Effective as of June, 29, 2022
1. THE TYPES OF PERSONAL INFORMATION WE COLLECT
1.1 “Personal information” is any information relating to an identified or identifiable natural person, recorded electronically or in other manners, excluding anonymised information. Many of the services offered by Hines require us to obtain personal information about you in order to perform the services we have been engaged to provide. Users may be unable to access the Site if such personal information are not provided. We may collect and process the following personal information about you:
- Information that you provide to Hines. This includes information about you that you provide to us. The nature of the services you are requesting will determine the kind of personal information we might ask for, though such information may include (by way of a non-exhaustive list):
- basic personal information (such as first name; family name; position in the company; company name; company email address; business phone number; business address; city; postcode; country); and
- any information that you choose to share on the Site which may be considered personal information (such as job and education history, comments, responses to questions).
- Information that we collect or generate about you. This includes (by way of a non-exhaustive list):
- any information regarding the services purchased and/or used on the Site and our interactions with you;
- a file with your contact history to be used for enquiry purposes so that we may ensure that you are satisfied with the services which we have provided to you;
- through our cloud security services, traffic and security reports that include information on the Internet usage of the organisation’s computer users (e.g. what websites were visited by each User, any documents downloaded, security incidents, prevention measures taken by the gateway, etc.);
- marketing and communications data such as your preferences in receiving marketing from us and our third parties and your communication preferences; and
- activity data relating to the publication of content or the use of protected documents on the Site, such as altering a document’s permissions and information regarding the individual that performed the activity.
- Information we obtain from other sources. This includes the personal information provided to us by any third-party cookies we deploy on the Site or by third-party service providers, agencies or other publicly available sources where applicable.
- As visitors browse the Site, Hines may collect information about the visit. Hines may monitor statistics such as the number of visitors we have to our Site, which pages are visited, the browsers our visitors use and the domains our visitors come from but none of this information is associated with any visitor as an individual.
- Anonymised data
- In addition to the categories of personal information described above, Hines will also process further anonymised information and data that is not processed by reference to a specific individual.
- Such anonymised data could be derived from your personal information but is not considered personal information in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect anonymised data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this notice.
2. HOW WE USE YOUR PERSONAL INFORMATION
2.1 Your personal information may be stored and processed by us in the following ways and for the following purposes:
- for ongoing review and improvement of the information provided on the Site to ensure they are user friendly and to prevent any potential disruptions or cyber attacks;
- to allow you to use and access the functionality provided by our products (“Hines Products”);
- to assess your application for Hines Products or our services (“Hines Services”), where applicable;
- to evaluate your interest in employment and contacting you regarding possible employment with Hines;
- to set up clients to use Hines Products or Services;
- to conduct analysis required to detect malicious data and understand how this may affect your IT system;
- for statistical monitoring and analysis of current attacks on devices and systems and for the on-going adaptation of the solutions provided to secure devices and systems against current attacks;
- to understand feedback on Hines Products and Services and to help provide more information on the use of those products and services quickly and easily;
- to communicate with you in order to provide you with services or information about Hines and Hines Products and Services (including for marketing purposes);
- for in-depth threat analysis;
- to understand your needs and interests;
- for the management and administration of our business;
- to anonymise personal information and preparing and furnishing aggregated data reports showing anonymized information;
- enforcing our terms and conditions or other legal rights;
- in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and internal policies and procedures; or
- for the administration and maintenance of databases storing personal information.
2.2 However we use personal information we make sure that the usage complies with applicable law and the law allows us and requires us to use personal information for a variety of reasons. These include:
- we have obtained your consent;
- we need to do so in order to conclude or perform the contract to which the relevant data subject is a party;
- we have legal and regulatory obligations that we have to discharge;
- we need to do so in order to respond to public health emergencies or to protect the life, health and property safety of natural persons under emergencies; and
- the personal information has been made public by the data subject or through other lawful channels and is processed by us within a reasonable scope.
2.3 We will take steps to ensure that the personal information is accessed only by employees of Hines that have a need to do so for the purposes described in this notice.
3. PERSONAL INFORMATION WE SHARE TO THIRD PARTIES
3.1 In connection with one or more of the purposes outlined in the “How we use your personal” section above, we generally disclose details about you to:
- other members of the Hines Group. We will take steps to ensure that access to personal information is restricted to Hines employees who have a lawful basis for access to the personal information and only for the purposes described in this notice. You may find the contact details of Hines regional offices via this link;
- professional advisors and third parties that provide services to us and/or other members of the Hines Group (our “Entrusted Parties” such as IT systems providers, platform providers, financial advisors, consultants (including lawyers and accountants), providers of HR and recruitment services and other goods and services providers (such as providers of marketing services where we are permitted to disclose your personal information to them)). Some of our Entrusted Parties are located outside of Mainland China;
- intermediaries, brokers, and other individuals and entities that partner with us. These third parties may decide at their own discretion why and how they will process your personal information, instead of acting on our behalf. Hines Group will require such external personal information processors to comply with applicable data protection laws and regulations and relevant agreements. But please note that such parties are accountable for their own processing activities
- competent authorities (including any national and/or international regulatory or enforcement body or court or other form of tribunal, where we (or any other member of the Hines Group) are required to do so by applicable law or regulation at their request); and
- any central or local government department and other statutory or public bodies.
4. INTERNATIONAL DATA TRANSFERS
4.1 As a global company, Hines may need to transfer your personal information out of the country in which it was originally collected. For personal information to which the PIPL applies, this may mean transfers outside Mainland China. You should be aware that the destinations may not have similar data protection laws to Mainland China. In such cases, Hines will ensure that there are adequate safeguards in place to protect your personal information with the aim of ensuring that your privacy rights continue to be protected as outlined in this notice.
4.2 In relation to data being transferred outside Mainland China, for example, adequate safeguards may be implemented in one of the following ways:
- the transfer has cleared the security assessment organised by the Cyberspace Administration of China (“CAC”);
- we have received a certification of personal information protection from a designated professional agency;
- we have entered into a data transfer agreement following the standard format determined by the CAC; or
- we have meet other conditions as required by applicable laws or regulations or provided by the CAC.
In all cases, however, Hines will ensure that any transfer of your personal information out of Mainland China is done with your consent and is compliant with the applicable data protection law. You may find the details of such international transfers within the Hines Group set out in the Hines Entity Addendum.
4.3 If you object to your personal information being transferred or used in this manner please do not register with or use the Site.
5. HOW WE PROTECT YOUR PERSONAL INFORMATION
5.1 We have extensive controls in place to maintain the security of our information and information systems, which includes:
- client files are protected with safeguards according to the sensitivity of the relevant information;
- appropriate controls (such as restricted access) are placed on our computer systems; and
- physical access to areas where personal information is gathered, processed or stored is limited to authorised Hines employees.
5.2 As a condition of employment, Hines employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive personal information is limited to those employees who need to it to perform their roles. Unauthorised use or disclosure of confidential client information by a Hines employee is prohibited and may result in disciplinary measures.
5.3 When you contact a Hines employee about your file, you may be asked for some personal information. This type of safeguard is designed to ensure that only you, or someone authorised by you, has access to your file.
6. HOW LONG WE KEEP YOUR PERSONAL INFORMATION
6.1 We will hold your personal information on Hines’ systems for as long as is necessary to fulfil the purpose for which it was collected or to comply with legal requirements.
7. MODIFICATION OF YOUR CHOICES AND PREFERENCES
7.1 If you do not wish to receive communications from Hines regarding offers or other third party products and services, you may opt out of receiving such communications by e-mailing or writing to Hines as provided in Section 15 below; or in the event that you receive an e-mail from Hines regarding such matters, you may simply reply to the e-mail in question and request that you receive no further correspondence from Hines regarding such matters. You may also follow this procedure to change or update information you have previously provided to Hines at any time.
7.2 Your election not to receive promotional and marketing correspondence from us will not: (a) preclude us from corresponding with you, by e-mail or otherwise, regarding your existing or past relationship with us; or (b) preclude us, including our employees, contractors, agents and other representatives, from accessing and viewing your personal information in the course of maintaining and improving the Site.
8. YOUR RIGHTS
8.1 In all the cases in which we collect, use or store personal information to which the PIPL applies, you may have the following rights which you can exercise free of charge. These rights include:
- the right to obtain information regarding the processing of your personal information, including requesting us to explain our rules of personal information processing;
- the right to access to the personal information which we hold about you and obtain a copy of such personal information;
- the right to withdraw your consent to the processing of your personal information at any time. Please note, however, that we may still be entitled to process your personal information if we have another lawful basis for doing so. For example, we may need to retain personal information to comply with a legal obligation;
- the right to request us to transfer your personal information to certain designated personal information processor. We will provide the channel of transfer provided that the conditions specified by the CAC are met;
- the right to request that we rectify your personal information if it is inaccurate or incomplete;
- the right to request that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information, but we are legally entitled to retain it;
- the right to object to, or request that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request;
- where an automated-decision has material impacts on your rights and interests, the right to request explanation on the processing and not being subject to a decision based solely on automated processing; and
- the right to lodge a complaint with the cohttps://www.hines.com/admin/entries/pages/262265-china-privacy-policy#mpetent regulators against illegal processing activities.
8.2 You can exercise your rights by contacting us using the details listed in Section 15 below.
9. THIRD PARTY INFORMATION
This Site is not directed to children. We do not knowingly collect information from children under the age of 14 on the Site. If you are under the age of 14, please do not provide any personal information to us. If we become aware that we have collected personal information from a child under the age of 14, we will make commercially reasonable efforts to delete such information from our database.
When we say “we” or “us” or “Hines” in this notice, we mean Hines Interests Limited Partnership, our affiliates and those agents we use to provide services on our behalf. When we say “Site”, we mean www.hines.com and all other websites developed, owned or maintained by Hines Interests Limited Partnership and its affiliates.
13. CHANGES IN THIS NOTICE
Hines reserves, in its sole discretion, the right to revise this notice at any time by updating this posting.
14. MORE INFORMATION
If you have any questions about this notice or wish to contact Hines in connection with any information contained in this notice or to exercise the rights mentioned above, please write to: