QIC REAL ESTATE AND SHOPINDEE MARKETPLACE PRIVACY POLICY

This Privacy Policy (“Policy”) applies in relation to The retail and commercial properties identified on www.qicre.com (“QIC Real Estate”), including the domain www.qicre.com and any centre-specific websites related to that domain (such as www.watergardens.qicre.com) (“Websites”), and the online marketplace available at www.shopindee.com.au (“Shopindee Marketplace”).

The QIC Real Estate and Websites are owned by QIC Limited ACN 130 539 123, its related bodies corporate, and its joint venture partners, and managed by QICP Pty Ltd ACN 075 744 151.  The Shopindee Marketplace is owned by eShop TT Company Pty Ltd ACN 652 001 477  and managed by QICP Pty Ltd ACN 075 744 151.  These entities are collectively referred to as “QIC” throughout this Policy.  

This Policy outlines how QIC handles personal information in connection with QIC Real Estate, the Websites and the Shopindee Marketplace.  This includes personal information relating to customers, prospective customers, suppliers, tenants, retailers, visitors to our premises, and users of our websites and mobile applications (collectively referred to as “you”).

By providing personal information to us (or otherwise enabling us to collect your personal information), you consent to the collection, use and disclosure of your personal information in accordance with this Policy and any other arrangements that apply between us. 

1. Overview

QIC respects your privacy and we are committed to being transparent about our privacy practices and security. This Policy explains how we handle your personal information by setting out:

  • why we need to collect personal information;
  • how we collect it;
  • what we do with it;
  • how it is stored and protected; and
  • who we might share it with.

The Policy also describes how you can access or correct any personal information we hold about you, and how you can ask further questions or make a complaint.

Generally, “personal information” refers to information or an opinion about an individual, where that individual is identified or reasonably identifiable.

“Sensitive information” is a subcategory of personal information which is strictly regulated. Sensitive information includes information about your racial or ethnic origin, your religious or political beliefs, your sexual preferences and orientation, or your biometric or health information.   

2. Collection of personal information

QIC collects personal information in order to conduct its business operations and deliver products and services. Your Personal information may be collected by or on behalf of QIC, or Third party suppliers who provide digital platform services to QIC and its customers. 

Where you provide information to us in different ways, or where we already hold information about you, we may connect your information for use for one or more of the purposes listed in this Policy. If this occurs, the relevant information will be treated in the same manner as the personal information to which it has been linked.

This section identifies the kinds of personal information we collect, and the reasons why personal information is collected.

2.1 QIC Real Estate

QIC collects information at QIC Real Estate in a number of different ways:

Suppliers: If you, or a company you work for, supplies goods or services to QIC, QIC may collect personal information about you in connection with the provision of those goods or services, either directly from you or from that company. This information may include your name, date of birth, contact information, and any other information you provide, or which is provided on your behalf, as part of our induction and compliance processes. This information will be used for the purposes of managing the provision of those good or services. 

  • Competitions and newsletters: You may provide us with your contact details In connection with competitions or signing up to email or mobile newsletters (either in person or online). Your name and email address are automatically entered into QIC’s database when you enter competitions. QIC collects these details to contact competition winners, to inform you about events, activities and promotions, and to better target and personalise your shopping experience (where applicable). 
  • Equipment hire: When you hire mobility aids or other equipment from QIC, you provide QIC with certain information, including contact information. QIC collects this information to ensure that there is a record of the hirer and to enable you to be informed about upcoming events, activities and promotions.
  • Surveillance: When you attend QIC Real Estate and its car parks, your activity may be captured using video, audio and camera surveillance. When you enter QIC Real Estate and its car parks, your personal information, car licence plate details and images may be collected by a third party contractor who is contracted to QIC, and QIC may also collect your personal information and images from third parties (for example, the police or retailers). In the unlikely event of a security incident in QIC Real Estate or its car parks, this information may also be collected by a third party contractor contracted to QIC using a body-worn camera (which records both audio and video). Video, audio and camera surveillance will not be used in toilets, bathrooms or any area in which surveillance would not be reasonably expected. This information may be used by QIC in connection with the management and security of QIC Real Estate. This information may be provided to law enforcement and government bodies, QIC staff and subcontractors, third parties who provide QIC with services from time to time, insurers, and retailers for those purposes. 
  • Promotional photos and videos: QIC may conduct, or may permit third parties to conduct, photography and filming at QIC Real Estate. QIC will provide clear signage around areas where photography and/or filming may occur (“Signed Area”). By entering into a Signed Area, you consent to QIC or its third party contractors collecting information about you by filming you or taking your photograph. If you do not wish to be filmed or photographed, you must not enter into a Signed Area. QIC or the relevant third party may also request that individuals who are filmed or photographed sign a release form.
  • Ticketless parking facilities: When you park in a car park which uses a ticketless parking system or car locator functionality, you consent to provide us with your car licence plate details and, in some circumstances, other information including your name, email address and telephone number. These details are used for measuring and analysing car parking dwell times and attendee behaviour in order to improve QIC Real Estate, for the purposes of providing and managing car parking and related services at QIC Real Estate, marketing purposes, and to assist you to locate your car including via online and mobile applications 
  • Credit card and bank account details: In certain circumstances, QIC or its third party contractors may collect and hold your credit card or bank account details for the purpose of processing payments from or to you. For example, your credit card details may be collected when you enter a ticketless parking facility for the purpose of calculating and processing your payment when you exit that ticketless parking facility.
  • Wi-Fi: When you logon to Wi-Fi provided in QIC Real Estate or access third party applications utilising QIC’s infrastructure (including Bluetooth beacon networks), you provide QIC with certain information, including your contact details and location. QIC collects these details to inform you about events, activities and promotions, and to better target and personalise shopping experiences (where applicable).
  • Gift cards: When you purchase, redeem or are provided with a  gift card (either in physical or digital form), you may provide QIC with your contact details. These details are used for card fulfilment purposes, to contact you about events, activities and promotions, and to fulfil anti-money laundering or other legal obligations where relevant. 

  2.2 Shopindee Marketplace, Websites and Mobile Applications

You may provide us with your contact and billing details (including credit card details) when you create an account or place an order through the Shopindee Marketplace, or when your business registers as a seller on the Shopindee Marketplace.  QIC collects these details to enable us to contact you, to fulfil purchases, to inform you about sales or promotions, and to better target and personalise shopping experiences (where applicable).

We may also collect information from you via our other online services, such as the Websites and our mobile applications. This information may be collected using “cookies”, which are small data files placed on your computer or mobile device when you visit a website. Most browsers enable you to disable cookies in your browser settings.

The information we collect may include:

  • the fully qualified domain name from which you accessed our websites, or alternatively, your IP address;
  • device ID number (MAC address);
  • the date and time you accessed each page on our websites;
  • the URL of any webpage from which you accessed our websites or on which you were using our in-centre Wi-Fi, and the details of any mobile apps you have accessed from a device using in-Centre Wi-Fi;
  • device data including usage, demographics (for example, language settings), type of device, operating system and browser, and location and proximity of your wireless device in-centre, centre arrival and departure time, and other data which users consent to us collecting from time to time; and
  • publicly accessible social media posts and any personal information you allow us to collect by linking your account on our website with a third-party social-networking site, including but not limited to Facebook, Twitter, or Google+.

We collect this information (and may use or hold this information) for the following purposes: 

  • to identify web page and store preferences;
  • to improve our website, applications or in-centre experiences;
  • for the purposes of and incidental to your use of in-centre Wi-Fi services (if applicable), our mobile apps, online services and gift card services;
  • to measure shopper numbers, characteristics and demographics, and analyse shopper behaviour in order to continuously improve our centres and for use otherwise in connection with our business;
  • to send to you special deals and discounts, surveys and other marketing materials based on your location or known web usage;
  • to fulfil our legal obligations and comply with requests from law enforcement, including where law enforcement, government agencies and/or regulatory authorities are conducting an enquiry and/or investigation; and
  • for other purposes for which you, either expressly or impliedly, provide your consent.

2.3 Do Not Track Signals

Some web browsers incorporate a “Do Not Track” (DNT) feature that signals to web services that a visitor does not want to have their online activity tracked. DNT is not a standardised feature in browsers and not all web browsers offer DNT options, which prevents QIC guaranteeing support of the feature to users. As such, while respecting users’ privacy and their ability to request that data not be collected, or deleted on request, we and many other website operators do not, as standard, respond to DNT signals.

2.4 Anonymised data

QIC may collect or create anonymised data, such as foot traffic data and information about customer demographics, interests and behaviours. Anonymised data is not personal information and does not identify you. QIC may use anonymised data for the purposes listed in this Policy, as well as to inform our promotional and marketing strategies, and for research and profiling purposes.

Any research, statistical analysis or profiling we perform may be compiled and analysed on an aggregate basis, and we may share this aggregate data with our affiliates, agents and business partners. We may also disclose aggregated information in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

2.5 Unsolicited Information 

If we receive personal information about you that we did not ask for, whether received directly from you or on your behalf, we will take reasonable steps to notify you, as soon as practicable, that we have collected your personal information. If we could not have collected this personal information from you (or if you do not agree to us collecting information in this way), we will lawfully de-identify or destroy that personal information. Any unsolicited information we collect about you will only be used for the purposes for which it was provided.

2.6 Sensitive Information

Except as outlined in this Policy, we do not collect sensitive information unless required by law or where you consent for us to do so (and in any event, only where it is relevant). We will not collect sensitive information about you where this is expressly prohibited by applicable law.

3. Disclosure of Personal Information

We understand how important it is to keep your personal information private, so we only disclose personal information we have about you when:

  • you agree to the disclosure;
  • we use it for the purposes for which we collected it; or
  • disclosure is required or authorised by law.

To the extent permitted by law, we may also disclose information about you to:

  • our agents and contractors;
  • our insurers and insurance brokers;
  • our joint venture and commercial partners;
  • third party suppliers and service providers, including providers for the operation of our websites and/or our business, or in connection with providing our products and services to you;
  • our professional advisors including our insurers, lawyers, and accountants;
  • law enforcement, government agencies and/or regulatory authorities as part of our legal obligations, or in response to requests for information from law enforcement, government agencies and/or regulatory authorities in the course of enquiries and/or investigations; or as otherwise permitted by law.

We may disclose your personal information to law enforcement, government agencies and/or regulatory authorities in response to requests made in the course of enquires and/or investigations.

In certain circumstances, we may disclose your personal information overseas.  We will not send your personal information outside Australia unless it is authorised by law and we can be satisfied that the recipient of the personal information has adequate data protection arrangements in place. The countries to which we usually provide information are the United States of America, Ireland, Denmark, Sweden, Finland, and Singapore.

We do not sell personal information to other organisations for marketing purposes. Any data sharing will be in compliance with local privacy laws and governed by our strict standards and policies, and where appropriate, confidentiality and other agreements to ensure your information is secure and treated with the utmost care and respect.

4. Storage of information

We protect personal information with appropriate safeguards and security measures and restrict access to those who have a legitimate business purpose and reason for accessing it. Personal information is only retained for as long as it is necessary for the identified purposes, or as required by law.

All personal information collected by QIC is held securely, whether on QIC’s physical files, in QIC’s computer systems or in a database (which may be hosted by QIC or a third party on QIC’s behalf). This information is only made available to QIC’s staff on a 'need to know' basis for the purposes outlined above, or to other people as outlined in this Policy who have agreed to treat that information confidentially. These databases are protected by a firewall as well as host-based security.

Examples of the steps QIC takes to protect the security of the personal information we hold include:

  • robust physical security of QIC’s major datacentres and infrastructure including electronic locks, alarms, video recording devices and environmental / infrastructure monitoring;
  • sophisticated system security including:
    • Network controls for all devices of the QIC network such as firewalls, Intrusion Prevention, Anti-Virus, Web Application Firewall, Advanced Threat Detection, Data Loss Prevention, system hardening, Wireless Access Controllers and secure network design;
    • Two-factor authentication for remote access functionality; and
    • Advanced password protection controls;
  • comprehensive enterprise-wide staff awareness and education on privacy topics such as data governance, cyber-security, data breaches and phishing scenario testing;
  • ongoing monitoring and oversight where regular security assessments are performed on all critical IT assets, systems and third parties; and
  • destroying information when no longer required.

If other organisations provide support services on our behalf, we require them to take appropriate technical and organisational measures to secure the privacy of the information provided to them. 

5. Information access and correction 

At QIC, decisions and actions may be taken or made on the basis of personal information in our possession. You have rights to access and correct the personal information we hold about you. We will take reasonable steps to ensure that your personal information is up-to-date, accurate and complete.

If you wish to access or correct your personal information, please contact the Centre Manager at your relevant QIC shopping centre (by using the ‘Contact Us’ feature on the homepage of the relevant Website) or our Privacy Officer, whose details appear below.

6. Opting Out of Communications 

We will not provide you with marketing communications unless you request to receive such communications. If you change your mind about receiving marketing communications from us, you may easily request not to receive such communications by following the instructions on the communication to opt-out or unsubscribe from further communications.  

7. Resolving enquiries or complaints

If you have any questions, concerns or complaints about the treatment of your personal information, please contact the Centre Manager at your relevant QIC shopping centre (by using the ‘Contact Us’ feature on the homepage of the relevant Website) or our Privacy Officer, whose details appear below. We will respond to let you know who will be handling your matter and when you can expect a further response.

If you are unsatisfied with the resolution of your concerns, you may be able to escalate your complaint to the Office of the Australian Information Commissioner on 1300 363 992 or by email to [email protected]. You can also visit their website and obtain further information relating to Australian Privacy Legislation at www.oaic.gov.au.

QIC services are targeted towards persons located in Australia. The Office of the Australian Information Commissioner website is an Australian based website. it is not intended to provide services to EU residents, and its terms may not be fully consistent with the General Data Protection Regulation. If you are an EU resident and you choose to use the Website, then you do so at your own risk, and on the terms of the website.

8. Changes to our Privacy Policy 

This Policy outlines our current privacy practices. You should check this page from time to time to make sure you are aware of any changes. We will notify you of any changes by publishing the latest version of this Policy at www.qicre.com/privacy-policy. 

9. Contact 

If you have any questions or comments about this Policy, please contact our Privacy Officer by emailing [email protected]