CBRE Limited ("CBRE", “the Company”, "we", "our" or "us") respects your legal rights to personal data protection when collecting, using, transferring, storing, accessing and correcting of personal data. It is our policy to comply with the requirements of the Singapore Personal Data Protection Act 2012 (“PDPA”). In doing so, we will ensure compliance by our staff to the standards of security and confidentiality in line with industry standards. This Personal Data Protection Policy Statement (“PPS”) explains our policy and practices.
TYPES OF PERSONAL DATA COLLECTED
“Personal data" means any personally identifiable information or data. The personal data we collect includes but is not limited to, name, identity card number, passport number, telephone number, physical or email address, any other contact details and copy of any document which may contain the personal data of the customers, such as utilities bills etc.
USE OF PERSONAL DATA
Some of situations where your personal data may l be used by us are set out below. If we do not have sufficient information from you, we may not be able to provide fully our services to you.
a. performance of our works and services, which includes commercial property and corporate facilities management, occupier and property/agency leasing, property sales, valuation, real estate investment management, commercial mortgage origination and servicing, capital markets (equity and debt) solutions, development services and proprietary research;
b. collection of overdue commission or outstanding fees;
c. legal proceedings and/or enforcement of judgments and/or orders;
d. compliance with the applicable legal or regulatory requirements, or orders of competent authorities within or outside Singapore;
In the following situation set out below, we may not use your personal data unless we have received your consent:
e. promotion and marketing information including market research report, newsletter, event invitation or property market information of the services and products indicated in point a. above.
DISCLOSURE/TRANSFER OF PERSONAL DATA
Where your consent is given the personal data you have provided to us may be transferred to the parties set out below within or outside Singapore, as may be necessary for any of the purposes stated above:-
a. the service providers, contractors, consultant, agents and/or representatives who provide services to CBRE in connection with the business and/or operation;
b. co-operative real estate agents or brokers;
c. companies within the Group Companies*;
d. law firms, banks, financial institutions, insurers, mortgage referral services providers and/or wealth management services providers;
e. government authorities, regulatory bodies and/or other law enforcement agencies;
f. courts, tribunals and/or parties to the legal proceedings; and/or
g. debt collection agencies.
We will have in our contracts with such third parties, the requisite protections to safeguard the information provided to them.
RETENTION OF PERSONAL DATA
CBRE has implemented internal control measures to prevent unauthorized access of personal data. Personal data of customers will be retained by the Company for 7 years from the date of signing of the letter of engagement, service agreement, provisional agreement of sale and purchase, or the provisional agreement for tenancy (as the case may be) or such longer period as prescribed by the relevant laws and regulations applicable to CBRE.
At any point in time, you may withdraw your consent for us using and disclosing your personal data. We will cease to use the personal data of the customers for direct marketing if the customers so request and we will ensure that the parties to whom we transferred the customers’ personal data will comply with such request. Customers who do not wish to receive direct marketing calls or materials may contact the Data Protection Officer for any marketing messages by using the channels prescribed below.
ACCESS TO AND CORRECTION OF PERSONAL DATA
Under the PDPA, customers have the right to access and/or correct their personal data. Accordingly, customers may contact our Data Protection Officer by using the channels prescribed below.
The following are maintained to ensure compliance with the PDPA:
- A Data Protection Officer for all marketing methods is assigned to manage your consent, opt-in, opt-out, correction and access request;
- Records of your consent, opt-in, opt-out requests are timely tracked;
- We have established an Electronic Marketing Policy and Personal Data Protection Procedures, which sets out strict requirements on compliance with the PDPA relating to direct marketing;
DATA PROTECTION OFFICER
To opt-out our Direct Marketing Communication:
i. by following the Opt-Out instruction contained in the body of any marketing e-mail from us or by sending us an e-mail at firstname.lastname@example.org by including a copy of the e-mail you have received and by typing “Remove” in the subject line of your e-mail;
ii. All enquiries about this statement or personal data shall be addressed in writing to the Data Protection Officer by email email@example.com;
The Company reserves the right to change this statement and/or any part thereof.