Privacy Policy

Version 7.0


The Privacy Act 1988 (Cth) and related Australian Privacy Principles outline mandatory requirements of organisations and individuals to ensure the privacy and security of information.

The Company and its employees must take reasonable steps to protect personal information from misuse, interference and loss, as well as unauthorised modification or disclosure.

The Company and its employees must also take reasonable steps to destroy or otherwise de-identify personal information we hold when it is no longer needed.

Failure to comply with this Policy and the Privacy Act increases the risk of personal data being compromised. This could result in reputational damage, as well as penalties of up to $1.8million.


This Policy applies to;

  • All employees and contractors of Colliers International.
  • All Partner Offices of Colliers International.
  • Third parties engaged to deal with information on behalf of Colliers International.


In this Policy, the following definitions apply:

“Personal Information” means any information or opinion about an identified individual, such as: an individual’s name, signature, address, phone number, email, date of birth, bank details, employment details, commentary or opinion about a person.

“Sensitive Information” means any information or an opinion about an individual’s: racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health, genetic or biometric.

“Unauthorised access” of personal information occurs when personal information that an entity holds is accessed by someone who is not permitted to have access. This includes unauthorised access by an employee of the entity, or an independent contractor, as well as unauthorised access by an external third party (such as by hacking).

Example: an employee browses sensitive customer records without a legitimate purpose, or a computer network is compromised by an external attacker resulting in personal information being accessed without authority.

“Unauthorised disclosure” occurs when an entity, whether intentionally or unintentionally, makes personal information accessible or visible to others outside the entity, and releases that information from its effective control in a way that is not permitted by the Privacy Act. This includes an unauthorised disclosure by an employee of the entity.

Example: an employee of an entity accidentally publishes a confidential data file containing the personal information of one or more individuals on the internet.

“Loss” refers to the accidental or inadvertent loss of personal information held by an entity, in circumstances where is it is likely to result in unauthorised access or disclosure.

Example: where an employee of an entity leaves personal information (including hard copy documents, unsecured computer equipment, or portable storage devices containing personal information) on public transport.


A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure. The Company’s aim is to reduce the risk of such loss and breaches, which can incur significant financial penalties as well as brand and reputational damage.

Examples of a data breach include:

  • a device containing customers’ personal information is lost or stolen (such as a laptop or USB drive)
  • a file containing personal information is mistakenly provided to the wrong person
  • a database or system is hacked or compromised

The Privacy Act 1988 (Cth) requires organisations to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. The Company may be required to notify the Australian Information Commissioner in the event of a data breach.



The Company collects a range of personal and sensitive information on our clients, buyers, suppliers, prospects, competitors, and employees. This is often collected through email, phone calls, contracts, web enquiries, and in-person.


This information includes:

  • Name
  • Email
  • Phone numbers
  • Address details
  • Photo ID (licences, passports, etc)
  • Associations (union, political, professional, religious)
  • Bank account details
  • Tax & superannuation details
  • Visa & working rights
  • Health information
  • Signatures and signed documents


This information is used for purposes such as:

  • Track client needs and recommend services or property
  • Execute contracts with clients and suppliers
  • Hire and make payments to employees and contractors
  • Hold or refund money in trusts


To ensure a high level of security of personal information, only the Company’s approved IT systems are to be used for storage of personal information. These include;

  • Client record systems (CRM, MRI, Clarity, etc)
  • Billing/invoicing systems (DTS)
  • Outlook / Office 365
  • Android or Apple phone using Colliers Mobile Iron
  • Other third-party platforms, specific to an account or project specifically approved by IT

Unauthorised systems include personal databases in Excel or Word, stored locally or in Cloud based applications. If in doubt, speak to the Company’s Privacy Officer or Legal team, or refer to the Acceptable Computer Use Policy.

Personal data on employees and contractors should only be stored in approved HR and Finance systems.


It is the responsibility of all employees and contractors to ensure the safety and security of personal and sensitive information of our customers, clients, prospects, suppliers, and employees. You must take all reasonable precautions to protect and secure personal and sensitive information in your control, including;

  • Follow password guidelines, and not share or disclose passwords to others
  • Ensure personal and sensitive information is not left on printers, scanners etc
  • Use secure document destruction bins to safely destroy personal or sensitive information
  • Avoid using USB drives to transfer or store personal or sensitive information
  • Lock drawers and cabinets that store personal and sensitive information
  • Be aware and cautious when opening suspicious emails to avoid potential Phishing and Social Engineering attempts by third parties looking to gain access to our systems or networks - typically, through email links and embedded documents. All suspicious emails should be referred to IT.


To reduce risk or unauthorised access, loss, or other breach, and to comply with the Privacy Act and Privacy Principles, if you collect personal or sensitive information, you are required to destroy or delete when it is no longer required.


To reduce the impact of any potential loss or breach, you must contact IT immediately if you suspect there has been accidental disclosure, unauthorised access, or loss of personal information, either accidental or otherwise, including situations where:

  • you have lost your laptop, phone, building pass, or access keys
  • you have lost a storage device containing data
  • the password of any work-related account has been compromised
  • received a potential phishing email so IT can inform the wider business of the threat
  • you have sent details to the wrong person

Notifying IT can reduce risks by having your accounts locked, disabling your building access pass, and your phone contents deleted, etc.


Customers or clients may request access to, or alterations of data we keep.

Complaints or requests beyond updating contact information or property requirements should be referred to the Chief Privacy Officer.

Our client-facing Privacy Policy is available at

For more information on this Policy or privacy requirements, contact the Chief Privacy Officer:


Telephone: +61 2 9257 0222


The Chief Privacy Officer
Colliers International,
Level 30, Grosvenor Place,
225 George Street,
Sydney NSW 2000

Copyright 2019
Building A
Information contained herewith should not be relied upon and you should make your own enquiries and seek legal advice with respect to any property or the information about the property.