Privacy Policy
ESR ANZ is committed to safeguarding personal information.
For the purpose of Australian and New Zealand privacy laws, this Privacy Policy details how ESR Real Estate Australia Pty Ltd (ESR ANZ), its Australian subsidiaries and its New Zealand operations (together we, our or us) collect and handle personal information, including the purposes for which we collect and use your information and the types of organisations we share it with. It also explains how you can access and correct the personal information we hold about you, and how you can make a complaint about our handling of your personal information.
By providing your personal information to us, using our services or accessing ESR ANZ’s website, you agree to be bound by the terms set out in this Privacy Policy, which may be updated by us from time to time.
You do not have to provide us with your personal information or credit-related information. If you choose not to, we may not be able to provide our products and services to you or consider you for employment.
The Personal Information We Collect
Under the Privacy Act 1988 (Cth), "personal information" is information or an opinion about an identified individual or an individual who is reasonably identifiable. Common examples include a person’s name, address, telephone number or date of birth.
The personal information (including sensitive information and credit-related information) that we collect and hold about you will depend on the products and services we offer you and the nature of your interactions with ESR ANZ. In the table below we list some examples of the personal information we collect and hold about you:
Type of personal information
Examples of what this may include
Personal and contact details
Your name, date of birth, gender, signature, mailing and residential address details, telephone numbers, email addresses, citizenship and/or residency details, foreign tax residency status, employment details and status, work permits, salary details, work history and bank account and credit card information, interests, preferences, opinions, enquiry/complaint details and social media profiles. Where an individual operates a business, we may also collect information about directorships, shareholders, Australian Business Numbers, Australian Company Numbers etc
Photographs or videos
Passport or other official photographic document, photograph or video images, CCTV and video camera footage - we, and third parties acting on our behalf, may collect CCTV and video camera footage.
Interaction and behavioural information
Your interactions with us, including your direct email marketing behaviour, social media campaign engagement, queries or complaints.
Pages viewed and browsing behaviour on our websites and applications.
How you navigate through our websites and interact with our webpages, including fields completed in forms and applications.
Through social media platforms (including any posts that refer to us).
Digital (or electronic information)
The date and time of your visits to our webpages, geographical information, information about the device used to visit our website (including your tablet or mobile device) such as device IDs and IP addresses, the date, time and frequency of accessing our website and other digital services, and geolocation where you provide permission in your device settings.
Our website may also use other technical methods to track and analyse the traffic patterns on our website. We may collect the information from these technical methods in a form that is personally identifiable.
Mobile Devices - data relating to the device identification code, profile pictures that you upload to mobile applications or websites developed by us.
How We Collect Personal Information
We may collect personal information directly from you during the normal course of business and workplace practices, through your access and use of our website, from mobile applications developed by us or on our behalf, during conversations with our representatives or when enquiries are made with us.
Aside from the personal information you provide to us directly, we may also find information about you from other sources such from:
our related companies;
publicly available sources of information, such as land title or real property registers held by each state and territory, the Personal Property Securities Register, public insolvency registers and registers of banned and disqualified persons for the purpose of reviewing applications for our products and services;
for entities who are business, corporate or institutional customers, for example where you are a representative, director, shareholder, corporate officer or signatory, beneficiary or shareholder of one of our customers or contractors, or otherwise give instructions on behalf of a customer or contractor;
your current or previous employer or any person you provide as a reference;
information service providers (such as providers of credit status information), law enforcement agencies, Government agencies and other parties with whom we exchange information.
We may engage third parties to collect personal information on our behalf, including credit reporting agencies, Government agencies in connection with the management of properties owned or managed by us.
We may also collect personal information from publicly available registers/websites where you have voluntarily made your personal data available (e.g. LinkedIn).
Use and Disclosure of Personal Information
We, and third parties acting on our behalf collect, hold, use and disclose personal information to conduct our business activities, comply with our legal obligations and as otherwise permitted by law. When you share information with us, some of the ways we may use your personal information include:
To provide our products or services and administer our relationship with you.
To understand your financial/credit position.
To provide customer support, including responding to enquiries and requests or dealing with any complaints.
For marketing and research purposes, including for the purpose of improving our products and services.
For legal and administrative purposes such as identifying individuals, maintaining and updating our records, protecting and enforcing our legal rights, verifying and processing payments, screening against fraud, screening against money laundering and other criminal or unlawful activities, assessing proposed agreements, managing our projects and sites (including security management) and ensuring the financial status of an entity.
To consider your suitability for a role with us.
We may also use information for the purposes related to those described above which would be reasonably expected.
We may collect non-personally identifiable information, including anonymous information and aggregate data. This is information that does not personally identify any individual. We may use this information to understand better how visitors use our website, research our website visitors’ demographics, interests, behaviours, and provide customised service and information and for other similar purposes. We may combine this information with personally identifiable information. We may share this information with others, such as investors, for information or promotional purposes to the extent permitted by law.
DisclosureWe may disclose personal information as described below:
Our employees, officers, related companies, associates and third parties acting on our behalf, who will use the data to provide the service. These may include insurers, IT service providers, facilities managers, background screening providers, accountants, legal and tax advisers and catering service providers etc. We may also share your personal data with a purchaser or potential purchaser of our assets or business.
In relation to staff and job applicants, we may exchange personal information with academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, referees and current, previous and prospective employers.
Government and regulatory authorities and bodies to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding, in response to a law enforcement agency request or to conduct checks, including credit and fraud checks to enable us to provide our products and services.
To protect the safety and security of the relevant individual, us, our website, our databases, third parties and the security of tangible or intangible property that belongs to the relevant individual, us or third parties.
Where we disclose your personal information to third parties, we will require that the third party follow the requirements of the Privacy Act regarding handling your personal information.
We may use your personal information to offer you products and services we believe may be of interest and value to you. The products and services offered may be provided by us or by one of our third-party partners. Products and services may be offered to you by various means, including by mail, telephone, email, SMS, or other electronic means, such as through social media or targeted advertising through our website. If you do not want to receive direct marketing offers from us, you can contact us using the contact details below or through the opt-out facility provided to you in each marketing message.
Storage, Transmission and Security of Personal Information
Information that we collect may from time to time be stored, processed in or transferred between parties located in countries outside of Australia and New Zealand, including countries with a lower level of data protection than in the country in which you are located. These may include, but are not limited to, Singapore, People’s Republic of China, Japan, South Korea, India and United States of America.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality.
We are committed to ensuring that the personal information provided to us is kept securely. In order to prevent unauthorised access or disclosure, we maintain commercially reasonable physical and electronic means to safeguard and secure personal information. These may include, for example, the protection of passwords using industry standard encryption, measures to preserve system security and restrict unauthorised access, and back-up systems to reduce the risk of accidental or malicious loss of data. We may use third party providers to store personal information electronically and we take reasonable steps to ensure this information is held securely.
We will retain personal information for as long as is necessary for the processing purpose(s) for which it was collected and any other permitted linked purpose (for example where we are required to retain personal information for longer than the purpose for which we originally collected it in order to comply with certain regulatory requirements). Our retention periods are based on business needs and in line with legal and regulatory retention periods. We will take reasonable steps to ensure that any personal information that is no longer needed is either irreversibly anonymised (and the anonymised information will be retained) or securely destroyed.
Data Breach Response
If you become aware of any misuse, interference or loss or any authorised access, modification or disclosure of personal information held by us (a "Data Breach"), please notify our Privacy Officer immediately.
If we become aware of a Data Breach, we will promptly investigate the incident, and take reasonable steps to contain and remedy the Data Breach. We will take steps to notify the relevant person(s) as soon as practicable if we believe that the Data Breach would be likely to result in serious harm to them.
After investigating a Data Breach, we may disclose information about the incident to the Office of the Australian Information Commissioner and to law enforcement agencies in order to comply with our reporting obligations under the relevant Privacy legislation.
Accessing and Updating Your Information
We will take reasonable steps to ensure that all personal information we collect from individuals is accurate, complete and up to date. To help us do this, please notify us of any change to your personal information.
We will provide individuals with reasonable opportunity to contact us to access their personal information held by us and correct any inaccuracies or update their personal information. We may require such individuals to verify their identity prior to accessing or making changes to the information. We will provide our reasons if we deny any request for access to or correction of personal information. Where we decide not to make a requested correction to an individual’s personal information and they disagree, such individual you may ask us to make a note of their requested correction with the information.
Cookies
Cookies are small pieces of information stored on your device hard drive or in memory. We use cookies to collect personal information directly from you when you interact with us through our public and secured websites, mobile or tablet applications. We collect limited personal information about you via cookies for the following purposes:
Purpose
Description
Security
Cookies can help secure a user’s experience by simplifying login, maintaining session integrity or validating content entered into form fields. We do this to effectively manage our business risks.
Personalise and improve your customer experience
Cookies can be used to remember user preferences or understand traffic or webpages. We do this to:
help us to remember you the next time you visit our websites;
help us identify products and services that may be of interest and value to you;
tailor digital content to your likely interests; and
improve the pages or sites visited by making them faster or more efficient.
Measurement and analysis
Cookies can be used to collect data (including location) about users who interact with our public and secured websites, mobile or tablet applications. This data is stored and analysed by us. We do this to measure effectiveness of our marketing, including via third parties, to improve our services to you.
Marketing and communication
Cookies can be used to launch segment targeted marketing campaigns, promote new services or websites and send segment or targeted messages to you. We do this to:
determine which products or services may be of interest and value to you and to tell you about them;
advise you of new services or website or app features; and
send relevant messages to you.
This Privacy Policy does not concern any website to which our website may link. Should you choose to visit these third-party sites, you should review their privacy policies to ensure that you understand and are comfortable with their practices concerning your personal information.
Changes to Privacy Policy
We may modify this Privacy Policy at any time, in our sole discretion and all modifications will be effective immediately upon the adoption of such changes by us.
This Privacy Policy was last updated in Setpmber 2025.
Privacy Concerns
If you have concerns or queries about our handling of your personal information including if you want to check personal information we hold, you can contact us as set out below.
Contact: Privacy Officer
Phone: +612 9186 4700
Email: co-sec@esr.comIf your complaint is not resolved by our Privacy Officer, you can contact:
If you are in Australia: The Office of the Australian Information Commissioner at www.oaic.gov.au or on 1300 363 992 or GPO Box 2999, Canberra ACT 2601, Australia.
If you are in New Zealand: By contacting the Office of Privacy Commissioner https://www.privacy.org.nz/your-rights/making-a-complaint-to-the-privacy-commissioner/