QIC GRE SHOPPING CENTRE PRIVACY POLICY

Your privacy is important to us

The retail and commercial properties identified on the QIC GRE website are owned by QIC Limited ACN 130 539 123, its related bodies corporate, joint venture partners and are managed by QICP Pty Ltd (collectively “QIC”).  QIC respects your privacy and we are committed to being transparent about our privacy practices and security. This Policy explains how we handle your personal information by setting out:

  • why we need to collect personal information;
  • how we collect it;
  • what we do with it;
  • how it is stored and protected; and 
  • who we might share it with. 

The Policy also describes how you can access or correct information we hold about you, how you can ask further questions or make a complaint, and information about our websites and online activities.

In this Policy, personal information refers to any information relating to an identified or identifiable natural person such as a name, identification number, location data, an online identifier or information specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The information we collect and why

From time to time it may be necessary for QIC to collect personal information in order to continue our business operations and deliver products and services. Personal information will only be collected by lawful and fair means from the individual concerned or their authorised representative. The collection of ‘sensitive data’ will only be in accordance with the law.

Where appropriate, we will inform you at or before the time of collection (or as soon as possible afterwards) of the purposes for collection, to whom your data might be disclosed and any other relevant details that will help you to ensure we are protecting your privacy. In some instances, we may direct you to this Policy for this information.

It is at your discretion whether you provide QIC with this information, however, failure to supply relevant information may mean we are unable to maintain or provide products or services to you.

By providing personal information to us, you consent to the collection, use and disclosure of your personal information in accordance with this Policy and any other arrangements that apply between us.

Customers

QIC collects information from customers in a number of different ways. These include the following:

In connection with competitions or signing up to email or mobile newsletters (either in centre or online), customers provide us with their contact details. Your name and address are automatically entered into QIC’s database when you enter competitions. QIC collects these details to contact competition winners, to inform customers about in-centre events, activities and promotions and to better target and personalise customers shopping experiences. Customers have the option to opt out from receiving this information.

  • When customers hire mobility aids or other equipment from QIC, customers provide QIC with certain information, including contact information. QIC collects this information to ensure that there is a record of the hirer and to enable customers to be informed about in-centre upcoming events, activities and promotions.
  • When customers attend the shopping centres and car parks under video and camera surveillance. When entering the shopping centres and car parks, customers personal information, car licence plate details and images may be collected by a third party contractor who is contracted to QIC, and QIC may also collect customers personal information and images from third parties (for example, the police or retailers). This information may be used by QIC in connection with the management and security of our shopping centres. This information may be provided to law enforcement and government bodies, QIC staff and subcontractors, third parties who provide QIC with services from time to time, insurers and retailers for those purposes.
  • When customers park in our car parks with a ticketless parking system or car locator functionality, customers consent to provide us with their car licence plate details and, in some circumstances, other information including name, email address and telephone number. These details are used for measuring and analysing car parking dwell times and shopper behaviour in order to improve our shopping centres, for the purposes of providing and managing car parking and related services at our shopping centres, marketing purposes and also to assist customers to locate their cars including via online and mobile applications.
  • When customers use mobile applications developed by QIC, or logon to Wi-Fi provided in our shopping centres or third party applications utilising QIC’s infrastructure (including Bluetooth beacon networks), customers provide QIC with certain information, including their contact details and location. QIC collects these details to inform customers about in-centre events, activities and promotions and to better target and personalise customers shopping experiences. 
  • When customers purchase, redeem or are provided with Shopping Centre Gift Cards (either in physical or digital form), they may provide QIC with their contact details. These details are used for card fulfilment purposes and, if customers opt in, to contact customers about in-centre events, activities and promotions.

Where you provide information to us in different ways, or we hold information about you, QIC may connect information provided to us for one purpose, with other information for use for one or more of the above purposes.

Additionally, QIC also conducts certain online activities through the QIC websites and mobile applications, and associated sites managed by members of the QIC or their subcontractors. The collection of personal information through these activities and information associated with these websites is dealt with below.

Suppliers 

 If you, or a company you work for, supplies goods or services to QIC, QIC may collect personal information about you in connection with the provision of those goods or services, either directly from you or from that company. This information may include your name, date of birth, contact information, and any other information you provide, or is provided on your behalf, as part of our induction and compliance processes. This information will be used for the purposes of managing the provision of those good or services.

Employees or potential employees 

If you are employed by QIC, or are seeking employment with QIC, QIC may collect personal information about you in connection with your employment. This information may include your name, date of birth, contact information, and any other information you provide, or provided on your behalf, as part of our induction and compliance processes. This information will be used for the purposes of our recruitment process and, if successful, managing your employment, in accordance with the requirements of the Privacy Act 1988 (Cth). 

Users of our website and mobile applications

We may also collect the following information from you:

where devices are enabled to connect to, or are identifiable by, in-centre infrastructure (for example, in-Centre WiFi networks or blue tooth transmitter (beacon) infrastructure), we and our third party providers may automatically collect data from those devices including usage, type of device and location and proximity of your wireless device in-centre, centre arrival and departure time, and other data which users consent to us collecting from time to time;

  • the fully qualified domain name from which you accessed our websites, or alternatively, your IP address;
  • device ID number (MAC address);
  • the date and time you accessed each page on our websites;
  • the URL of any webpage from which you accessed our websites or using in-centre WiFi, and the details of any mobile apps you have accessed from a device using in-Centre WiFi;
  • publicly accessible social media posts and any personal information you allow us to collect by linking your account on our website with a third-party social-networking site including but not limited to Facebook, Twitter, or Google+;
  • the web browser that you are using and the pages you accessed; and

We are collecting this information (and may use or hold this information) for the following purposes:

  • to identify web page and store preferences;
  • to improve our website, applications or in-centre experiences;
  • for the purposes of and incidental to your use of in-centre Wi-Fi services (if applicable), our mobile apps, online services and gift card services;
  • to measure shopper numbers, characteristics and demographics, and analyse shopper behaviour in order to continuously improve our centres and for use otherwise in connection with our business;
  • to send to you special deals and discounts, surveys and other marketing materials based on your location or known web usage; and
  • for other purposes to which you, either expressly or impliedly, consent to, and for the purposes set out in these terms and conditions, we may provide this information to QIC’s agents, contractors, service providers, joint venture and commercial partners and regulatory authorities.

We may transfer your personal information to others in countries outside Australia (including to those that operate our cloud servers outside of Australia).

QIC may use anonymised data for the purposes set out above and to inform our promotional and marketing strategies, as well as research and profiling purposes including customer demographics, interests and behaviours based on personal information and other information provided to us. This research may be compiled and analysed on an aggregate basis, and we may share this aggregate data with our affiliates, agents and business partners. This aggregate information does not identify you personally. We may also disclose aggregated information in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

QIC may connect information you provide to us for one purpose, with other information for use for one or more of the above purposes. If you access or log-in to an in-centre Wi-Fi service, and we already hold other information (both personal or non-personal) that can be associated to you or the device on which you are accessing the Wi-Fi service (including, but not limited to a device ID number (MAC address)), then that information may be linked with personal information we hold about you as set out in this Policy, and will be treated in the same manner as the personal information to which it has been linked.

Unsolicited information

If we receive personal information about you that we did not ask for either directly from you, from someone on your behalf, or through someone on our behalf, and we determine that we could have collected this information from you had we asked for it, we will take reasonable steps to notify you, as soon as practicable, that we have collected your personal information. If we could not have collected this personal information from you (or if you do not agree to us collecting information in this way), we will lawfully de-identify or destroy that personal information. Any unsolicited information provided by you, someone on your behalf or someone on our behalf, will be used for the purposes for which it was provided.

Who collects this information

Personal information collected about individuals (as described above) may be collected by, or on behalf of:

  • QIC; and 
  • Third party suppliers who provide digital platform services to QIC and its customers. 

Information may also be collected by QIC on behalf of other people as set out in notices given to individuals, or consents given by individuals, at or prior to the time the personal information is collected.

Sensitive Information

Generally, we do not collect sensitive information unless required by law or where you consent for us to do so (and in any event only where it is relevant). We will not collect sensitive information about you where this is expressly prohibited by local law.

Sensitive information includes information relating to:

  • racial or ethnic origin; 
  • political opinions; 
  • religious or philosophical beliefs; 
  • memberships of professional and trade associations or unions; 
  • biometric and health information; and 
  • information about your affiliation with certain organisations, such as professional associations.  

As a general rule, the only type of sensitive data we hold is in relation to an individual’s professional or trade association membership. 

Disclosure of personal information

We understand how important it is to keep your personal information private, so we will disclose personal information we have about you only in certain specific circumstances, when:

  • you agree to the disclosure; or
  • we use it for the purposes we collected it; or
  • disclosure is required or authorised by law.

To the extent permitted by law, we may also disclose information about you to:

  • third party suppliers and service providers located overseas (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
  • government agencies as part of our statutory obligations;

or as otherwise permitted by law.

We do not sell personal information for marketing purposes to other organisations.

We will not send your personal information outside Australia unless it is authorised by law and we can be satisfied that the recipient of the personal information has adequate data protection arrangements in place.

Any data sharing will be in compliance with the local privacy laws and governed by our strict standards and policies, and where appropriate, confidentiality and other agreements to ensure your information is secure and treated with the utmost care and respect. By consenting and providing your personal information to QIC, you agree to this processing.

Storage of information

We protect personal information with appropriate safeguards and security measures and restrict access to those who have a legitimate business purpose and reason for accessing it. Personal information is only retained for as long as it is necessary for the identified purposes or as required by law.

All personal information collected by QIC is held securely, whether on QIC’s physical files, in QIC’s computer systems or in a database (which may be hosted by QIC’s or a third party on QIC’s behalf). This information is only made available to QIC’s staff on a 'need to know' basis and for the purposes outlined above or to other people as outlined in this Policy who have agreed to treat that information confidentially. These databases are protected by a firewall as well as host-based security.

Your personal information may be transmitted over the internet once it has been stored in a database and may also be transferred across borders to recipients in foreign countries other than Australia and New Zealand, and may be stored on servers, using databases or via cloud technology in a number of countries other than Australia and New Zealand, including regions such as the Americas, the European Union and Asia, where doing so is part of QIC’s ordinary business practices relating to the storage of data and where permitted by law.

Examples of the steps QIC takes to protect the security of the personal information we hold include:

  • robust physical security of QIC’s major datacentres and infrastructure including electronic locks, alarms, video recording devices and environmental / infrastructure monitoring;
  • sophisticated system security including:
  • Network controls for all devices of the QIC network such as firewalls, Intrusion Prevention, Anti-Virus, Web Application Firewall, Advanced Threat Detection, Data Loss Prevention, system hardening, Wireless Access Controllers and secure network design;
  • RSA two-factor authentication for remote access functionality ;
  • Advanced password protection controls coupled with strength and reuse rules;
  • comprehensive enterprise-wide staff awareness and education on privacy topics such as data governance, cyber-security, data breaches and phishing scenario testing;
  • ongoing monitoring and oversight where regular security assessments are performed on all critical IT assets, systems and third parties; and
  • destroying information when no longer required.

If other organisations provide support services, we require them to take appropriate technical and organisational measures to secure the privacy of the information provided to them.

Do Not Track Signals

Some web browsers incorporate a “Do Not Track” (DNT) feature that signals to web services that a visitor does not want to have his/her online activity tracked. DNT is not a standardised feature in browsers and not all web browsers offer DNT options, which prevents QIC guaranteeing support of the feature to users. As such, while respecting users privacy and their ability to request that data not be collected, or deleted on request, we and many other website operators do not, as standard, respond to DNT signals.

Links

Our website may contain links to websites operated by third parties. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, or security of those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from this Policy, so we encourage individuals to read them before using those websites.

Information access and correction

At QIC, decisions and actions may be taken or made on the basis of personal information in our possession and we take reasonable steps to keep personal information as accurate, complete, and up-to-date as is necessary. 

You have rights to access, update and correct your personal information held by us. We will take reasonable steps to ensure that personal information is up-to-date, accurate and complete.
If you wish to access, update or correct your personal information held by us, please contact your relevant shopping centre manager or our Privacy Officer, whose details appear below.

Opting Out of Communications

If you receive marketing communications from us, you may easily request not to receive such communications from us by following the instructions on the communication to opt-out or unsubscribe from further communications.  

Resolving enquiries or complaints

If you have any questions, concerns or complaints about the treatment of your personal information please contact your centre manager. 

If your concerns have not been resolved to your satisfaction, please contact our Privacy Compliance Officer by emailing privacy@qic.com.  We will respond to let you know who will be handling your matter and when you can expect a further response.

If your concerns are not resolved to your satisfaction, you may be able to escalate your complaint to the Office of the Australian Information Commissioner on 1300 363 992 or by email on enquiries@oaic.gov.au. You can also visit their website and obtain further information relating to the Australian Privacy Legislation and the Australian Privacy Principles at www.oaic.gov.au.

The website is an Australian based website, and it is not intended to provide services to EU residents, and its terms may not be fully consistent with the General Data Protection Regulation. If you are an EU resident and you choose to use the Website then you do so at your own risk, and on the terms of the website.

Changes to our Privacy Policy 

This Policy outlines our current privacy standards. We may vary our Policy from time to time. We will notify you of any changes by publishing the latest policy from time to time at qicgre.com/privacy-policy.

Further Information

QIC Limited 130 549 123

This document is subject to the QIC GRE disclaimer and website access terms and conditions.