California Consumer Privacy Policy

In the United States, CBRE’s collection, use and disclosure of certain personal information through CBRE’s public websites and professional interactions with CBRE employees is governed by the CBRE Global Privacy Policy, as well as the following state-specific policies, as applicable:

California Consumer Privacy Policy

Effective Date: January 1, 2020

Last Updated: January 1, 2021

This California Consumer Privacy Policy (“Policy”) supplements the information provided in a CBRE Privacy Notice. This Policy applies solely to individuals who are residents of the State of California (“consumers”). We adopt this Policy to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws.

We reserve the right to update this Policy at any time. We may also notify consumers in other ways from time to time about the processing of their Personal Information (as defined in the CCPA).

Contents

  1. Consumer Rights under the CCPA

    1. CCPA Rights

    2. Process for verifying your request

    3. How to exercise your rights

    4. Authorized Agent

  2. Identification of Personal Information Collected from California Residents, Disclosed, or Sold

    1. Categories of Personal Information We Collect about California Consumers

    2. Sources of Collection

    3. Purposes for Which We Collect this Personal Information

    4. Disclosure of Personal Information

    5. Third Parties to Whom We Have Sold Personal Information

    6. Consumers Under the Age of 16

  3. How to Contact Us

Consumer Rights under the CCPA

If you are a consumer, you have the following rights under the CCPA. In the event you chose to exercise your rights, we will handle your request in accordance with this section.

CCPA Rights

  • Right to Know - You have the right to request to know what Personal Information CBRE collects, uses, discloses and (if applicable) sells about you.

  • Right to Delete - Subject to certain exceptions, you have the right to request that we delete any Personal Information about you that we may hold. We may have grounds to deny your deletion request as provided for in the CCPA.

  • Right to Opt Out of Sale of Personal Information - You have a right to opt out of the sale of Personal Information. However, CBRE does not sell your Personal Information.

  • Right to Non-Discriminatory Treatment - You have a right not to be discriminated against because you exercised any of your rights to know, access, delete or opt-out of the sale of your Personal Information.

Process for verifying your request

If you are a consumer and make a rights request under the CCPA, in order to protect you and your Personal Information from unauthorized disclosure, upon receipt of your we will need to reasonably verify that you are the person about whom we collected Personal Information. We may do so by asking for additional information (“Verifiable Information”) to compare against the information we hold about you, or if you have an account with us, by asking you to log in to that account. We will only use Verifiable Information to verify your identity or authority to make the request. We may also ask you to provide additional detail or clarify your request to allow us to properly understand, evaluate and respond to it.

Types of Verifiable Information we may ask for depend on the context of your relationship with CBRE, but may include:

  • Name of a CBRE employee with whom you interacted

  • Date or other details of a transaction you had with CBRE

  • Email address, phone number, or other contact information we may have on file for you

How to exercise your rights

You may exercise your rights to know, access, delete or opt out by completing the form in our Data Subject Rights Portal or by calling us at +1 (866) 428 4722. We will ask for your name, email address, and your relationship to us in order to begin processing your request.

Authorized Agent

You may authorize someone to submit a rights request on your behalf. You may do this by providing that person with power of attorney pursuant to the California Probate Code. Alternatively, you may provide that person with signed, written permission to submit requests on your behalf, but we will still require you to verify your identity with us directly by one of the methods listed above. In either case, we will also require that person to verify their personal identity via one of the above methods, or, in the case of a business entity, by response to communications directed at a well-known internet domain associated with that business or to contacts provided in that entity’s official filings with the California Secretary of State.

Identification of Personal Information Collected from California Residents, Disclosed, or Sold

In addition to the personal information categories collected, which are covered in the relevant privacy notice, below is a comprehensive description of CBRE’s online and offline data collection practices regarding the collection, use, and disclosure of personal information.

Categories of Personal Information We Collect about California Consumers

In the preceding 12 months, depending on a consumer’s interactions with CBRE, CBRE has collected the following categories of information for the purposes outlined below under the heading “Purposes for Which we Collect this Information”:

  1. Identifiers, such as name, email address, and account name

  2. Customer records information, such as address or telephone number

  3. Characteristics of protected classifications under California or federal law, such as race, religion, or disability

  4. Commercial information, such as products or services purchased, obtained, or inquired about

  5. Internet or other electronic network activity information, such as browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement

  6. Geolocation data, such as device location or Internet Protocol (IP) location

  7. Visual information, such a photo or moving images

  8. Professional or employment-related information, such as current or past work history

  9. Education information that is not “publicly available personally identifiable information” as defined in the California Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)

  10. Inferences reflecting your preferences, predispositions, behavior, and attitudes drawn from the information we collect when you visit the Website, use our apps, or interact with our tools

Sources of Collection

We collect the categories of personal information set out above from the following categories of sources:

  • From consumers directly or indirectly

  • Publicly available websites

  • A consumer’s employer with respect to certain services we offer

  • Third parties who may share personal information they collect with us for research or marketing purposes

Purposes for Which We Collect this Personal Information

We collect the personal information set out above, for the following business and commercial purposes:

To operate and maintain our business and digital properties as well as to provide services to our clients:
  • To communicate with clients, prospective clients, and others with whom we have or are inquiring about establishing a business relationship

  • To provide offerings and services in which a consumer expressed interest

  • For business and marketing purposes

  • To administer and facilitate a consumer’s attendance at any of our events

  • To create an account to access certain information offerings or services

  • To administer surveys and generate aggregated and de-identified data analytics to improve and better manage our client relationships

  • To operate, evaluate and improve our online business offerings, including developing new products and services

  • To determine the effectiveness of and optimize our advertising to better target our advertising and to provide pertinent offers in which we think a consumer will be interested

  • To analyze and facilitate the functionality of our products, services, websites, mobile applications and any other digital assets

To maintain and operate our corporate offices and other corporate spaces for which we are responsible:
  • To ensure safety and security of CBRE employees at our offices

To provide our emerging digital products and services, for example Hana and Host:
  • To create and manage a consumer’s Hana Member account

  • To provide consumers with the Hana and Host Work services and to manage our relationship with them

  • To provide a personalized experience on our platform

  • For security, to be able to identify a consumer at check in

  • To maintain a consumer’s Hana member profile

  • To analyze the use of, and help us continually refine and improve our services, our apps and better serve our customers

  • To address requests for additional information about CBRE Hana and our services

  • To market and advertise our services

  • To gather information about our website for analytics purposes

  • To allow a consumer access to our Host workplace

  • To the extent we provide payment facilities, to allow for a consumer to make purchases through Host Work

  • To customize our services for a consumer, including providing recommendations

To recruit job applicants:
  • To assess a consumer’s suitability for the position to which the consumer applied or other available positions, which includes: interviews, terms of employment, verification of information, carrying out pre-employment screening checks, determining the consumer’s ability to legally work for us in the United States including, as applicable, verifying the consumer’s visa status), and for onboarding the consumer as a CBRE employee once hired

To carry out the responsibilities included in the CBRE EthicsPoint Helpline:
  • To investigate possible violations of the law or of company policy and to take appropriate corrective action, such as employee discipline or legal proceedings

  • To compile statistical information on reports of misconduct

  • To investigate possible violations of the law or of company policy and to take appropriate corrective action, such as employee discipline or legal proceedings

Disclosure of Personal Information

In the preceding 12 months, depending on a consumer’s interactions with CBRE, CBRE has disclosed for a business purpose, the following categories of information (for additional examples please refer to the section above titled Categories of Personal Information We Collect about California Consumers):

  1. Identifiers

  2. Customer records information

  3. Characteristics of protected classifications under California or federal law

  4. Commercial information

  5. Internet or other electronic network activity information

  6. Geolocation data

  7. Visual information

  8. Professional or employment-related information

  9. Education information that is not “publicly available personally identifiable information” as defined in the California Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)

  10. Inferences

For each of the categories listed above, we may have disclosed Personal Information to the following categories of third parties for a business purpose:

  • Third parties, including third party vendors

  • Service providers, who help us manage or provide our products and services, including but not limited to marketing, advertising and communications agencies, external auditors and advisors, and our vendors who provide data processing, IT, software, information security or other related services

  • Legally affiliated entities and affiliates

  • Professional advisors

  • Enforcement or regulatory authority, if required

Third Parties to Whom We Have Sold Personal Information

CBRE does not sell Personal Information and has not sold Personal Information in the preceding 12 months.

Consumers Under the Age of 16

As above, CBRE does not sell Personal Information. CBRE does not have actual knowledge that it sells the Personal Information of consumers under 16 years of age.

How to Contact Us

We may be contacted with questions or concerns regarding our privacy policies or practices by emailing [email protected] or by writing to us at 321 North Clark Street, Suite 3400, Chicago, Illinois 60654, Attention: Global Director, Data Privacy.