Coronavirus (COVID-19): Find out the latest news about Hana spaces & procedures. Learn More
Effective date: April 4, 2020
Last Updated: April 21, 2021
This Privacy Notice describes how CBRE Hana Operations, LLC (“CBRE”, “we”, “us”, our”) collects, shares, uses, and otherwise processes your personal data in connection with Hana. It also explains how you can exercise your privacy rights in connection with Hana.
If you have any questions about this Privacy Notice, the processing of your personal data, or would like to be directed to a Data Protection Officer (DPO), please contact Privacy.Office@cbre.com. Contact information for our global DPOs is also available in our Global Privacy Policy.
We may update this Privacy Notice from time to time.
CBRE may collect and process the following categories of personal data for the following purposes in connection with Hana.
Personal data we may collect from you, reuse from your previous interactions with CBRE, or obtain from third parties:
We use this information to respond to service requests, communications, or tickets. We do this as necessary for the performance or formulation of a contract.
We use this information to facilitate compliance with applicable laws, regulations or other requirements. We do this for compliance with a legal or regulatory requirement.
We use this information to perform analytics to evaluate service, website, or product usage. We do this on the basis of our legitimate business interests.
The data will be retained for these purposes for the duration of the agreement period.
Moving images captured via closed circuit/security camera systems located in common areas.
We use this information for the purpose of ensuring safety and security at our premises and for process/alarm confirmation (for example, to confirm whether alarms are functioning). We do this on the basis of our legitimate business interests and to protect the safety and security of persons who occupy our premises.
We may use this information in the investigation of any security or health and safety incident that occurs at our premises. We do this on the basis of our legitimate business interests and to protect the safety and security of persons who occupy our premises.
We use this information to respond to service requests, communications, or tickets. We do this as necessary for the performance or formulation of a contract.
We use this information to facilitate compliance with applicable laws, regulations or other requirements. We do this for compliance with a legal or regulatory requirement.
We use this information to perform analytics to evaluate service, website, or product usage. We do this on the basis of our legitimate business interests.
The data will be retained for these purposes for the duration of the agreement period.
We use this information to respond to service requests, communications, or tickets. We do this as necessary for the performance or formulation of a contract.
We use this information to facilitate compliance with applicable laws, regulations or other requirements. We do this for compliance with a legal or regulatory requirement.
We use this information to perform analytics to evaluate service, website, or product usage. We do this on the basis of our legitimate business interests.
The data will be retained for these purposes for the duration of the agreement period.
We use this information to respond to service requests, communications, or tickets. We do this as necessary for the performance or formulation of a contract.
We use this information to facilitate compliance with applicable laws, regulations or other requirements. We do this for compliance with a legal or regulatory requirement.
We use this information to perform analytics to evaluate service, website, or product usage. We do this on the basis of our legitimate business interests.
The data will be retained for these purposes for the duration of the agreement period.
Where necessary to fulfill the purposes described in this Privacy Notice, CBRE may disclose your personal data to certain third-parties, vendors and service providers or affiliated employees, contractors and entities as described below.
CBRE may share your personal data with companies acting as our authorized agents and service providers. Because CBRE operates globally, we may transfer your information to countries or jurisdictions that do not provide
the same level of data protection as the country in which you reside. If we
make such a transfer we will, or our service providers and vendors will, as
applicable, provide safeguards appropriate to any applicable laws. See International Data Transfers, below, for more information.
Such third parties may include:
Third-Party Legal Counsel
We use this information to consult with a vendor, service provider or other third-party.
Consultants or Auditors
We use this information to consult with a vendor, service provider or other
third-party.
Technology or Equipment Providers
We use this information to ensure data security.
Regulatory or Other Government Entities
We use this information to comply with required legal disclosures or cooperating with government entities.
If CBRE is merged with another organization, or in the event of a transfer of our assets or operations, CBRE may disclose or transfer your personal data in connection with such transaction.
We use appropriate technical and organizational security measures to safeguard the personal data we collect and process about you from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. These security measures are designed to provide a level of security appropriate to the risk. We also have a process to address and remediate any suspected personal data breach and will notify you and any applicable regulator in the event of a breach where we are legally required to do so.
In order to provide you with the Hana services, we may transfer your personal data to the United States or other countries. These countries’ privacy laws may be different from those in your home country and may not provide the same level of data protection. For example, governmental or regulatory authorities may have wider rights of access to your personal data
and you may not be able to seek details or challenge their access or exercise
any other right as may apply in your country of origin.
With respect to data transferred by CBRE from the European Economic Area or the United Kingdom, CBRE has in place appropriate safeguards according to applicable data protection law, such as EU Standard Contractual Clauses, to protect the information you provide. Where allowed by applicable law, you may ask for further information on the safeguards that we have put in by contacting us as indicated above.
CBRE is committed not to disclose your personal information in response to a court order or a subpoena or other legal obligation unless it is legally compelled to do so. In particular, CBRE, Inc. has assessed and is of
the view that it does not qualify as a provider of electronic communication
service, as defined in 18 U.S.C. § 2510, nor a provider of a remote computing service, as defined in 18 U.S.C. § 2711, and thus US public authorities cannot issue a data disclosure demand under the US Foreign Intelligence Surveillance Act ("FISA") upon CBRE, Inc. You can find further information and our transparency report as regards data disclosures received from public authorities on CBRE’s website.
The privacy laws in many countries grant you certain rights concerning your personal data. CBRE honors requests to exercise rights granted to you by applicable law.
If we collect or process your data in the context of our operations within the European Economic Area, you have the following rights under Regulation 2016/679, the General Data Protection Regulation (GDPR):
The right to request access to your data
The right to request a copy of your data in a portable format
The right to request the correction of data we hold about you
The right to request that we erase your data
The right to request restriction of the processing of your data
The right to object to our processing of your data
Where we process data based on your consent, the right to withdraw that consent at any time
To exercise any of these rights, please submit a request through our Data Subject Rights Portal or contact us at dsr@cbre.com.
You also have the right to file a complaint with the applicable Data Protection Authority. A list of Data Protection Authorities is available from the European Data Protection Board.
As a consumer residing in the state of the State of California, you may find information about your rights and how to exercise them online in our California Consumer Privacy Policy.
You may also have rights under applicable law to request to review, access, correct, delete, port or object to our processing your personal information processed by us. If so, you may do so by making a request on CBRE’s Data Subject Rights Portal or submitting your request to dsr@cbre.com. If we do not respond to your satisfaction, you may also have the right to lodge a complaint with a supervisory authority. Information on privacy laws and supervisory authorities around the world is available from the French Commission Nationale de l'Informatique et des Libertés.
If you are a California resident, the personal information we collect about you, and the business or commercial purposes for which it is used, is detailed above in Personal Data We Collect and Why. For more information on our privacy practices and how to exercise your rights under California law, please see our California Consumer Privacy Policy.
Our mission is to create places where people with purpose can accomplish great things.