1. Introduction

This privacy policy describes how Vicinity Centres PM Pty Ltd ACN 101 504 045 (“Vicinity”, “We”, “Our” or “Us”) collects, uses and shares your data (including personal information) when you use the Chadstone App (the “App”). Vicinity is the operator and manager of Chadstone Shopping Centre (the “Centre”) and the App.

If you would like further information about our handling of personal information, you can refer to the Vicinity Privacy Policy available at https://www.vicinity.com.au/privacy-policy or contact Vicinity’s Privacy Officer using the contact and address details provided at the end of this policy. In addition to this policy, please note that some of our locations, products and services will include their own privacy notice within the App.

We will update this Privacy Policy from time to time to explain changes in how the App handles personal information. We will update the “Effective Date” at the top of this policy when we make such changes.

2. Information we collect

When you use the App, we may collect the following types of information in order to provide you with access to App products/services (“App Content”):

Personal information: We collect your name, email address, phone number, birth month & year, country and postcode to register you as an App subscriber. Only registered App subscribers can book and, where applicable, pay for Centre events/services, enter App promotions,  purchase and receive digital gift cards via the App as well as receive tailored in-app news and offers from their favourite brands at the Centre.

Transaction Data: If you purchase products/services via the App, we may collect your billing address and the payment data necessary to process your payment and provide you with the ordered products/services. We use the following payment gateway providers to collect your credit card details:

• Stripe in the case of payment via credit card for Centre events/services via the App. Stripe’s privacy policy is available at: https://stripe.com/au/privacy
• Waivpay and eWay in the case of digital gift cards purchased via the App using credit card. Waivpay’s privacy policy is available at: https://www.waivpay.com/privacy and Eway’s privacy policy is available at: https://www.eway.com.au/privacy-policy/
• Apple Pay if Apple Pay is selected as the payment method for digital gift cards purchased via the App on iPhones. The Apple Pay privacy policy is available here: https://www.apple.com/au/legal/privacy/data/en/apple-pay/

Device and Usage Log Data: When you use the App:

• we collect data about the mobile device which you use to access the App, including device ID, device type, operating system, browser type and app version;
• we also collect usage data about the dates and times at which your device accesses the App, your activity on the App (including the App Content which you view) as well as device event information (such as App error and crash data),

so that we can improve App Content and functionality, conduct service-related diagnostics, monitor and optimise the operational performance of the App as well as better understand and improve App user experience.

Location Data: If you have allowed the App to access location services on your mobile device and the App is open, we also use geo-location (so that our in-centre beacon infrastructure can interact with your mobile phone’s Bluetooth transmitter) to provide you with directions for navigating through the Centre to certain retailers or Centre facilities/services from your current location.

Spend Data: If you enter a spend to win promotion on the App, we may scan images of your receipts via the App in order to collect details of the date, time, receipt total and retailer at which you made your qualifying purchase(s) in order to verify that you are eligible to enter the promotion as well as better understand your interests, activities and spend at centres which we manage.

3. Purposes for information collection

We generally collect personal information from you (and may use, disclose and hold this information) so that we can:

• register you as an App subscriber and provide you with App subscriber benefits, including tailored communications about Centres products, services, benefits, events and offers which are of interest to you;

• provide you with access to certain App products and services available only to App subscribers, including registrations and bookings for Centre events/services as well as Centre Digital Gift Cards for purchase and receipt;

• process payments relating to paid products/services sold through the App, including by connecting you to a payment gateway provider to complete transactions with financial institutions as well as monitor for fraud and unauthorised transactions;

• conduct App promotions and market research as part of providing you with access to App subscriber marketing promotions as well as collecting your feedback on how we can improve your experience of the App and the Centre; and

• operate and administer the App, including its content, products, events and services.

We also:

• de-identify and aggregate your information for the purpose of conducting App user behavioural analytics to better understand and report on App user experience, purchasing behaviours, movement patterns, demographics and interests, including the retailers, locations and App content that is popular with App users; and
• collect information about your usage of the App by using Firebase tracking technology that helps us better understand device and browser interactions, user activity on the App and monitor App operational performance and security.

4. Information we share

We may collect your personal information directly from you or from third parties, such as our service providers.

When you register as an App subscriber, we share your personal information with our marketing database provider as well as our email and push notification providers so that we can verify the email address details which you have registered with us and provide you with App subscriber communications.

When you purchase or receive one of our digital gift cards, we share your personal information with:

• Waivpay Ltd ACN 630 927 105 as the distributor of our digital gift cards;
• 545490 Pty Ltd trading as Karta Co ABN 83 648 605 225 as the issuer of our digital gift cards;
• Web Active Corporation Pty Ltd (trading as eWay) as the payment gateway provider;
• Riskified Ltd for fraud protection and monitoring; and

Waivpay’s email and SMS communications provider Twilio Inc. so that you can receive SMS and email communications about the digital gift card which you have purchased or received.

Our gift card service providers use your personal information in order to identify you, consider your request for and provide you with digital gift cards, perform administrative, reporting and operational tasks in relation to provision of digital gift card services as well as prevent or investigate any fraud or crime (or suspected fraud or crime) as required by relevant laws and scheme rules. Where you do not provide some or all of the information requested for the purchase or receipt of one of our digital gift cards, we may be unable to provide you with the card.

If you need to resolve a privacy issue or make a privacy complaint about how personal information is collected, used or stored under or in connection with our digital gift card, please contact Waivpay directly at [email protected] addressing your complaint to the Waivpay Privacy Officer. If you are not satisfied with their response with regards to your privacy issue or complaint, you can contact Vicinity’s Privacy Officer using the contact details for Vicinity provided at the end of this Privacy Policy.

When you register for and, where applicable, pay for Centres events or services via the App, we share your personal information with:

• the service provider(s) running the relevant event/service;
• our booking platform provider Simplybook.me ltd;
• Stripe as our payment gateway provider; and
• our email and SMS communications providers so that you can receive:
  • SMS and email communications about the events/services which you have registered for; and
  • where you consent to our marketing communications, Chadstone First email news updates, offerings and details of events and promotions.

When you register for Centre promotions via the App, we share your personal information with:

• the service provider(s) running the relevant promotion; and
• our email and SMS communications providers so that you can receive:
  • receive SMS and email communications about the promotion which you have registered for; and
  • where you consent to our marketing communications, Chadstone First email news updates, offerings and details of events and promotions.

We may also share your personal information with regulatory bodies, governmental agencies, law enforcement bodies or courts where necessary in order to report actual or suspected offences, illegal or fraudulent activity to police or other enforcement agencies as well as to meet our legal and regulatory obligations, including in order to respond to warrants and other lawful information requests from courts as well as protect our lawful interests and as otherwise permitted or required by law.

Overseas disclosures

Generally, we use systems and services in Australia, however some of our technology service providers are located overseas, including in the United States and Singapore.

How do we store and protect your personal information?

We store personal information electronically with the assistance of our service providers, including several cloud service providers. We have a number of security controls which we apply in relation to our people, processes and technology including: internal data handling policies; access controls; and reasonable IT network security measures such as intrusion detection systems and protective security software applications. However, no data transmission or storage on the internet can be guaranteed as completely secure.  While we strive to protect our data and are continually reviewing our security systems to improve them, we cannot ensure and do not warrant the absolute security of the data we collect.

Data breach response

Please notify us immediately if you become aware of any misuse, interference or loss or any unauthorised access, modification or disclosure of personal information held by us ('Data Breach') or any other security incident affecting data held by us using the contact details provided at the end of this policy.

If we become aware of a Data Breach, we will promptly investigate the incident, and take reasonable steps to contain and remedy the breach.  To help you maintain the security of your personal information, we will take steps to notify you as soon as practicable if we believe that the Data Breach would likely result in serious harm to you.  Where possible, we will provide you with recommendations on the steps that you can take in response to the breach.

After investigating a Data Breach, we may disclose information to the Office of the Australian Information Commissioner and to law enforcement agencies about the incident in order to comply with our reporting obligations under the Privacy Act, and to enable the Office of the Australian Information Commissioner and law enforcement agencies to assess and investigate the incident.

How can you seek access, correction or updates to the personal information which we hold about you?

You can seek access, correction or updates to personal information which we hold about you by contacting our privacy team using the details provided at the end of this policy.

There is no fee charged by Vicinity for accessing your information. We endeavour to respond to your access request within 30 days of receiving the request. Before we give you access to information, we will need to confirm you are appropriately authorised to access the information, which may include an identity verification process. In certain circumstances we are allowed to deny your access request or limit the access we provide. For example, we may not provide you with access to records which contain the personal information of others.

It is also important that we have your correct details, such as your current address and telephone number. You can ask us to correct any inaccurate information we hold or have provided to others by contacting us. If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests. If we’re able to correct your information, we’ll inform you when the process is complete. If we disagree with the request to correct, we’ll let you know in writing and include our reasons. You may ask us to add a note of your correction request to the information we hold about you.

If you wish to delete your App subscriber account (and associated personal information), please use the ‘Delete’ button in the ‘Your Details’ section of the App.

How can I make a complaint?

If you have a concern or complaint about our handling of your personal information, please contact our Privacy Officer using the details provided at the end of this policy. We’ll review your situation and work towards resolving it within a reasonable timeframe.

We acknowledge every complaint we receive, provide contact details of the investigating officer and keep you updated on the progress we’re making towards investigating the complaint.

Usually, it takes only a few days to investigate a complaint. However, if we’re unable to provide a response within 30 days we’ll contact you to explain why and discuss an appropriate timeframe to investigate the complaint.

If you’re not satisfied with our handling of your matter, please let us know using the contact details below so we can ensure that you are given the benefit of our complaint processes.

How can I contact Vicinity Centres’ privacy team?

For privacy related queries, access or correction requests, or complaints, please contact our Privacy Officer at:

Email: [email protected]

Phone: +61 3 7001 4000 Monday to Friday between 9.00am and 5.00pm Melbourne time.

Post:
Privacy Officer
Vicinity Centres
Level 4, Chadstone Tower One
1341 Dandenong Road
Chadstone VIC 3148