What personal information is collected and why
What we collect
We collect information about individuals:
(a) who use our websites, mobile applications, social media and other online services (Online Services);
(b) who register, login or subscribe to join our programs, including shopper programs (Member Programs);
(c) who purchase gift cards or otherwise transact with us, participate in surveys or competitions and register for or use any of our services, including guest wifi services, the hire of mobility aids and other equipment;
(d) who are involved in or witness an incident in our property;
(e) who use our car parks;
(f) to whom we provide other products or services from time to time.
The types of personal information we collect includes name, contact details, gender, identification information, payment details, registration and activity details relating to our Online Services (such as the date and time you accessed each page on our website; the fully qualified domain name from which you access our websites, or alternatively, your IP address; the URL of any webpage from which you accessed our websites; cookies which track your visits to our websites and the web browsers that you are using and the pages you accessed), Member Programs and other services, transaction details, interests and preferences, device details (including device identifiers, usage and location data), information submitted in forms, details of incidents involving you at our properties, enquiry/complaint details and records of communications and interactions.
GPT properties are under video and camera surveillance. When entering GPT properties the personal information and images of individuals may be collected by GPT.
We generally do not collect “sensitive information” as described in the Privacy Act. If we do, we will do so with the express consent of the individual and in accordance with the Privacy Act.
How we collect
We collect personal information from you and from other sources including publicly available information, your representatives, information service providers, service providers who collect personal information on our behalf, other GPT companies, and the parties with which we exchange information as described here.
We collect, hold, use and disclose your personal information for purposes including to provide, administer, improve and personalise our services, process payments, identify you, communicate with you (including direct marketing and investor communications), conduct promotions, investigate and deal with unlawful activity and misconduct, respond to lawful information requests from courts, government agencies and lawyers, protect our lawful interests and deal with your enquiries and concerns.
If a third party acquires or wishes to acquire, or makes inquiries in relation to acquiring, an interest in GPT we may disclose personal information to that third party or its advisors.
Personal information we collect may also be used for purposes related to GPT’s research (including market research), planning, product and service development, security, testing, customer relationship management and records management.
To help us understand and serve you better, we may combine personal information we hold about you with personal and non-personal information from different sources. For example, we may obtain demographic data from an information service provider to tell us about the interests of people in your postcode and use it to help us predict which products and services might appeal to you. These sorts of activities may be conducted in connection with our Online Services and Member Programs as described further below.
Users of our Online Services are not required to provide us with any personal information. However, we may not be able to provide the information or service a user requests – including access to, and use of, a Member Program – if the personal information which is indicated as mandatory is not provided.
We may also collect aggregated information which tells us about users of our Online Services but not the identity of those users, unless they register to join a Member Program (in which case, the identity of a user may become apparent). For example, we may collect information about the date, time and duration of visits and which pages or parts of those Online Services are most commonly accessed. We may also collect internet address domain names, the previous websites visited and the types of browser visitors are using. This information is used by us for internal research, statistical and website development purposes. It may also be used by us to provide users with offers, discounts, promotions, advertising, products, services and other content.
Our Online Services may use “cookies”. A cookie is a small message in a text file, and the message is then sent back to the server each time the browser requests a page from the server.
Our Online Services may, from time to time, contain links to the websites and online services of other organisations which may be of interest to you. Those other organisations are responsible for their own privacy practices and you should check those websites and online services for their respective privacy policies.
If you join a Member Program, we may:
- collect and process personal information such as your name, email and other contact details (including any information provided by filling in forms using our Online Services); and
- collect data about your usage history on our Online Services and other websites operated by third parties which allow your device to be added to one or more interest categories (for example “women's shoes”).
We use this data for the purpose of analysing usage of our Member Programs, improving our content and product offerings, customising our content, layout and services and providing you with offers, discounts, promotions, advertising and services which are targeted to your interests.
Our Online Services may include functionality that makes use of the hosting device's geographic position on approach and entry into a participating asset. This means that if you joined a relevant Member Program, and you use one of those Online Services, you may be located by us or our service providers and contractors by reference to the location of your device. We may use this functionality to locate and send you offers, discounts, promotions, advertising, products, services or other content on your device.
If you do not consent to us:
- using data about your browsing activity to contact you and deliver offers, discounts, promotions, advertising or other content targeted to your interests; or
- using data about your device location to provide you with location-based services available through a Member Program;
you are always free to delete your cookies and cease participation in the Member Program. In the case of (i), your device and browser may also give you options to turn off location services either generally or for particular apps or sites.
Tenants and prospective tenants
What we collect
GPT collects the following types of personal information from unincorporated tenants and guarantors during negotiations for, and during the term of, the lease/licence for premises, storage space, car park spaces and kiosks at GPT properties:
(a) Contact and insurance details;
(c) Information as to tenants’ and guarantors’ financial standings and tenants’ business experience; and
(d) other assorted financial and trading information.
We collect personal information from you and from other sources including publicly available information, your representatives, information service providers, other GPT companies and the parties with which we exchange information as described here.
This information is required to evaluate whether a lease or licence should be granted to the tenant; to enable GPT to perform its obligations; to assist GPT to manage the relationship and to monitor the performance of the property. The information may also be made available to others in connection with any transactions involving the ownership or management of the property.
If a tenant provides GPT with direct debit or direct credit details, GPT may disclose those details to GPT’s bank to facilitate the provision of that service.
GPT properties are under video and camera surveillance. When entering GPT properties the personal information and images of individuals may be collected by GPT. This information may be used by GPT in connection with the management and security of the property.
GPT maintains securityholder registers through an external services provider, Link Market Services. GPT requires Link Market Services to comply with the Australian Privacy Principles and Privacy Act when performing these services. Personal information collected includes contact, bank account and securityholding details and tax file numbers. This information is used to carry out registry functions such as payment of distributions, sending annual and half yearly reports, notices of meetings or newsletters and notifications to the Australian Tax Office. Our investors can find out more about how our registry handles their personal information on our behalf by contacting Link Market Services (contact details are at the end of this Policy). GPT also collects information about subscribers to our “GPT email alert service” in order to provide updates from The GPT Group as they are posted on the GPT website.
Employees and prospective employees
If you apply for or we consider you for a position with us, we may also collect information about your qualifications, skills, experience, character and screening checks (including reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks).
We collect personal information from you and from other sources including publicly available information, your representatives, information service providers, other GPT companies and the parties with which we exchange information as described here. We may also collect information about you through our employee referral program where someone you know recommends you to us.
We collect, use and disclose your personal information to assess your application, conduct screening checks and consider and contact you about other positions.
We may exchange your personal information with academic institutions, recruiters, screening check providers, professional and trade associations, law enforcement agencies, referees and your current and previous employers.
Without your personal information we may not be able to progress considering you for positions with us.
Working with us
This section applies to our current and former employees and contractors in addition to the section regarding prospective employees above.
We may collect information relating to your current or former employment or engagement including information about your training, disciplining, resignation, termination, terms and conditions, emergency contact details, performance, conduct, use of our IT resources, payroll matters, union or professional/trade association membership, recreation, leave and taxation, banking or superannuation affairs. We are required or authorised to collect your personal information under various laws including the Fair Work Act, Superannuation Guarantee (Administration) Act and Taxation Administration Act.
We collect, use and disclose your personal information for purposes relating to your employment or engagement with us including engagement, training, disciplining, payroll, superannuation, health and safety, administration, insurance (including workcover) and staff management purposes. We may exchange your personal information with your representatives (including unions) and our service providers including providers of payroll, superannuation, banking, staff benefits, surveillance and training services. Without your personal information we may not be able to effectively manage your employment or engagement.
We may monitor and record your communications and interactions with us (including email, telephone and online) and operate audio and video surveillance devices in our premises for purposes including compliance auditing, maintenance, security, dispute resolution, training and where email abuse is suspected.
In the case of unincorporated entities, GPT collects the following personnel information:
(a) Contact and insurance details;
(b) ABNs; and
(c) Information as to financial standings and business experience.
We collect personal information from you and from other sources including publicly available information, your representatives, information service providers, other GPT companies and parties with which we exchange information as described in this Policy.
The personal information we collect is required to enable us to perform our obligations under our agreements with you/the company you are employed by and to assist us to manage our relationship with you/the company you are employed by.
Exchange of Personal Information with Third Parties
We may share personal information within GPT and other companies owned or controlled by GPT.
We may also exchange personal information with our service providers and contractors such as organisations who provide archival, auditing, professional advisory (including legal, accounting and business consulting), debt collection, banking, marketing, advertising, communication, mail house, delivery, recruitment, call centre, contact management; technology, research, analytics, utility, cleaning and security services.
We may exchange personal information with regulatory authorities including police where required or authorised by law or to assist in the prevention, detection and management of unlawful conduct.
Some of the parties with which we exchange personal information are located outside Australia in countries like Singapore, United States of America, Hong Kong and India. While these third parties will often be subject to privacy and confidentiality obligations, you acknowledge that:
(a) they may not always comply with those obligations or those obligations may differ from Australian privacy laws;
(b) you may not be able to seek redress under the Privacy Act; and
(c) the third party may be subject to foreign laws which might compel further disclosures of personal information (e.g. to government authorities).
Storage of Personal Information
We hold personal information in physical files, computer systems or in a database held by us and by service providers on our behalf. We regard the security of personal information as a priority and use a number of physical and electronic to protect it. Unfortunately, no data transmission over the Internet can be guaranteed as completely secure. So while we strive to protect such information, we cannot ensure or warrant the security of any information transmitted to us and individuals do so at their own risk.
A username and password may be essential for you to use some of our Online Services or parts of them. For your own protection, we require you to keep these details confidential and to change your password regularly (if applicable).
Securityholder information is held by the registry in accordance with registry arrangements which require such information to be held securely.
Personal information is only retained for as long as it is necessary for the identified purposes, to the extent necessary for purposes reasonably related to those identified purposes (for example, resolving disputes) or as required by law.
Access, updating and further information
In most circumstances, you have a right to access any personal information which we collect and hold about you and to have it corrected if it is wrong. We may deny your request for access or correction in some circumstances, but if we do this, we will tell you why. Where we decide not to make a requested correction and you disagree, you may ask us to make a note of your requested correction with the information.
If you have registered your details for our Online Services or Member Programs, you may be able to access and update personal information on your profile, subject to any authentication and authorisation considerations, which exist to protect your security.
If you request, we will take reasonable steps to notify any third party to whom we have provided your personal information of the changes that have been made.
Please contact our Privacy Officer using the details set out below if you wish to:
- make a request for access to or correction of any personal information that we may hold about you; or
- make a complaint about the way in which we have handled your personal information.
We will try to address any privacy issues you may have. Any information that we provide in response may be limited to the extent permitted by any applicable law.
The Privacy Officer can be contacted using any of the following means:
Outside of Australia dial: +61 2 8239 3555
From Australia dial: (02) 8239 3555
+61 2 9225 9318
Privacy Officer c/- Company Secretary
The GPT Group
Level 51, MLC Centre
19 Martin Place
Sydney NSW 2000 AUSTRALIA
If you still feel your issue hasn't been resolved to your satisfaction, you can escalate your privacy concern by contacting the Office of the Australian Information Commissioner.
Please contact our registry if you are an investor and would like to find out how the registry handles your personal information:
Link Market Services Limited
Locked Bag A14
Sydney South NSW 1235
Freecall (within Australia): 1800 025 095
Telephone (outside Australia): +61 2 8280 7176
Last updated 1 June 2017.