From whom do we collect your personal informaion?
We may collect your personal information directly from you or from third parties, such as:
our service providers;
our retailers and licensees;
our related entities;
our property owners, joint venture partners, hotel managers and property managers (including those from whom we acquire a centre); and
from public registers.
We also collect information which does not identify you from third parties, such as data businesses and public sources, such as Census data.
We may share your personal information with third parties, including:
our service providers who assist us with:
developments, technology services, marketing, communications, research and analytics;
business advisory services (including recruitment, legal, accounting and audit);
car park operations, hotel operations, utilities, cleaning and security services;
call centre, contract management and administrative services, including mailing, delivery and archiving services; and
insurance, banking, payment processing and debt collection services;
with other users of our websites, applications or social media channels where you have chosen to share your personal information with those users through your use of that service;
with brokers, agents and advisers and persons acting on your behalf for example, a custodian, asset consultant or person who holds a power of attorney;
with our related entities, joint venture partners and shopping centre owners for whom we provide property management services as well as to prospective buyers or future property managers of our business or the properties which we manage;
with governmental bodies where a health or safety risk is identified for individuals that have visited one of our centres;
for regulatory and enforcement purposes where necessary in order to report actual or suspected offences, illegal or fraudulent activity to police or other enforcement agencies as well as to meet our legal and regulatory obligations, including in order to respond to warrants and other lawful information requests from courts as well as protect our lawful interests; and
as otherwise permitted or required by law.
Generally, we use systems and services in Australia, however some of our investment activity and service providers are located overseas.
If you hold an investment that is issued overseas, the details of the rules relevant to that investment product were notified to you in the product offer document. If you are a security holder residing outside Australia, we may also provide your information to authorities of the jurisdiction in which you reside such as tax authorities, banks and other permitted bodies to make distribution and dividend payments, comply with the laws of that jurisdiction and communicate with you or your representatives.
Some of our hotel and technology service providers also provide hosting of our data in countries outside of Australia, including the United States, Singapore and Japan.
How do we store and protect your personal information?
We store personal information both electronically and in hard copy form, both at our premises and with the assistance of our service providers, including several cloud service providers. We have a number of security controls which we apply in relation to our people, processes and technology including:
internal data handling policies;
access controls; and
reasonable IT network security measures such as intrusion detection systems and protective security software applications.
However, no data transmission or storage on the internet can be guaranteed as completely secure. While we strive to protect our data and are continually reviewing our security systems to improve them, we cannot ensure and do not warrant the absolute security of the data we collect.
Data breach response
Please notify us immediately if you become aware of any misuse, interference or loss or any unauthorised access, modification or disclosure of personal information held by us ('Data Breach') or any other security incident affecting data held by us using the contact details provided at the end of this policy.
If we become aware of a Data Breach, we will promptly investigate the incident, and take reasonable steps to contain and remedy the breach. To help you maintain the security of your personal information, we will take steps to notify you as soon as practicable if we believe that the Data Breach would likely result in serious harm to you. Where possible, we will provide you with recommendations on the steps that you can take in response to the breach.
After investigating a Data Breach, we may disclose information to the Office of the Australian Information Commissioner and to law enforcement agencies about the incident in order to comply with our reporting obligations under the Privacy Act, and to enable the Office of the Australian Information Commissioner and law enforcement agencies to assess and investigate the incident.
How can you seek access, correction or updates to the personal information which we hold about you?
If you are a customer, retailer, licensee, service provider or job applicant, you can seek access, correction or updates to personal information which we hold about you by contacting our privacy team using the details provided at the end of this policy.
If you are a security holder, you can contact Link using the details provided in the 'For Investors' section for access, correction or update requests in relation to personal information which Link collects about you on our behalf. For all other investors, please contact your fund manager or other applicable investment representative.
There is no fee charged by Vicinity for accessing your information. We endeavour to respond to your access request within 30 days of receiving the request. Before we give you access to information, we will need to confirm you are appropriately authorised to access the information, which may include an identity verification process. In certain circumstances we are allowed to deny your access request or limit the access we provide. For example, we may not provide you with access to records which contain the personal information of others.
It is also important that we have your correct details, such as your current address and telephone number. You can ask us to correct any inaccurate information we hold or have provided to others by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests. If we’re able to correct your information, we’ll inform you when the process is complete. If we disagree with the request to correct, we’ll let you know in writing and include our reasons. You may ask us to add a note of your correction request to the information we hold about you.
How can I make a complaint?
If you have a concern or complaint about our handling of your personal information, please contact our Privacy Officer using the details provided at the end of this policy. We’ll review your situation and work towards resolving it within a reasonable timeframe.
We acknowledge every complaint we receive, provide contact details of the investigating officer and keep you updated on the progress we’re making towards investigating the complaint.
Usually, it takes only a few days to investigate a complaint. However, if we’re unable to provide a final response within 30 days we’ll contact you to explain why and discuss an appropriate timeframe to investigate the complaint.
If you’re not satisfied with our handling of your matter, please let us know using the contact details below so we can ensure that you are given the benefit of our complaint processes.
If you are still not satisfied with the response, you can contact the Office of the Australian Information Commissioner by:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
1300 363 992
How can I contact Vicinity Centres’ privacy team?
For privacy related queries, access or correction requests, or complaints, please contact our Privacy Officer at:
Level 4, Chadstone Tower One
1341 Dandenong Road
Chadstone VIC 3148
+61 3 7001 4000 Monday to Friday between 9.00am and 5.00pm Melbourne time.
How can I get further information about privacy?
For more information about privacy generally, you can also refer to the website for the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or contact the OAIC using the contact details provided in the “How can I make a complaint?” section above.