Website Data Protection Policy and Privacy Notice
This is the website data protection policy and privacy notice (“Policy”) for Brookfield (as defined below).
This Policy may change from time to time and you should review it periodically.
This Policy was last updated December 2019.
The following definitions shall apply to this Policy:
"Brookfield", "we", "us", “our” means one of Brookfield Asset Management Inc., Brookfield Business Partners LP, Brookfield Infrastructure Partners LP, Brookfield Property Partners LP, Brookfield Renewable Partners LP or Brookfield Public Securities Group LLC, being the Brookfield entity to which this Website relates.
"Personal Data" means any data, which relates to a living individual who can be identified from that data, or from that data taken together with other information, which is in the possession of, or is likely to come into the possession of, Brookfield (or its representatives or service providers). In addition to factual information, it includes any expression of opinion about an individual and any indication of the intentions of Brookfield or any other person in respect of an individual. For California residents, “Personal Data” includes the definition of “Personal Information” under the California Consumer Privacy Act (“CCPA”).
“Websites” means Brookfield websites that link to this Policy unless such websites have their own data protection policy and privacy notice on their websites.
3. THE TYPES OF PERSONAL DATA WE COLLECT
If you are a Brookfield employee or a Brookfield investor, Brookfield’s policies and practices regarding the collection and processing of your Personal Data are detailed in Brookfield’s Employee Data Protection and Privacy Notice and Client Data Protection Policy and Notice, respectively. If you make an application for employment with Brookfield, the collection and processing of your Personal Data is detailed in Brookfield’s Applicant Data Protection Policy and Privacy Notice, which will be provided to you via our applications partner website before you submit your application.
For all other individuals, Brookfield may collect and process the following categories of Personal Data about you from the sources identified as follows:
a) Websites Data. We may collect and process Personal Data about you when you browse the Websites. Websites Data may include information submitted as part of completing online forms on the Websites (including, but not limited to, name, age, date of birth, address, gender, nationality, citizenship and contact information; and technical information collected by cookies (see below) about the services that you use and how you use them, which may include device-specific information, your navigation throughout the Websites, and other technical and browsing preferences including your location and entry point to the Websites. Please note that if you do not provide certain Personal Data to Brookfield when requested (and where relevant, provide your consent) we may not be able to provide you with access to all areas of the Website and associated services.
b) Identity Verification Information. To help us respond to requests for data access and/or deletion requests as required by applicable laws, as well as create and maintain a trusted environment, we may collect identity verification information from you, such as images of your government issued ID, passport, national ID card, or driving license, as permitted by applicable laws, or other authentication information.
c) Communications Data. We may collect Personal Data that you provide when you contact Brookfield for any reason, such as to express an interest in obtaining additional information about our services, direct questions or concerns about our services to us, use a "Contact Us" form or similar features, sign up for our emails or attend an event, or download certain content. Such information may include contact information such as name, job title, company name, phone number, and email address.
d) Reputation & Background Check Data. We may collect Personal Data from you and from third parties in connection with performing diligence on our service providers and business partners. This data may include contact details, information concerning business practices, creditworthiness, reputation and business history, and job titles or roles.
Please note that if you do not provide certain Personal Data to Brookfield when requested (and where relevant, provide your consent) we may not be able to provide you with access to all areas of the Website and associated services.
DO NOT TRACK: Your browser and other mechanisms may permit you to send do-not-track signals or other similar signals via your browser settings to express your preferences regarding online tracking. Due to the lack of any standard for how do-not-track should work on commercial websites, we do not currently respond to such signals. Third parties, such as our analytics providers, from time to time may collect Personal Data that relates to you on the Websites, over other websites. We cannot control third parties’ responses to do-not-track signals or other such mechanisms. Third parties’ use of Personal Data relating to you and responsiveness to do-not-track signals is governed by their respective privacy policies.
4. HOW WE USE YOUR PERSONAL DATA
Your Personal Data may be collected, stored, disclosed and processed by Brookfield for the following purposes:
a) to provide you with marketing communications and inform you about news and information relating to our business and services, including new product launches, product updates and general business news (see Section 12 below for further information);
b) to assess your application for Brookfield's products and services, where applicable;
c) to understand your needs and interests and to respond to your enquiries;
d) to analyze and improve our services;
e) for the management and administration of our business;
f) to provide you with the products and services for which you subscribe;
h) to confirm and verify your identity (this may involve the use of a credit reference agency or other third parties acting as our agents) and to conduct due diligence. We will also screen against publicly available government and/or law enforcement agency sanctions lists;
i) to detect, investigate and prevent fraud and other crimes or malpractice.
j) for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings),
k) to obtain legal advice or to establish, exercise or defend legal rights;
l) the administration and maintenance of databases storing Personal Data;
m) to comply with our contractual obligations;
n) for ongoing review and improvement of the information, content and services provided on the Websites to ensure they are user friendly and to prevent any potential disruptions such as cyber-attacks;
o) to analyze and report on the Websites traffic, marketing and usage trends;
p) to allow you to use and access functionality provided by the Websites;
q) to conduct analysis required to detect malicious data and understand how this may affect your IT system;
r) for statistical monitoring and analysis of current attacks on devices and systems for the on-going adaption of the solutions provided to secure systems and devices against current attacks;
s) for in-depth threat analysis; and
t) for purposes otherwise set out in this Policy.
Brookfield is entitled to use your Personal Data for these purposes because of the following legal bases:
a) Brookfield needs to do so in order to perform its contractual obligations to you (for example, in order to manage your investments and verify the information you provide);
b) Brookfield has obtained your specific and informed consent (which may include written consent) unless an exemption provided under applicable law permits the use and disclosure of your Personal Data without your consent;
c) Brookfield has legal or regulatory obligations that must be discharged;
d) Brookfield may need to do so in order to establish, exercise or defend its legal rights or for the purpose of legal proceedings; or
e) the use of your Personal Data is necessary for our legitimate business interests or the legitimate interests of a third party, including (i) allowing Brookfield to effectively and efficiently administer and manage the operation of its business; (ii) maintaining compliance with internal policies and procedures; (iii) monitoring the use of our copyrighted materials; (iv) offering optimal, up-to-date security solutions for mobile devices and IT systems; or (v) for internal research purposes.
If you are located in a jurisdiction which requires us to obtain your consent to collect, use, store, process and disclose your Personal Data, you understand that by accepting the terms of this Policy you expressly provide your consent to Brookfield collecting, using, storing, processing and disclosing your Personal Data as set out in this Policy.
5. DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES
Brookfield does not sell Personal Data to third parties. Brookfield may share or provide access to your Personal Data among its affiliates and business units and third party agents, service providers and contractors outside of Brookfield:
a) for the purpose of the management and administration of Brookfield's business;
b) in order to facilitate the provision and enhancement of services to you (including the management of your investments);
c) for the purpose of the administration and maintenance of the databases storing Personal Data;
d) for the purposes of Brookfield receiving services (for example, Brookfield's accountants, administrators, auditors, service providers, custodians, depositories, third party managers, paying agents, professional advisors, IT and communications providers or any entity we reasonably consider necessary for the purposes outlined above). These third parties will be expected to be subject to confidentiality requirements (either by contract, professional obligation, duty or otherwise) that require them to only use your Personal Data as described above;
e) to the extent required by law (for example, if Brookfield is compelled by an obligation or a duty to disclose your Personal Data where we believe it is necessary or appropriate to comply with any legal obligation, rule, regulations or internal Brookfield policies and procedures, including (without limitation) in order to comply with tax reporting requirements and other statutory reporting and disclosures to regulatory authorities), or to establish, exercise or defend its legal rights. This may include disclosure to regulatory bodies or government agencies and in order to investigate unauthorized attempts to modify the Websites, install harmful files or cause damage to the Websites or to Brookfield);
f) as part of a transaction, financing, or for other business needs (for example, if Brookfield sells any of its businesses or assets, applies for a loan, or opens bank accounts, in which case Brookfield may need to disclose your Personal Data to the prospective buyer, lender or bank, as the case may be, as part of certain due diligence processes); or
g) if Brookfield or any of its affiliates, divisions or business units is acquired by a third party, including in the unlikely event of a bankruptcy, in which case the Personal Data held by Brookfield about you will be accessible to, and may be acquired by, the third party buyer.
Brookfield may share anonymous or aggregated data with third parties such as service providers in order to facilitate our business operations.
6. LINKS TO OTHER WEBSITES
The Websites may contain links to other party websites that are not governed by this Policy. Linked sites may have their own privacy notices or policies, which you should review. Brookfield is not responsible for the content of links or third party websites and your use of such third party websites is at your own risk.
7. TRANSFERS OF PERSONAL DATA
Brookfield operates globally. This means Personal Data may be processed and disclosed as described above, in any country in which we conduct business or have a service provider. Accordingly, when you provide your Personal Data to Brookfield, you acknowledge and agree that we may disclose your Personal Data to recipients (including, but not limited to service providers, Brookfield affiliates or agents, and Brookfield IT servers) located in jurisdictions other than your own, including but not limited to Australia, Brazil, Canada, China, Hong Kong, India, Japan, Singapore, South Korea, UAE, UK, USA, Spain, Germany, Colombia, the Cayman Islands, Bermuda and Luxembourg.
To the extent that applicable data protection and privacy law do not allow or permit us to obtain your valid consent by virtue of providing this Policy to you, or otherwise rely on the other grounds set out in this Policy for disclosing your Personal Data outside of your jurisdiction under the data protection and privacy law of your jurisdiction, we will obtain your explicit consent through other means (if applicable) or, where relevant, ensure that the recipient is bound by data protection and privacy laws of its jurisdiction to provide a standard of protection to your Personal Data that is equivalent to that under the data protection and privacy laws of your jurisdiction.
In other circumstances, data protection and privacy laws may permit Brookfield to otherwise transfer your Personal Data outside your jurisdiction provided it is in compliance with such data protection and privacy laws.
8. HOW WE SAFEGUARD YOUR PERSONAL DATA
Brookfield has implemented commercially reasonable controls and appropriate technical and organizational measures to protect Personal Data, as well as to maintain the security of our information and information systems in respect of Personal Data. Client files are protected with safeguards according to the sensitivity of the information contained therein. Appropriate controls (such as restricted access) are placed on our computer systems and used where appropriate. Reasonable measures are taken to ensure physical access to Personal Data is limited to authorized employees.
As a condition of employment, Brookfield employees are required to follow applicable laws and regulations, including in relation to data protection and privacy laws. Unauthorized use or disclosure of confidential client information by a Brookfield employee is prohibited and may result in disciplinary measures.
When you contact a Brookfield employee about your file, you may be asked to confirm some details relating to the Personal Data Brookfield holds about you. This type of safeguard is designed to ensure that only you, or someone authorized by you, has access to your file.
9. RETENTION AND DESTRUCTION OF PERSONAL DATA
The period for which Brookfield will hold your Personal Data will vary and will be determined by the following criteria:
a) The purpose for which Brookfield is using it. Brookfield is required to retain the Personal Data for as long as is necessary to satisfy or meet the purposes for which it was obtained or any other legal purpose; and
b) Legal Obligations. Laws or regulations may set a minimum period for which Brookfield must retain your Personal Data.
Depending on the requirements of the data protection law of your jurisdiction, Brookfield will take reasonable steps using appropriate technical methods in the circumstances to delete or destroy your Personal Data when we no longer have a legal basis to retain it or to ensure that the information is anonymized or irrecoverable.
10. YOUR RIGHTS
To the extent provided by the law of your jurisdiction, you may have legal rights in relation to the Personal Data about you that Brookfield holds. These rights may include:
a) the right to refuse to provide any Personal Data and the right to object at any time to the processing of your Personal Data. Please note that such refusal or objection may prevent us from providing services to you;
b) the right to obtain information regarding the processing of your Personal Data and access to the Personal Data about you that Brookfield holds (including any available information as to the source of the Personal Data);
c) where consent was provided for certain processing activities, the right to withdraw your consent to the collection, processing, use and/or disclosure of your Personal Data at any time. Please note, however, that this will not affect the lawfulness of any collection, processing, use or disclosure undertaken before your withdrawal and that Brookfield may still be entitled to process your Personal Data if it has another legitimate reason (other than consent) or a consent exception for doing so. In some cases, withdrawing your consent to the collection, use process or disclosure of some or all of your Personal Data may prevent us from providing services to you;
d) in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that Brookfield transmit that data to a third party where this is technically feasible. Please note that this right only applies to Personal Data that you have provided to Brookfield;
e) the right to request that Brookfield rectify your Personal Data if it is inaccurate or incomplete;
f) in some circumstances, the right to request that Brookfield erase your Personal Data. Please note that there may be circumstances where Brookfield is legally entitled to retain Personal Data regardless of any such request;
g) in some circumstances, the right to request that Brookfield restrict or block its processing of your Personal Data. Again, there may be circumstances where Brookfield is legally entitled to refuse that request; and
h) where applicable, the right to lodge a complaint with the data protection regulator in your jurisdiction if you think that any of your rights have been infringed by Brookfield.
You can enquire about your rights, which are applicable to you, by contacting Brookfield using the details listed below in Section 16. If you wish to exercise any of the rights, which are applicable to you, when you contact Brookfield using the details listed below, you will be asked to complete a ‘Subject Access Request Form’.
The Websites are intended for use by those over 18. We do not knowingly solicit or collect personal information on the Websites from children under the age of 18.
12. PROCESSING OF PERSONAL DATA FOR MARKETING PURPOSES
To the extent permitted by applicable law, we may contact you by mail, e-mail, SMS/text, telephone and other electronic means to provide information on products and services that we believe will be of interest, unless you object to receiving such information. If you do not want to receive such communications from us please contact the Privacy Officer on the details set out below or by using the opt-out facilities provided within the relevant marketing material.
Your option not to receive promotional and marketing material: (a) shall not preclude us from corresponding with you, by email or otherwise, regarding your relationship with us (e.g., your account status and activity or our responses to questions or inquiries you pose to us); (b) shall not preclude us, including our employees, contractors, agents and other representatives, from accessing and viewing your Personal Data for our internal business purposes; and (c) shall not preclude us from disclosing your Personal Data as described in this Policy for purposes other than sending you promotional and marketing materials.
13. USE OF PERSONAL DATA IN RELATION TO DATA SUBJECTS IN CANADA AND AUSTRALIA
Canadian Anti-Spam Legislation requires that commercial electronic messages ("CEMs") sent within Canada or into Canada from another jurisdiction may only be sent to individuals who opt into receiving them, subject to certain exceptions. Similar legislation applies in Australia (Spam Act 2003 (Cth)). Such consent may be implicit, such as by engaging in a prior business relationship, or by virtue of having one's email address listed in a public directory. These anti-spam laws also require senders to include an opt-out function such as an "unsubscribe" mechanism within a CEM. You may opt-out of the collection or use of your information by Brookfield. In some cases, withdrawing your consent to the collection, use or disclosure of some or all of your personal information will prevent us from providing services to you. To opt-out, please contact Brookfield's Privacy Officer using the details set out below or use the opt-out facility provided in the CEM. Please note that in some cases Brookfield is permitted to send you certain CEMs after you opt out, such as where required to enforce legal rights.
14. CALIFORNIA PRIVACY RIGHTS
If you are a California resident, you have the right to request certain information from us regarding the manner in which we share with third-parties certain categories of information that identifies you. Brookfield does not share Personal Data with third parties for those third parties’ own direct marketing purposes.
Effective January 1, 2020, the California Consumer Privacy Act (CCPA) provides you with certain rights that are in addition to the rights set out in Section 10 above:
- The right to request, up to twice in a twelve month period, your Personal Data in a format that is portable and, to the extent technically feasible, in a readily useable format that will allow you to transmit it to another entity.
- The right to request that Brookfield delete your Personal Data, except in circumstances where Brookfield is legally entitled to retain Personal Data regardless of any such request.
- The right to opt out of any sale of your Personal Data to any third parties, without experiencing any discrimination, as defined under the law, as a result of your exercise of this right. Note that Brookfield does not sell Personal Data to third parties.
If you are a California resident, Personal Data will include the full definition of “Personal Information” under the CCPA.
If you wish to exercise any of the rights enumerated in this section, please contact us at +1 833.681.0340 or PrivacyOfficer@Brookfield.com.
15. ADDITIONAL PRIVACY NOTICE INFORMATION REQUIRED FOR AUSTRALIAN RESIDENTS
We will deal with your Personal Data (which has the same meaning as “Personal Information” under the Privacy Act 1988 (Cth), namely any information from which your identity is apparent or can be reasonably ascertained), in accordance with Australian privacy requirements including the Privacy Act 1988 (Cth) and Australian Privacy Principles, the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and any applicable state/territory privacy laws or industry codes. Information that is not “about” an individual is not considered “Personal Data” under Australian law.
If you contact us to access your Personal Data, to seek to correct it, or to make a complaint about privacy, we will respond as soon as we reasonably can, and in any event within any timescales stipulated by applicable law. We do not impose any charge for a request, but we may charge you a reasonable fee for our costs associated with providing you access and retrieval costs. For complaints about privacy, we will establish in consultation with you a reasonable process including time frames, for seeking to resolve your complaint.
16. QUESTIONS AND CONCERNS
If you have any questions or concerns about Brookfield's handling of your Personal Data, or about this Policy, please contact our Privacy Officer using the contact information set out below.
We are typically able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Privacy Officer, you may escalate concerns to the applicable privacy regulator in your jurisdiction, the details of which can be obtained from the Privacy Officer.
17. BROOKFIELD PRIVACY OFFICE CONTACT INFORMATION
Department: Legal & Regulatory