Privacy policy

Introduction

Our Privacy Policy

We value your trust so it’s important to us that we are transparent about how we use information from and about you. This Privacy Policy explains how and why we collect and handle information about you and why this data is important to us.

We’re committed to creating destinations which make your experiences with us better, easier and more enjoyable. The data that we gather from your interactions with us helps us to better understand and influence how we:

• shape our centres to meet your changing needs and expectations;
• support our retailers to help them deliver an improved offer to you; and
• continue to create destinations that are the hub of the communities in which we operate.

We will update this Privacy Policy to explain changes in our data handling practices as our development and use of technology changes. Please keep an eye on this website for updates.

Please contact our privacy team using the contact details provided at the end of this policy if you, or a person you assist, would like:

• further information about our handling of personal information; or
• the information in this privacy policy explained to them or provided in a different format.

In addition to this policy, please note that some of our locations, products and services will include their own privacy notice and additional information about our handling of personal information.

Who are we?

Vicinity Centres (“Vicinity”, “we”,  “our”) is a leading property group which owns, develops and manages shopping centres and mixed-use properties across Australia. Vicinity Centres is made up of Vicinity Limited ABN 90 114 757 783, Vicinity Centres Trust ARSN 104 931 928 and their respective controlled entities, including Vicinity Centres PM Pty Ltd ABN 96 101 504 045 (“Vicinity”).

Who is this Privacy Policy for?

This Privacy Policy describes how we handle the personal information of our customers, hotel guests, retailers, investors, service providers and job applicants. Personal information generally refers to information about you which can be used to reasonably identify you, such as your name, address, phone number, email address, date of birth as well as photos and videos of you. 

We generally collect personal information from you so that we can:

• provide you with our services or obtain services from you;
• register you for our events, newsletters, promotions and loyalty programs;
• operate our centres and digital services, including through the use of CCTV, device/website tracking and the logging of security, health and safety incidents;
• respond to complaints, queries, feedback and disputes;
• tailor our centre precinct and digital offerings to your activities, preferences and needs; and
• conduct market research to obtain your feedback on your experiences with us

If you contact us in person, via our websites or by phone, email, letter or other correspondence, we collect your information so that we can provide you with an appropriate response, address any complaints, queries or feedback which you raise and maintain records of our communications. We also monitor your communications with us for security, dispute resolution and training purposes. 

We collect sensitive information, such as:

• health information, where required for managing compliance with our health and safety obligations and responding to health and safety incidents at our locations; and
• criminal offence details as part of employment screening and where individuals have committed, or are suspected of, criminal offences at our locations.

We also de-identify and aggregate data for the purpose of conducting visitor behavioural analytics to better understand and report on the experiences, demographics and interests of our visitors, including the retailers, locations and websites that are most popular with our customers. 

For Customers and Hotel Guests 

When you visit our shopping centre precincts, the kinds of personal information we collect from you both directly and through our service providers includes:

When you enter our car parks

At some of our centres, we collect your vehicle’s number plate details, images of your parked vehicle and CCTV footage from within our car parks in order to:

• monitor car park usage and maintain centre security;
• allow you to pay for parking using on-premise or online options; and
• help you to locate your car.

If you choose to register with us for ticketless or valet parking, we collect your name, email address, postcode, telephone number, vehicle registration and credit card details and, where applicable, disability parking permit details (as part of providing disability permit holders with certain free parking facilities). 

When you visit our shopping centre precincts

During your visit to any of our locations, we and our service providers:

• collect CCTV and video camera footage to ensure the safety and security of those visiting and working at our locations;
• offer public Wi-Fi services if you choose to register and provide us with your contact details or social media ID;
  • We also collect from your use of our Wi-Fi:
    • MAC address, device ID, IP address assigned to the device, type of device and type of web browser you are using;
    • the dates, times and locations from which you access our Wi-Fi;
    • the websites which you access using our Wi-Fi; and
    • if you sign onto our Wi-Fi using a social media ID, publicly available social media posts, personal information and demographic data which we obtain from those social media platforms;
  • We use this information in combination with other information which we collect to improve our services as well as:
    • conduct market research and consumer behavioural analytics;
    • send you promotions, surveys and other marketing materials; and
    • manage the security of our centres and networks;
• conduct consumer profiling, device tracking and traffic monitoring, which does not identify you, through:
  • camera technology, digital screens and wayfinding kiosks that help us identify the demographics, age groups and genders of customers visiting our centres;
  • device monitoring of Wi-Fi-enabled devices, including the collection of MAC address and location updates from such devices; and
  • people counters and traffic flow tools which help us better understand and track how busy our centres are;
• offer mobility equipment for hire within our shopping centres if you provide us with your name, address, phone and email address. We also ask to sight your driver’s licence details in some of our centres for security reasons and to verify your identity;
• run centre events and services, such as fashion launches, centre tours, bus services and community walking clubs for which we collect your name, contact details and emergency contact details as part of registering you for these services;
• offer shopping centre gift cards for which we ask you to provide your name and contact details in some of our centres as part of making your gift card purchase;
• run competitions and promotions for which we ask you to provide your name and contact details and certain additional details, such as a photo, video or post, depending on the type of competition we are running;
• log health and safety incidents as well as actual or suspected criminal or other illegal activity which takes place at our centres and collect the name, contact details and incident details (including injury information and criminal offence details) from those involved including witnesses;
• offer you the chance to subscribe to centre news and future loyalty programs by providing your name and contact details; and
• conduct market research surveys and interviews as part of collecting your feedback on how we can improve the experience at our locations. We may ask for your name and contact details when conducting market research for the purpose of arranging follow-up interviews so that we can better understand your experience at our centres.

Other reasons why we collect your details when you visit our shopping centre precincts include when you report an incident, lose a family member or friend or property within our centres, make a complaint, make an inquiry or request assistance from our customer service desk, centre management office or security officers, or provide other feedback to us.

When you visit Hotel Chadstone Melbourne MGallery by Sofitel

We are committed to providing Hotel guests with a seamless experience which connects Hotel Chadstone to the broader Chadstone Shopping Centre precinct. When you visit or book to stay at Hotel Chadstone, personal information collected by Accor as the Hotel Manager appointed to operate Hotel Chadstone will be used to:

• manage your booking and provide you with access to Hotel Chadstone facilities and services;
• manage and operate Hotel Chadstone facilities and services as well as comply with legal obligations;
• tailor and improve the quality of your Hotel experience based on your feedback; and
• where consented to, provide you with Accor marketing communications. 

The kinds of personal information collected as part of your booking or visit to Hotel Chadstone includes:

• for Hotel reservations, your name, country of residence, nationality, address, phone number, email address, passport and reservation details;
• for Hotel bars, restaurants and events, including dining at Altus Rooftop or Pastore Restaurant, your name, contact details and dietary requirements.

Personal information collected by Accor in connection with Hotel Chadstone is shared with:

• Hotel service providers as well as other Accor Group legal entities and service providers, some of which are located in a country other than Australia, for the purposes described above; and
• Vicinity as the property manager for Hotel Chadstone and the broader Chadstone Shopping Centre precinct for the purpose of planning and overseeing Hotel Chadstone operations, providing Chadstone Shopping Centre marketing communications as well as improving the quality of your Chadstone experience.

For more information about Accor and how it handles your personal information, please refer to Accor’s Customer Personal Data Protection Charter available at https://www.accorhotels.com/security-certificate/index.en.shtml. For privacy related queries, access, correction or deletion requests, or complaints about Accor’s handling of your personal information, please contact data.privacy@accor.com

When you use our Digital Services

When you access or subscribe to our websites, apps, online services, social media channels, public WiFi or electronic communications (“Digital Services”), the kinds of personal information which we may collect both directly and through our service providers include:

• your name, month and year of birth, gender, postcode, email and mobile number;
• your preferences, interests and demographic data which allows us to tailor our communications to you regarding centre news, events and promotions;
• additional information, such as your photos and posts when you publish, message or otherwise share this information with us through our Facebook or Instagram pages, mobile applications or websites; and
• data about your use of these services including information about what parts of these services you access, your IP address, the dates and times at which you use these services and usage data collected through certain website and application monitoring tools.

We link information about your use of our shopping centres and Digital Services to improve and better tailor our in-centre offerings and Digital Services to meet your needs. We also collate information about your use of our shopping centres and Digital Services in order to conduct market research surveys and collect your feedback on your in-centre and digital experiences and interactions with us.

We also collect information about your usage of our Digital Services by using cookie files and other tracking technology in our Digital Services. Tracking technologies can be used for a variety of purposes, such as:

• to help us recognise you as a unique visitor to our websites and to store your individual preferences, so that we can customise our websites to reflect your interests;
• to help us and our advertising affiliates monitor your use of our Digital Services and deliver a more relevant and personalised service to you, including through targeted advertisements and promotional offerings; and
• system administration and to manage site security and store information about the type of browser being used.

You can accept or reject cookies by changing the relevant settings in your browser.  However, if you decline cookies, you may be unable to access some parts of our websites.

We also collect information relating to other unique identifiers such as Flash cookies (also known as local stored objects), IP addresses and device identifiers that help us understand device and browser interactions, and activity on our websites and in our centres.

We may also use the information which you provide to us when subscribing to our Digital Services to identify suitable target audiences for our promotional offerings, services and advertising.

For Retailers and Licensees

In addition to the above information collected from individuals visiting our centres, the kinds of personal information which we collect from retailers and licensees both directly and through our service providers include:

If you lease, license or apply to lease or license space from us

The types of personal information which we collect from you (as an actual or prospective tenant, licensee or assignee) include:

• from retailers and licensees: name, address, date of birth, contact and insurance details, job position as well as information on your business experience, trading history, financial capacity and personal and business assets and liabilities;
• from guarantors: name, address, date of birth, contact details, information on your business experience, trading history, financial capacity as well as personal and business assets and liabilities; and
• from retailer or licensee personnel: name, job position, contact details and any other information required for registering retailer personnel for centre services, such as retailer carparking programs for which we collect number plate details.

We use this information to:

• assess whether to grant a lease, licence or other rights to use our facilities or services;
• manage our relationship, agreements, payment processing and communications with you (including notices issued under lease or licence);
• manage and operate the centres in which you lease or license space from us;
• monitor the performance of our centres;
• contact you in the event of an emergency;
• understand your interests, preferences and activities as a retailer or licensee at our centres; and
• conduct market research surveys and interviews to gather feedback and better understand how to improve the retailer experience at our shopping centres.

For Investors

If you invest in us in an individual capacity

Link Market Services Limited (“Link”), the service provider which manages our securityholder registry:

• collects information from you including your contact details, bank account information, tax file number and other information which it requires to carry out its functions;
• uses this information for purposes including the payment of distributions and dividends as well as the sending of annual and half yearly reports, notices of meetings and notifications to the Australian Taxation Office;
• collects some of this information pursuant to laws including the Income Tax Assessment Acts and the Corporations Act, which also requires us to make some securityholder details available to members of the public on request;
• is provided with your queries and contact details by us if you contact us as a securityholder; and
• provides us with your contact details for the purposes of our communications with you.

For more information about Link and how it handles your personal information, please refer to the Link  privacy policy on the website www.linkmarketservices.com.au or contact Link on:

Email: privacy.officer@linkgroup.com

Post:
Attn: Privacy Officer
Link Group
Locked Bag A14
Sydney South NSW 1235

Phone: + 61 1800 502 355 (free call within Australia)

For Service Providers

If you or a company which you work for provides goods or services to us, we collect the personal information which we require in order to manage our relationship with you, including for the purposes of registering your visits to our locations as well as managing onboarding and compliance processes which apply to our service providers.

The kinds of personal information which we collect from you if you are service provider personnel includes:

• name, address, date of birth, contact details and employment screening results (including reference, background, criminal record and eligibility to work checks);
• insurance details as well as information on licences, permits and qualifications which you possess;
• information about your financial standing and business experience; and
• registers which record the start and end time of your visits or work at our properties (which in some circumstances is collected via biometric fingerprint scanner).

We collect this information directly from you and from others, such as your representatives, referees, current and previous employers, professional and trade associations as well as law enforcement agencies, employment screening providers and publicly available sources such as LinkedIn.

For Job Applicants

If you apply to work with us, we collect the information which we require to consider your application for employment, consider and contact you about other positions and manage our employment relationship with you if you are successful in becoming a member of our team. The kinds of personal information which we collect when you apply for a job with us includes:

• your name, address, date of birth and contact details;
• work experience, qualifications, employment history and resume;
• tax file number and bank account details; and
• employment screening results (including reference, background, criminal record and eligibility to work checks).

We collect this information directly from you as well as others, such as your representatives, referees, academic institutions, current and previous employers, professional and trade associations as well as law enforcement agencies, publicly available sources such as LinkedIn as well our employment screening service provider Fit2Work which is owned by Equifax Australia Workforce Solutions Pty Limited ABN 86 080 799 720 (previously the Mercury Group of Companies). 

For more information about Fit2Work and how it handles your personal information, please refer to the Equifax privacy policy at https://www.mercury.com.au/privacy-policy/.

Further information and your rights

We collect your personal information directly from you or from third parties, such as

• our service providers;
• our retailers;
• our related entities;
• our property owners, joint venture partners, hotel managers and property managers (including those from whom we acquire a centre); and
• from public registers.

We also collect information which does not identify you from third parties, such as data businesses and public sources, such as Census data.

We may share your personal information with third parties, including:

• our service providers who assist us with:
  • developments, technology services, marketing, communications, research and analytics;
  • business advisory services (including recruitment, legal, accounting and audit);
  • carpark operations, hotel operations, utilities, cleaning and security services;
  • call centre, contract management and administrative services, including mailing, delivery and archiving services; and
  • insurance, banking, payment processing and debt collection services;
• with other users of our websites, apps or social media channels where you have chosen to share your personal information with those users through your use of that service;
• with brokers, agents and advisers and persons acting on your behalf, for example, a custodian, asset consultant or person who holds a power of attorney;
• with our related entities, joint venture partners and shopping centre owners for whom we provide property management services as well as to prospective buyers or future property managers of our business or the properties which we manage; and
• for regulatory and enforcement purposes where necessary in order to report actual or suspected criminal offences, illegal or fraudulent activity to police or other enforcement agencies as well as to meet our legal and regulatory obligations, including in order to respond to warrants and other lawful information requests from courts as well as protect our lawful interests.

Overseas disclosures

Generally, we use systems and services in Australia, however some of our investment activity and service providers are located overseas.

If you hold an investment that is issued overseas, the details of the rules relevant to that investment product were notified to you in the product offer document. If you are a securityholder residing outside Australia, we may also provide your information to authorities of the jurisdiction in which you reside such as tax authorities, banks and other permitted bodies to make distribution and dividend payments, comply with the laws of that jurisdiction and communicate with you or your representatives.

Some of our hotel and technology service providers also provide hosting of our data in countries outside of Australia, including the United States, Singapore and Japan.

How do we store and protect your personal information?

We store personal information both electronically and in hard copy form, both at our premises and with the assistance of our service providers, including several cloud service providers. We have a number of security controls which we apply in relation to our people, processes and technology including:

• internal data handling policies; and
• reasonable IT network security measures such as intrusion detection and anti-virus applications.

However, no data transmission over the internet can be guaranteed as completely secure.  While we strive to protect our data and are continually reviewing our security systems to improve them, we cannot ensure or warrant the absolute security of the data we collect.

Data breach response

Please notify us immediately if you become aware of any misuse, interference or loss or any authorised access, modification or disclosure of personal information held by us (“Data Breach”) or any other security breach affecting data held by us using the contact details provided at the end of this policy.

If we become aware of a Data Breach, we will promptly investigate the incident, and take reasonable steps to contain and remedy the breach.  To help you maintain the security of your personal information, we will take steps to notify you as soon as practicable if we believe that the Data Breach would likely result in serious harm to you.  Where possible, we will provide you with recommendations on the steps that you can take in response to the breach.

After investigating a Data Breach, we may disclose information to the Office of the Australian Information Commissioner and to law enforcement agencies about the incident in order to comply with our reporting obligations under the Privacy Act, and to enable the Office of the Australian Information Commissioner and law enforcement agencies to investigate the incident.

How can you seek access, correction or updates to the personal information which we hold about you?

If you are a customer, retailer, service provider or job applicant, you can seek access, correction or updates to personal information which we hold about you by contacting our privacy team using the details provided at the end of this policy.

If you are a securityholder, you can contact Link using the details provided in the “For Investors” section for access, correction or update requests in relation to personal information which Link collects about you on our behalf. For all other investors, please contact your fund manager or other applicable investment representative.

There is no fee charged by Vicinity for accessing your information. We endeavour to respond to your access request within 30 days of receiving the request. Before we give you access to information, we will need to confirm you are appropriately authorised to access the information, which may include an identity verification process. In certain circumstances we are allowed to deny your access request or limit the access we provide. For example, we may not provide you with access to records which contain the personal information of others.

It is also important that we have your correct details, such as your current address and telephone number. You can ask us to correct any inaccurate information we hold or have provided to others by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests. If we’re able to correct your information, we’ll inform you when the process is complete. If we disagree with the request to correct, we’ll let you know in writing and include our reasons. You may ask us to add a note of your correction request to the information we hold about you.

How can I make a complaint?

If you have a concern or complaint about our handling of your personal information, please contact our Privacy Officer using the details provided at the end of this policy. We’ll review your situation within a reasonable timeframe (usually 30 days) and work towards resolving it.

We acknowledge every complaint we receive, provide contact details of the investigating officer and keep you updated on the progress we’re making towards investigating your complaint.

Usually, it takes only a few days to investigate a complaint. However, if we’re unable to provide a final response within 30 days we’ll contact you to explain why and discuss an appropriate timeframe to investigate the complaint.

If you’re not satisfied with our handling of your matter, please let us know using the contact details below so we can ensure that you are given the benefit of our complaint processes.

If you are still not satisfied with the response, you can contact the Office of the Australian Information Commissioner by calling 1300 363 992, submitting your issue online at www.oaic.gov.au or writing to the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.

How can I contact Vicinity Centres’ privacy team?

For privacy related queries, access or correction requests, or complaints, please contact our Privacy Officer at:

Email: privacy@vicinity.com.au

Post:
Privacy Officer
Vicinity Centres
Level 4, Chadstone Tower One
1341 Dandenong Road
Chadstone VIC 3148

Phone: +61 3 7001 4000, Monday to Friday between 9am to 5pm Melbourne time.

How can I get further information about privacy?

For more information about privacy generally, you can also refer to the website for the Office of the Australian Information Commissioner (www.oaic.gov.au) or contact the OAIC using the contact details provided in the “How can I make a complaint?” section above.