HMC Capital Limited and each of its subsidiaries except as noted below (HMC Capital, we and us) have adopted this Privacy Policy to ensure that we comply with our obligations under the Australian Privacy Principles in the Privacy Act 1988 (Cth) (Privacy Act).

This Privacy Policy does not apply to the following entities which have their own privacy policies:
(a) HMC Funds Management Limited as responsible entity for the HomeCo Daily Needs REIT (HDNR) and any entities owned, either beneficially or legally, by HDNR or the responsible entity. Privacy policy: www.hmccapital.com.au/our-funds/homeco-daily-needs-reit/investor-information/corporate-governance/privacy-policy.
(b) HCW Funds Management Limited as responsible entity for the HealthCo Healthcare and Wellness REIT (HealthCo) and any entities owned, either beneficially or legally, by HealthCo or the responsible entity. Privacy policy: www.hmccapital.com.au/our-funds/healthco-healthcare-wellness-reit/investor-information/corporate-governance/privacy-policy

This Privacy Policy explains our information handling practices including in relation to personal information collected by us.

This Privacy Policy is in addition to any other terms and conditions applicable to our website (hmccapital.com.au) or any other services we provide. We will post any changes to this Privacy Policy on our website, so we encourage you to check this Privacy Policy from time to time.

 

What personal information is collected and why

General

This section sets out what personal information we generally collect and why. Additional details for specific situations are set out in the following section and you should read any parts of that section that are relevant to you and your basis for engaging with us.

The types of information we collect can include:

  1. name;
  2. contact details;
  3. gender, identification information;
  4. payment and financial details;
  5. employment and occupation information;
  6. registration and activity details relating to our Online Services (such as the date and time you accessed each page on our website; the fully qualified domain name from which you access our websites, or alternatively, your IP address; the URL of any webpage from which you accessed our websites; cookies which track your visits to our websites and the web browsers that you are using and the pages you accessed);
  7. interests, opinions and preferences relevant to our services and business;
  8. device details (including device identifiers, usage and location data);
  9. information submitted in forms;
  10. enquiry/complaint details; and 
  11. records of communications and interactions.

Except as required for employment purposes or where there is an incident involving health or injury, we generally do not collect “sensitive information” as described in the Privacy Act. If we do, we will only do so with your consent or in accordance with the Privacy Act.

We collect, hold, use and disclose your personal information for purposes including to provide, administer, improve and personalise our services, process payments, identify you, communicate with you, investigate and deal with unlawful activity and misconduct, respond to lawful information requests from courts, government agencies and lawyers, protect our lawful interests, protect the safety and security of our customers, staff, sites and assets, and deal with your enquiries and concerns.

If a third party acquires or wishes to acquire, or makes inquiries in relation to acquiring, an interest in, or certain assets or businesses of HMC Capital we may disclose personal information to that third party or its advisors as part of that process, including any related transitional and business integration activities. Similar disclosures may occur if we are the party acquiring another business.

Personal information we collect may also be collected, held, used and disclosed for purposes related to our research (including market research), planning, product and service development, security, testing, customer relationship management and records management (including updating).

To help us understand you better, we may combine personal information we hold about you with personal and non-personal information that we collect from different third party sources. For example, we may obtain demographic data from an information service provider to tell us about the characteristics of people in your postcode.

Online Services

We provide, offer and operate a number of websites, social media profiles, email updates and other online services (Online Services).

It is possible to use some of our Online Services without providing us with any personal information. However, we may not be able to provide the information or service a user requests if the personal information which is indicated as mandatory is not provided.

We may also collect aggregated information which tells us about users of our Online Services but not the identity of those users, unless they register or otherwise provide personal information to us (in which case, the identity of a user may become apparent). For example, we may collect information about the date, time and duration of visits and which pages or parts of those Online Services are most commonly accessed. We may also collect internet address domain names, the previous websites visited and the types of browser visitors are using. This information is used by us for internal research, statistical and website development purposes. It may also be used by us to provide users with offers, discounts, promotions, advertising, products, services and other content.

Our Online Services may use “cookies”. A cookie is a small message in a text file, and the message is then sent back to the server each time the browser requests a page from the server.

Cookies may be used by us for a variety of purposes. For example, we may use cookies to recognise a browser which has previously accessed our Online Services and customise our Online Services according to previous preferences and behaviour. Cookies may also be used to manage security and store information about the type of browser being used. With most Internet browsers, users can erase cookies from their computer’s hard drive, block all cookies, or receive a warning before a cookie is stored. However, some parts of our Online Services may not function fully for users who disallow cookies.

Our website may use Google services such as Google Analytics from time to time. For more about how Google collects and processes data, please see Google’s privacy policy and their information at www.google.com/policies/privacy/partners/.
Our Online Services may, from time to time, contain links to the websites and online services of other organisations which may be of interest to you. Those other organisations are responsible for their own privacy practices and you should check those websites and online services for their respective privacy policies.

Prospective employees

If you apply, or we consider you, for a position with us, we may also collect information from you about your qualifications, skills, experience, character and from other third parties as a result of any screening checks (including reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks).

We collect, hold, use and disclose your personal information to assess your application, conduct screening checks and consider and contact you about other positions.

We may exchange your personal information with our related bodies corporate, academic institutions, recruiters, screening check providers, professional and trade associations, law enforcement agencies, referees and your current and previous employers.

Without your personal information we may not be able to progress your application or consider you for positions with us.

Current and former employees

We may collect information relating to your current or former employment or engagement with us including information about your training, disciplining, resignation, termination, terms and conditions of employment, emergency contact details, performance, conduct, use of our IT resources, payroll matters, personal/family interests and conflict details, union or professional/trade association membership, recreation, benefits, leave and taxation, banking or superannuation affairs. We are required or authorised to collect your personal information under various laws including the Fair Work Act 2009 (Cth), Superannuation Guarantee (Administration) Act 1992 (Cth), Taxation Administration Act 1953 (Cth), Income Tax Assessment Acts and other tax laws, Corporations Act 2001 (Cth), occupational health and safety acts, public health acts and workers compensation acts. 

We collect, hold, use and disclose your personal information for purposes relating to your employment or engagement with us including engagement, training, disciplining, payroll, superannuation, health and safety, administration, insurance (including workcover) and staff management purposes. We may exchange your personal information with our related bodies corporate, your representatives (including unions) and our service providers including providers of payroll, superannuation, banking, staff benefits, surveillance and training services. Without your personal information we may not be able to effectively manage your employment or engagement.

Service Providers

In the case of unincorporated entities, we collect the following information:

  1. Contact and insurance details;
  2. ABNs; and
  3. Information as to financial standing and business experience.

Incorporated entities may provide us with the contact details of their employees in order for both of us to perform our obligations under our agreements. If you are an incorporated entity, you confirm that you have obtained the express consent from your personnel to the collection, use, disclosure and handling of their personal information in accordance with this Privacy Policy.

The personal information we collect is required to enable us to perform our obligations under our agreements with you/the company you are employed by and to assist us to manage our relationship with you/the company you are employed by.

Investors

We collect information relating your investment with us and related transactions, including your shareholder reference number (SRN) or holder information number (HIN). We are required or authorised to collect investor personal information under various laws including the Anti-Money Laundering and Counter Terrorism Financing Act 2006 (Cth), Taxation Administration Act 1953 (Cth), Income Tax Assessment Acts and other tax laws and Corporations Act 2001 (Cth).

We collect, hold, use and disclose investor personal information to manage your investment, pay distributions and send relevant communications.

We exchange personal information with our share registry provider. Please see the investor section of our website for details of our provider and its website. You can view our provider’s privacy policy by visiting its website.

We may be required by law to provide limited investor details to members of the public on request.

How we Collect Personal Information

We collect personal information directly from you and indirectly from other third party sources including publicly available information, your organisation and representatives, information service providers, our related bodies corporate and the parties with which we share and exchange information as described here.

We may monitor and record your communications and interactions with us (including email, telephone and online) and operate audio and video surveillance devices in our premises for purposes including compliance auditing, maintenance, security, site management, dispute resolution, training and where email abuse is suspected.

We conduct analysis and reviews with personal information, and any resulting outputs including commentary, ratings and reports may itself be personal information.

If you provide personal information about another individual, you confirm that you have their permission for us to collect, use, disclose and handle their personal information in accordance with this Privacy Policy. 

Exchange of Personal Information with Third Parties

We may share personal information within HMC Capital and between our related bodies corporate and other companies owned or controlled by HMC Capital, and our joint venture partners.

We may exchange personal information with (i.e. collect it from and disclose it to) our service providers and contractors such as organisations who provide fund administration, property management, archival, auditing, professional advisory (including legal, accounting and business consulting), debt collection, banking, marketing, advertising, communication, mail house, delivery, recruitment, call centre, contact management, technology, research, analytics, utility, cleaning and security services.

We may exchange personal information with your advisors, representatives and other parties authorised by you.

We may exchange personal information with social media and digital platforms, who may also use personal information as set out in their own privacy policies, particularly in respect of their registered users.

We may exchange personal information with regulatory and law enforcement authorities including police where required or authorised by law or to assist in the prevention, detection and management of unlawful conduct.

Some of the parties we disclose personal information to may be located outside Australia, including in New Zealand and UK.

Storage of Personal Information

We hold personal information in physical files, computer systems or in a database held by us and by service providers on our behalf. We regard the security of personal information as a priority and use a number of physical and electronic security measures to protect it. Depending on the circumstances, these steps can include security software protections, data access restrictions, firewalls, restricted access to our sites and requirements for our service providers to protect personal information they handle on our behalf.

Unfortunately, no data transmission over the Internet can be guaranteed as completely secure. So while we strive to protect such information, we cannot ensure or warrant the security of any information transmitted to us and individuals do so at their own risk.

A username and password may be essential for you to use some of our Online Services or parts of them. For your own protection, we require you to keep these details confidential and to change your password regularly (if applicable).

Access and correction of information

You have a right to request access and correction of any personal information which we collect and hold about you using the contact information below. Please provide as much detail as you can about the information required, to help us retrieve it. We may need to verify your identity.

We may deny your request for access or correction in some circumstances, but if we do this, we usually have to tell you why. Where we decide not to make a requested correction and you disagree, you may ask us to make a note of your requested correction with the information.

If you have registered your details for our Online Services, or as an investor with our share registry, you may be able to access and update personal information on your profile, subject to any authentication and authorisation considerations, which exist to protect your security.

At your request, we will take reasonable steps to notify any third party to whom we have provided your personal information of the changes that have been made.
 

Contact us

Please contact our Privacy Officer using the details set out below if you wish to:

  1. ask any questions or provide feedback about this Privacy Policy or our approach to privacy;
  2. make a request for access to or correction of any personal information that we may hold about you; or
  3. make a complaint about the way in which we have handled your personal information.

We will try to respond to, and address, any complaints or privacy issues you may have within a reasonable period of time. Any information that we provide in response may be limited to the extent permitted by any applicable law.

The Privacy Officer can be contacted using any of the following means:

Email: privacy@hmccapital.com.au

Phone: 1300 466 326

Mail:
Privacy Officer c/- Company Secretary
HMC Capital 
Level 7, 1 Macquarie Place
Sydney NSW 2000

If you still feel your issue hasn’t been resolved to your satisfaction, you can escalate your privacy concern by contacting the Office of the Australian Information Commissioner.