1 Who we are
We are the Dexus Group (Dexus, we, our, us) a fully integrated real asset group, listed on the Australian Stock Exchange (ASX: DXS). ‘Dexus’, ‘we’, ‘us’ or ‘our’ refers to Dexus Group related entities and trusts operating in Australia and New Zealand.
All staff at Dexus (including employees, secondees, contractors, directors, as well as any other persons operating on behalf of Dexus, are required to follow the principles outlined in Dexus policies and procedures, so that we ensure that your personal information is used responsibly, ethically and in a transparent manner.
2 What is ‘personal information’
By your ‘personal information’ we mean any information about you that we may collect or use regarding you as a client, prospective client, member of the public, tenant, third party or employee of a third party we deal with, director, officer or representative, which is reasonably identifiable. This can include information such as contact information, marketing preferences, identity documents, financial data, complaints and customer inquiries or you use of our website, depending on your interactions with us.
‘Sensitive information’ is a subset of personal information which we may, in appropriate contexts, collect and use. This can include information about your race, political or religious beliefs, sexual preferences, criminal convictions, membership of a professional or trade associations or unions or health information. We will not collect your sensitive information without first asking for your consent. An assessment on the impact of collecting and using sensitive personal information is conducted prior to the commencement of a business activity, to ensure that the appropriate controls to protect your privacy are in place.
3 The kinds of personal information we collect and hold
The kinds of personal information we collect and hold about you will depend on our dealings with you. In general terms the kinds of information we collect include:
- Identity: your name, date of birth, answers to security questions
- Contact details: your home address, postal address, phone number, email address
- Images: your image may be collected by CCTV or photography footage if you visit our properties or car parks (this could also collect your licence plate details at some properties)
- Financial information: income, asset and liability information, financial statements, bank account information
- Government identity documents:government related identifiers required to identify you (such as your driver licence or passport number)
- Tax information: tax file number and tax-related information (whether in Australia or overseas)
- Employment applications: information related to your application if you apply for a job with us
- Professional advisors: details of your financial, accounting or legal advisors
- Service information: any information about you in relation to our products, services, promotions or marketing preferences
- Sensitive information: some information that could be sensitive in nature may be derived about you in the course of the following:
- Hiring employees or appointing officers
- Know your customer (KYC) checks or anti-money laundering related checks
- Accidents and injuries on Dexus property or in connection with employment at Dexus
- The placement of security infrastructure (such as CCTV footage - see section 4)
Since the onset of COVID 19, some of the kinds of information we collect, hold and use about you may related to contact tracing requirements set by the government.
4 How we collect your personal information
The above information may be collected from a range of sources, depending on your dealings with us. We will generally collect your personal information directly from you, or from relevant third parties. We can also collect your personal information from:
- Our forms: we collect your personal information from applications, seminar or website forms in respect of any of our products or services
- Other members of the Dexus Group: your personal information may be collected from other members in the Dexus Group, for administration, maintenance or to provide you with products or services you may be interested in
- Our services: we may collect information from your use of our services or attend any of the Dexus premises (such as Dexus Place or visitor meetings) including our membership and seminar programs as well as services bookings across our properties (e.g. parking bookings and mobility assistance services)
- Lease arrangements: your personal information may be collected if you are a tenant, guarantor or representative of a corporate tenant connected to a lease of a Dexus property (both during negotiations and during the term of the lease)
- CCTV: images may be collected through CCTV for property security and safety
- Event photography/videography: imagery from events of special experiences/competitions may be collected and used in marketing/promotional material
- Service providers: we may collect personal information if you work for a company that supplies goods or services to us
- Our apps: we may collect personal information provided through our apps, including our Customer mobile app
- Third parties: where we collect your personal information from a third party (e.g. a broker, financial advisor or accountant, or our agents or service providers) we will take reasonable steps to inform you of certain matters which will include our identity and contact details
We will take reasonable steps to confirm the accuracy, completeness and currency of your Personal Information when we collect and use it.
5 What happens if Dexus cannot collect personal information
You are not required to provide personal information to us. If you do not wish to provide your personal information for any of the purposes listed in section 4, we may not be able to provide or tailor our products, services or information to you, either to the same standard or at all (for example certain functions of our website may not function properly if you disable cookies).
6 How we store/hold your personal information
We may hold your personal information in either electronic or hard copy (paper) form. We retain your personal information in:
- Our services providers computer systems and databases (some of which are cloud based), and in our physical files
- Secured servers or in storage located in controlled, access restricted environments
- For personal information collected in respect of investments, Dexus’s security holder and unit holder registers are maintained either internally or by our external registry service providers. This information is used to carry out registry functions including facilitating distribution payments and corporate communications such as financial results, annual and half yearly reports. We require external service providers to comply with the requirements of all relevant Privacy Laws in handling personal information
- In certain circumstances, personal information may be stored on behalf of us in hard copy or electronic forms by our service providers (such as offsite document storage providers or electronic data storage providers)
Some information may be stored in offshore locations. Refer to section 10 for details.
7 Notification of collection of personal information
When we collect personal information, including from a third-party, we will take steps to provide notification to you to inform you about the purpose for the collection. This notification will outline how the information may be used, disclosed and stored for the purposes it is collected for.
8 Why we collect personal information
The purposes for which we collect, use and disclose your personal information depends on the dealings you may have with us, and these purposes may differ for tenants, investors, visitors, contractors, customer service providers and job applicants. These include:
- Products and services: to assess, maintain, administer, and provide you with the products or services you have applied for
- Memberships: to provide you with access to our memberships, including discounts, rewards, and members services through the program
- Our lease arrangements: Dexus uses personal information for purposes including evaluating whether to grant leases and/ or enter into agreements with prospective tenants, documenting these leases and/or agreements, performing its obligations under leases and/or agreements with tenants, managing relationships with tenants and monitoring properties
- Investments: to process, establish and administer your investment in a fund
- Comply with law: to comply with the laws that apply to the product or service you have with us, including anti-money laundering and counter-terrorism financing laws, taxation laws and the Foreign Account Tax Compliance Act (FATCA) or Common Reporting Standards (CRS) and respond to any regulator or legal enforcement investigations or enquiries
- Confirming and verifying your identity: (this may involve the use of a credit reference agency or other third parties acting as our agents) and to conduct due diligence, including ‘Know Your Customer’ checks and other procedures that we undertake prior to you becoming our customer. We may also screen against publicly available government and/or law enforcement agency sanctions lists
- Customer service: to provide, administer, improve and personalise our services, process payments, identify you, to communicate with you in relation to our services and to respond to your enquiries
- Vendor relationships: to manage the supply of goods and services with our suppliers
- Employment applications: collected from unsuccessful job applicants or their agents may be retained in case a more appropriate opportunity becomes available. The unsuccessful applicant will be advised that they can contact Dexus to request Dexus not to retain the applicant’s information
- Safety and security: to maintain the safety and security of property and individuals working at or visiting our properties. This includes collecting and using CCTV footage, and for the purposes of COVID-19 contact tracing as required by the relevant state legislation
- App services: to provide you with the services in our Tenant mobile app which provides access to local and building information and services
- Marketing and analytics: to send you direct marketing communications and information about our services, mostly by email. We may also use your personal information to analyse usage of the program, improve our product, service and membership content and product offers, and conduct advertising and promotions. You have a right to opt-out of receiving any direct marketing communications from us
- Managing shopping centres and other properties: to provide access to our Wi-Fi services, which may involve collecting information including your device ID, device type, geo-location information on any movement of your device throughout our premises, to facilitate the purchasing, and redemption of shopping centre gift cards, and any other purposes that are incidental to, or directly connected with, the operation of properties
- The detection, investigation and prevention of fraud and other crimes or malpractice: For the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), for obtaining legal advice or for establishing, exercising, or defending legal rights
- Effecting a transaction where a third party is taking control or ownership of a relevant business activity; and
- Any other purposes that are incidental to, or directly connected with, the above purposes or otherwise in the course of our legitimate financial services business activity.
9 Who we may disclose your personal information to
For the purposes stated above, we may disclose your personal information to:
- Financial institutions for payment processing
- Our contactors and any third-party service providers who assist us in the operation of the business and/or the provision of our services, including those that provide customer, registry, administration, external dispute resolution services, archival, marketing, advertising, electronic mailing houses, and information technology services
- Our professional advisers (including legal, accounting firms, auditors and other advisors) on a confidential basis
- Advisers and dealer groups
- Other entities within the Dexus
- Government agencies as required by law
In the event that a Dexus entity is sold to a third party, your personal information collected by that entity in accordance with the Australian Privacy Principles and that is required for its ongoing operation will be retained by that entity during and after its sale. In the event that your personal information is required to be provided to a potential purchaser of a Dexus entity as part of sale negotiations or due diligence related activities, where reasonably possible that information will be deidentified.
Images of individuals collected by CCTV may be provided by us to tenants, law enforcement bodies and insurers for purposes associated with ensuring the security of our customers and properties and investigating unlawful conduct.
10 Overseas disclosures
Depending on the type of service or product we provide to you, your personal information may be disclosed to our contractors and unaffiliated service providers located in other overseas jurisdictions such as the United States, Europe and the Asia Pacific region.
Overseas recipients may not be subject to privacy obligations equivalent to those under the Privacy Act and could be compelled by foreign law to disclose information.
We will take reasonable steps to protect your personal information from misuse, interference and loss, unauthorised access, modification or disclosure. We use technologies and processes such as access control procedures, network firewalls, encryption, password protected databases and physical security measures to protect your personal information.
We keep your personal information for only as long as is necessary for the purpose for which we collected it. We will also take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for the purposes stated under this policy.
Personal information is held on secured servers or in storage located in controlled, access restricted environments. Our employees (including senior management) are aware of their obligations and the importance of good information handling and security obligations. They are required to maintain the confidentiality of any personal information held by us.
For personal information held on behalf of us in hard copy or electronic form by our service providers (such as offsite document storage providers or electronic data storage providers), we enter into agreements with such service providers which impose confidentiality and privacy obligations on the service provider.
12 Data breach notification
We will report certain data breaches (known as Notifiable Data Breaches) to you, if you are at likely risk of serious harm, and to the Office of the Australian Information Commissioner and/or The Office of the Privacy Commissions New Zealand as required.
A notifiable data breach may occur where personal information held by us is lost or subjected to unauthorised access or unauthorised disclosure.
When you visit our website, we and/or our contractors may collect information about you which may include personal information (which will be or is de-identified) such as:
- The date and time you visited our website
- The pages you viewed and how long you viewed those pages
- General location information
- Information about the type of device you used to visit our website
- The IP address automatically assigned by your Internet Service Provider to the device you used to visit our website
We use this information (i) to personalise the content of the website for you (e.g. make it easier to log in, maintain a shopping basket for your orders and access information about your account) and (ii) for system administration, preparation of statistics on the use of our website and to improve our website’s content. This information may also be used for the purposes of targeted advertising based on your online behavioural profile.
14 Social Media
We access aggregate, non-personalised statistics on our coverage in social media.
15 Access to and correction of your personal information
You have the right to access the personal information that we hold about you. You can also request an amendment of your personal information if you believe that it contains inaccurate information, or you can ask us to remove your personal information from our records.
We will allow access or make requested changes to your personal information unless there is a reason under the Privacy Act or other relevant law to refuse you access or refuse to make the requested changes. We will seek to respond to requests for access to or correction of personal information within 30 days of the date of the request. If we refuse any request for access to or correction of personal information held by us, we will provide you written reasons for that refusal.
If you wish to obtain access or to request changes to your personal information, you can contact our Privacy Officer (details below). Dexus may recover reasonable costs associated with providing you with access to your personal information.
16 Complaints and questions
If you have questions about how we handle your personal information, or if you have a complaint about Dexus’s information handling practices, you can contact the Privacy Officer, as follows:
Phone: +612 9017 1100
Mail: Privacy Officer, Dexus, PO Box R1822, Royal Exchange NSW 1225
In particular, if you wish to make a complaint about how we have handled your personal information, you should provide a written complaint to our Privacy Officer.
We will acknowledge receipt of your complaint within 48 hours and will investigate and respond within 20 days of receiving a complaint from you. If you are not satisfied with the decision, you can contact us to discuss your concerns. If the complaint remains unresolved, you have the option of notifying Office of the Australian Information Commissioner or the Office of the Privacy Commissioner New Zealand.
Office of the Australian Information Commissioner
- Email: firstname.lastname@example.org
- Online: Office of the Australian Information Commissioner
- Phone: 1300 363 992
- Mail: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001
Office of the Privacy Commissioner New Zealand
- Online privacy complaint form: Office of the Privacy Commissioner New Zealand
- Phone: 0800 803 909
- Mail: Office of the Privacy Commissioner, PO Box 10 094, Wellington 6143
17 Our policy
This policy will be reviewed on an annual basis (or more regularly if there are changes to the legal or regulatory framework which applies to this policy) to ensure it is renewed and updated appropriately. We will notify any changes by posting an updated version of this policy.