Privacy Policy

Who we are

We are the Dexus Group (Dexus, we, our, us) a fully integrated real estate group and we are listed on the Australian Stock Exchange (ASX: DXS). Dexus includes the following companies that act in the capacity as trustees or responsible entities and that hold Australian Financial Services Licences (AFSL) and their subsidiaries:

  • Dexus Funds Management Limited
  • Dexus Investment Management Limited
  • Dexus Asset Management Limited
  • Dexus Wholesale Funds Limited
  • Dexus RE Limited
  • Dexus Wholesale Management Limited
  • Dexus Wholesale Property Limited

We are committed to protecting and maintaining your privacy. Dexus is bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). This Privacy Policy explains how Dexus handles personal information that it collects in the course of performing its functions and activities.

What is ‘personal information’? 

Personal information means information or an opinion about an individual, or an individual who is reasonably identifiable, regardless of whether the information or opinion is true or recorded in a material form. 

Sensitive information

A type of personal information is ‘sensitive information’ which includes information about your race, political or religious beliefs, sexual preferences, criminal convictions, membership of professional or trade associations or unions or health information.

We will not collect your sensitive information without first asking for your consent. 

The Legal team should be consulted prior to the collection of Sensitive Information.

The kinds of personal information we collect and hold 

The kinds of personal information we collect and hold about you will depend on our dealings with you. In general terms the kinds of information we collect include: 

  • Identity: your name, date of birth, government related identifiers required to identify you (such as your drivers licence or passport number)
  • Contact details: your home address, phone number, email address 
  • Images: your image may be collected by CCTV footage if you visit our properties or car parks (which may collect your licence plate details) 
  • Financial information: income, asset and liability information, financial statements, bank account information
  • Tax information: tax file number and tax-related information (whether in Australia or overseas) see also the website of the Office of the Australian Information Commissioner (OAIC) on the protection of tax file number information 
  • Employment  applications: information related to your application if you apply for a job with us
  • Professional advisors: details of your financial, accounting or legal advisors 
  • Service information: any information about you in relation to our products, services, promotions or marketing preferences

Since the onset of COVID 19, some of the kinds of information we collect, hold and use about you may related to contact tracing requirements set by the government. 

How we collect your personal information

The above information may be collected from a range of sources, depending on your dealings with us. We will generally collect your personal information directly from you, but we may also collect your personal information from: 

  • Our forms: we collect your personal information from applications, seminar or website forms in respect of any of our products or services
  • Our properties: we collect your personal information when you visit Dexus premises when you provide it to us to comply with COVID-19 related requirements (Dexus will retain this data for 56 days and thereafter delete it on a monthly basis)
  • Other members of the Dexus Group: your personal information may be collected from other members in the Dexus Group, for administration, maintenance or to provide you with products or services you may be interested in
  • Our services: we may collect information from your use of our services or attend any of the Dexus premises (such as Dexus Place or visitor meetings) including our membership and seminar programs
  • Lease arrangements: your personal information may be collected if you are a tenant, guarantor or representative of a corporate tenant connected to a lease of a Dexus property (both during negotiations and during the term of the lease)
  • CCTV: images may be collected through CCTV
  • Service providers: we may collect personal information if you work for a company that supplies goods or services to us
  • Our apps: we may collect personal information provided through our apps, including our Customer mobile app
  • Third parties: where we collect your personal information from a third party (e.g. a broker, financial advisor or accountant, or our agents or service providers) we will take reasonable steps to inform you of certain matters which will include our identity and contact details

We will take reasonable steps to confirm the accuracy, completeness and currency of your Personal Information when we collect it.

How we hold your personal information

We may hold your personal information in either electronic or hard copy (paper) form. We retain your personal information in:

  • Our computer systems and databases, and in our physical files
  • Secured servers or in storage located in controlled, access restricted environments
  • For personal information collected in respect of investments, Dexus’s security holder and unit holder registers are maintained either internally or by our external service providers Link Market Services Limited and BoardRoom Pty Ltd. This information is used to carry out registry functions including facilitating distribution payments and corporate communications such as financial results, annual and half yearly reports. We require external service providers to comply with the requirements of the Privacy Act and the APPs in handling personal information of our investors
  • In certain circumstances, personal information may be held on behalf of us in hard copy or electronic forms by our service providers (such as offsite document storage providers or electronic data storage providers)
Notification of collection of personal information

When we collect personal information, including from a third-party, we will generally provide notification to you to inform you about the purpose for the collection, how the information may be disclosed and that the Dexus Privacy Policy contains information about how the individual may access the personal information held by us and how you may make a complaint.

Why we collect personal information

The purposes for which we collect, use and disclose your personal information depends on the dealings you may have with us, and these purposes may differ for tenants, investors, visitors, contractors, customer service providers and job applicants:

  • Products and services: to assess, maintain, administer and provide you with the products or services you have applied for
  • Memberships: to provide you with access to our memberships, including discounts, rewards and members services through the program
  • Our lease arrangements: Dexus uses personal information for purposes including evaluating whether to grant leases and/ or enter into agreements with prospective tenants, documenting these leases and/or agreements, performing its obligations under leases and/or agreements with tenants, managing relationships with tenants and monitoring properties
  • Investments: to process, establish and administer your investment in a fund
  • Comply with law: to comply with the laws that apply to the product or service you have with us, including anti-money laundering and counter-terrorism financing laws, taxation laws and the Foreign Account Tax Compliance Act (FATCA) or Common Reporting Standards (CRS) and respond to any regulator or legal enforcement investigations or enquiries
  • Customer service: to provide, administer, improve and personalise our services, process payments, identify you, to communicate with you in relation to our services and to respond to your enquiries
  • Vendor relationships: to manage the supply of goods and services with our suppliers 
  • Employment applications: collected from unsuccessful job applicants or their agents may be retained in case a more appropriate opportunity becomes available. The unsuccessful applicant will be advised that they can contact Dexus to request Dexus not to retain the applicant’s information
  • Safety and security: to maintain the safety and security of property and individuals working at or visiting our properties. This includes for the purposes of COVID-19 contact tracing as required by the relevant state legislation
  • App services: to provide you with the services in our Tenant mobile app which provides access to local and building information and services
  • Marketing and analytics:  to send you direct marketing communications and information about our services, mostly by email. We may also use your personal information to analyse usage of the program, improve our product, service and membership content and product offers, and conduct advertising and promotions. You have a right to opt-out of receiving any direct marketing communications from us
Who we may disclose your personal information to

For the purposes stated above, we may disclose your personal information to:

  • Financial institutions for payment processing 
  • Our contactors and any third-party service providers who assist us in the operation of the business and/or the provision of our services, including those that provide customer, registry, administration, external dispute resolution services, archival, marketing, advertising, electronic mailing houses, and information technology services 
  • Our professional advisers (including legal, accounting firms, auditors and other advisors) on a confidential basis
  • Advisers and dealer groups
  • Other entities within the Dexus Group

Images of individuals collected by CCTV may be provided by us to tenants, law enforcement bodies and insurers for purposes associated with ensuring the security of our properties and investigating unlawful conduct.

We may also disclose personal information related to COVID-19 contact tracing on request to government bodies.

Overseas disclosures 

Depending on the type of service or product we provide to you, your personal information may be disclosed to our contractors and unaffiliated service providers located in other overseas jurisdictions such as the United States, Europe and the Asia Pacific region.

Where we disclose your personal information to an overseas recipient, we will take reasonable steps to ensure the overseas recipients are carefully chosen and comply with this Privacy Policy. Any proposal to disclose Personal Information overseas must be first approved by the Head of Compliance.

Overseas recipients may not be subject to privacy obligations equivalent to those under the Privacy Act and could be compelled by foreign law to make disclosure of the information.


We will take reasonable steps to protect your personal information from misuse, interference and loss, unauthorised access, modification or disclosure. We use technologies and processes such as access control procedures, network firewalls, encryption, password protected databases and physical security measures to protect your personal information.

We keep your personal information for only as long as is necessary for the purpose for which we collected it. We will also take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for the purposes stated under this policy.

Personal information is held on secured servers or in storage located in controlled, access restricted environments. Our employees (including senior management) are aware of their obligations and the importance of good information handling and security obligations. They are required to maintain the confidentiality of any personal information held by us.

For personal information held on behalf of us in hard copy or electronic form by our service providers (such as offsite document storage providers or electronic data storage providers), we enter into agreements with such service providers which impose confidentiality and privacy obligations on the service provider.

Data breach notification

We will report certain data breaches (known as Notifiable Data Breaches) to you, if you are affected by the breach, and to the OAIC.

A notifiable data breach may occur where personal information held by us is lost or subjected to unauthorised access or unauthorised disclosure.

To be a notifiable data breach, the data breach must, depending on the circumstances, be one that may or is likely to result in serious harm to you.

We have procedures in place to ensure that any identified or suspected data breaches are dealt with promptly, appropriately and escalated accordingly.


This Privacy Policy applies to your use of our website and mobile or tablet applications and any personal information that you may provide to us via our website.

When you visit our website, we and/or our contractors may collect information about you which may include personal information (which will be or is de-identified) such as:

  • The date and time you visited our website
  • The pages you viewed and how long you viewed those pages
  • General location information
  • Information about the type of device you used to visit our website
  • The IP address automatically assigned by your Internet Service Provider to the device you used to visit our website

We use this information (i) to personalise the content of the website for you (e.g. make it easier to log in, maintain a shopping basket for your orders and access information about your account) and (ii) for system administration, preparation of statistics on the use of our website and to improve our website’s content. This information may also be used for the purposes of targeted advertising based on your online behavioural profile.

Our websites may use cookies (and other similar technology) to collect information about your web browser to provide you with a better navigational experience  based on your visits and activity. Cookies are small text files that are stored inside your web  browser which identify you to a webpage during your session. No personal information is  contained in the cookie. Cookies in themselves do not identify the individual user, just the computer used. Allowing us to create a cookie does not give us access to the rest of your computer and we will not use cookies to track your online activity once you leave our site. Cookies are read only by the server that placed them and are unable to execute any code or virus. You are able to configure your security settings to accept or reject requests to place a cookie on your computer and you can manage and control them through your browser, including removing or deleting cookies from your browser history.

Our website may contain links to other websites which are outside our control and are not covered by this Privacy Policy. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy policy which may differ from ours.

Social Media

We access aggregate, non-personalised statistics on our coverage in social media.

Access to and correction of your personal information

You have the right to access the personal information that we hold about you. You can also request an amendment of your personal information if you believe that it contains inaccurate information, or you can ask us to remove your personal information from our records. 

We will allow access or make requested changes to your personal information unless there is a reason under the Privacy Act or other relevant law to refuse you access or refuse to make the requested changes.

We will seek to respond to requests for access to or correction of personal information within 30 days of the date of the request.

If we refuse any request for access to or correction of personal information held by us, we will provide you written reasons for that refusal.

If you wish to obtain access or to request changes to your personal information, you can contact our Privacy Officer (details below).

Dexus may recover reasonable costs associated with providing you with access to your personal information.

Complaints and questions

If you have questions about how we handle your personal information, or if you have a complaint about Dexus’s information handling practices, you can contact the Privacy Officer, as follows:

Phone: +612 9017 1100
Mail: Privacy Officer, Dexus, PO Box R1822, Royal Exchange NSW 1225

In particular, if you wish to make a complaint about how we have handled your personal information, you should provide a written complaint to our Privacy Officer.

We will acknowledge receipt of your complaint within 48 hours and will investigate and respond within 30 days of receiving a complaint from you. If you are not satisfied with the decision, you can contact us to discuss your concerns. If the complaint remains unresolved, you have the option of notifying the Australian Financial Complaints Authority. 

Australian Financial Complaints Authority

Phone:1800 931 678 (free call)
Mail: Australian Financial Complaints Authority, GPO Box 3, Melbourne VIC 3001

You can also contact the Office of the Australian Information Commissioner if your complaint is about your privacy.

Office of the Australian Information Commissioner
Phone: 1300 363 992
Mail: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001

Our policy 

This policy will be reviewed on an annual basis (or more regularly if there are changes to the legal or regulatory framework which applies to this policy) to ensure it is renewed and updated appropriately. We will notify any changes by posting an updated version of the policy.


Back to top