LENDLEASE DEVELOPMENT PROPERTY PRIVACY POLICY

Last updated 16 September 2022

We treat personal information provided to us with respect and integrity. Respect and integrity form part of Lendlease’s core values, which are the foundation for the conduct of our business in all parts of the globe. We are committed to protecting your privacy and it is important that you understand how we look after your personal information and how we make sure that we meet our legal obligations to you under applicable data protection rules (including associated guidance) (the "Data Protection Laws"). This Privacy Policy outlines how we will use, store and share your personal information and supplements any fair processing notice provided to you.

This privacy policy applies to Lendlease Americas Holdings Inc. and its subsidiaries and affiliates in the Americas Region (“Lendlease”, “we”, “our”, or “us”) and the personal information that we collect offline or online:

  • through your use of our development properties;
  • through our development property websites that we own, operate, or make available and that link to this Privacy Policy;
  • when you seek information, apply, rent, or purchase at one of our development properties or through other offline interactions (e.g., on-site property visits); and
  • through other interactions with us (e.g., postal mail, email, telephone requests, in-person requests).


The Americas Region of Lendlease is part of a global organization based in Australia. As a part of a global organization, Lendlease regularly handles and transfers “personal information” (being information which is capable of identifying an individual) between our affiliated companies, including those operating in different countries.

In this Privacy Policy, the terms “we”, “our”, or “us” are used to refer to the data controller primarily responsible for your personal information. Who the data controller is depends on where you are based, and the information being provided as set out below.

WHAT DO WE COLLECT, WHAT DO WE DO WITH IT AND WHY?

The Personal Information We Collect

To provide you services, we collect or you may choose to provide personal information that may identify you or relate to you as an individual.

Depending upon the type of relationship you have with us, we may collect the personal information described below.

  • Contact information such as name, fax number, telephone number, postal address, email address, date of birth, picture, correspondence, and emergency contact details.
  • Other personal identifiers such as user/account name, date of birth, social security number, taxpayer identification number, driver’s license number, passport number, identity card or student card, and resident identification number.
  • Financial and insurance information such as bank account/credit card number, rent payment details, insurance policy number, credit history, and other financial or tax documentation.
  • Demographic information such as age, race, color, ancestry, national origin, citizenship, marital status, sex, veteran or military status, in each case subject to applicable Data
  • Protection Laws. In certain jurisdictions, you may also choose to share with us any disabilities or other health-related restrictions so that we can provide you with adequate accommodations.
  • Commercial information such as records of products or services purchased, obtained, or considered, other purchasing histories or tendencies, utility bills, insurance claimant name and contact information, lease information, rental history, and rent amount.
  • Internet or other electronic network activity information through the use of our websites such as browsing history, search history, internet protocol address, cookie identification number, information regarding consumer’s interaction with a website, and internet postings. For more information please review the Cookies and Other Tracking Technologies section below.
  • Sensory data such as CCTV, pictures, videos, and sounds.
  • Information related to your day-to-day use of the properties (e.g., facilitating use of utilities, tracking key usage, managing reservations, validating IDs and guests).
  • Fingerprint technology may be implemented at some property locations to verify key check-out requests.
  • Geolocation and/or relational location information, such as property entry card swipe data and location “beacon” data reflecting entry to and/or use of spaces within Lendlease properties.


How and Where We Collect Your Personal Information

We may collect personal information through the following:

  • Online Services: We collect personal information when you interact with our online services which may include, but are not limited to, searching for an apartment, communicating with us, posting to social media pages, or participating in a survey.
  • Property Owners & Managers: Our residential properties may be owned or managed by other parties who share personal information with us for the purposes of managing the property and providing you services.
  • Property Visits and Offline Interactions: We collect your personal information when you visit our properties, attend events hosted at our properties, and/or inquire about housing directly with our properties.
  • Other Sites and Third Parties: We may use separate sites for the processing of applications and agreements and to assist our residents and service providers with other tasks which are required or helpful to them, such as paying rent online. We may also receive information about you from third parties. For example, if you are on another website and you opt-in to receive information from us, that website will forward us your email address and other information about you so that we may contact you as requested and in accordance with applicable Data Protection Laws. Additionally, we may receive your information from third party lead generation companies, sales and marketing partners, real estate brokers, and similar third party sources.
  • Other Sources: We collect personal information from other sources, such as public databases or credit agencies. Where legally required, we will obtain your consent before collecting or processing your personal information.


Cookies and Other Tracking Technologies

We collect certain data from cookies, pixel tags, web beacons, and other technologies (“Cookies”) which are pieces of data stored directly on your device or browser and may, in certain jurisdictions, be considered personal information. Cookies may be set by us and called first-party Cookies. We also use third-party Cookies for our advertising and marketing efforts, to measure the success of our marketing campaigns, and to compile statistics about usage of the online services.

  • Strictly Necessary Cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these Cookies, but some parts of the site will not work.
  • Performance Cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these Cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site and will not be able to monitor its performance.
  • Functional Cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these Cookies, then some or all of these services may not function properly.
  • Targeting Cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. These work by uniquely identifying your browser and internet device. If you do not allow these Cookies, you will experience less targeted advertising.
  • Social Media Cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these Cookies you may not be able to use or see these sharing tools.

     

Most browsers are set up to accept Cookies. If you want to change your cookie preferences, you can do so through your browser settings or by updating your Cookie preferences via our cookie banner, where applicable, when you enter any of our websites.

We may also use third parties to serve tailored advertisements that may interest you. To serve these advertisements, those third parties place a cookie or other tracking technology on your browser to profile your access and use of our online services. If you would like more information about this practice, please visit https://thenai.org/opt-out/ and https://youradchoices.com/.

We also use Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing Cookies on your device. The information that the Cookies collect, such as the number of visitors to the website, the pages visited and the length of time spent on the website, is aggregated. For more information about Google’s ability to use and share information collected by Google Analytics about your visits to the Site, please see the Google Analytics Terms of Service and the Google Privacy Policy.

Purposes and Legal Basis for Processing Your Personal Information

PURPOSE

DESCRIPTION

LEGAL BASIS

Engage with
prospective
residents

The activities associated with this purpose may
include providing property tours, responding to
general inquiries, registering your interests for a
property, and contacting prospective residents.

Legitimate interests (e.g.,
leasing and
communicating with you
about your preferences)

 

 

Applications
and Contracts

The activities associated with this purpose may
include collecting and processing applications or
contracts and communicating with you regarding
your application or account. Personal information
will be used to perform credit checks, background
checks, or other screenings as necessary to meet
our requirements.

Performance of a contract
to initiate a lease
Legitimate interests (e.g.,
confirming financial
solvency for prospective
residents)
Legal obligations (e.g.,
background checks,
identity confirmation)

Operations
and General
Business

The activities associated with this purpose may
include processing or communicating with residents
about payments, performing debt collection,
providing maintenance or other on-site services,
and managing the property; training; and helping us
better understand how we can help prospective and
current residents.

Performance of a contract
(e.g., fulfill your lease)
Legal obligations (e.g.,
maintaining our financial
records)

Marketing and
Surveys

The activities associated with this purpose may
include communicating with you about our
properties and promotions, signing you up for
newsletters and other marketing offers, and
conducting resident surveys about your experience.

Consent where required
by applicable Data
Protection Laws (e.g.,
honoring your
communication
preferences)
Legitimate interests (e.g.,
providing advertisements
for our similar products
and services)

Security and
Legal
Obligations

The activities associated with this purpose may
include detecting security incidents, crime
prevention, protect against malicious, deceptive,
fraudulent, or illegal activity, as well as ensure the
safety of our residents.

Legitimate interests (e.g.,
protecting against
malicious activity)
Legal obligations (e.g.,
reporting illegal activity
and security incidents)


Where we say above that we collect your information on the basis of our legitimate business interests, we are required to carry out a balancing test of these interests against your nterests and rights under the Data Protection Laws. As a result of our balancing test, which is detailed below, we have determined, acting reasonably and considering the circumstances, that we are able to process your personal information in accordance with the Data Protection Laws on the basis that we have a legitimate business interest.

   

Legitimate
interest

We have a legitimate interest in processing your information as:
We need the information to respond to your enquiries;
We need the information to send you information;
We would be unable to provide our services without processing your information;
We need call recordings for evidential purposes and to help us perform our
contract(s) with you; and/or
CCTV is there for safety reasons and for the prevention/ detection of crime.

Necessity

We consider that it is reasonable for us to process your personal information for
the purposes of our legitimate interests outlined above as we process your
personal information only so far as is necessary for such purpose.

Impact of
processing

We consider that it is reasonable for us to process your personal information for
the purposes of our legitimate interests outlined above as it can be reasonably
expected for us to process your personal information in this way for the purposes
set out above. In most cases the information is being processed for your benefit as
well as ours.

Special Categories of personal information

Where we process any special categories of personal information (e.g. diversity, medical, biometric
information), we will separately ask for explicit consent, if this is required by Data Protection Laws. In this case, you have the right to withdraw your consent to this processing at any time.

In some circumstances, we may have another lawful reason to collect such special categories of
personal information, in which case we will inform you of this prior to the processing taking place.

OTHER DISCLOSURES OF YOUR PERSONAL INFORMATION?

We may disclose your personal information to any of our affiliates.

We will disclose your personal information to third parties, as set out above and:

  • to our property owners and property managers or agents who use your personal information for their own purposes and legal obligations;
  • to our joint venture and other financial partners, such as our lenders, in applicable properties;
  • to our professional advisors (including without limitation tax, legal or other corporate advisors who provide professional services to us or our affiliates);
  • service providers who perform services such as hosting our websites, managing applicant and resident portals, processing payments, conducting research and analytics, marketing and advertising services, providing on-site services, providing benefits or promotions, and conducting financial and identity checks.
  • to other third-party suppliers for business administration or IT purposes;
  • in the event, or in connection with, a merger or sale involving all or part of Lendlease or our affiliates or as part of a corporate reorganization or share sale or other change in corporate control to any prospective sellers or buyers of such business or assets;
  • in the event of any insolvency situation (e.g. the administration or liquidation) of all or part of Lendlease or our affiliates;
  • if we, or any of our affiliates, or substantially all of our or their assets, are acquired by a third party, in which case personal information held by us about our customers and/or employees may be one of the transferred assets; in order to enforce or apply our website terms of use;
  • to protect the rights, property, or safety of us, our staff, our customers, or others. This includes exchanging information with other companies and organizations (including without limitation the local police or other local law enforcement agencies or regulatory bodies) for the purposes of staff and customer safety, crime prevention, fraud protection and credit risk
    reduction; and/or
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.


We may disclose, use and/or aggregate, anonymous information about you for marketing,
advertising, research, compliance, or other purposes.

DO WE DISCLOSE PERSONAL INFORMATION TO THIRD COUNTRIES?

We may transfer personal information to countries other than the country in which the data was
originally collected. These countries may not have the same data protection laws as the country in
which you initially provided the information and may not provide the same level of protection.

Where your information is processed by or shared between us and our affiliates, your information is
likely to be transferred to or from Australia, the United Kingdom, Greater China, Japan, Malaysia,
Singapore, Hong Kong, the United States and Italy for the purposes set out above.

Where your information is transferred to a third party (for example our Customer Relationship
Management system provider) this is also likely to be transferred to a third country, namely the
United States.

Where your personal information is collected within the European Economic Area ("EEA"), it will only be transferred outside of the EEA where an adequate level of protection for your rights as a data subject can be ensured, and where the transfer is otherwise in accordance with relevant data
protection laws, including by incorporating standard clauses approved by the European Commission in our agreements.

WHAT DO WE DO TO HELP PROTECT PERSONAL INFORMATION?

Unfortunately, the transmission of information via the internet is not completely secure. Although we
will do our best to protect your personal information, we cannot guarantee the security of your data
transmitted to our websites; any transmission is at your own risk. Once we have received your
information, we will use strict procedures and security features to try to prevent unauthorized access.

We take reasonable steps to protect personal information from misuse, interference or loss and
unauthorized access, modification and disclosure with appropriate safeguards and security
measures and restrict access to those who have a legitimate business purpose and reason for
accessing it. We store most data about you in computer systems and databases operated by either
us or our external service providers. However, safeguards and security measures apply to personal
information in both electronic and hard copy form.

Personal information is only retained for as long as it is necessary for the identified purposes, to the
extent necessary for purposes reasonably related to those identified purposes (for example,
resolving disputes) or as required by law, in accordance with the periods set out above.

RETENTION OF PERSONAL INFORMATION

We will retain your personal information for the period necessary to fulfill the purposes outlined in
this policy unless a longer retention period is required or permitted by law. To determine the
appropriate retention period, we consider the amount, nature, and sensitivity of personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, whether we can achieve those purposes through other means, and all applicable legal requirements.

At the end of that retention period, your data will either be deleted completely or anonymized, for
example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.

WHAT RIGHTS DO YOU HAVE?

You have a number of rights under the Data Protection Laws in relation to the way we process your
personal information, which are set out below. You may contact us using the details set out below to exercise any of these rights that are applicable to you under the Data Protection Laws and we will respond to your request within the legally required timeline.

In some instances, we may be unable to carry out your request, in which case we will write to you
(again, within one month) to explain why.

   

Right to
access and
receive

You may request a copy of or access to the personal information we hold about
you. You may also request that we transfer your Personal information to a third
party in a machine-readable format.

Right to
correct

You may ask us to update or correct inaccurate or incomplete personal
information we hold about you.

Right to limit
or restrict

You may have the right to request that we stop using all or some of your personal
information or to limit our use of it.

Right to
erase

You may have the right to request that we delete all or some of your personal
information under certain circumstances.

Right to
withdraw
consent

You have the right to withdraw any consent you have previously given to us at
any time. Your withdrawal of consent does not affect the lawfulness of our
collecting, using, and sharing of your personal information prior to the withdrawal
of your consent. Even if you withdraw your consent, we have the right to use your personal information if it has been fully anonymized and cannot be used to
personally identify you.

Right to
complain

In certain jurisdictions you have a right to lodge a complaint. For example, in the
EEA and UK you have the right to lodge a complaint with your Supervisory
Authority if you are unhappy with how we process your personal information. You
can find contact information for your Supervisory Authority on the European
Commission Data Protection Authorities webpage or through other publicly
available sources. For the purposes of the Data Protection Laws, our lead
supervisory authority is the Information Commissioner's Office, who can be
contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or
at www.ico.org.uk.


CHILDREN’S PRIVACY

Our websites and online services are not directed to or intended for use by minors, and we do not knowingly collect personal information from children under 13 years of age. If we learn that we have received personal information directly from a child without his or her parent or legal guardian’s verified consent, we will use that personal information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use our services.

Subsequently, we will delete such personal information. We do not sell the personal information of
children.

HAVE A PRIVACY INQUIRY?

If you have any enquiries regarding this Privacy Policy, wish to exercise your rights in respect of your personal information or wish to make a complaint in relation to how Lendlease has handled your personal information, you should contact us at:
privacy@lendlease.com

We aim to resolve all inquiries promptly and in accordance with Data Protection Laws.

OTHER WEBSITES

Our website may, from time to time, contain links to and from the websites of third parties. If you
follow a link to any of these websites, please note that these websites have their own privacy
policies and that we do not accept any responsibility or liability for these policies or your use of those websites.

CHANGES TO THIS POLICY

From time to time, we may change our policy on how we deal with personal information or the types of personal information which we hold. If we materially change the way we use or disclose your personal information we will notify you in advance by email and/or by placing a prominent notice on our websites. You may obtain a copy of our current Privacy Policy from our website or by contacting us at the contact details above.

In the event of any conflict between the English language version of this Privacy Policy and other
language versions, the English language version will prevail.

YOUR CALIFORNIA PRIVACY RIGHTS

We adopt this notice to comply with the California Consumer Privacy Act (CCPA) and any terms
defined in the CCPA have the same meaning when used in this Policy.

The California Consumer Privacy Act of 2018 (“CCPA”) provides eligible California residents with
specific rights with respect to our collection and use of personal information. This Your California
Privacy Rights Section supplements this Privacy Policy and applies solely to eligible residents of
California as of January 1, 2020. Any terms defined in the CCPA have the same meaning when
used in this Section.

(a) Information We Collect:

Our website collects information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device ("personal information"). In particular, the website has collected the following categories of personal information from its consumers within the last twelve (12) months:

 

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal
identifier, online identifier, Internet Protocol
address, email address, account name, Social
Security number, driver's license number, passport
number, or other similar identifiers.

YES

 

B. Personal information
categories listed in the
California Customer
Records statute (Cal.
Civ. Code § 1798.80(e)).

A name, signature, Social Security number,
physical characteristics or description, address, telephone number, passport number, driver's
license or state identification card number,
insurance policy number, education, employment,
employment history, bank account number, credit
card number, debit card number, or any other
financial information, medical information, or health
insurance information.

Some personal information included in this
category may overlap with other categories.

YES

C. Protected
classification
characteristics under
California or federal law.

Age (40 years or older), race, color, ancestry,
national origin, citizenship, religion or creed, marital
status, medical condition, physical or mental
disability, sex (including gender, gender identity,
gender expression, pregnancy or childbirth and
related medical conditions), sexual orientation,
veteran or military status, genetic information
(including familial genetic information).

YES

D. Commercial
information. 

Records of personal property, products or services
purchased, obtained, or considered, or other
purchasing or consuming histories or tendencies.

YES

E. Biometric information. 

Genetic, physiological, behavioral, and biological
characteristics, or activity patterns used to extract a
template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.

YES

F. Internet or other
similar network activity. 

Browsing history, search history, information on a
consumer's interaction with a website, application,
or advertisement.

YES

G. Geolocation data.

Physical location or movements.

YES

H. Sensory data. 

Audio, electronic, visual, thermal, olfactory, or
similar information.

YES

I. Professional or
employment-related
information. 

Current or past job history or performance
evaluations.

YES

J. Non-public education
information (per the
Family Educational
Rights and Privacy Act
(20 U.S.C. Section
1232g, 34 C.F.R. Part
99)). 

Education records directly related to a student
maintained by an educational institution or party
acting on its behalf, such as grades, transcripts,
class lists, student schedules, student identification
codes, student financial information, or student
disciplinary records.

NO

K. Inferences drawn
from other personal
information.  

Profile reflecting a person's preferences,
characteristics, psychological trends,
predispositions, behavior, attitudes, intelligence,
abilities, and aptitudes.

YES

Please note that some of the categories of personal information described in the CCPA overlap with each other; for instance, your name is both an Identifier and a type of data described in Cal. Civil Code 1798.80(e).

Personal information does not include publicly available information from government records or any deidentified or aggregated consumer information. In addition, the CCPA excludes the following from its scope: health or medical information covered by the Health Insurance Portability and
Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act
(CMIA) or clinical trial data; and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver's Privacy Protection Act of 1994.

(b) Use of Personal Information:

In the preceding twelve (12) months, we have not sold your personal information to any third
parties. However, we may use or disclose the personal information we collect for the purposes
described in the “How We Use Your Information” section above.

(c) Sharing Personal Information:

We may disclose your personal information to our service providers for a business purpose. When
we disclose personal information for a business purpose, we enter a contract that describes the
purpose and requires the recipient to both keep that personal information confidential and not use it
for any purpose except performing the contract. The CCPA prohibits third parties who access the
personal information we hold from reselling it unless you have received explicit notice from the third-party with an opportunity to opt-out of the sale.

In the preceding twelve (12) months, we may have disclosed the following categories of your
personal information for a business purpose to our service providers: identifiers; California Customer Records personal information categories; protected classification characteristics under California or federal law; commercial information; biometric information; internet or other similar network activity; geolocation data; sensory data; professional or employment-related information; and inferences drawn from other personal information.

(d) Your Rights & Choices:

(i) Right to Know About Personal Information Collected, Disclosed, or Sold

You have the right to request that we provide certain information to you about our collection and use of your personal information over the past twelve (12) months. Specifically, you have the right to request disclosure of the categories of personal information and specific pieces of personal
information we have collected about you over the last 12 months. Upon the submission of a verifiable consumer request (see Exercising your California Privacy Rights), we will disclose to you:

    • The categories of personal information we collected about you.
    • The categories of sources from which personal information was collected.
    • Our business or commercial purpose for collecting or selling personal information.
    • The categories of third parties with whom we shared personal information.
    • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
      • sales, identifying the personal information categories that each category of recipient purchased; and
      • disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

 

We will also provide the specific pieces of personal information we collected about you, subject to certain exceptions under applicable law, if you also request access to such information.

(ii) Right to Delete

If you are a California resident, you also have the right to request that we delete any of your personal information that we collected or maintain about you, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will conduct a reasonable search of our records in order to locate any personal information we have collected about you that is eligible for deletion, and delete such personal information. To the extent we have shared any personal information collected about you with service providers that is eligible for deletion, we will direct those service providers to delete that personal information as well. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information's deletion may likely render impossible or seriously impair the research's achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.


Following a deletion request, any personal information about you that was not deleted from our
systems will only be used for the purposes provided for by the applicable exceptions. Thus, all
personal information about you that is not subject to a deletion exception will either be (1) permanently deleted on our existing systems (with the exception of archived or back-up systems
maintained for emergency disaster recovery and business continuity purposes); (2) de-identified; or
(3) aggregated so as to not be personal to you.

(iii) Right to Correct Inaccurate Personal Information

If you are a California resident, you also have the right to request that we correct inaccurate personal information we hold about you, subject to certain exceptions.

(iv) Exercising Your Rights to Know or Delete

To exercise your rights to know or delete described above, please submit a request by either:


Only you, your parent or guardian (with your permission), the person to whom you have given power of attorney, or an otherwise authorized agent registered with the California Secretary of State, may make a verifiable consumer request related to your personal information. However, you may make a verifiable consumer request on behalf of your minor child. You can designate an authorized agent to submit a verifiable consumer request on your behalf by having the agent submit a request through the online request portal. Additionally, you may only make a verifiable consumer request for access twice within a 12-month period.

Your verifiable consumer request must: (i) provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative; and (ii) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in the request to verify the requestor's identity or authority to make it.

(v) Response Timing and Format

We will confirm receipt of your request within ten (10) business days. We will make our best effort to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your
request. The response we provide will also explain the reasons we cannot comply with a request, if
applicable. For requests for specific pieces of information that we have collected about you will be
sent in a portable, readily useable format that you may transmit to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is
excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we
will tell you why we made that decision and provide you with a cost estimate before completing your request.

(vi) Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information's value and contain written terms that describe the program's material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.


(vii) Your Rights Under “Shine the Light”

In addition to your rights under the CCPA, California Civil Code Section 1798.83 permits California
residents to request information regarding our disclosure, if any, of their personal information to third parties for their direct marketing purposes. If this applies, you may obtain the categories of personal information shared and the names and addresses of all third parties that received personal information for their direct marketing purposes during the immediately prior calendar year (e.g., requests made in 2021 will receive information about 2020 sharing activities). To make such a request, please provide sufficient information for us to determine if this applies to you, attest to the fact that you are a California resident and provide a current California address for our response. You may make this request in writing to: privacy@lendlease.com.