Pacific Privacy Policy

Effective Date: 7 March 2014
Last Reviewed Date: 16 April 2024

1. Purpose

CBRE Pty Limited ACN 057 373 574, CBRE Limited NZBN 9429037805357 and their related companies (collectively referred to as “CBRE”, “us”, “our” or “we”) respect the privacy and security of your Personal Information, as defined below, and comply with the requirements of the Australian Privacy Principles (“APP”) under the Privacy Act 1988 (Cth) and the New Zealand Information Privacy Principles (IPP) under the Privacy Act 2020 (collectively referred to as “the Act”).

This Privacy Policy supplements CBRE’s Global Web Privacy and Cookie Policy. In case of conflict, the provisions of this Privacy Policy apply to matters specifically addressed herein.

The purpose of this policy is to explain in general terms how CBRE handles your Personal Information. However, to the extent that it applies the APP, it does not apply to CBRE’s employee records to the extent they are handled by any of our companies that is or was the employer of that employee in relation to the employee's current or former employment. Such employee records are generally exempt from the Act and will be dealt with as permitted by law.

You may be able to deal with us without identifying yourself (i.e., anonymously or by using a pseudonym) in certain circumstances. If you wish to do so, please contact us to find out if this is practicable in your circumstances. However, if you do not provide us with the Personal Information we have requested, we may not be able to complete or fulfil the purpose for which we collect the information, including providing our services.

By visiting our websites, using any of our services or otherwise providing us with your Personal Information (or authorising it to be provided to us by someone else), you agree to your Personal Information being collected and handled as set out in this Privacy Policy.

2. Policy Statement

What Personal Information Do We Collect and Hold?

Under the Act, Personal Information is defined as information or an opinion about an identified individual, or an individual that is reasonably identifiable, in whatever form and regardless of whether it is true or not. The Act also defines a subset of Personal Information as sensitive information (for example health records, racial or ethnic origin, religious beliefs, criminal records).

The types of Personal Information we collect, and hold will depend on the circumstances of collection and on the type of service we are providing. For example, when we are engaged to sell a property, we may collect and hold Personal Information from both the seller and potential buyers such as name, address, email address, telephone numbers, identification information, tax file number information, employment details and details about their business.

We may also collect and hold certain sensitive information that is reasonably necessary for the provision of our services, including health and criminal records. If you provide us with any sensitive information, you consent to us collecting that information and handling it in accordance with this Privacy Policy.

How Do We Collect Personal Information

We may collect Personal Information about you directly when you deal with us over the telephone, send us correspondence (whether by letter, fax, or email), have contact with us in person, visit our websites or complete hard copy or online forms. Personal Information may be stored in our storage or by third-party data storage providers.

Depending on the type of service you or our customers have requested, we may also seek to collect information about someone else from you (for example, contact details of your solicitor, emergency contact person or tenant). However, you must not provide us with Personal Information about another person unless you have clear consent from that person to do so, told them that their Personal Information will be handled in accordance with this Privacy Policy and directed them to where they can find it.

Regardless of how it is collected, we handle Personal Information in accordance with the CBRE’s Global Web Privacy and Cookie Policy and this Privacy Policy.

Disclosure of Personal Information

We may disclose your Personal Information to third parties as may be necessary for any of the purposes stated in the above section. Such third parties generally include:

  • our third-party providers, contractors, consultants, agents and/or representatives (such as law firms, banks, financial institutions, insurers, IT providers, mortgage referral services providers and/or wealth management services providers) who provide services to us or on our behalf, including to:
    • conduct valuations;
    • assist with obtaining payment from creditors;
    • operate data centers;
    • conduct market research;
    • provide advice;
  • potential buyers, tenants, conjunctional real estate agents and brokers for the purpose for which the information was collected or for related purposes (for example to complete a transaction on your behalf or provide you with a service that you requested);
  • anyone you have authorised to deal with us on your behalf;
  • any of the companies within the CBRE group and their related companies;
  • government authorities, regulatory bodies, law enforcement agencies, courts, tribunals and/or parties to the legal proceedings where you have consented to this, or we are required or authorised to do so by law;
  • debt collection agencies; and/or
  • any other third parties identified at the time of collection of your Personal Information.

Disclosure of Personal Information Overseas

Some of the third parties listed above to whom we may disclose your Personal Information are located overseas. For example:

  • companies within the CBRE group that are located in the countries listed on our website at https://www.cbre.com/offices;
  • our information technology and business process service providers that are located in countries including (but not limited to) the United States, United Kingdom, Spain, the Netherlands, India, and Hong Kong; and
  • our overseas clients that are located in the same countries as the companies within the CBRE group.

Our contracts with these parties generally include an obligation for them to comply with the Act and this Privacy Policy.

You acknowledge that, by agreeing to the disclosure of your Personal Information to these entities outside of Australia and outside of New Zealand, we will no longer be required to take reasonable steps to ensure the overseas recipient's compliance with the Act in relation to your Personal Information and we will not be liable to you for any breach of the Act by these overseas recipients. On this basis, you consent to such disclosure.

Access, Update, and Correction of Personal Information

We take reasonable steps to ensure that the Personal Information we hold about you is accurate, complete, and up to date. However, we also rely on you to advise us of any changes to your Personal Information. If you are able to access your Personal Information by logging on to an account you have with us, it is your responsibility to ensure your information is accurate, complete, relevant, and up to date.

On request, we will provide you with access to the Personal Information we hold about you, including for the purpose of correcting or updating that information, unless otherwise required or permitted by law.

There is no charge for making the request or giving the access to your Personal Information. We will deal with your request within a reasonable period after the request is made.

If we refuse to provide you with access, we will provide you with a written notice that, at a minimum, outlines reasons for the refusal and the complaints mechanisms available to you.

If you wish to access the Personal Information, we hold about you or to update or correct it, you can either do so by logging on to your account (if you have one) or contact us using [email protected] or the contact details provided below. We will require you to verify your identity and specify what information you require.

Security of Personal Information

We take reasonable steps to protect any Personal Information that we hold from misuse, interference, and loss and from unauthorised access, alteration, and disclosure. For example, we implement IT security procedures including password protection, firewalls and site monitoring and we store your Personal Information on a secure server.

However, data protection measures are never completely secure and, despite the measures we have put in place, we cannot guarantee the security of your Personal Information. You must take care to protect your Personal Information (for example, by protecting any usernames and passwords). You should notify us as soon as possible if you become aware of any security breaches. We follow the Notifiable Data Breaches (NDB) Scheme under the Act when a data breach is likely to result in serious harm to an individual whose personal information is involved.

Direct Marketing

When you register as a member on our websites, you will be given a choice as to whether you want to receive e-mail messages from us, including newsletters, announcements and e-mail communications about our latest news, products, or services. To the extent the relevant local law requires us to seek your consent, we will only send such messages to you if you opt-in. If you do not wish to receive direct marketing calls or materials, you may use the unsubscribe facility in the marketing communication or contact [email protected] Further, as a registered member with us, you can modify your choice at any time by accessing your registered account with us. We will stop using your Personal Information for direct marketing if you so request.

Privacy & Site Changes

CBRE may update this Privacy Policy from time to time so please review it periodically for changes. If the changes are significant or substantive, they will either be advised to you in writing or posted on our websites at www.cbre.com.au or www.cbre.co.nz

Your continued use of our websites or services, requesting our assistance or the provision of further Personal Information to us (directly or via an authorised person) after this Privacy Policy has been revised, indicates your acceptance of the revised Privacy Policy.

3. Our Contact Details

If you have a query relating to this Privacy Policy or wish to make a complaint, please contact us using the following contact details:

CBRE Pty Limited
Privacy Officer
Level 21
363 George St
Sydney NSW 2000
[email protected]

4. Non-compliance With Policy

If you wish to make a complaint about a breach of this Privacy Policy or the Act, you can contact us using the contact details below. You will need to provide us with sufficient details regarding your complaint together with any supporting evidence in writing.

Our Privacy Officer will investigate the issue and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any additional information from you and will notify you in writing within a reasonable time of the outcome of the investigation.

If you are not satisfied with our determination, you can contact us to discuss your concerns or contact the New Zealand Privacy Commissioner via www.privacy.org.nz or contact the Australian Privacy Commissioner via www.oaic.gov.au.

5. Related Legislation and Documentation

Privacy Act 1988 (Australia) For more information about the Act in Australia and protecting your privacy, visit the www.privacy.gov.au (external link) website.

Privacy Act 2020 (New Zealand) For more information about the Act in New Zealand and protecting your privacy, visit the www.privacy.org.nz (external link) website.