Effective as of September 28, 2020
Please Read Carefully.
1. Your Acceptance Through Use
2. The Types of Information We Collect
The types of personal information we may collect from you, or you may choose to provide include:
In addition, we collect the following information about you from third parties:
3. How We Use Your Information
Communications With You – Newsletters and Marketing Purposes:
In order to keep our users and clients informed about our latest news, products and services, we may send e-mails and marketing communications to the email address provided to us while registering on our Site or requesting information from us. CBRE complies with applicable laws when using your personal information for this purpose, and where applicable (such as in the EU) relies on your consent.
Professional Interactions With You – Customer Relationship Management:
We may use your client relationship data (collected via a business card with a CBRE employee or when you communicate with a CBRE employee via phone or email, for example) to provide you with services you request and manage our relationship with you. We may also use certain de-identified and aggregated data about our clients for our internal data analytics purposes. CBRE has a legitimate business interest to use the personal information we collect from you to provide such requested services and in order to be able to service our clients better. With your consent, we may send you information or services or a promotional nature that we consider may be relevant to you.
We may also use the personal information we obtain about you for the following purposes:
We also may use the information in other ways for which we provide specific notice at the time of collection. If you object to us using information in other ways you can email PrivacyAdministrator@CBRE.com.
4. Information Provided to Us About You by Third Parties
We may present or embed content on our Site, such as property listings, that is provided by our third-party vendors. This content may contain links to other sites not operated by CBRE or may request personal information. For example, this content may ask for an email address to subscribe to alerts or share a listing with a friend. This information is collected by our vendors and not by us. In some cases, these vendors may share the personal information they collect from you with us. We are not responsible for the privacy practices of our vendors. We encourage you to review their privacy policies to understand how they will use and share the personal information you provide to them.
Third Party Usage:
Where applicable law allows, we will purchase marketing data from third parties and add it to our existing user database to better target our advertising and to provide pertinent offers in which we think you would be interested. We may also associate this marketing data to the personally identifiable information that you provide to us.
5. Third Parties with Whom We Share Your Personal Information
Third Parties for Retargeting Advertising:
We may share your personal information with companies acting as our authorized agents in providing our services, including the following categories of service provider:
Each service provider must agree to implement and maintain reasonable security procedures and practices appropriate to the nature of your information in order to protect your personal information from unauthorized access, destruction, use, modification or disclosure. Because we operate globally, we may transfer your information to countries or jurisdictions that do not provide the same level of data protection as the country in which you are based. If we make such a transfer, we will, or our vendors will, as applicable, provide for the proper safeguards required by applicable law to ensure that your information is protected. More information on International Data Transfers of your personal information is below.
Where we share your personal information for our legitimate interests you can object to this disclosure. Please be aware that when you object to disclosure of your personal information for CBRE’s legitimate interests it may affect the services we provide to you. More information on Your Rights are below.
Legally Affiliated Entities:
In the event that CBRE is merged, or in the event of a transfer of our assets, Site or operations, CBRE may disclose or transfer your personal information in connection with such transaction. In the event of such a transfer, CBRE will notify you via email or by posting a prominent notice on our Site for 30 days of any such change in ownership of CBRE resulting in a change of control of your personal information. We may also share your personal information with CBRE affiliates in order to provide or offer services to you.
Legally Compelled Disclosure:
We will also disclose your personal information when required to do so by law, for example, in response to a court order or a subpoena or other legal obligation, in response to lawful requests by public authorities, including to meet national security or law enforcement agency's requirements, or in special cases when we have reason to believe that disclosing your personal information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (whether intentionally or unintentionally) our rights or property.
6. International Data Transfers
Processing In the US and Elsewhere by Registration on This Site
CBRE is a global business. We may transfer the personal information we collect about you to recipients, and your personal information may be stored and processed, in countries other than the country in which the information was originally collected, including the United States and elsewhere that may have less stringent data protection laws than the country in which you initially provided the information.
When we transfer your information to countries other than the country in which the information was originally collected, we will protect your information as described in this Policy or as otherwise disclosed to you at the time the data is collected (e.g. via program specific privacy notice) and will comply with all applicable data protection laws in making such transfers.
If you are located in a non-US jurisdiction, the transfer of personal information is necessary to provide you with the requested information and/or to perform any requested service. To the extent permitted by law, such submission also constitutes your consent for the cross-border transfer.
With respect to transfers originating from the European Economic Area to the United States and other non-EEA jurisdictions:
Where allowed by applicable law, you may ask for further information on the safeguards that we have put in place to safeguard the transfer of your data to outside of the EEA by contacting us as indicated below.
Privacy Shield Certification:
CBRE complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding personal information that is collected by CBRE affiliates or corporate customers located in the European Economic Area and/or United Kingdom and/or Switzerland and transferred to CBRE, Inc. and its wholly owned US-based affiliates, which include CBRE Global Investors LLC, CBRE GWS Puerto Rico Inc., CBRE Clarion Securities LLC, CBRE Security Services, Inc., CBRE Heery Inc., CBRE HMF, Inc., CBRE Multifamily Capital, Inc., CBRE Capital Markets, Inc., CBRE Technical Services, LLC, CBRE Hana Operations, LLC, Forum Analytics, LLC and Trammell Crow Company LLC in the United States (“CBRE US”). This Policy supplements the data protection notices that Clients and Client contacts may have received. CBRE has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. CBRE is subject to investigatory enforcement powers of the Federal Trade Commission as it relates to conformation with Privacy Shield requirements.
Disclosure and Liability for Onward Transfer:
CBRE is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. CBRE may, as disclosed above in Third Parties with Whom We Share Your Personal Information, transfer personal information onward to third parties. CBRE remains liable under the Privacy Shield Principles if a third party processes such personal information in a manner inconsistent with the Principles, unless we prove we are not responsible for the event giving rise to the damage.
Independent Recourse of Privacy Shield Complaints:
In compliance with the EU-US and Swiss-US Privacy Shield Principles, CBRE commits to resolve complaints about our collection or use of your personal information. EU, United Kingdom and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact CBRE at: Privacy.Office@cbre.com.
CBRE has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by JAMS. For additional information on binding arbitration, visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
CBRE endeavors to protect the security of your personal information and your choices for its intended use. We use Secure Socket Layers or SSL technology to protect the transmission of sensitive personal information such as your credit card number. We store your personal information on a secure server, and use procedures designed to protect the personal information we collect from unauthorized access, destruction, use, modification or disclosure.
Although we will take (and require our third-party providers to take) commercially reasonable security precautions regarding your personal information collected from and stored on the Site, due to the open nature of the Internet, we cannot guarantee that any of your personal information stored on our servers, or transmitted to or from a user, will be free from unauthorized access, and we disclaim any liability for any theft or loss of, unauthorized access or damage to, or interception of any data or communications. By using the Site, you acknowledge that you understand and agree to assume these risks.
8. How Long We Keep Your Personal Information
We will only retain the personal information we collect about you for as long as necessary for the purpose for which that information was collected, and to the extent permitted by applicable laws. We take steps to ensure that when we no longer need to use your personal information, we remove it from our systems and records and/or take steps to anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject).
Information about independent recourse for Privacy Shield complaints can be found above.
9. Changes to this Policy
We are a rapidly evolving, global business. We will continue to assess this Policy against new technologies and services, business practices as well as our clients’ needs, and make changes to this Policy from time to time as required. If we make any material changes to this Policy, we will make changes here and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Policy changes).
10. Data Protection Officer
We have appointed, in accordance with local law, data protection officers (“DPOs”) for our subsidiaries in Germany. We have also appointed a DPO in France. If you have any questions or concerns about our personal data policies or practices, you may contact the appropriate DPO using the following contact details:
CBRE Global Investors Germany GmbH
CBRE GWS Industrial Services GmbH
CBRE GWS IFM Industrie GmbH
11. California Residents Privacy Notice