Your Acceptance Through Use
The Types of Information We Collect
The types of personal information we may collect from you, or you may choose to provide include:
Contact information (such as your name, postal or e-mail address, and phone number)
In relation to our recruitment activities, your professional information (such as your name, business email, business phone, business address, country in which you do business, your industry, job title or role)
Account information (such as username or password)
Client Relationship data (such as business contact information, country in which you do business, your industry, job title or role, professional interactions and relationship data, including your primary CBRE contacts and your record of interactions with CBRE, your contact preferences, and information you provide to us which assist us in serving the business relationship, such as the types of investments you are interested in)
Online identifiers (such as your mobile device advertising identifier and geo-location data)
In addition, we collect the following information about you from third parties:
Your social media interactions with us (for example, when you “like” a post on social media platforms)
Technical information from advertisements we place on third party websites (such as your IP address, browser type and version, device identifiers, location and time zone setting)
How We Use Your Information
Communications With You – Offerings and Services In Which You Expressed Interest:
When you visit or transact business on this Site, you may be required to register with us or be requested to provide us with personal and account information. When you provide us with this information, we may use it to contact you about the offerings or services in which you have expressed an interest. CBRE has a legitimate business interest to use the personal information we collect from you to provide such requested services. Where we have relied on your consent, however, if you tell us that you do not want us to use this information as a basis for further contact with you (by accessing our opt-out procedure described below), we will respect your wishes.
Communications With You – Newsletters and Marketing Purposes:
In order to keep our users and clients informed about our latest news, products and services, we may send e-mails and marketing communications to the email address provided to us while registering on our Site or requesting information from us. CBRE complies with applicable laws when using your personal information for this purpose, and where applicable (such as in the EU) relies on your consent. Please be aware that we do sometimes partner with third parties to send marketing communications that promote a third party’s products and services (for example, those of our business partners) as well as our own. If you elected to opt–in to any of our email lists, newsletters or other promotional offerings and later decide that you no longer wish to receive such newsletters or promotional e-mail from us, you may unsubscribe by following the instructions contained in each email we send to you (or use the opt-out procedure described below).
Professional Interactions With You – Customer Relationship Management:
We may use your client relationship data (collected via a business card with a CBRE employee or when you communicate with a CBRE employee via phone or email, for example) to provide you with services you request and manage our relationship with you. We may also use certain de-identified and aggregated data about our clients for our internal data analytics purposes. CBRE has a legitimate business interest to use the personal information we collect from you to provide such requested services and in order to be able to service our clients better. With your consent, we may send you information or services or a promotional nature that we consider may be relevant to you.
We may also use the personal information we obtain about you for the following purposes:
Operating, evaluating and improving our business (including developing new products and services; managing our communications; determining the effectiveness of and optimizing our advertising; analyzing our products, services, websites, mobile applications and any other digital assets; facilitating the functionality of our websites, and mobile applications and any other digital assets)
Preparing and furnishing aggregated data reports, which may include anonymized information
Enforcing our Terms and Conditions or other legal rights
We also may use the information in other ways for which we provide specific notice at the time of collection. If you object to us using information in other ways you can email [email protected].
Information Provided to Us About You by Third Parties
We may present or embed content on our Site, such as property listings, that is provided by our third-party vendors. This content may contain links to other sites not operated by CBRE or may request personal information. For example, this content may ask for an email address to subscribe to alerts or share a listing with a friend. This information is collected by our vendors and not by us. In some cases, these vendors may share the personal information they collect from you with us. We are not responsible for the privacy practices of our vendors. We encourage you to review their privacy policies to understand how they will use and share the personal information you provide to them.
Third Party Usage:
Where applicable law allows, we will purchase marketing data from third parties and add it to our existing user database to better target our advertising and to provide pertinent offers in which we think you would be interested. We may also associate this marketing data to the personally identifiable information that you provide to us.
Third Parties with Whom We Share Your Personal Information
Third Parties for Retargeting Advertising:
We may share your personal information with companies acting as our authorized agents in providing our services, including the following categories of service provider:
infrastructure and IT service providers, including cloud service providers
marketing, advertising and communications agencies
external auditors and advisors
cookie analytics providers
providers of website testing / analytics services
Each service provider must agree to implement and maintain reasonable security procedures and practices appropriate to the nature of your information in order to protect your personal information from unauthorized access, destruction, use, modification or disclosure. Because we operate globally, we may transfer your information to countries or jurisdictions that do not provide the same level of data protection as the country in which you are based. If we make such a transfer, we will, or our vendors will, as applicable, provide for the proper safeguards required by applicable law to ensure that your information is protected. More information on International Data Transfers of your personal information is below.
Where we share your personal information for our legitimate interests you can object to this disclosure. Please be aware that when you object to disclosure of your personal information for CBRE’s legitimate interests it may affect the services we provide to you. More information on Your Rights are below.
Legally Affiliated Entities:
In the event that CBRE is merged, or in the event of a transfer of our assets, Site or operations, CBRE may disclose or transfer your personal information in connection with such transaction. In the event of such a transfer, CBRE will notify you via email or by posting a prominent notice on our Site for 30 days of any such change in ownership of CBRE resulting in a change of control of your personal information. We may also share your personal information with CBRE affiliates in order to provide or offer services to you.
Legally Compelled Disclosure:
We will also disclose your personal information when required to do so by law, for example, in response to a court order or a subpoena or other legal obligation, in response to lawful requests by public authorities, including to meet national security or law enforcement agency's requirements, or in special cases when we have reason to believe that disclosing your personal information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (whether intentionally or unintentionally) our rights or property.
International Data Transfers
Processing In the US and Elsewhere by Registration on This Site
CBRE is a global business. We may transfer the personal information we collect about you to recipients, and your personal information may be stored and processed, in countries other than the country in which the information was originally collected, including the United States and elsewhere that may have less stringent data protection laws than the country in which you initially provided the information.
When we transfer your information to countries other than the country in which the information was originally collected, we will protect your information as described in this Policy or as otherwise disclosed to you at the time the data is collected (e.g. via program specific privacy notice) and will comply with all applicable data protection laws in making such transfers.
If you are located in a non-US jurisdiction, the transfer of personal information is necessary to provide you with the requested information and/or to perform any requested service. To the extent permitted by law, such submission also constitutes your consent for the cross-border transfer.
With respect to transfers originating from the European Economic Area to the United States and other non-EEA jurisdictions:
CBRE US affiliates are EU-US and Swiss-US Privacy Shield certified, and
CBRE has executed EU Standard Contractual Clauses with respect to personal information collected in the European Economic Area and transferred to CBRE in the United States and elsewhere.
Where allowed by applicable law, you may ask for further information on the safeguards that we have put in place to safeguard the transfer of your data to outside of the EEA by contacting us as indicated below.
Privacy Shield Certification:
CBRE complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding personal information that is collected by CBRE affiliates or corporate customers located in the European Economic Area and/or United Kingdom and/or Switzerland and transferred to CBRE, Inc. and its wholly owned US-based affiliates, which include CBRE Global Investors LLC, CBRE GWS Puerto Rico Inc., CBRE Clarion Securities LLC, CBRE Security Services, Inc., CBRE Heery Inc., CBRE HMF, Inc., CBRE Multifamily Capital, Inc., CBRE Capital Markets, Inc., CBRE Technical Services, LLC, CBRE Hana Operations, LLC, Forum Analytics, LLC and Trammell Crow Company LLC in the United States (“CBRE US”). This Policy supplements the data protection notices that Clients and Client contacts may have received. CBRE has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. If there is any conflict between the terms in this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. CBRE is subject to investigatory enforcement powers of the Federal Trade Commission as it relates to conformation with Privacy Shield requirements.
Disclosure and Liability for Onward Transfer:
CBRE is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. CBRE may, as disclosed above in Third Parties with Whom We Share Your Personal Information, transfer personal information onward to third parties. CBRE remains liable under the Privacy Shield Principles if a third party processes such personal information in a manner inconsistent with the Principles, unless we prove we are not responsible for the event giving rise to the damage.
Independent Recourse of Privacy Shield Complaints:
In compliance with the EU-US and Swiss-US Privacy Shield Principles, CBRE commits to resolve complaints about our collection or use of your personal information. EU, United Kingdom and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact CBRE at: Privacy.Office@cbre.com.
CBRE has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you. You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by JAMS. For additional information on binding arbitration, visit: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
CBRE endeavors to protect the security of your personal information and your choices for its intended use. We use Secure Socket Layers or SSL technology to protect the transmission of sensitive personal information such as your credit card number. We store your personal information on a secure server, and use procedures designed to protect the personal information we collect from unauthorized access, destruction, use, modification or disclosure.
Although we will take (and require our third-party providers to take) commercially reasonable security precautions regarding your personal information collected from and stored on the Site, due to the open nature of the Internet, we cannot guarantee that any of your personal information stored on our servers, or transmitted to or from a user, will be free from unauthorized access, and we disclaim any liability for any theft or loss of, unauthorized access or damage to, or interception of any data or communications. By using the Site, you acknowledge that you understand and agree to assume these risks.
How Long We Keep Your Personal Information
We will only retain the personal information we collect about you for as long as necessary for the purpose for which that information was collected, and to the extent permitted by applicable laws. We take steps to ensure that when we no longer need to use your personal information, we remove it from our systems and records and/or take steps to anonymize it so that you can no longer be identified from it (unless we need to keep your information to comply with legal or regulatory obligations to which we are subject).
Your Privacy Rights
When you register on this Site, we may ask you to select whether you would like to receive email and electronic communications from us such as offers, news, reports and other promotional communications. You may withdraw your consent or opt-out of receiving such communications at any time by contacting us as described below.
Additionally, where we process your personal information for our legitimate interests you will have the right to object to such processing. Please be aware that where you object to this sort of processing it may affect our ability to carry out tasks as listed in this policy.
You may contact us:
(a) by telephone, at +1 877 227 3330 or by facsimile, at +1 212 618 7085
(b) by following the Opt-Out or unsubscribe instruction contained in the body of any marketing e-mail from us
(c) by sending us an e-mail at [email protected], including a copy of the e-mail you have received and by typing “Remove” in the subject line of your e-mail
If you are located in Europe, the Middle East or Africa, you may also e-mail us at [email protected], including a copy of the e-mail you have received and by typing “Remove” in the subject line of your e-mail
If you are located in Asia or the Pacific, you may also e-mail us at [email protected], including a copy of the e-mail you have received and by typing “Remove” in the subject line of your e-mail
(d) by mail: CBRE, Inc., 321 North Clark Street, Suite 3400, Chicago, Illinois 60654, Attention: Global Director, Data Privacy
Your election not to receive newsletters or promotional and marketing correspondence from us will not: (i) preclude us from corresponding with you, by email or otherwise, regarding your existing or past relationship with us, and (ii) preclude us, including our employees, contractors, agents and other representatives, from accessing and viewing your personal information in the course of maintaining and improving the Site.
Requesting Access to Your Personal Information and Other Rights:
You may also have rights under applicable law to request to review, access, correct, delete, port or object to our processing your personal information processed by us, and lodge a complaint with a supervisory authority. If so, you may do so by making a request on CBRE’s data subject rights portal or submitting your request to [email protected].
Independent Recourse for Privacy Shield Complaints:
Information about independent recourse for Privacy Shield complaints can be found above.
Changes to this Policy
We are a rapidly evolving, global business. We will continue to assess this Policy against new technologies and services, business practices as well as our clients’ needs, and make changes to this Policy from time to time as required. If we make any material changes to this Policy, we will make changes here and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of Policy changes).
Data Protection Officer
We have appointed, in accordance with local law, data protection officers (“DPOs”) for our subsidiaries in Germany. We have also appointed a DPO in France. If you have any questions or concerns about our personal data policies or practices, you may contact the appropriate DPO using the following contact details: