Privacy Policy
We are committed to protecting and maintaining your privacy. Dexus complies with the Privacy Laws across the Australian and New Zealand jurisdictions. This Privacy Policy explains how Dexus handles the personal information that we collect in the course of operating our business.
1 Who we are
We are the Dexus Group, a fully integrated real asset group, listed on the Australian Stock Exchange (ASX: DXS). ‘Dexus,’ ‘we,’ ‘us’ or ‘our’ refers to Dexus Group related entities and trusts operating in Australia and New Zealand.
All staff at Dexus (including employees, secondees, contractors, directors, or any other persons operating on behalf of Dexus), are required to follow the principles outlined in Dexus policies and procedures, to ensure your personal information is handled responsibly, ethically and in a transparent manner.
2 What is ‘personal information’
By your ‘personal information’ we mean any information or an opinion about you, which is reasonably identifiable. This can include, but is not limited to name, contact information, address, marketing preferences, identity documents, financial information, health records.
Sensitive information
Sensitive information is a subset of personal information which we may, in appropriate contexts, collect and use. This can include information about your racial or ethnic origin, appearance, citizenship or immigration status, political or religious beliefs, sexual preferences, criminal records, membership or affiliation with a professional or trade associations or unions or medical records. We will not collect your sensitive information without first seeking your consent. Where required, we perform an assessment on the impact of collecting and using sensitive personal information prior to the commencement of a business activity, to ensure appropriate controls to protect your sensitive personal information are in place.
3 The kinds of personal information we collect and hold
-
Identity: your name, date of birth, gender, answers to security questions
-
Contact details: your home address, postal address, phone number, email address
-
Images: your image may be collected by CCTV or photography footage if you visit our properties or car parks (this could also collect your licence plate details at some properties)
-
Financial Information: income, asset and liability information, financial statements, bank account information
-
Government Identity documents: driver’s licence or passport
-
Tax information: tax file number and tax-related information (whether in Australia or overseas)
-
Employment applications: name, phone number, information related to your previous employment, referee’s contact information, ID documents for background checks for successful candidates
-
Professional advisors: details of your financial, accounting or legal advisors;
-
Service information: any information about you in relation to our products, services, promotions, or marketing preferences
-
Sensitive information: information that could be sensitive in nature such racial or ethnic origin, appearance, criminal records, or medical records may be collected with consent
4 Why we collect your personal information
The purposes for which we collect, use, and disclose your personal information depends on the dealings you may have with us, and these purposes differ for tenants, investors, visitors, contractors, customer service providers, job applicants and employees. These include:
-
Products and services: to assess, maintain, administer, and provide you with the products or services you have applied for
-
Memberships:to provide you with access to our memberships, including discounts, rewards, and members services through the program
-
Our lease/licence arrangements: to evaluate whether to grant leases and/ or enter into agreements with prospective tenants, document these leases and/or agreements, perform its obligations under leases and/or agreements with tenants, manage relationships with tenants and monitor properties
-
Investments: to process, establish and administer your investment in a fund
-
Comply with law: to comply with the laws that apply to the product or service you have with us, including Anti-Money Laundering and Counter-Terrorism Financing laws, taxation laws and the Foreign Account Tax Compliance Act (FATCA) or Common Reporting Standards (CRS) and respond to any regulator or legal enforcement investigations or enquiries
-
Confirming and verifying your identity: (this may involve the use of a credit reference agency or other third parties acting as our agents) and to conduct due diligence, including ‘Know Your Customer’ checks and other procedures that we undertake prior to you becoming our customer. We may also screen against publicly available government and/or law enforcement agency sanctions lists
-
Customer service: to provide, administer, improve, and personalise our services, process payments, identify you, to communicate with you in relation to our services and to respond to your enquiries
-
Vendor relationships: to manage the supply of goods and services with our suppliers
-
Employment applications: to facilitate the employment application process, personal information collected from unsuccessful job applicants, or their agents may be retained in case a more appropriate opportunity becomes available. An unsuccessful applicant will be advised that they can contact Dexus to request Dexus not to retain the applicant’s information
-
Employee management: to manage the employee lifecycle, including onboarding and offboarding, manage remuneration and payroll, facilitate performance management, career development and training, provide benefits and ensure workplace health and safety
-
Safety and security: to maintain the safety and security of property and individuals working at or visiting our properties, this includes collecting and using CCTV footage, recording personal information of individuals involved in or impacting by an incident at the property.
-
App services: to provide you with the services in our Tenant mobile app which provides access to local and building information and services
-
Marketing and analytics: to send you direct marketing communications and information about our services, mostly by email. We may also use your personal information to analyse usage of the program, improve our product, service and membership content and product offers, and conduct advertising and promotions. You have a right to opt-out of receiving any direct marketing communications from us
Managing shopping centres and other properties: to provide access to our Wi-Fi services, which may involve collecting information including your device ID, device type, geo-location information on any movement of your device throughout our premises, to facilitate the purchasing, and redemption of shopping centre gift cards, and any other purposes that are incidental to, or directly connected with, the operation of properties -
The detection, investigation and prevention of fraud and other crimes or malpractice: For the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), for obtaining legal advice or for establishing, exercising, or defending legal rights
-
Effecting a transaction: where a third party is taking control or ownership of a relevant business activity; and
-
Any other purposes: that are incidental to, or directly connected with, the above purposes or otherwise during our legitimate financial services business activities.
5 How we collect your personal information
The above information may be collected from a range of sources, depending on your dealings with us. We will generally collect your personal information directly from you, or from relevant third parties. We can collect your personal information from:
• Our forms: we collect your personal information from applications, seminar, or website forms in respect to any of our products or services
• Other members of the Dexus Group: your personal information may be collected from other members in the Dexus Group, for administration, maintenance or to provide you with products or services you may be interested in
• Our services: we may collect information from your use of our services or attendance at any of the Dexus premises (such as Dexus Place or visitor meetings) including our membership and seminar programs as well as services bookings across our properties (e.g. parking bookings and mobility assistance services)
• Lease arrangements: your personal information may be collected if you are a tenant, guarantor or representative of a corporate tenant connected to a lease of a Dexus property (both during negotiations and during the term of the lease)
• CCTV: images may be collected through CCTV for property management, security, and public safety
• Event photography/videography: imagery from events of special experiences/competitions may be collected and used in marketing / promotional material
• Service providers: we may collect personal information if you work for a company that supplies goods or services to us
• Our apps: we may collect personal information provided through our apps, including our Tenant mobile app; and
Where we collect your personal information from a third party (e.g. a broker, financial advisor or accountant, or our agents or service providers) we will take reasonable steps to inform you of certain matters which will include our identity and contact details.
We will take reasonable steps to confirm the accuracy, completeness, relevance, and currency of your personal information when we collect and use it.
6 What happens if Dexus cannot collect personal information
You are not required to provide personal information to us. If you do not wish to provide your personal information for any of the purposes listed in section 4, we may not be able to provide or tailor our products, services or information to you, either to the same standard or at all (for example certain functions of our website may not function properly if you disable cookies).
7 How we store/hold your personal information
We hold your personal information in either electronic or hard copy (paper) form.
Electronic
We store your personal information on secured servers (some of which are cloud based) located in controlled, access restricted environments. Security measures are centrally implemented, managed, and monitored. Copying or transportation of personal information from the Dexus secure network or Dexus approved devices is generally not permitted.
Dexus’s security holder and unit holder registers are maintained either by us or by our external registry service providers. Where our service provider stores your personal information, we require them to comply with the requirements of all relevant Privacy Laws when handling your personal information
Hard copy
If your personal information is stored in hard copy (paper) form they are held in a secure office (generally behind a locked door) or locked cabinets, and safes, depending on the nature of the document. In certain circumstances, personal information may be stored on a secured offsite document storage facility.
Some information may be stored in offshore locations. Refer to section 10 for details.
8 Notification of collection of personal information
When we collect personal information, including from a third-party, we will take steps to provide notification to you to inform you about the purpose/s for the collection. This notification will outline how the information may be used, disclosed, and stored for the purposes it is collected for.
The notification will refer to this Dexus Privacy Policy to advise about how you may access your personal information held by us and how you may make a complaint (refer to details below for this information).
9 Who we may disclose your personal information to
For the purposes stated above, we may disclose your personal information to:
- Financial institutions for payment processing or insurance purposes
- Our contractors and any service providers who assist us in the operation of the business and/or the provision of our services
- Our professional advisers (including legal and accounting firms, auditors, and other advisors)
- Advisers and dealer groups
- Other entities within Dexus
- Government agencies as required by law
If a Dexus entity is sold to a third party, your personal information collected by that entity in accordance with the Australian Privacy Principles and only where required for its ongoing operation will be retained by that entity during and after its sale. If your personal information is required to be provided to a potential purchaser of a Dexus entity as part of sale negotiations or due diligence related activities, where reasonably possible that information will be de-identified where reasonably possible.
Images and videos of individuals collected by CCTV may be provided by us to a third party including but not limited to tenants, law enforcement bodies and insurers for purposes associated with ensuring the security of our customers and properties and investigating unlawful conduct.
10 Overseas disclosures
Depending on the type of service or product we provide to you, your personal information may be disclosed to our contractors and unaffiliated service providers located in other overseas jurisdictions such as the United States, Europe and the Asia Pacific region.
Where we disclose your personal information to an overseas recipient, we will take reasonable steps to ensure the overseas recipients are carefully chosen and comply with this Privacy Policy. Any proposal to disclose Personal Information overseas must be first approved by the Head of Compliance.
Overseas recipients may not be subject to privacy obligations equivalent to those under the Australian and New Zealand jurisdictions and could be compelled by foreign law to disclose information.
11 Security
We will take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. We use technologies and processes such as multi-factor authentication, access control procedures, network firewalls, encryption, password protected databases and physical security measures to protect your personal information.We will keep your personal information for only as long as it is necessary for the purpose for which we collected it. We will also take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for the purposes stated under this policy.
Personal information is held on secured servers or in storage located in controlled, access restricted environments. Our employees (including senior management) are aware of their obligations and the importance of good information handling and security obligations. They are required to maintain the confidentiality of any personal information held by us.
For personal information held on behalf of us in hard copy or electronic form by our service providers (such as auditors, offsite document storage providers or registry service provider), we enter into agreements with such service providers which impose confidentiality and privacy obligations on the service provider.
12 Data breach notification
Dexus has a Data Breach Response Plan in place which sets out procedures and clear lines of responsibilities for Dexus employees if Dexus or our service provider experiences a data breach or suspects that a data breach has occurred.
We will report certain data breaches (known as Notifiable Data Breaches) to you, and to the Office of the Australian Information Commissioner and/or The Office of the Privacy Commissioner New Zealand as required. A notifiable data breach may occur where personal information held by us, or on behalf of us by our service providers, is subjected to unauthorised access or unauthorised disclosure and likely to result in serious harm.
13 Website
This Privacy Policy applies to your use of our website https://dexus.com/, mobile or tablet applications and any personal information that you may provide to us via our website.
When you visit our website, we and/or our contractors may collect information about you which may include personal information (which will be or is de-identified) such as:
- The date and time you visited our website
- The pages you viewed and how long you viewed those pages
- General location information
- Information about the type of device you used to visit our website
- The IP address automatically assigned by your Internet Service Provider to the device you used to visit our website
We use this information (i) to personalise the content of the website for you (e.g. make it easier to log in, maintain a shopping basket for your orders and access information about your account) and (ii) for system administration, preparation of statistics on the use of our website and to improve our website’s content.
This information may also be used for the purposes of targeted advertising based on your online behavioural profile.
Our websites may use cookies (and other similar technologies) to collect information about your web-browser to provide you with a better navigational experience based on your visits and activity. Cookies are small text files that are stored inside your web browser which identify you to a webpage during your session. No personal information is contained in the cookie. Cookies in themselves do not identify the individual user, just the computer used. Allowing us to create a cookie does not give us access to the rest of your computer and we will not use cookies to track your online activity once you leave our site. Cookies are read only by the server that placed them and are unable to execute any code or virus. You can configure your security settings to accept or reject requests to place a cookie on your computer and you can manage and control them through your browser, including removing or deleting cookies from your browser history.
Our website may contain links to other websites which are outside our control and are not covered by this Privacy Policy. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy policy which may differ from ours.
14 Social Media
We access aggregate, non-personalised statistics on our coverage in social media platforms.
If you provide personal information via one of our social media pages (e.g. Facebook or Instagram), you must review the privacy collection notices and any terms and conditions provided by those platforms before doing so in order to understand how your personal information will be collected, stored and processed. Any personal information that may be provided to us by those social media platforms will be stored and processed by us in accordance this Privacy Policy.
15 Access to and correction of your personal information
You have the right to access the personal information that we hold about you. You can also request an amendment of your personal information if you believe that it contains inaccurate, out-of-date, incomplete, irrelevant, or misleading information, or you can ask us to remove your personal information from our records.
We will provide access or make requested changes to your personal information unless there is a valid reason that applies to refuse the request where allowed under the Australia and New Zealand Privacy Acts or other relevant law.
We will seek to respond to requests for access to or correction of personal information within 30 days of the date of the request. If we refuse any request for access to or correction of personal information held by us, we will provide you with written reasons for that refusal.
If you wish to obtain access or to request changes to your personal information, you can contact our Privacy Officer (details below).
Dexus may recover reasonable costs associated with providing you with access to your personal information.
16 Complaints and questions
If you have questions about how we handle your personal information, or if you have a complaint about Dexus’ information handling practices, you can contact our Privacy Officer, as follows:
- Email: privacy@dexus.com
- Phone: +612 9017 1100
- Mail: Privacy Officer, Dexus, PO Box R1822, Royal Exchange NSW 1225
If you wish to make a complaint about how we have handled your personal information, please provide a written complaint to our Privacy Officer. We will acknowledge receipt of your complaint within 48 hours and will investigate and respond within 20 days of receiving a complaint from you.
If you are not satisfied with the decision, you can contact us to discuss your concerns. If the complaint remains unresolved, you have the option of notifying the Office of the Australian Information Commissioner or the Office of the Privacy Commissioner New Zealand.
Office of the Australian Information Commissioner
- Email: enquiries@oaic.gov.au
- Online: Office of the Australian Information Commissioner
- Phone: 1300 363 992
- Mail: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001
Office of the Privacy Commissioner New Zealand
- Online privacy complaint form: Office of the Privacy Commissioner New Zealand
- Phone: 0800 803 909
- Mail: Office of the Privacy Commissioner, PO Box 10 094, Wellington 6143
17 Our policy
This policy will be reviewed on an annual basis (or more regularly if there are changes to the regulatory or business framework which apply to this policy) to ensure it is renewed and updated appropriately. We will notify any changes by posting an updated version of this policy.