3.3 Tenants and prospective tenants
3.3.1 What information do we collect?
We collect information from you if you lease or apply to lease a property from us (including if you act as a guarantor) during negotiations for leases and throughout the term of a lease or licence for premises, storage space, car park spaces and kiosks at properties we own and manage. This information may include:
• contact and insurance details
• financial capacity of tenants and guarantors
• tenants’ business experience, and
• other assorted financial and trading information.
3.3.2 Why we collect this information?
This information is collected in order to assess whether a lease, licence or other agreement should be granted or entered into, to help us manage our relationship with tenants, to carry out functions associated with managing properties and to monitor the performance of our properties. We may also share this information with our banks to facilitate banking arrangements and make it available to others in connection with any transactions involving the ownership or management of the property. If tenants provide direct debit details, these details will be disclosed to relevant banks to facilitate the provision of the bank’s service.
If tenants and guarantors do not provide the personal information that is required then the tenants may be unable to enter into, or to maintain, a lease or licence with the relevant centre landlords.
3.4 Prospective employees and current employees
3.4.1 What we collect
If you apply for, or we consider you for a position with us, we may also collect information about your qualifications, skills, experience and character and conduct screening checks (including reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks).
Vicinity collects personal information from you and other sources including publicly available information, your representatives, information service providers and the parties with which we engage the information as described in this Policy.
Furthermore, for our staff, Vicinity may collect personal information about you in connection with your employment. This information may include your name, date of birth, contact information, employment activity, use of IT resources, and any other information you provide, or provided on your behalf, as part of our induction and compliance processes. We collect some personal information about employees pursuant to various laws including the Fair Work Act, Superannuation Guarantee (Administration) Act and Income Tax Assessment and other tax laws, Corporations Act, occupational health and safety acts and workers compensation acts.
3.4.2 Why we collect
For prospective employees:
• We collect, use and disclose your personal information to assess your application, conduct screening checks and consider and contact you about other positions.
• We may exchange your personal information with academic institutions, recruiters, screening check providers, professional and trade associations, law enforcement agencies, referees and your current and previous employers.
• Without your personal information we may not be able to progress considering you for positions with us.
After you join our staff, this information collected will be used for the purposes related to managing your employment, in accordance with the requirements of the Privacy Act. You need to ensure this information is up to date, in accordance with Vicinity’s policies and procedures. We may disclose this information to other employers seeking a reference about you and our service providers including providers of payroll, superannuation, staff benefits, surveillance and training services. Without your personal information we may not be able to effectively manage your employment or engagement and in some cases we may take appropriate disciplinary action including termination if you refuse to provide certain information.
We may rely on any applicable exemptions under privacy laws in handling personal information, including any exemptions relating to employee records.
3.5 Service providers
3.5.1 What we collect
We collect information from service providers, including contact and insurance details, ABNs and information as to financial standings and business experience.
3.5.2 Why we collect
The personal information we collect is required to engage us to perform our obligations under our agreements with service providers and to assist us to manage our relationships with service providers.
3.6 Further details about our collection of information
3.6.1 Information we collect from others
We collect information about you from others, such as agents, advisers and brokers. We may collect information about you that is publicly available, for example from public registers or made publicly available by third parties. We may collect information from your account with a third party service (such as your social network profile) when you use that account to login to one of our online services.
3.6.2 Sensitive information
The Privacy Act also protects your sensitive information (as that term is used in the Privacy Act). If we need to obtain this type of information, we will ask for your consent, except where we are permitted by law.
3.6.3 Gathering and combining data to get insights
Improvements in technology enable organisations like ours to collect and use information to get a more integrated view of customers and provide better services and offers (see section 3.2.3).
Vicinity may combine customer information it has with information available from external sources (for example census or Australian Bureau of Statistics data). Vicinity members are able to analyse the data in order to gain useful insights which may be used for the purposes mentioned earlier in this section 3.
3.6.4 Anonymity and pseudonymity
If possible, we will usually give you the option of dealing with us anonymously and pseudonymously. However, where legislation or practical considerations require us to collect personal information, we will not be able to allow for anonymity or pseudonymity.
4. Who do we exchange your information with?
4.1 Third parties
We may disclose information about you to third parties where this is permitted by law including for any of the purposes mentioned in section 3. These third parties include:
• our related bodies corporate
• service providers, for example custodians, brokers, unit registry services or correspondent banks
• other organisations who provide archival, auditing, professional advisory (including legal, accounting and business consulting), debt collection, banking, marketing, advertising, communication, mail house, delivery, recruitment, call centre, contract management, technology, research, analytics, utility, cleaning and security services and other persons/entities necessary for us to comply with a legal obligation or to perform any obligations under any contracts between us
• those to whom we outsource certain functions on a confidential basis, for example, direct marketing, statement production, information technology support
• owners of shopping centres for whom we provide property management or development services
• a buyer or prospective buyer of us or our business, shopping centres or other retail assets
• brokers, agents and advisers and persons acting on your behalf, for example a custodian, asset consultant or a person who holds a power of attorney, and
• government and law enforcement agencies or regulators where required or authorised by law or to assist in the prevention, detection and management of unlawful conduct such as fraud.
4.2 Sending information overseas
From time to time we may send your information overseas, including to service providers or other third parties who operate or hold data outside Australia relevant to our business and activities.
Where we do this, we take reasonable steps to make sure that appropriate data handling and security arrangements are in place.
We may also send information overseas to complete a particular transaction, such as an international money transfer, or where this is required by laws and regulations of Australia or another country.
Generally, we use systems and services located in Australia, however some of our investment activity and products are located overseas, such as debt instruments and convertible notes issues.
When your information is sent overseas, it is typically being sent to one of the following countries:
• Singapore, and
• United States
If you are a securityholder located outside Australia, we may also provide your information to local authorities such as taxation authorities, banks and other permitted bodies in order to make distribution or dividend payments, comply with local laws and communicate with you or your representatives.
5. Keeping your information secure
We keep your records on our premises and systems or offsite using third parties. We regard the security of personal information as a priority and use a number of security safeguards to protect it. We review our security safeguards on a regular basis and implement improvements where necessary to protect from misuse, interference and loss and from unauthorised access modification or disclosure.
However, no data transmission over the internet can be guaranteed as completely secure. So while we strive to protect such information, we cannot ensure or warrant the security of any information transmitted to us and individuals do so at their own risk.
Depending on the circumstances and information, our security safeguards can include:
• Staff training
• Taking security precautions with overseas transfers and third parties
• System security including firewalls, intrusion detection systems, encryption and access controls
• Destroying data when no longer required
6. Accessing, updating and correcting your information
6.1 Can I get access to my information?
You can ask for access to your information by contacting our Privacy Officer, going online to LMS if you are an investor/securityholder or contacting your relationship manager if you are a tenant. For all other investors, please contact your fund manager or other relevant contact.
6.2 Is a fee payable?
There is no fee charged by Vicinity for accessing your information.
6.3 How long does it take to gain access to my information?
We try to respond to your access request within 30 days of the request. Before we give you the information, we’ll need to confirm you are appropriately authorised to access the information, which may include an identity verification process.
6.4 Can you deny or limit my request for access?
In certain circumstances we’re allowed to deny your request, or limit the access we provide. For example we might not provide you access to commercially sensitive information. Whatever the outcome, we’ll contact you explaining our decision.
6.5 Updating your basic information
It’s important that we have your correct details, such as your current address and telephone number. You can check or update your information by contacting our Privacy Officer, contacting LMS if you are a securityholder, or by contacting your relationship manager if you are a tenant. For all other investors, please contact your fund manager or other relevant contact.
6.6 Can I correct my information?
You can ask us to correct any inaccurate information we hold or have provided to others by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests.
If we’re able to correct your information, we’ll inform you when the process is complete.
6.7 What if we disagree that the information should be corrected?
If we disagree with you that information should be corrected, we’ll let you know in writing our reasons. You can ask us to include a statement with the relevant information, indicating your view that the information is inaccurate, misleading, incomplete, irrelevant or out-of-date.
We will take reasonable steps to comply with such a request.
7. Making a privacy complaint
7.1 We’re here to help
We accept that sometimes we can get things wrong. If you have a concern about your privacy, you have a right to make a complaint. We take all privacy matters seriously and will consider your complaint carefully.
7.2 How do I make a complaint?
To lodge a complaint, please contact our Privacy Officer. We’ll review your situation within a reasonable timeframe (usually 30 days) and try to resolve it.
7.3 How do we handle a complaint?
We acknowledge every complaint we receive and provide contact details of the investigating officer. We keep you updated on the progress we’re making towards fixing the problem.
Usually, it takes only a few days to resolve a complaint. However, if we’re unable to provide a final response within 7 business days we’ll contact you to explain why and discuss a timeframe to resolve the complaint.
7.4 External review
If you’re not satisfied with our handling of your matter, you can refer your complaint for external dispute resolution. We suggest you do this only once you’ve first followed our internal complaint processes set out above.
If you are still not satisfied with the response, you may contact the Office of the Australian Information Commissioner by calling them at 1300 363 992, online at www.oaic.gov.au or writing to the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.
8. How to contact us or find out more
8.1 Vicinity Privacy Officer
For privacy related queries, access or correction requests, or complaints, please contact our Privacy Officer at:
Postal: Privacy Officer
Level 28, 35 Collins Street
Melbourne VIC 3000
Phone: +61 3 9236 6300, Monday to Friday between 9am to 5pm Melbourne time.
8.2 Link Market Services Privacy Officer (if you are a securityholder only)
If you are a securityholder, please contact Link Market Services directly at the following:
Post: Privacy Officer
Locked Bag A14
Sydney NSW 1235
Phone: +61 1800 502 355, Monday to Friday between 9am to 5pm Melbourne time
8.3 Further information about privacy
You can access additional information about our privacy practices through our website www.vicinity.com.au.
More information about the Australian Privacy Principles and the Privacy Act can be found directly from the Office of the Australian Information Commissioner at the websitewww.oaic.gov.au or through the following contacts:
Phone: 1300 363 992 (or outside Australia +61 2 9284 9749)
Post: GPO Box 5218,
Sydney NSW 2001