Website Data Protection Policy and Privacy Notice
1. INTRODUCTION
Brookfield is committed to compliance with applicable legal and regulatory requirements relating to data protection, privacy and cybersecurity as further set out in our Code of Business Conduct and Ethics. At Brookfield, we respect your privacy and this Policy, together with our Website Terms of Use which can be found here and our Cookie Policy which can be found here, governs how Brookfield collects, processes (as defined below) and uses your Personal Data (as defined below) when you use the Websites (as defined below).
Residents of California and other U.S. states: Section 14 here provides additional information for residents of Colorado, Connecticut, Nevada, Virginia and Utah) that supplements the information provided throughout this Policy. Section 15 here is our California Privacy Notice, along with Section 16 here, which sets out your privacy rights, and how you may exercise them, under the CCPA and the other U.S. State Privacy Laws (as defined in Section 14).
This Policy applies to users of the Websites (as defined below).
For the purposes of applicable laws and regulations relating to data protection and privacy (“Data Protection Legislation”), Brookfield acts as a controller in respect of your Personal Data.
This Policy may change from time to time and you should review it periodically.
This Policy was last updated on May 9, 2024.
2. DEFINITIONS
The following definitions shall apply to this Policy:
“Brookfield”, “we”, “us”, “our” means one of Brookfield Corporation, Brookfield Asset Management Ltd., Brookfield Asset Management ULC, Brookfield Business Partners LP, Brookfield Infrastructure Partners LP, Brookfield Property Partners LP, Brookfield Renewable Partners LP or Brookfield Public Securities Group LLC, being the Brookfield entity to which this Website relates.
“Personal Data” has the meaning given to it or any similar term (e.g., “personal information”, “nonpublic personal information”, “PII”, “personally referable information”) in applicable Data Protection Legislation and for the avoidance of doubt means any information which directly or indirectly identifies or otherwise relates to an individual, which is in the possession or under the control of Brookfield (or its representatives or service providers). Such Personal Data may include, without limitation, the name, age, identification number, email address, address, telephone number, location data, financial data, or online identifier of that individual. In addition to factual information, such Personal Data includes any expression of opinion about an individual and any indication of the intentions of Brookfield or any other person in respect of an individual.
“Process” or “processing” means any operation that is carried out in respect of Personal Data, ncluding but not limited to collecting, storing, using, disclosing, transferring or deleting Personal Data.
“Sensitive Personal Data” has the meaning ascribed to this or any similar term provided by applicable Data Protection Legislation (e.g., “sensitive personal information”, “sensitive data”, or “special categories of personal data”).
“Websites” means Brookfield websites that link to this Policy unless such websites have their own data protection policy and privacy notice.
3. THE TYPES OF PERSONAL DATA WE COLLECT
If you are a Brookfield employee or a Brookfield investor, Brookfield’s policies and practices regarding the collection and processing of your Personal Data are detailed in Brookfield’s Employee and Personnel Data Protection Policy and Privacy Notice and Investor Data Protection Policy and Privacy Notice, respectively. If you make an application for employment with Brookfield, the collection and processing of your Personal Data is detailed in Brookfield’s Applicant Data Protection Policy and Privacy Notice, which will be provided to you via our applications partner website before you submit your application.
For all other individuals, Brookfield may collect and process the following categories of Personal Data about you from the sources identified as follows:
a) Website Data. When you browse the Websites, depending on how you interact with the Websites, we may collect (i) information submitted as part of completing online forms on the Websites (including, but not limited to, name, age, date of birth, e-mail address, address, telephone number, identification number, online identifier, location, gender, nationality, citizenship and contact information); and (ii) technical information collected by cookies (see below) about the services that you use and how you use them, which may include device-specific information, your navigation throughout the Websites, and other technical and browsing preferences including your location and entry point to the Websites. Please note that if you do not provide certain Personal Data to Brookfield when requested (and where relevant, provide your consent) we may not be able to provide you with access to all areas of the Website and associated services.
b) Identity Verification Data. We may collect identity verification information from you, such as images of your government issued ID, passport, national ID card, or driving license, as permitted by applicable laws, or other authentication information.
c) Communications Data. We may collect Personal Data that you provide when you contact Brookfield for any reason, such as to express an interest in obtaining additional information about our services, direct questions or concerns about our services to us, use a “Contact Us” form or similar features, sign up for our emails or attend an event, or download certain content. Such information may include contact information such as name, job title, company name, phone number, location and email address.
d) Reputation & Background Check Data. If you are a service provider or a business partner or are a representative of one of our service providers or business partners, we may collect Personal Data from you and from third parties that includes contact details, information concerning business practices, creditworthiness, reputation and business history, and job titles or roles.
d) Data Brookfield Generates. We may generate Personal Data about you when we interact with you or perform services for you. This data may include information about your relationship with us or the services we are providing you.
COOKIES: Please refer to our Cookie Policy, which can be found here, which forms part of this Policy.
DO NOT TRACK: Your browser and other mechanisms may permit you to send do-not-track signals or other similar signals via your browser settings to express your preferences regarding online tracking. Due to the lack of any standard for how do-not-track signals should work on commercial websites, we do not currently respond to such signals. Third parties, such as our analytics providers, from time to time may collect Personal Data that relates to you on the Websites, over other websites. We cannot control third parties’ responses to do-not-track signals or other such mechanisms. Third parties’ use of Personal Data relating to you and responsiveness to do-not-track signals is governed by their respective privacy policies.
4. HOW WE COLLECT YOUR PERSONAL DATA
Brookfield may collect the types of Personal Data described above in Section 3:
a) Directly from you, including, for example, through your use of the website, when you send us an email, visit our premises, or otherwise contact or communicate with us;
b) From automated tracking technology and monitoring tools, for example, cookies that track your access and use of our website and other online services;
c) From within Brookfield and from our affiliates;
d) From a third party acting on your behalf, for example, an intermediary, lawyer or service provider;
e) From publicly available sources; and;
f) From other organizations, for example fund administrators and other service providers.
5. HOW WE USE YOUR PERSONAL DATA
Your Personal Data may be collected, stored, disclosed and processed by Brookfield for the following purposes:
a) to provide you with marketing communications and inform you about news and information relating to our business and services, including new product launches, product updates and general business news (see Section 13 below for further information);
b) to assess your application for Brookfield's products and services, where applicable;
c) to understand your needs and interests and to respond to your enquiries;
d) to analyze and improve our services;
e) for the management and administration of our business;
f) to provide you with the products and services for which you subscribe;
g) to comply with and in order to assess compliance with applicable laws, rules and regulations (including tax reporting purposes pursuant to tax legislation), industry codes, voluntary codes we decide to adopt, or good practice, anywhere in the world and internal policies and procedures including the Websites Terms of Use;
h) to confirm and verify your identity (this may involve the use of a credit reference agency or other third parties acting as our agents) and to conduct due diligence, background and related checks. We will also screen against publicly available government and/or law enforcement agency sanctions lists. We may use third party providers to conduct these verifications and searches;
i) to detect, investigate and prevent fraud and other crimes or malpractice;
j) for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings);
k) to obtain legal advice or to establish, exercise or defend legal rights;
l) the administration and maintenance of databases storing Personal Data;
m) to comply with our contractual obligations;
n) for ongoing review and improvement of the information, content and services provided on the Websites to ensure they are user friendly and to prevent any potential disruptions such as cyber-attacks;
o) to analyze and report on the Websites traffic, marketing and usage trends;
p) to allow you to use and access functionality provided by the Websites;
q) to conduct analysis required to detect malicious data and understand how this may affect your IT system;
r) for statistical monitoring and analysis of current attacks on devices and systems for the on-going adaption of the solutions provided to secure systems and devices against current attacks;
s) for in-depth threat analysis; and
t) for purposes otherwise set out in this Policy.
Brookfield is entitled to use your Personal Data for these purposes because one or more of the following legal bases applies:
a) Brookfield needs to do so in order to perform its contractual obligations to you (for example, in order to manage your investments and verify the information you provide);
b) Brookfield has obtained your specific and informed consent (which may include written consent) unless an exemption provided under applicable law permits the use and disclosure of your Personal Data without your consent;
c) Brookfield has legal or regulatory obligations that must be discharged;
d) Brookfield may need to do so in order to establish, exercise or defend its legal rights or for the purpose of legal proceedings; or
e) the use of your Personal Data is necessary for our legitimate business interests or the legitimate interests of a third party provided such interests are not overridden by your rights or interests, including: (i) allowing Brookfield to effectively and efficiently administer and manage the operation of its business; (ii) maintaining compliance with internal policies and procedures; (iii) monitoring the use of our copyrighted materials; (iv) offering optimal, up-to-date security solutions for mobile devices and IT systems; or (v) for internal research purposes.
If you are located in a jurisdiction which requires us to obtain your consent to collect, use, store, process and disclose your Personal Data, you understand that by accepting the terms of this Policy you expressly provide your consent to Brookfield collecting, using, storing, processing and disclosing your Personal Data as set out in this Policy.
6. DISCLOSURE OF YOUR PERSONAL DATA TO THIRD PARTIES
Brookfield may share or provide access to your Personal Data among its affiliates and business units and third party agents, service providers and contractors outside of Brookfield:
a) Business Management. For the purpose of the management and administration of Brookfield’s business (for example, Brookfield’s insurers);
b) Provision of Services. In order to facilitate the provision and enhancement of services to you (including the management of your investments);
c) Database Management. For the purpose of the administration and maintenance of the databases storing Personal Data (for example, Brookfield’s cloud hosting providers and system development and support providers);
d) Vendor Services. For the purposes of Brookfield receiving services (for example, Brookfield’s accountants, administrators, auditors, service providers, custodians, depositories, third party managers, paying agents, professional advisors such as consultants and legal advisors, IT and communications providers or any entity we reasonably consider necessary for the purposes outlined above). These third parties will be expected to be subject to confidentiality requirements (either by contract, professional obligation, duty or otherwise) that require them to only use your Personal Data as described above;
e) System Protection. For the purpose of detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible; debugging to identify and repair errors that impair intended functionality;
f) Compliance with Law. To the extent required by law (for example, if Brookfield is compelled by an obligation or a duty to disclose your Personal Data where we believe it is necessary or appropriate to comply with any legal obligation, rule, regulations or internal Brookfield policies and procedures, including (without limitation) in order to comply with tax reporting requirements and other statutory reporting and disclosures to regulatory authorities), or to establish, exercise or defend its legal rights. This may include disclosure to regulatory bodies or government agencies, law enforcement or courts, and in order to investigate unauthorized attempts to modify the Websites, install harmful files or cause damage to the Websites or to Brookfield;
g) Business Transactions. As part of a transaction, financing, or for other business needs (for example, if Brookfield sells any of its businesses or assets, applies for a loan, or opens bank accounts, in which case Brookfield may need to disclose your Personal Data to the prospective buyer, lender or bank, as the case may be, as part of certain due diligence processes); or
h) Change of Control. If Brookfield or any of its affiliates, divisions or business units is acquired by a third party, including in the unlikely event of a bankruptcy, in which case the Personal Data held by Brookfield about you will be accessible to, and may be acquired by, the third party buyer.
Brookfield may share anonymous or aggregated data with third parties such as service providers in order to facilitate our business operations. We may process some of your Personal Data automatically, but we do not use computer algorithms to make automated decisions based on your Personal Data.
7. LINKS TO OTHER WEBSITES
The Websites may contain links to other party websites that are not governed by this Policy. Linked sites may have their own privacy notices or policies, which you should review. Brookfield is not responsible for the content of links or third party websites and your use of such third party websites is at your own risk.
8. TRANSFERS OF PERSONAL DATA
Brookfield operates globally. This means Personal Data may be processed and disclosed as described above, in any country in which we conduct business or have a service provider. Accordingly, when you provide your Personal Data to Brookfield, you acknowledge and agree that we may disclose your Personal Data to recipients (including, but not limited to service providers, Brookfield affiliates or agents, and Brookfield IT servers) located in jurisdictions other than your own, including but not limited to Australia, Brazil, Canada, China, Hong Kong, India, Japan, Singapore, South Korea, UAE, UK, USA, Spain, Germany, Colombia, the Cayman Islands, Bermuda and Luxembourg.
To the extent that applicable Data Protection Legislation does not allow or permit us to obtain your valid consent by virtue of providing this Policy to you, or otherwise rely on the other grounds set out in this Policy for disclosing your Personal Data outside of your jurisdiction, we will obtain your explicit consent through other means (if applicable) or, where relevant, ensure that the recipient is required to provide a standard of protection to your Personal Data that is equivalent to that under the Data Protection Legislation of your jurisdiction (e.g., by using standard contractual clauses for such international transfers).
In other circumstances, Data Protection Legislation may permit Brookfield to otherwise transfer your Personal Data outside your jurisdiction provided it is in compliance with such Data Protection Legislation.
9. HOW WE SAFEGUARD YOUR PERSONAL DATA
Brookfield has implemented commercially reasonable controls and appropriate technical and organizational measures to protect Personal Data, as well as to maintain the security of our information and information systems in respect of Personal Data. Investor files are protected with safeguards according to the sensitivity of the information contained therein. Appropriate controls (such as restricted access) are placed on our computer systems and used where appropriate. Reasonable measures are taken to ensure physical access to Personal Data is limited to authorized employees.
As a condition of employment, Brookfield employees are required to follow applicable laws and regulations, including in relation to Data Protection Legislation. Unauthorized use or disclosure of confidential investor information by a Brookfield employee is prohibited and may result in disciplinary measures.
When you contact a Brookfield employee about your file, you may be asked to provide evidence of your identity (e.g., driver’s license or passport) and/or to confirm some details relating to the Personal Data Brookfield holds about you. These types of safeguards are designed to ensure that only you, or someone authorized by you, has access to your file.
10. RETENTION AND DESTRUCTION OF PERSONAL DATA
The period for which Brookfield will hold your Personal Data will vary and will be determined by the following criteria:
a) The purpose for which Brookfield is using it. Brookfield is required to retain the Personal Data for as long as is necessary to satisfy or meet the purposes for which it was obtained including applicable legal or regulatory requirements; and
b) Legal Obligations. Laws or regulations may set a minimum period for which Brookfield must retain your Personal Data.
Depending on the requirements of the Data Protection Legislation of your jurisdiction, Brookfield will take reasonable steps using appropriate technical methods in the circumstances to delete or destroy your Personal Data when we no longer have a legal basis to retain it or to ensure that the information is anonymized or irrecoverable.
11. YOUR RIGHTS
To the extent provided by the law of your jurisdiction, you may have legal rights in relation to the Personal Data about you that Brookfield holds. These rights may include:
a) the right to refuse to provide any Personal Data and the right to object at any time to the processing of your Personal Data. Please note that such refusal or objection may prevent us from providing services to you;
b) the right to confirm whether we process your Personal Data and to obtain information regarding the processing of your Personal Data and access to the Personal Data about you that Brookfield holds (including any available information as to the source of the Personal Data and any safeguards that may have been used to transfer Personal Data outside of your jurisdiction, as referred to in Section 8 above);
c) where consent was provided for certain processing activities, the right to withdraw your consent to the collection, processing, use and/or disclosure of your Personal Data at any time. Please note, however, that this will not affect the lawfulness of any collection, processing, use or disclosure undertaken before your withdrawal and that Brookfield may still be entitled to process your Personal Data if it has another legitimate reason (other than consent) or a consent exception for doing so. In some cases, withdrawing your consent to the collection, use process or disclosure of some or all of your Personal Data may prevent us from providing services to you;
d) in some circumstances, the right to receive a copy of some Personal Data in a structured, commonly used and machine-readable format and/or request that Brookfield transmit that data to a third party where this is technically feasible. Please note that this right may, depending on the jurisdiction, only apply to Personal Data that you have provided to Brookfield;
e) the right to request that Brookfield correct or rectify your Personal Data if it is inaccurate or incomplete;
f) in some circumstances, the right to request that Brookfield delete or erase your Personal Data. Please note that such a request may prevent us from providing services to you and there may be circumstances where Brookfield is legally entitled to retain Personal Data regardless of any such request;
g) in some circumstances, the right to request that Brookfield restrict, anonymize or block its processing of your Personal Data. Please note that such a request may prevent us from providing services to you and there may be circumstances where Brookfield is legally entitled to retain Personal Data regardless of any such request;
h) in some circumstances, the right to obtain information about the public and private entities with which Brookfield made shared use of the Personal Data as a joint controller;
i) in some circumstances, the right to receive information on the possibility of not providing consent and on the consequences of the refusal;
j) in some circumstances, the right to non-discrimination against you for exercising your legal rights in relation to your Personal Data;
k) where applicable, the right to lodge a complaint with the data protection regulator in your jurisdiction if you think that any of your rights have been infringed by Brookfield; and
l) the right to request information concerning the measures that the overseas recipient of your Personal Data is taking to protect your Personal Data and its details, countries to which the relevant personal data is transferred, and the existence or non-existence of data protection legislation in the countries and the details thereof.
You can enquire about your rights, which are applicable to you, by contacting Brookfield using the details listed below in Section 18. If you wish to exercise any of the rights, which are applicable to you, when you contact Brookfield using the details listed below, you will be asked to complete a ‘Subject Access Request Form’.
12. CHILDREN
The Websites are intended for use by those over 18. We do not knowingly solicit or collect personal information on the Websites from children under the age of 18.
13. PROCESSING OF PERSONAL DATA FOR MARKETING PURPOSES
To the extent permitted by applicable law, we may contact you by mail, e-mail, SMS/text, telephone and other electronic means to provide information on products and services that we believe will be of interest, unless you object to receiving such information. If you do not want to receive such communications from us please contact the Privacy Officer on the details set out below or by using the opt-out facilities provided within the relevant marketing material.
Your option not to receive promotional and marketing material: (a) shall not preclude us from corresponding with you, by email or otherwise, regarding your relationship with us (e.g., your account status and activity or our responses to questions or inquiries you pose to us); (b) shall not preclude us, including our employees, directors, officers, contractors, agents and other representatives, from accessing and viewing your Personal Data for our internal business purposes; and (c) shall not preclude us from disclosing your Personal Data as described in this Policy for purposes other than sending you promotional and marketing materials.
14. ADDITIONAL INFORMATION FOR RESIDENTS OF COLORADO, CONNECTICUT, NEVADA, VIRGINIA AND UTAH
If you are a resident of Colorado, Connecticut, Nevada, Utah or Virginia, this section of the Policy is intended to provide you with additional information concerning our processing of Personal Data pursuant to the (i) Colorado Privacy Act, (ii) Connecticut Data Privacy Act, (iii) Nevada Revised Statutes Chapter 603A, (iv) Utah Consumer Privacy Act, and (ix) Virginia Consumer Data Protection Act (together, the “U.S. State Privacy Laws”). Details concerning your privacy rights under certain of the U.S. State Privacy Laws, and how you may exercise those rights, are set out in Section 16.
a) We do not sell, and have not sold, any categories of Personal Data to third parties for targeted advertising, or any other purpose.
b) We do not process any categories of sensitive data that require consumer opt-in under any of the U.S. State Privacy Laws, including biometric data used to uniquely identify a person and Personal Data revealing racial or ethnic origin, religious beliefs, a mental or physical health condition, sexual orientation, or citizenship status.
c) In the event that Brookfield shares anonymous or aggregated data with third parties such as service providers in order to facilitate our business operations, to the extent such data constitutes de-identified data under the Virginia Consumer Data Protection Act, Brookfield will maintain and use such data without attempting to re-identify the data.
15. CALIFORNIA PRIVACY NOTICE
If you are a resident of California, this section of the Policy is intended to provide you with information concerning our processing of Personal Data (also referred to as “Personal Information” under the CCPA and throughout this Section 14) pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020, and all implementing regulations thereto (together, the “CCPA”). Please contact PrivacyOfficer@Brookfield.com or 1-833-681-0340 to request this Policy in an alternative format.
Our collection, use, retention and disclosure of Personal Information.
a) Sales and Sharing of Personal Information. We do not, and have not, sold any categories of Personal Information to third parties or shared any categories of Personal Information for the purpose of cross-context behavioral advertising.
b) Collection, Sources and Use of Personal Information. We have collected and used the following categories of Personal Information from the following sources and for the following business purposes during the 12-month period prior to the date of this Policy:
Categories of Personal Information | Sources | Business Purposes |
Website Data, as described in Section 3(a)of the Policy. |
|
|
Identity Verification Data, as described in Section 3(b) of the Policy. |
Directly from you; from automated tracking technology and monitoring tools; from within Brookfield and from our affiliates; from a third party acting on your behalf; from publicly available sources; and from other organizations. |
Business Management; Provision of Services; Database Management; Vendor Services; System Protection; Compliance with Law; Business Transactions; and Change of Control. |
Communications Data, as described in Section 3(c) of the Policy. |
Directly from you; from automated tracking technology and monitoring tools; from within Brookfield and from our affiliates; from a third party acting on your behalf; from publicly available sources; and from other organizations. |
Business Management; Provision of Services; Database Management; Vendor Services; System Protection; Compliance with Law; Business Transactions; and Change of Control. |
Reputation & Background Check Data, as described in Section 3(d) of the Policy. |
Directly from you; from automated tracking technology and monitoring tools; from within Brookfield and from our affiliates; from a third party acting on your behalf; from publicly available sources; and from other organizations. |
Business Management; Provision of Services; Database Management; Vendor Services; System Protection; Compliance with Law; Business Transactions; and Change of Control. |
Data Brookfield Generates as described in Section 3(e) of the Policy. |
From data collected directly from you; from automated tracking technology and monitoring tools; from within Brookfield and from our affiliates; from a third party acting on your behalf; from publicly available sources; and from other organizations. |
Business Management; Provision of Services; Database Management; Vendor Services; System Protection; Compliance with Law; Business Transactions; and Change of Control. |
c) Children. We do not knowingly collect or solicit any categories of Personal Information from any individual under the age of eighteen (18).
d) Sensitive Personal Information. Sensitive Personal Information under the CCPA may include social security numbers, driver’s license numbers, or passport numbers; account credentials; precise geolocation; racial or ethnic origin; religious beliefs; biometric data; personal information concerning a consumer’s health or sex life or sexual orientation; as well as contents of a consumer’s mail, email and text messages. At this time, our collection of Sensitive Personal Information is limited to account credentials and precise geolocation. To the extent we collect your Sensitive Personal Information, we will not use or disclose such information for purposes other than (A) to perform services that you reasonably expect from us; (B) to prevent, detect and investigate security incidents; (C) to resist illegal actions directed at the business and to prosecute and defend our rights; (D) to ensure the physical safety of others; (E) for short-term, transient use; (F) to perform services necessary for the business; (G) to verify and maintain the quality and safety of our product or services; and (H) generally for purposes that do not infer characteristics about you.
e) Retention of Personal Information. We retain Personal Information for as long as is reasonably necessary in connection with the purposes for which the Personal Information was collected. For additional information on how we store your Personal Information, please refer to Section 10 (Retention and Destruction of Personal Data) of the Policy.
f) Disclosures of Personal Information for Business Purposes. We have disclosed the following categories of Personal Information to the following categories of recipients for the following business purposes during the 12-month period prior to the “last updated’ date of this Policy:
Business Purposes | Categories of Recipients | Categories of Personal Information |
Business Management, as described in Section 6(a) of the Policy. |
|
Website Data; Identity Verification Data; Communications Data; Reputation & Background Check Data; and Data Brookfield Generates. |
Provision of Services, as described in Section 6(b) of the Policy. |
Affiliates; service providers and contractors; professional advisors; creditors; and government entities. |
Website Data; Identity Verification Data; Communications Data; Reputation & Background Check Data; and Data Brookfield Generates. |
Database Management, as described in Section 6(c) of the Policy. |
Affiliates; service providers and contractors; and professional advisors. |
Website Data; Identity Verification Data; Communications Data; Reputation & Background Check Data; and Data Brookfield Generates. |
Vendor Services, as described in Section 6(d) of the Policy. |
Affiliates; service providers and contractors; professional advisors; and creditors. |
Website Data; Identity Verification Data; Communications Data; Reputation & Background Check Data; and Data Brookfield Generates. |
System Protection, as described in Section 6(e) of the Policy |
Affiliates; service providers and contractors; professional advisors; creditors; and government entities. |
Website Data; Identity Verification Data; Communications Data; Reputation & Background Check Data; and Data Brookfield Generates. |
Compliance with Law, as described in Section 6(f) of the Policy. |
Affiliates; service providers and contractors; professional advisors; creditors; and government entities. |
Website Data; Identity Verification Data; Communications Data; Reputation & Background Check Data; and Data Brookfield Generates. |
Change of Control, as described in Section 6(h) of the Policy. |
Affiliates; service providers and contractors; professional advisors; creditors; and government entities. |
Website Data; Identity Verification Data; Communications Data; Reputation & Background Check Data; and Data Brookfield Generates. |
g) Additional California Privacy Disclosures.
i) Do Not Track Signals. Your browser and other mechanisms may permit you to send do-not-track signals or other similar signals via your browser settings to express your preferences regarding online tracking. Due to the lack of any standard for how do-not-track signals should work on commercial websites, we do not currently respond to such signals.
ii) Shine the Light Notice. California residents may request and obtain from us, once a year and free of charge, information about categories of Personal Information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared Personal Information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided in Section 16(b) of this Policy.
16. YOUR PRIVACY RIGHTS UNDER THE CCPA AND THE U.S. STATE PRIVACY LAWS.
a) Pursuant to the CCPA and the U.S. State Privacy Laws, you may have certain choices regarding our use and disclosure of your Personal Data, as described below.
- Know. Residents of California, Colorado, Connecticut, Utah and Virginia have the right to request that we provide (1) certain information about: (w) the categories of Personal Data we have collected about you; (x) the categories of sources from which the Personal Information is collected; (y) the business or commercial purpose for collecting your Personal Data; and (z) the categories of third parties to whom we have disclosed your Personal Data; and/or (2) the specific pieces of Personal Data we have collected, used, and disclosed about you. California and Virginia residents may make such requests twice in a 12-month period, and Colorado, Connecticut and Utah residents may obtain such information free of charge once in a 12-month period.
- Deletion. Residents of California, Colorado, Connecticut, Utah and Virginia have the right to request that we delete certain Personal Data we have collected from you and to tell our service providers to do the same, subject to certain exceptions.
- Correction. Residents of California, Colorado, Connecticut, Utah and Virginia have the right to request that we correct or amend certain Personal Data we maintain about you if it is inaccurate.
- Limit. California residents have the right to request that we limit the use and disclosure of Sensitive Personal Information we have collected. If Brookfield collects any Sensitive Personal Information, it will use it only for purposes listed above in Section 15(a)(iii) of this Policy. As such, any Sensitive Personal Information that we collect does not come within this right to limit use.
- Opt-out. Residents of California, Colorado, Connecticut, Nevada, Utah and Virginia have the right to opt out of the sale of your Personal Data to third parties and/or the sharing of your Personal Data for cross-context behavioral advertising. As stated above, Brookfield does not sell or share any Personal Data (as such terms are
defined in the CCPA and the other U.S. State Privacy Laws).
- Automated Decisions. Residents of Colorado, Connecticut and Virginia have the right to opt out of certain automated decision-making (e.g., profiling). As stated above, Brookfield does not use computer algorithms to make automated decisions based on your Personal Data.
- Appeal. Residents of Colorado, Connecticut, and Virginia have the right to appeal our decision not to take action on your request to exercise one of your privacy rights.
- Non-Discrimination. Residents of California, Connecticut, Colorado, Utah and Virginia have the right to not experience discriminatory treatment, and we will not discriminate against you, because you have exercised any applicable privacy rights. We do not use the fact that you have exercised or requested to exercise any privacy rights for any purpose other than facilitating a response to your request.
b) How to Submit a Request. You may submit a request by using one of the following methods.
Call: +1 833-681-0340
Email us: PrivacyOfficer@Brookfield.com
c) Verifying Your Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your Personal Data or complying with your request. If we are successful in validating your identity, we will respond to your request within the time and in the manner required by the CCPA and the other U.S. State Privacy Laws. If we are unable to verify your identity, we will need to deny your request. We reserve the right to deny requests in certain circumstances, such as where we have a reasonable belief that the request is fraudulent.
i. Individual Verification. If you request to know, access, delete, and/or correct your Personal Data, we may require you to provide any of the following information: address, date of birth, state or country of residence, telephone number, email address, or details of a transaction. In addition, if you ask us to provide you with specific pieces of Personal Data, we may require you to sign a declaration under penalty of perjury that you are the consumer whose Personal Data is the subject of the request. We will use the information you submit and the Personal Data we have in our systems to try to verify your identity and to match the Personal Data we have collected about you, if any, to your identity.
ii. Authorized Agent. If you designate an authorized agent to make an access or deletion request on your behalf, we may require you to (1) provide the authorized agent written permission (e.g., via a notarized letter) to do so, and (2) verify your own identity directly with us (as described above), and confirm with us that you provided the authorized agent permission to submit the request.
17. USE OF PERSONAL DATA IN RELATION TO DATA SUBJECTS IN CANADA AND AUSTRALIA.
Canadian Anti-Spam Legislation requires that commercial electronic messages (“CEMs”) sent within Canada or into Canada from another jurisdiction may only be sent to individuals who opt into receiving them, subject to certain exceptions. Similar legislation applies in Australia (Spam Act 2003 (Cth)). Such consent may be implicit, such as by engaging in a prior business relationship, or by virtue of having one’s email address listed in a public directory. These anti-spam laws also require senders to include an opt-out function such as an “unsubscribe” mechanism within a CEM. You may opt-out of the collection or use of your information by Brookfield. In some cases, withdrawing your consent to the collection, use or disclosure of some or all of your personal information will prevent us from providing services to you. To opt-out, please contact Brookfield’s Privacy Officer using the details set out below or use the opt-out facility provided in the CEM. Please note that in some cases Brookfield is permitted to send you certain CEMs after you opt out, such as where required to enforce legal rights.
18. ADDITIONAL PRIVACY NOTICE INFORMATION REQUIRED FOR AUSTRALIAN RESIDENTS
We will deal with your Personal Data (which has the same meaning as “Personal Information” under the Privacy Act 1988 (Cth), namely any information from which your identity is apparent or can be reasonably ascertained), in accordance with Australian privacy requirements including the Privacy Act 1988 (Cth) and Australian Privacy Principles, the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) and any applicable state/territory privacy laws or industry codes. Information that is not “about” an individual is not considered “Personal Data” under Australian law.
If you contact us to access your Personal Data, to seek to correct it, or to make a complaint about privacy, we will respond as soon as we reasonably can, and in any event within any timescales stipulated by applicable law. We do not impose any charge for a request, but we may charge you a reasonable fee for our costs associated with providing you access and retrieval costs. For complaints about privacy, we will establish in consultation with you a reasonable process including time frames, for seeking to resolve your complaint.
19. QUESTIONS AND CONCERNS
If you have any questions or concerns about Brookfield’s handling of your Personal Data, or about this Policy, please contact our Privacy Officer using the contact information set out below.
We are typically able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from our Privacy Officer, depending on your jurisdiction, you may have the option to escalate concerns to the applicable privacy regulator in your jurisdiction, the details of which can be obtained from the Privacy Officer.
20. BROOKFIELD PRIVACY OFFICE CONTACT INFORMATION
Department: Legal & Regulatory
Email: PrivacyOfficer@Brookfield.com
If you are a resident in Dubai, you can also contact us by post:
Attn: Privacy Officer
Brookfield
ICD Brookfield Place
Level 24
Al Mustaqbal Street, DIFC
P.O. Box 507234
Dubai