1. TRANSFERS OF PERSONAL DATA
Personal Data may be processed and disclosed as described above, in any country in which we conduct business or have a service provider. Accordingly, when you provide your Personal Data to Brookfield, you acknowledge and agree that we may disclose your Personal Data to recipients (including, but not limited to service providers, Brookfield affiliates or agents, and Brookfield IT severs) located in jurisdictions other than your own, including but not limited to the following countries: Australia, Brazil, Canada, China, Hong Kong, India, Japan, Singapore, South Korea, UAE, UK, USA, Spain, Germany, Colombia, the Cayman Islands, Bermuda and Luxembourg.
To the extent that applicable data protection and privacy laws do not allow or permit us to obtain your valid consent by virtue of providing this Policy to you, or otherwise rely on the other grounds set out in this Policy for disclosing your Personal Data outside of your jurisdiction under the data protection and privacy law of your jurisdiction, we will obtain your explicit consent through other means (if applicable) or, where relevant, ensure that the recipient is bound by data protection and privacy laws of its jurisdiction to provide a standard of protection to your Personal Data that is equivalent to that under the data protection and privacy laws of your jurisdiction.
In other circumstances, data protection and privacy laws may permit Brookfield to otherwise transfer your Personal Data outside your jurisdiction provided it is in compliance with such data protection and privacy laws.
2. HOW WE SAFEGUARD YOUR PERSONAL DATA
Brookfield has implemented commercially reasonable controls and appropriate technical and organizational measures to protect Personal Data, as well as to maintain the security of our information and information systems in respect of Personal Data. Investor files are protected with safeguards according to the sensitivity of the information contained therein. Appropriate controls (such as restricted access) are placed on our computer systems and used where appropriate. Reasonable measures are taken to ensure physical access to Personal Data is limited to authorized employees.
As a condition of employment, Brookfield employees are required to follow applicable laws and regulations, including in relation to data protection and privacy laws. Unauthorized use or disclosure of confidential information by a Brookfield employee is prohibited and may result in disciplinary measures.
When you contact a Brookfield employee about your file, you may be asked to confirm some details relating to the Personal Data Brookfield holds about you. This type of safeguard is designed to ensure that only you, or someone authorized by you, has access to your file.
3. RETENTION AND DESTRUCTION OF PERSONAL DATA
The period for which Brookfield will hold your Personal Data will vary and will be determined by the following criteria:
a) The purpose for which Brookfield is using it. Brookfield is required to retain the Personal Data for as long as is necessary to satisfy or meet the purposes for which it was obtained including applicable legal or regulatory requirements; and
b) Legal Obligations. Laws or regulations may set a minimum period for which Brookfield must retain your Personal Data.
Depending on the requirements of the data protection law of your jurisdiction, Brookfield will take reasonable steps in the circumstances to destroy your Personal Data when we no longer have a legal basis to retain it or to ensure that the information is anonymized.
4. YOUR RIGHTS
To the extent provided by the law of your jurisdiction, you may have legal rights in relation to the Personal Data about you that Brookfield holds. These rights may include:
a) the right to refuse to provide any Personal Data and the right to object at any time to the processing of your Personal Data. Please note that such refusal or objection may prevent us from providing services to you;
b) the right to obtain information regarding the processing of your Personal Data and access to the Personal Data about you that Brookfield holds (including any available information as to the source of the Personal Data);
c) where consent was provided for certain processing activities, the right to withdraw your consent to the collection, processing, use and/or disclosure of your Personal Data at any time. Please note, however, that this will not affect the lawfulness of any collection, processing, use or disclosure undertaken before your withdrawal and that Brookfield may still be entitled to process your Personal Data if it has another legitimate reason (other than consent) or a consent exception for doing so. In some cases, withdrawing your consent to the collection, use process or disclosure of some or all of your Personal Data may prevent us from providing services to you;
d) in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that Brookfield transmit that data to a third party where this is technically feasible. Please note that this right only applies to Personal Data that you have provided to Brookfield;
e) the right to request that Brookfield rectify your Personal Data if it is inaccurate or incomplete;
f) in some circumstances, the right to request that Brookfield erase your Personal Data. Please note that such a request may prevent us from providing services to you and that there may be circumstances where Brookfield is legally entitled to retain Personal Data regardless of any such request;
g) in some circumstances, the right to request that Brookfield restrict or block its processing of your Personal Data. Please note that such a request may prevent us from providing services to you and that there may be circumstances where Brookfield is legally entitled to retain Personal Data regardless of any such request; and
h) where applicable, the right to lodge a complaint with the data protection regulator in your jurisdiction if you think that any of your rights have been infringed by Brookfield.
You can enquire about your rights, which are applicable to you, by contacting Brookfield using the details listed below in Section 16. If you wish to exercise any of the rights, which are applicable to you, when you contact Brookfield using the details listed below, you will be asked to complete a ‘Subject Access Request Form’.
5. CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you have the right to request certain information from us regarding the manner in which we share with third-parties certain categories of information that identifies you for the third-parties’ direct marketing purposes. Brookfield does not share Personal Data with third parties for those third parties’ own direct marketing purposes.
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) provides you with certain rights that are in addition to the rights set out in Section 10 above:
- The right to request, up to twice in a twelve month period, your Personal Data in a format that is portable and, to the extent technically feasible, in a readily useable format that will allow you to transmit it to another entity.
- The right to request that Brookfield delete your Personal Data, except in circumstances where Brookfield is legally entitled to retain Personal Data regardless of any such request.
- The right to opt out of any sale of your Personal Data to any third parties, without experiencing any discrimination, as defined under the law, as a result of your exercise of this right. Note that Brookfield does not sell Personal Data to third parties.
If you are a California resident, Personal Data will include the full definition of “Personal Information” under the CCPA.
If you wish to exercise any of the rights enumerated in this section, please contact us at +1 833.681.0340 or PrivacyOfficer@Brookfield.com.
6. ADDITIONAL PRIVACY NOTICE INFORMATION REQUIRED FOR AUSTRALIAN RESIDENTS
We will deal with your Personal Data (which has the same meaning as “Personal Information” under the Privacy Act 1988 (Cth), namely any information from which your identity is apparent or can be reasonably ascertained), in accordance with Australian privacy requirements including the Privacy Act 1988 (Cth) and Australian Privacy Principles, the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and any applicable state/territory privacy laws or industry codes. Information that is not “about” an individual is not considered “Personal Data” under Australian law.
If you contact us to access your Personal Data, to seek to correct it, or to make a complaint about privacy, we will respond as soon as we reasonably can, and in any event within any timescales stipulated by applicable law. We do not impose any charge for a request, but we may charge you a reasonable fee for our costs associated with providing you access and retrieval costs. For complaints about privacy, we will establish in consultation with you a reasonable process including time frames, for seeking to resolve your complaint.
7. QUESTIONS AND CONCERNS
If you have any questions or concerns about Brookfield's handling of your Personal Data, or about this Policy, please contact our Privacy Officer using the contact information set out below.
We are typically able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Privacy Officer, you may escalate concerns to the applicable privacy regulator in your jurisdiction, the details of which can be obtained from the Privacy Officer.
8. BROOKFIELD PRIVACY OFFICE CONTACT INFORMATION
Department: Legal & Regulatory
