Privacy policy

Privacy Policy

1. Introduction

We value your trust so it’s important to us that we are transparent about how we use information from and about you. This Privacy Policy explains how and why we collect and handle personal information about you.

We are committed to creating destinations which make your experiences with us better, easier and more enjoyable. The information (including, in some cases, personal information) that we gather from your interactions with us helps us to better understand and influence how we:

• shape our centres to meet your changing needs and expectations;
• support our retailers to help them deliver an improved offer to you; and
• continue to create destinations that are the hub of the communities in which we operate. 

We will update this Privacy Policy to explain changes in our information handling practices from time to time. Please keep an eye on this website for updates.

Please contact our privacy team using the contact details provided at the end of this policy if you, or a person you assist, would like:

• further information about our handling of personal information; or
• the information in this Privacy Policy explained to them or provided in a different format.

In addition to this policy, please note that some of our locations, products and services will include their own privacy notice and additional information about our handling of personal information.

Who are we?

Vicinity Centres (“Vicinity”, “we”, “our”) is a leading property group which owns, develops and manages shopping centres and mixed-use properties across Australia. Vicinity Centres is made up of Vicinity Limited ABN 90 114 757 783, Vicinity Centres Trust ARSN 104 931 928 and their respective controlled entities, including Vicinity Centres PM Pty Ltd ABN 96 101 504 045.

Who is this Privacy Policy for?

This Privacy Policy describes how we collect and handle the personal information of our customers, hotel guests, retailers, licensees, investors, service providers and job applicants.

Personal information generally refers to information which identifies you or from which you are reasonably identifiable. This can include your name, address, phone number, email address, date of birth, as well as in some circumstances photos and videos of you.

We generally collect personal information from you so that we can:

• provide you with our services or obtain services from you;
• lease or license space to you;
• register you for our events, newsletters, promotions and loyalty programs;
• operate our centres and digital services, including through the use of CCTV, device/website tracking and the logging of security, health and safety incidents;
• respond to complaints, queries, feedback and disputes;
• tailor our centre precinct and digital offerings to your activities, preferences and needs; and
• conduct market research to obtain your feedback on your experiences with us.

If you contact us in person, via our websites or by phone, email, letter or other communication, we collect your personal information so that we can provide you with an appropriate response, address any complaints, queries or feedback which you raise and maintain records of our communications. We also monitor your communications with us for security, dispute resolution and training purposes.

We collect sensitive information, such as:

• health information, where required, for managing compliance with our health and safety obligations and responding to health and safety risks and incidents, including for the purpose of providing government health agencies with access to records to trace individuals who have been in contact with an individual diagnosed with coronavirus; and
• criminal offence details as part of employment screening and where individuals have committed, or are suspected of, criminal offences at our locations.

We also de-identify and aggregate information for the purpose of conducting visitor behavioural analytics to better understand and report on the experiences, demographics and interests of our visitors, including the retailers, locations and website pages that are most popular with our customers.

2. For Customers and Hotel Guests 

When you visit our shopping centre precincts, the kinds of personal information we collect from you both directly and through our service providers includes:

When you enter our car parks

At some of our centres, we use CCTV and other sensor technology within our car parks to collect your vehicle’s number plate details, images of your parked vehicle and other surveillance footage in order to:

• monitor car park usage, dwell time and occupancy;
• manage centre car parking operations and precinct security;
• allow you to pay for parking using on-premise or online options;
• help you to locate your vehicle; and
• identify, or assist law enforcement or governmental bodies in identifying, persons or vehicles:
  • suspected of involvement in committing offences; or
  • being monitored for public health and safety purposes.   

If you choose to register with us for parking, we collect your name, email address, postcode, telephone number, vehicle number plate, vehicle make, vehicle model and credit card details and, where applicable, additional details such as disability parking permit details (where providing disability permit holders with certain free parking facilities) and residential or work address details (where you have registered for parking as a resident or worker at one of our mixed-use properties).  We use this information to:

• manage your parking; and
• allow you to pay for parking using our online options.

When you visit our shopping centre precincts

During your visit to any of our locations, we and our service providers:

• collect CCTV and other images both inside and outside our centres, including from centre entry and exit points and adjacent public areas (including roads and footpaths).  We collect and use these images:
  • to ensure the safety and security of those visiting and working at our locations;
  • to manage traffic flow at our locations;
  • for the protection of our lawful interests;  
  • to identify, or assist law enforcement or governmental bodies in identifying, persons that are suspected of committing offences or who are being monitored for public health and safety management purposes;
• offer public Wi-Fi services if you choose to register and provide us with your contact details or social media ID:
  • we collect from your use of our Wi-Fi:
    • MAC address, device ID, IP address assigned to the device, type of device and type of web browser you are using;
    • the dates, times and locations from which you access our Wi-Fi (including your proximity to other individuals);
    • the websites which you access using our Wi-Fi; and
    • if you sign onto our Wi-Fi using a social media ID, publicly available social media posts, personal information and demographic data which we obtain from those social media platforms;
  • we use this information in combination with other information which we collect to improve our services as well as:
    • conduct market research and consumer behavioural analytics;
    • send you promotions, surveys and other marketing materials;
    • manage the security of our centres and networks; and
    • to identify, or assist law enforcement or governmental bodies in identifying, persons that are suspected of committing offences or who are being monitored for public health and safety management purposes.
• offer mobility equipment for hire within our shopping centres if you provide us with your name, address, phone and email address as part of your hirer registration record. We also ask to sight your driver’s licence details in some of our centres for security reasons and to verify your identity;
• run centre events and services, such as fashion launches, centre tours, bus services, festive events, holiday programs and community walking clubs for which we collect your name, contact details, emergency contact details (and in some cases residential address and credit card details for paid events) as part of registering you for these services;
• offer shopping centre gift cards (physical or digital) for which we ask you to provide your name and contact details as part of providing you with your gift card purchase and managing our gift card fulfilment operations;
• run competitions and promotions for which we ask you to provide your name, contact details, month and year of birth, gender and certain additional details such as a photo, video or social media post, depending on the type of competition we are running;
• log health and safety incidents which take place at our locations and collect the details of those involved in, or witness to, the incident (including injury, health, safety and risk information);
• manage public health and safety risks, including by maintaining visitor registers, logging COVID questionnaire responses and monitoring visitor movement for the purposes of managing COVID-related risks.  Where public health and safety risk is identified for individuals that have been at our locations, we may disclose known information regarding such individuals to governmental bodies for public health and safety management purposes includes name, contact details, CCTV footage, MAC address details (if known), location details and proximity between individuals at our locations; 
• log actual or suspected offences or other prohibited conduct which takes place at our centres and collect the name, contact details, incident details from those involved including witnesses, as well as photographs and CCTV footage;
• offer you the chance to subscribe to centre news and future loyalty programs by providing your name, contact details, gender, country of residence, month and year of birth; and
• conduct market research surveys and interviews as part of collecting your feedback on how we can improve the experience at our locations. We may ask for your name and contact details when conducting market research for the purpose of arranging follow-up interviews so that we can better understand your experience at our centres.

Other reasons why we collect your information:

• when permitted or required by law;
• when you report an incident, lose a family member or friend or property within our centres, make a complaint, make an inquiry or request assistance from our customer service desk, centre management office or security officers, or provide other feedback to us;
• where devices are enabled, or identifiable, we conduct device monitoring via in centre-infrastructure, including the collection of MAC addresses, and location update information from such devices for the purposes of understanding centre arrival and departure time, occupancy, dwell time, traffic flow monitoring and shopper behaviour analytics; and
• we also use people counters and traffic flow tools which help us better understand and track how busy our centres are, to assist us to comply with laws, regulations and other legal requirements regarding the number of persons permitted in certain areas.

When you visit Hotel Chadstone Melbourne MGallery by Sofitel

We are committed to providing Hotel guests with a seamless experience which connects Hotel Chadstone to the broader Chadstone Shopping Centre precinct. When you visit or book to stay at Hotel Chadstone, personal information collected by Accor as the Hotel Manager appointed to operate Hotel Chadstone will be used to:

• manage your booking and provide you with access to Hotel Chadstone facilities and services;
• manage and operate Hotel Chadstone facilities and services as well as comply with legal obligations;
• tailor and improve the quality of your Hotel experience based on your feedback; and
• where consented to, provide you with Accor marketing communications. 

The kinds of personal information collected as part of your booking or visit to Hotel Chadstone may include:

• for Hotel reservations, your name, country of residence, nationality, address, phone number, email address, passport and reservation details;
• for Hotel bars, restaurants and events, including dining at Altus Rooftop or Pastore Restaurant, your name, contact details, COVID questionnaire responses, body temperature and dietary requirements.

Personal information collected by Accor in connection with Hotel Chadstone is shared with:

• hotel service providers as well as other Accor Group legal entities and service providers, some of which are located in a country other than Australia, for the purposes described above; and
• Vicinity as the property manager for Hotel Chadstone and the broader Chadstone Shopping Centre precinct for the purpose of planning and overseeing Hotel Chadstone operations, providing Chadstone Shopping Centre marketing communications as well as improving the quality of your Chadstone experience.

For more information about Accor and how it handles your personal information, please refer to Accor’s Customer Personal Data Protection Charter available at https://www.accorhotels.com/security-certificate/index.en.shtml. For privacy related queries, access, correction or deletion requests, or complaints about Accor’s handling of your personal information, please contact data.privacy@accor.com

When you use our Digital Services

When you access or subscribe to our websites, applications, online services, social media channels, public Wi-Fi or electronic communications (“Digital Services”), the kinds of information (including, in some cases, personal information) which we may collect both directly and through our service providers include:

• your name, month and year of birth, gender, postcode, country of residence, email and mobile number;
• your preferences, interests and demographic data which allows us to tailor our communications to you regarding centre news, events and promotions;
• additional information, such as your photos and posts when you publish, message or otherwise share this information with us through our Facebook or Instagram pages, mobile applications or websites; and
• data about your use of these services including information about what parts of these services you access, your IP address, the dates and times at which you use these services and usage data collected through certain website and application monitoring tools.

We link and collate profile information about your use of our shopping centres and Digital Services to improve and better tailor our in-centre offerings and Digital Services to meet your needs. We also collate information about your use of our shopping centres and Digital Services in order to conduct market research surveys and collect your feedback on your in-centre and digital experiences and interactions with us.

We also collect information about your usage of our Digital Services by using cookie files and other tracking technology in our Digital Services. Tracking technologies can be used for a variety of purposes, such as:

• to help us recognise you as a unique visitor to our websites and to store your individual preferences, so that we can customise our websites to reflect your interests;
• to help us and our advertising affiliates monitor your use of our Digital Services and deliver a more relevant and personalised service to you, including through targeted advertisements and promotional offerings; and
• system administration and to manage site security and store information about the type of browser being used.

You can accept or reject cookies by changing the relevant settings associated with your browser.  However, if you decline cookies, you may be unable to access some parts of our websites.

We also collect information relating to other unique identifiers such as Flash cookies (also known as local stored objects), IP addresses and device identifiers that help us understand device and browser interactions, and activity on our websites and in our centres.

We may also use the information which you provide to us when subscribing to our Digital Services to identify suitable target audiences for our promotional offerings, services and advertising.

3. For Retailers and Licensees

In addition to the above information collected from individuals visiting our centres, the kinds of personal information which we collect from retailers and licensees both directly and through our service providers include:

If you lease, license or apply to lease or license space from us

The types of personal information which we collect from you (as an actual or prospective tenant, licensee or assignee) include:

• from retailers and licensees: name, address, date of birth, contact and insurance details, job position as well as information on your business experience, trading history, financial capacity and personal and business assets and liabilities;
• from guarantors: name, address, date of birth, contact details, information on your business experience, trading history, financial capacity as well as personal and business assets and liabilities; and
• from retailer or licensee personnel: name, job position, contact details and any other information required for registering retailer personnel for centre services, such as retailer car parking programs for which we collect vehicle number plate details.

 We use this information to:

• assess whether to grant a lease, licence or other rights to use our facilities or services;
• manage our relationship, agreements, payment processing and communications with you (including notices issued under lease or licence);
• manage and operate the centres in which you lease or license space from us;
• monitor the performance of our centres;
• contact you in the event of a security incident or emergency;
• understand your interests, preferences and activities as a retailer or licensee at our centres; and
• conduct market research surveys and interviews to gather feedback and better understand how to improve the retailer or licensee experience at our shopping centres.

Our Vicinity Connect Platform for retailers and licensees

If you are a retailer or licensee and you use the Vicinity Connect Platform (“Platform”) your use of the Platform is governed by Terms of Use which are made available on the Platform.  In the course of your use of the Platform:

• we may collect your contact details, email address and company name on registering for access to the Platform;
• we may also collect from your interactions with the Platform your dates and times of Platform access, the URL of Platform webpages visited, your IP address, cookie data and device identifiers (including device type and browser type) which help us understand device and browser interactions; and
• we will share with you and other retailers and licensees, aggregated and de-identified data and insights in relation to retail activities in our centres Australia-wide.

4. For Investors

If you invest in us in an individual capacity

Link Market Services Limited (“Link”), the service provider which manages our security holder registry:

• collects personal information from you including your contact details, bank account information, tax file number and other information which it requires to carry out its functions;
• uses this information for purposes including the payment of distributions and dividends as well as the sending of annual and half yearly reports, notices of meetings and notifications to the Australian Taxation Office;
• collects some of this information pursuant to laws including the Income Tax Assessment Acts and the Corporations Act 2001 (Cth), which also requires us to make some security holder details available to members of the public on request;
• is provided with your queries and contact details by us if you contact us as a security holder; and
• provides us with your contact details for the purposes of our communications with you.

For more information about Link and how it handles your personal information, please refer to the Link privacy policy on the website www.linkmarketservices.com.au or contact Link on:

Email: privacy.officer@linkgroup.com

Post:
Attn: Privacy Officer
Link Group
Locked Bag A14
Sydney South NSW 1235

Phone: +61 1800 502 355 (free call within Australia)

5. For Service Providers

If you or a company which you work for provides goods or services to us, we collect personal information in order to manage our relationship with you, including for the purposes of registering your visits to our locations as well as managing onboarding, health and safety checks and compliance processes which apply to our service providers, including COVID questionnaires and body temperature checks.

The kinds of personal information which we collect from you if you are service provider personnel may include:

• name, address, date of birth, contact details and employment screening results (including reference, background, criminal record and eligibility to work checks);
• insurance details as well as information on licences, permits and  qualifications which you possess;
• information about your financial standing and business experience;
• registers which record the start and end time of your visits or work at our properties (which in some circumstances is collected via biometric fingerprint scanners or mobile phone geolocation-based check in); and
• health and safety screening results from your onboarding/site questionnaire responses.

We collect this personal information directly from you and from others, such as your representatives, referees, current and previous employers, professional and trade associations as well as law enforcement agencies, employment screening providers and publicly available sources such as LinkedIn.

6. For Job Applicants

If you apply to work with us, we collect the information which we require to consider your application for employment, consider and contact you about other positions and manage our employment relationship with you if you are successful in becoming a member of our team. The kinds of personal information which we collect when you apply for employment with us includes:

• your name, address, date of birth and contact details;
• work experience, qualifications, employment history and resume;
• tax file number and bank account details; and
• employment screening results (including reference, background, criminal record and eligibility to work checks).

We collect this information directly from you as well as from others, such as  our representatives, referees, academic institutions, current and previous employers, professional and trade associations as well as law enforcement agencies, publicly available sources such as LinkedIn as well our employment screening service provider Fit2Work which is owned by Equifax Australia Workforce Solutions Pty Limited ABN 86 080 799 720 (previously the Mercury Group of Companies). 

For more information about Fit2Work and how it handles your personal information, please refer to the Equifax Privacy Policy at https://www.equifax.com.au/hrsolutions/termsandconditions.html.

7. Further information and your rights

From whom do we collect your personal information

We may collect your personal information directly from you or from third parties, such as:

• our service providers;
• our retailers and licensees;
• our related entities;
• our property owners, joint venture partners, hotel managers and property managers (including those from whom we acquire a centre); and
• from public registers.

We also collect information which does not identify you from third parties, such as data businesses and public sources, such as Census data.

We may share your personal information with third parties, including:

• our service providers who assist us with:
  • developments, technology services, marketing, communications, research and analytics;
  • business advisory services (including recruitment, legal, accounting and audit);
  • car park operations, hotel operations, utilities, cleaning and security services;
  • call centre, contract management and administrative services, including mailing, delivery and archiving services; and
  • insurance, banking, payment processing and debt collection services;
• with other users of our websites, applications or social media channels where you have chosen to share your personal information with those users through your use of that service;
• with brokers, agents and advisers and persons acting on your behalf, for example, a custodian, asset consultant or person who holds a power of attorney;
• with our related entities, joint venture partners and shopping centre owners for whom we provide property management services as well as to prospective buyers or future property managers of our business or the properties which we manage;
• with governmental bodies where a health or safety risk is identified for individuals that have visited one of our centres;  
• for regulatory and enforcement purposes where necessary in order to report actual or suspected offences, illegal or fraudulent activity to police or other enforcement agencies as well as to meet our legal and regulatory obligations, including in order to respond to warrants and other lawful information requests from courts as well as protect our lawful interests; and
• as otherwise permitted or required by law.

Overseas disclosures

Generally, we use systems and services in Australia, however some of our investment activity and service providers are located overseas.

If you hold an investment that is issued overseas, the details of the rules relevant to that investment product were notified to you in the product offer document. If you are a security holder residing outside Australia, we may also provide your information to authorities of the jurisdiction in which you reside such as tax authorities, banks and other permitted bodies to make distribution and dividend payments, comply with the laws of that jurisdiction and communicate with you or your representatives.

Some of our hotel and technology service providers also provide hosting of our data in countries outside of Australia, including the United States, Singapore and Japan.

How do we store and protect your personal information?

We store personal information both electronically and in hard copy form, both at our premises and with the assistance of our service providers, including several cloud service providers. We have a number of security controls which we apply in relation to our people, processes and technology including:

• internal data handling policies;
• access controls; and
• reasonable IT network security measures such as intrusion detection systems and protective security software applications.

However, no data transmission or storage on the internet can be guaranteed as completely secure.  While we strive to protect our data and are continually reviewing our security systems to improve them, we cannot ensure and do not warrant the absolute security of the data we collect.

Data breach response

Please notify us immediately if you become aware of any misuse, interference or loss or any unauthorised access, modification or disclosure of personal information held by us (“Data Breach”) or any other security incident affecting data held by us using the contact details provided at the end of this policy.

If we become aware of a Data Breach, we will promptly investigate the incident, and take reasonable steps to contain and remedy the breach.  To help you maintain the security of your personal information, we will take steps to notify you as soon as practicable if we believe that the Data Breach would likely result in serious harm to you.  Where possible, we will provide you with recommendations on the steps that you can take in response to the breach.

After investigating a Data Breach, we may disclose information to the Office of the Australian Information Commissioner and to law enforcement agencies about the incident in order to comply with our reporting obligations under the Privacy Act, and to enable the Office of the Australian Information Commissioner and law enforcement agencies to assess and investigate the incident.

How can you seek access, correction or updates to the personal information which we hold about you?

If you are a customer, retailer, licensee, service provider or job applicant, you can seek access, correction or updates to personal information which we hold about you by contacting our privacy team using the details provided at the end of this policy.

If you are a security holder, you can contact Link using the details provided in the “For Investors” section for access, correction or update requests in relation to personal information which Link collects about you on our behalf. For all other investors, please contact your fund manager or other applicable investment representative.

There is no fee charged by Vicinity for accessing your information. We endeavour to respond to your access request within 30 days of receiving the request. Before we give you access to information, we will need to confirm you are appropriately authorised to access the information, which may include an identity verification process. In certain circumstances we are allowed to deny your access request or limit the access we provide. For example, we may not provide you with access to records which contain the personal information of others.

It is also important that we have your correct details, such as your current address and telephone number. You can ask us to correct any inaccurate information we hold or have provided to others by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests. If we’re able to correct your information, we’ll inform you when the process is complete. If we disagree with the request to correct, we’ll let you know in writing and include our reasons. You may ask us to add a note of your correction request to the information we hold about you.

How can I make a complaint?

If you have a concern or complaint about our handling of your personal information, please contact our Privacy Officer using the details provided at the end of this policy. We’ll review your situation and work towards resolving it within a reasonable timeframe.

We acknowledge every complaint we receive, provide contact details of the investigating officer and keep you updated on the progress we’re making towards investigating the complaint.

Usually, it takes only a few days to investigate a complaint. However, if we’re unable to provide a final response within 30 days we’ll contact you to explain why and discuss an appropriate timeframe to investigate the complaint.

If you’re not satisfied with our handling of your matter, please let us know using the contact details below so we can ensure that you are given the benefit of our complaint processes.

If you are still not satisfied with the response, you can contact the Office of the Australian Information Commissioner by calling 1300 363 992, submitting your issue online at www.oaic.gov.au or writing to the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.

How can I contact Vicinity Centres’ privacy team?

For privacy related queries, access or correction requests, or complaints, please contact our Privacy Officer at:

Email: privacy@vicinity.com.au

Post:
Privacy Officer
Vicinity Centres
Level 4, Chadstone Tower One
1341 Dandenong Road
Chadstone VIC 3148

Phone: +61 3 7001 4000, Monday to Friday between 9am to 5pm Melbourne time.

How can I get further information about privacy?

For more information about privacy generally, you can also refer to the website for the Office of the Australian Information Commissioner (www.oaic.gov.au) or contact the OAIC using the contact details provided in the “How can I make a complaint?” section above.