Privacy notice

3D Assets_2.jpg

IFM Investors Pty Ltd (“IFM Investors”) of Level 33, 50 Lonsdale Street, Melbourne Vic 3000 Australia and its subsidiaries (hereafter “IFM Group”, “we”, “our” or “us”) are committed to ensuring the confidentiality and security of your personal information and acting in accordance with your rights under applicable data protection law, including the EU General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR).

For the purposes of the GDPR and the UK GDPR this Privacy Notice is provided by the IFM Group entity with whom you have a relationship.

Information we collect

When you register with the IFM Group as an individual authorised to act on behalf of a potential client or investor organisation, or behalf of yourself, we will collect personal information   which may include:

·       name, organisation, job title, address (work or home), date of birth, gender, email address (work or personal) and any other information contained in the evidence of identity provided by you on your organisation's behalf or on your behalf;

·       contact numbers (which may include your work number, work mobile number, or personal mobile number and home number); and

·       other information in the event we have legal obligations to collect the same, for instance to comply with regulatory requirements.

You may be unable to register and access the ‘members area’ of this website unless you provide this information.

We also collect general information such as the pages you access, the date and time of your visit, your IP address, cookie identifiers, and the domain name and country from which you access this website.

In addition, we may collect personal information about you from related bodies corporate (including our ultimate parent, Industry Super Holdings Pty Ltd and its subsidiaries and other IFM Group members), funds we manage or advise, service providers, business partners and government agencies. We may also collect information about you in the course of providing services to clients and investors in any IFM funds, such as information about individuals authorised to act on behalf of the client or investor.

How we use your information

We may use your information for the following purposes:

a.       managing the registration of the client or investor your registration relates to and providing you with information you request;

b.       providing investment management, advice and related products and services to you (and/or your employer) (including carrying out diligence and administrative tasks prior to the provision of the services such as undertaking know your client checks and requirements);

c.       receiving products and services from our suppliers in order to carry out our business mentioned in the preceding items;

d.       to comply, or for our affiliates (including other IFM Group members) to comply, with applicable legal requirements under business, financial and employment legislation, e.g. (i) client or counterparty identification for the purposes of meeting anti-money laundering obligations, or (ii) authorised signatory verification to meet our obligations on preventing financial crime; 

e.       administrative, financial accounting, risk analysis, fraud/crime prevention and client relationship purposes;

f.        to correspond with you by email, such as to inform you about products or services you may be interested in, to manage our relationship with you, and to provide you with thought leadership, economic updates and similar publications; and

g.       to manage conflicts of interest.

Grounds for processing

We consider that our use of your information as described above is permitted by applicable data protection law because it is:

         i.            necessary for our or others’ legitimate interests in pursuing the purposes set out in (a) to (g) above, such interests in each case not being overridden by your privacy interests. 

       ii.            necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract; or

     iii.            necessary to comply with a legal obligation to which the relevant IFM Group controller is subject.

Disclosure of your information

We may disclose personal information to the following third parties: 

·       The IFM Group – we may share personal information in certain circumstances with the other companies across the IFM Group or funds managed or advised by us so that we can provide you with a high-quality service across the IFM Group. We may also share personal information with the other companies across the IFM Group or funds managed or advised by us in connection with any transfer of IFM Group’s business or assets.

·       Our service providers – we may share personal information with our service providers who assist us in performing our functions and services. These service providers may include organisations that provide insurance and insurance broking, personnel, archival, mail and delivery, auditing, professional advisory (financial, legal, tax and management consulting), banking, security or technology services. 

Other organisations

·       If we're discussing selling or transferring part or all of an IFM Group, we may share information about you to prospective purchasers and their advisers - but only so they can evaluate the relevant business;

·       If we are reorganised or sold to another organisation, we may transfer information we hold about you to them so they can continue to provide services to you;

·       If we are required to by law, under any code of practice by which we are bound or where we are asked to do so by a public or regulatory authority or governmental entity or where we think this is necessary, for example to meet our legitimate interests in protecting our business, including from fraud and legal claims.  

Cookies

We also use ‘cookies’, which are small amounts of information stored on your computer’s hard drive that allow us to recognise your computer when you visit the site. Most browsers can be configured so as not to accept cookies, however in some cases this may affect the functionality of the website. We set out more information on cookies in the annex to this privacy notice.

International transfers of personal information

Where applicable your personal information may be transferred outside of the United Kingdom or European Economic Area (the “EEA”) to countries that the UK Secretary of State or the EU Commission has not declared to have an adequate level of data protection (e.g. Australia and the United States). To ensure an appropriate level of protection for personal information, we typically use a data transfer agreement in the appropriate standard form approved for this purpose under UK or EU data protection legislation. Further details of these transfers and copies of these agreements are available from us on request. We will not send your information to a party in another country, unless we have taken steps to ensure that the information will be protected to the standard required under the applicable privacy laws.

Retention of your information

We will keep your personal information for no longer than is necessary for the purposes for which we collected it and as required in order to meet our legal or regulatory responsibilities, including complying with any required retention periods and taking into account limitation periods relevant to legal action.

Security

We use appropriate security procedures and technology to keep your information secure and protect it from accidental loss or unauthorised disclosure. 

However, users should be aware that the transmission of information to or from the website may not be totally secure. We utilise the United States NIST Cybersecurity Framework to help frame our policy and to manage and assess our controls to prevent, detect and respond to security risks.

Your rights

You may have a number of rights under EU and UK data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.

These include:

·       the right to access a copy of the personal information we hold about you;

·       the right to correction of inaccurate personal information we hold about you;

·       the right to restrict our use of your personal information;

·       the right to be forgotten;

·       the right of data portability; 

·       the right to object to direct marketing; and

·       the right to object to our use of your personal information.

These rights are not absolute. If we do not comply with your request, we will explain why. 

Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.

If you have any questions or wish to exercise any of the above rights, you may send an email to [email protected].

You can also use this e-mail address if you wish to make a complaint about how we process your information. You can also lodge a complaint about our processing of your personal information with the relevant data protection authority in your country of residence.

Status of this privacy notice

This privacy notice was last updated in 18 March 2022.

It may be subject to amendments, without notice. However, any material changes or additions to the processing of your personal information as described above in this privacy notice will be notified through an appropriate method. You are also advised to review this privacy notice periodically for any changes.

Annex: Cookies

We use cookies on our website. 

Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by the web browser you are using and will remain valid until its set expiry date, unless deleted by you before the expiry date. A session cookie will expire at the end of your session, when the web browser is closed. Most browsers can be configured so as not to accept cookies, however in some cases this may affect the functionality of the website. 

We use the following types of cookies:

·       Strictly necessary cookies. These cookies are necessary for our website to function and cannot be switched off in our systems.  They include, for example, a cookie that is set for security reasons or to remember your cookie consent preferences.  

·       Performance / Analytics cookies. These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our website. They help us to know which pages are the most and least popular and see how visitors move around our website.    

More detail on the types of cookies that we use is set out below.

a)      Google Analytics cookies

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. These are performance/ analytics cookies.

 

Cookie

Explanation

_ga

The cookie is used to identify and distinguish users to websites.The cookie can distinguish and remember individual users upon repeated visits to the website.
Duration: 2 years

_gat_gtag_UA_108385815_1

The cookie is used to limit amount of website visitor requests in order to maintain website performance.
Duration: 1 minute

_gid

The cookie is used to distinguish users and store information of how visitors use a website and helps in creating an analytics report of how the website is performing.
Duration: 24 hours

 

b)      Azure Web App & Optimizely DXP cookies

Azure Web Apps is a cloud computing-based platform for hosting websites, created and operated by Microsoft. Optimizely DXP is a managed services provider utilizing Azure Web App technology. These are strictly necessary cookies.

Cookie

Explanation

ARRAffinity
ARRAffinitySameSite

This cookie is set by websites run on the Windows Azure

cloud platform. It is used for load balancing to make sure the

visitor page requests are routed to the same server in any

browsing session.

·       Duration: Session

__cfuid

Strictly necessary. Speeds up page loading times and overrides any security restrictions that may be applied to a browser based on the IP address from which it comes. Persistent (1 year from creation).

ai_session

Used with Microsoft Application Insights for collecting statistical usage and telemetry information. Unique anonymous session identifier cookie.

ai_user

Used with Microsoft Application Insights for collecting statistical usage and telemetry information. Unique user identifier cookie for counting the number of users accessing an application over time.

TiPMix

Used in Azure during deployments to pin a user session to a deployment slot.

x-ms-routing-name

Used in Azure during deployments to route to deployment slots.

  

c)       Optimizely CMS cookies

Optimizely CMS is a content management system (CMS) used to manage and maintain websites. These are strictly necessary cookies.

 Cookie

Explanation

apt.uid, apt.sid

Used for telemetry data.

·       Duration: Session

.AspNetCore.Antiforger

y.#

Strictly necessary. Used by the Optimizely security components. Protects the user against cross-site request forgery (CSRF).

·       Duration: Session

.AspNetCore.Identity.A

pplication

Strictly necessary. To keep users logged in for the duration of their browsing session.

EPi:NumberOfVisits

Functionality-related. Stores the number of times you access pages on the site to allow personalization of content based on the frequency the site content is viewed. Used with the Number of Visits personalization criterion. This cookie is not set if you remove it from all of your visitor groups

·       Duration: 1 year

EpiStateMarker

Functionality-related. Indicates how session based information on the visit should be stored, using sessions or cookies.

ImageEditorFileSize

Used by the Image Editor.

_utma, _utmb, _utmc, _utmz

Google Analytics cookies that are commonly used on Optimizely websites. These third-party cookies are used to collect information about how visitors use the website.

.EPiForm_VisitorIdentifi

er

Functionality-related. Identifies the form submission to the site when a visitor submits data to via an Optimizely form. Stores a GUID which is the visitor identifier.
Persistent (90 days from creation).

.EPiForm_BID

Functionality-related. Identifies the form submission made to the site when a visitor submits data via an Optimizely form. Stores a GUID as the browser ID.
Persistent (90 days from creation).

EPiForm_{FormGuid}:{U sername}

Functionality-related. Stores partial form submissions so that a visitor can continue with a form submission upon return. One cookie is created for each form and each logged in visitor. Stores the current submission status of the form (formGuid, submissionID, and if submission is finalized or not).
Persistent (90 days from creation).

 

d)      LinkedIn Insight Tag cookies

LinkedIn is a social media platform used for professionals to network. A LinkedIn Insights Tag is a lightweight Javascript snippet installed on the site to use LinkedIn features including website retargeting, conversion tracking, and website demographics. These are performance/ analytics cookies.

 

Cookie

Explanation

LinkedIn Insight Tag

This cookie enables the collection of data regarding LinkedIn members’ visits, including the URL, referrer, IP address, device and browser characteristics (User Agent), and timestamp.
Duration: 180 days

 e) Optimizely Content Recommendations

Cookie name

Purpose

iv                    

Tracks the anonymous visitor's actions across the site. This is a persistent cookie.

is                    

Identifies a visitor's session. This cookie is used in conjunction with the iv cookie, and is erased when the visitor closes the browser.


It's described in more detail on this page:

https://docs.developers.optimizely.com/recommendations/docs/installing-tracking-via-tag-manager#cookie-usage-in-content-recommendations 

 

f) Hotjar

Hotjar is a behaviour analytics tool that assists IFM to build and maintain our service with user feedback. Hotjar uses cookies and other technologies which may collect data on our users’ behaviour such as device IP address, device information, browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile and is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.