Privacy Policy

Privacy Policy

Effective as of 29 June 2022

Hines is sensitive to the confidentiality of your personal data and has created this website privacy policy (the “Privacy Policy”) in order to demonstrate Hines’ commitment to privacy. This Privacy Policy applies to all personal data you provide to Hines, or Hines obtains from you, through the Hines Site and also to the collection, use, disclosure and/or processing of personal data to which data protection and privacy laws apply. If consent to and acceptance of this Privacy Policy is required under applicable law for it to be effective, then by using the Site, you are deemed to have consented to and accepted the terms and conditions of this Privacy Policy.

  • Brazil residents please click here.
  • California residents please click here.
  • Singapore residents please click here.
  • Mainland China residents please click here.

If we change our Privacy Policy we will post the changes on this page and may place notices on other pages of the Site, so that you may be aware of the information we collect and how we use it at all times.

This Privacy Policy is issued on behalf of the Hines Group (Hines, “We”, “Our”, “Us”) group of entities, so when we mention “we”, “our” or “us” we are referring to the relevant company that is accountable for and controls or processes your personal data as further set out in the Hines Entities addendum. The entity responsible for this Site, and this Privacy Policy, is Hines Interests Limited Partnership (USA).

The list below sets out what is covered in this Privacy Policy.

  • 1. THE TYPES OF PERSONAL DATA WE COLLECT
  • 2. HOW WE USE YOUR PERSONAL DATA
  • 3. PERSONAL DATA WE SHARE TO THIRD PARTIES
  • 4. INTERNATIONAL DATA TRANSFERS
  • 5. HOW WE PROTECT YOUR PERSONAL DATA
  • 6. HOW LONG WE KEEP YOUR PERSONAL DATA
  • 7. MODIFICATION OF YOUR CHOICES AND PREFERENCES
  • 8. YOUR RIGHTS
  • 9. THIRD PARTY INFORMATION
  • 10. TERMS OF USE
  • 11. PRIVACY POLICY FOR CHILDREN
  • 12. DEFINITIONS
  • 13. CHANGES IN PRIVACY POLICY
  • 14. MORE INFORMATION

1. THE TYPES OF PERSONAL DATA WE COLLECT

1.1 Many of the services offered by Hines require us to obtain personal data about you in order to perform the services we have been engaged to provide. You may be unable to access the Site if such personal data is not provided. We may collect and process the following personal data about you:

(A) Information that you provide to Hines. This includes information about you that you provide to us voluntarily. The nature of the services you are requesting will determine the kind of personal data we might ask for, though such information may include:

      • (1) basic personal data (such as first name; family name; position in the company; company name; company email address; business phone number; business address; city; postcode; country); and
      • (2) any information that you choose to share on the Site which may be considered personal data (such as job and education history, comments, responses to questions).

      (B) Information that we collect or generate about you. This includes:

      • (1) any information regarding the services purchased and/or used on the Site and our interactions with you;
      • (2) a file with your contact history to be used for enquiry purposes so that we may ensure that you are satisfied with the services which we have provided to you;
      • (3) through our cloud security services, traffic and security reports that include information on the internet usage of the organisation’s computer users (e.g. what websites were visited by each user, any documents downloaded, security incidents, prevention measures taken by the gateway, etc.);
      • (4) marketing and communications data such as your preferences in receiving marketing from us and our third parties and your communication preferences; and
      • (5) activity data relating to the publication of content or the use of protected documents on the Site, such as altering a document’s permissions and information

      (C) Cookies

      • (1) As visitors browse the Site, Hines may collect information about the visit. Hines may monitor statistics such as the number of visitors we have to our Site, which pages are visited, the browsers our visitors use and the domains our visitors come from but none of this information is associated with any visitor as an individual.

      (D) Anonymised data

      • (1) In addition to the categories of personal data described above, Hines will also process further anonymised information and data that is not processed by reference to a specific individual.
      • (2) Such anonymised data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect anonymised with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

      2. HOW WE USE YOUR PERSONAL DATA

      2.1 Your personal data may be stored and processed by us in the following ways and for the following purposes:

      (A) for ongoing review and improvement of the information provided on the Site to ensure it is user friendly and to prevent any potential disruptions or cyber attacks;

      (B) to allow you to use and access the functionality provided by our products (“Hines Products”);

      (C) to assess your application for Hines Products or our services (“Hines Services”), where applicable;

      (D) to evaluate your interest in employment and contacting you regarding possible employment with Hines;

      (E) to set up clients to use Hines Products or Services;

      (F) to conduct analysis required to detect malicious data and understand how this may affect your IT system;

      (G) for statistical monitoring and analysis of current attacks on devices and systems and for the on-going adaptation of the solutions provided to secure devices and systems against current attacks;

      (H) to understand feedback on Hines Products and Services and to help provide more information on the use of those products and services quickly and easily;

      (I) to communicate with you in order to provide you with services or information about Hines and Hines Products and Services (including for marketing purposes);

      (J) for in-depth threat analysis;

      (K) to understand your needs and interests;

      (L) for the management and administration of our business;

      (M) to anonymise personal data and preparing and furnishing aggregated data reports showing anonymized information;

      (N) enforcing our terms and conditions or other legal rights;

      (O) in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and internal policies and procedures; or

      (P) for the administration and maintenance of databases storing personal data.

      2.2 However when we use personal data we make sure that the usage complies with applicable law and the law allows us and requires us to use personal data for a variety of reasons. These include where:

      (A) we need to do so in order to perform our contractual obligations with our clients;

      (B) we have obtained your consent;

      (C) we have legal and regulatory obligations that we have to discharge;

      (D) we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; and

      (E) the use of your personal data as described is necessary for our legitimate business interests, such as:

      • (1) allowing us to effectively and efficiently manage and administer the operation of our business;
      • (2) maintaining compliance with internal policies and procedures;
      • (3) monitoring the use of our copyrighted materials;
      • (4) enabling quick and easy access to information on Hines services;
      • (5) offering optimal, up-to-date security solutions for mobile devices and IT systems; and
      • (6) obtaining further knowledge of current threats to network security in order to update our security solutions and provide these to the market.

      2.3 We will take steps to ensure that the personal data is accessed only by authorized employees, representatives and service providers of Hines who have a need to access your personal data for the purposes described in this Privacy Policy and that, in any case, are subject to confidentiality obligations.

      3. PERSONAL DATA WE SHARE TO THIRD PARTIES

      3.1 In connection with one or more of the purposes outlined in the “How we use your personal data” section above, we generally disclose details about you to:

      (A) other members of the Hines Group which are set out in the Hines Entity Addendum. We will take steps to ensure that access to personal data is restricted to Hines authorized employees who have a lawful basis to access your personal data and only for the purposes described in this Privacy Policy. We may jointly use your personal data stipulated in Section 1 of this Privacy Policy. The Hines Group uses your personal for the purposes stipulated in Section 2 of this Privacy Policy, and the party responsible for the joint use is Hines Interests Limited Partnership whose address and representative's name in the Hines Entity Addendum;

      (B) professional advisors and third parties that provide services to us and/or other members of the Hines Group (such as IT systems providers, platform providers, financial advisors, consultants (including lawyers and accountants), providers of HR and recruitment services and other goods and services providers (such as providers of marketing services where we are permitted to disclose your personal data to them) and in all cases such transfers will be under a legal basis as set out in Section 2 of this Privacy Policy and subject to appropriate safeguards including data processing agreements where required;

      (C) intermediaries, brokers, and other individuals and entities that partner with us;

      (D) competent authorities (including any national and/or international regulatory or enforcement body or court or other form of tribunal, where we (or any other member of the Hines Group) are required to do so by applicable law or regulation at their request); and

      (E) any central or local government department and other statutory or public bodies where we (or any other member of the Hines Group) are required to do so by applicable law or regulation at their request).

      4. INTERNATIONAL DATA TRANSFERS

      4.1 As a global company, Hines may need to transfer your personal data out of the country or jurisdiction in which it was originally collected. For a list of countries to which Hines may transfer your personal data, please see the third country addendum. You should be aware that these countries may not have similar data protection laws to the country in which your personal data was originally collected. In such cases, Hines will ensure that there are adequate safeguards in place to protect your personal data with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Policy.

      4.1 In relation to data being transferred outside the EEA or UK, for example, adequate safeguards may be implemented in one of the following ways:

      (A) the country that we send the data to might be approved by the European Commission or the UK Government as offering an adequate level of protection for personal data;

      (B) the recipient might have signed up to a contract based on “standard contractual clauses” approved by the European Commission or the UK Government, obliging them to protect your personal data;

      (C) the recipient may have adhered to binding corporate rules (only for intragroup transfers); or

      (D) in other circumstances the law may permit us to otherwise transfer your personal data outside the EEA or UK.

      4.2 In other circumstances the law may permit Hines to transfer your personal data outside the EEA or the UK. In all cases, however, Hines will ensure that any transfer of your personal data is compliant with the applicable data protection law.

      4.3 For transfer of personal data outside of the original location of collection for any other country or jurisdiction, it will be protected and transferred in a manner consistent with the applicable legal requirements, and Hines will take reasonable steps (for example through a contract with the overseas recipient) to ensure that the overseas recipient does not breach the applicable privacy laws in relation to the data.

      4.4 You can obtain more details of the protection given to your personal data when it is transferred to a country or jurisdiction other than the country or jurisdiction in which it was originally collected (including, where applicable, a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us as described in Section ??14 below.

      If you object to your personal data being transferred or used in this manner please do not register with or use the Site.

      5. HOW WE PROTECT YOUR PERSONAL DATA

      5.1 We have extensive controls in place to maintain the security of our information and information systems. Client files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where personal data is gathered, processed or stored is limited to authorised Hines employees. You can obtain more details of the measures to protect your personal data by contacting us as described in Section 14 below to the extent permitted by applicable law.

      5.2 As a condition of employment, Hines employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive personal data is limited to those employees who need to it to perform their roles and are duly authorized by Hines to access such data. Unauthorised use or disclosure of confidential client information by a Hines employee is prohibited and may result in disciplinary measures.

      5.3 When you contact a Hines employee about your file, you may be asked for some personal data. This type of safeguard is designed to ensure that only you, or someone authorised by you, has access to your file.

      6. HOW LONG WE KEEP YOUR PERSONAL DATA

      6.1 We will hold your personal data on Hines’ systems (or those of our service providers) for as long as is necessary to fulfil the purpose for which it was collected or to comply with applicable legal, regulatory or internal policy requirements.

      7. MODIFICATION OF YOUR CHOICES AND PREFERENCES

      7.1 If you do not wish to receive communications from Hines regarding offers or other third party products and services, you may opt out of receiving such communications by unsubscribing, e-mailing or writing to Hines as provided in the Section ?14 below; or in the event that you receive an e-mail from Hines regarding such matters, you may simply reply to the e-mail in question and request that you receive no further correspondence from Hines regarding such matters. You may also follow this procedure to change or update information you have previously provided to Hines at any time.

      7.2 Your election not to receive promotional and marketing correspondence from us will not: (a) preclude us from corresponding with you on a transactional basis, by e-mail or otherwise, regarding your existing or past relationship with us; or (b) preclude us, including our employees, contractors, agents and other representatives, from accessing and viewing your personal data in the course of maintaining and improving the Site.

      8. YOUR RIGHTS

      8.1 In all the cases in which we collect, use or store personal data to which data protection and privacy laws apply, you may have the following rights which you can exercise. Depending on the applicable data protection and privacy law, these rights may include:

      (A) the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you including the history of the personal data that you have provided to Hines as long as it is held in accordance with applicable law;

      (B) the right to confidentiality of your personal data;

      (C) the right to withdraw your consent to the processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason for doing so. For example, we may need to retain personal data to comply with a legal obligation;

      (D) in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided directly to Hines;

      (E) the right to access or request that we rectify or renew your personal data if it is inaccurate or incomplete, without disturbing the personal data

      (F) management system,;

      (G) the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data, but we are legally entitled to retain it;

      (H) the right to object to, or request that we restrict or suspend, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to refuse that request;

      (I) the right to lodge a complaint with us and/or with the relevant data protection regulator if you think that any of your rights have been infringed by us, including failure to protect your personal data; and

      (J) the right to provide instructions regarding the processing of their data after a data subject’s death.

      8.2 You can exercise your rights by contacting us using the details listed in Section ??14 below.

      8.3 Further information about your rights may be obtained by contacting the supervisory data protection authority located in your jurisdiction (or if applicable, by the method as set out in your country supplement to this Privacy Policy).

      9. THIRD PARTY INFORMATION

      The Site may provide you with links to other websites. This Privacy Policy does not apply to any information that you may provide to third parties, such as through other websites linked to Hines’ Site. Hines is not responsible for those websites and cannot control the content of what is offered on those websites, or on links from those websites, or the privacy policy or data security, if any, of those websites.

      10. TERMS OF USE

      Please take the time to read our Terms of Use, including the limitations on damages and application of the law of the state of Texas. These terms govern our interactions as a legal contract, and we welcome and encourage the time you spend becoming familiar with these legal terms as much as we welcome the time you spend on our Site and your support of Hines.

      11. PRIVACY POLICY FOR CHILDREN

      This Site is not directed to children. We do not knowingly collect information from children under the age of consent required by applicable law in the jurisdiction you access the Site. If you are under the age required by applicable law, please do not provide any personal data to us. If we become aware that we have collected personal data from a child under the age required by applicable law, we will make commercially reasonable efforts to delete such information from our database.

      12. DEFINITIONS

      When we say “we” or “us” or “Hines” in this Privacy Policy, we mean Hines Interests Limited Partnership, our affiliates as set out in the Hines Entity Addendum and those agents we use to provide services on our behalf. When we say “Site”, we mean www.hines.com and all other websites developed, owned or maintained by Hines Interests Limited Partnership and its affiliates.

      13. CHANGES IN PRIVACY POLICY

      Hines reserves, in its sole discretion, the right to revise this Privacy Policy at any time by updating this posting.

      14. MORE INFORMATION.

      If you have any questions about this Privacy Policy or wish to contact Hines in connection with any information contained in this Privacy Policy or to exercise the rights mentioned above, regardless of which country you may be writing from, please write to:

      Hines Interests Limited Partnership

      Texas Tower
      845 Texas Ave., Houston, Texas 77002

      Contact person: Fiona Hipkiss
      Designation of the contact person: Chief Compliance Officer

      Phone Number: 1-833-521-0510
      E-mail: hinesprivacysupport@hines.com