Last updated: 8 August 2018
We’re committed to creating destinations which make your experiences with us better, easier and more enjoyable. The data that we gather from your interactions with us helps us to better understand and influence how we:
Please contact our privacy team using the contact details provided at the end of this policy if you, or a person you assist, would like:
In addition to this policy, please note that some of our services will include their own privacy notice and additional information about our handling of personal information collected in connection with those services.
Vicinity Centres (“we”, “us” or “our”) is a leading property group which owns, develops and manages shopping centres and property across Australia.
Vicinity Centres is made up of:
We generally collect personal information from you so that we can:
If you contact us in person, via our websites or by phone, email, letter or other correspondence, we collect your information so that we can provide you with an appropriate response, address any complaints, queries or feedback which you raise and maintain records of our communications. We also monitor your communications with us for security, dispute resolution and training purposes.
We collect sensitive information, such as:
We also de-identify and aggregate data for the purpose of conducting visitor behavioural analytics to better understand and report on the experiences, demographics and interests of our visitors, including the retailers, locations and websites that are most popular with our customers.
During your shopping journey, the kinds of personal information we collect from you both directly and through our service providers includes:
At some of our centres, we collect your vehicle’s number plate details, images of your parked vehicle and CCTV footage from within our car parks in order to:
If you choose to register with us for ticketless parking, we collect your name, email address, postcode, telephone number, credit card details and, where applicable, disability parking permit details (as part of providing disability permit holders with certain free parking facilities).
During your visit to any of our locations, we and our service providers:
Other reasons why we collect your details when you visit our centres include when you report an incident, lose a family member or friend or property within our centres, make a complaint, make an inquiry or request assistance from our customer service desk, centre management office or security officers, or provide other feedback to us.
The kinds of personal information which we collect both directly and through our service providers include:
We also collect information about your usage of our websites by using cookie files
Cookies are small text files which are stored on your device when you visit a website. These can be used for a variety of purposes, such as:
You can accept or reject cookies by changing the relevant settings in your browser. However, if you decline cookies, you may be unable to access some parts of our websites.
We also collect information relating to other unique identifiers such as Flash cookies (also known as local stored objects), IP addresses and device identifiers that help us understand device and browser interactions, and activity on our websites and in our centres.
In addition to the above information collected from individuals visiting our centres, the kinds of personal information which we collect from retailers and licensees both directly and through our service providers include:
The types of personal information which we collect from you (as an actual or prospective tenant, licensee or assignee) include:
We use this information to:
Link Market Services Limited (“Link”), the service provider which manages our securityholder registry:
Attn: Privacy Officer
Locked Bag A14
Sydney South NSW 1235
Phone: + 61 1800 502 355 (free call within Australia)
If you or a company which you work for provides goods or services to us, we collect the personal information which we require in order to manage our relationship with you, including for the purposes of registering your visits to our locations as well as managing onboarding and compliance processes which apply to our service providers.
The kinds of personal information which we collect from you if you are service provider personnel includes:
We collect this information directly from you and from others, such as your representatives, referees, current and previous employers, professional and trade associations as well as law enforcement agencies, employment screening providers and publicly available sources such as LinkedIn.
If you apply to work with us, we collect the information which we require to consider your application for employment, consider and contact you about other positions and manage our employment relationship with you if you are successful in becoming a member of our team. The kinds of personal information which we collect when you apply for a job with us includes:
We collect this information directly from you as well as others, such as your representatives, referees, academic institutions, current and previous employers, professional and trade associations as well as law enforcement agencies, publicly available sources such as LinkedIn as well our employment screening service provider Fit2Work which is owned by Equifax Australia Workforce Solutions Pty Limited ABN 86 080 799 720 (previously the Mercury Group of Companies).
We also collect information which does not identify you from third parties, such as data businesses and public sources, such as Census data.
Generally, we use systems and services in Australia, however some of our investment activity and service providers are located overseas.
If you hold an investment that is issued overseas, the details of the rules relevant to that investment product were notified to you in the product offer document. If you are a securityholder residing outside Australia, we may also provide your information to authorities of the jurisdiction in which you reside such as tax authorities, banks and other permitted bodies to make distribution and dividend payments, comply with the laws of that jurisdiction and communicate with you or your representatives.
Some of our technology service providers also provide hosting of our data in countries outside of Australia, including the United States, Singapore and Japan.
We store personal information both electronically and in hard copy form, both at our premises and with the assistance of our service providers, including several cloud service providers. We have a number of security controls which we apply in relation to our people, processes and technology including:
However, no data transmission over the internet can be guaranteed as completely secure. While we strive to protect our data and are continually reviewing our security systems to improve them, we cannot ensure or warrant the absolute security of the data we collect.
Please notify us immediately if you become aware of any misuse, interference or loss or any authorised access, modification or disclosure of personal information held by us (“Data Breach”) or any other security breach affecting data held by us using the contact details provided at the end of this policy.
If we become aware of a Data Breach, we will promptly investigate the incident, and take reasonable steps to contain and remedy the breach. To help you maintain the security of your personal information, we will take steps to notify you as soon as practicable if we believe that the Data Breach would likely result in serious harm to you. Where possible, we will provide you with recommendations on the steps that you can take in response to the breach.
After investigating a Data Breach, we may disclose information to the Office of the Australian Information Commissioner and to law enforcement agencies about the incident in order to comply with our reporting obligations under the Privacy Act, and to enable the Office of the Australian Information Commissioner and law enforcement agencies to investigate the incident.
If you are a customer, retailer, service provider or job applicant, you can seek access, correction or updates to personal information which we hold about you by contacting our privacy team using the details provided at the end of this policy.
If you are a securityholder, you can contact Link using the details provided in the “For Investors” section for access, correction or update requests in relation to personal information which Link collects about you on our behalf. For all other investors, please contact your fund manager or other applicable investment representative.
There is no fee charged by Vicinity for accessing your information. We endeavour to respond to your access request within 30 days of receiving the request. Before we give you access to information, we will need to confirm you are appropriately authorised to access the information, which may include an identity verification process. In certain circumstances we are allowed to deny your access request or limit the access we provide. For example, we may not provide you with access to records which contain the personal information of others. We will always contact you to explain our decision.
It is also important that we have your correct details, such as your current address and telephone number. You can ask us to correct any inaccurate information we hold or have provided to others by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests. If we’re able to correct your information, we’ll inform you when the process is complete. If we disagree with the request to correct, we’ll let you know in writing and include our reasons. You may ask us to add a note of your correction request to the information we hold about you.
If you have a concern or complaint about our handling of your personal information, please contact our Privacy Officer using the details provided at the end of this policy. We’ll review your situation within a reasonable timeframe (usually 30 days) and work towards resolving it.
We acknowledge every complaint we receive, provide contact details of the investigating officer and keep you updated on the progress we’re making towards investigating your complaint.
Usually, it takes only a few days to investigate a complaint. However, if we’re unable to provide a final response within 30 days we’ll contact you to explain why and discuss an appropriate timeframe to investigate the complaint.
If you’re not satisfied with our handling of your matter, please let us know using the contact details below so we can ensure that you are given the benefit of our complaint processes.
If you are still not satisfied with the response, you can contact the Office of the Australian Information Commissioner by calling 1300 363 992, submitting your issue online at www.oaic.gov.au or writing to the Office of the Australian Information Commissioner, GPO Box 5218 Sydney NSW 2001.
For privacy related queries, access or correction requests, or complaints, please contact our Privacy Officer at:
Level 4, Chadstone Tower One
1341 Dandenong Road
Chadstone VIC 3148
Phone: +61 3 7001 4000, Monday to Friday between 9am to 5pm Melbourne time.
For more information about privacy generally, you can also refer to the website for the Office of the Australian Information Commissioner (www.oaic.gov.au) or contact the OAIC using the contact details provided in the “How can I make a complaint?” section above.