PRIVACY NOTICE HERE BY HINES APP

Dear Visitor, thank you for downloading and using our app. We appreciate your trust in us.

This Privacy Notice is your guide to understanding how Hines Interests Limited Partnership, acting as the Data Controller (“we,” “us,” or “our”), handles your Personal Information within this app.

We’ve structured our Notice into clear sections. If you’re interested in a specific topic, simply click on the corresponding headline below.

We’ve structured our Notice into clear sections. If you’re interested in a specific topic, simply click on the corresponding headline below.

Capitalized terms used in this Privacy Notice have the same meaning as defined in the applicable Data Protection Laws.

Important Note: This notice pertains to the processing operations carried out within the app and does not extend to other processing activities performed by Hines as a property manager.

1. What Personal Information do we process?

(i) Identifiers and contact information: During the App registration process, we collect your first name, last name, and e-mail address.

(ii) Online identifiers: We collect online identifiers through cookies and other similar technologies that help us to offer you a better browsing experience, enhance site navigation, analyze site usage, and assist in our marketing efforts.

(iii) Information you provide us through the app: We collect your personal information to enable specific features within the App. These include: registering visitors, when registering your presence at the office, booking a desk/room, registering a guest, requesting catering, requesting service, reporting facilities-related issues, etc.

(iv) Geolocation data: We only collect this information following your permission and only for the activation of certain features within the app (e.g. to find the nearest commute options)

2. How We Use Your Personal Information

Your Personal Information may be stored and processed by us in the following ways and for the following purposes:

  • for ongoing review and improvement of the information provided on the app to ensure it is user friendly and to prevent any potential disruptions or cyber-attacks;
  • to conduct the analysis required to detect malicious data and understand how this may affect your IT system;
  • for statistical monitoring and analysis of current attacks on devices and systems and for the ongoing adaptation of the solutions provided to secure devices and systems against current attacks;
  • to understand feedback on Hines Products and Services and to help provide more information on the use of those products and services quickly and easily;
  • to communicate with you to provide you with services or information about the app;
  • for in-depth threat analysis;
  • to understand your needs and interests;
  • for the management and administration of our business;
  • to anonymize personal data and prepare and furnish aggregated data reports showing anonymized information;
  • enforcing our terms and conditions or other legal rights;
  • to comply with and to assess compliance with applicable laws, rules and regulations, and internal policies and procedures; or
  • for the administration and maintenance of databases storing personal data.

Whenever we process Personal Information we make sure that the usage complies with the applicable laws. We will take necessary steps to ensure that the personal data is accessed only by authorized employees, representatives and service providers of Hines who have a need to access your Personal Information for the purposes described in this Privacy Notice and that, in any case, are subject to confidentiality obligations.

3. Software Development Kits

Our mobile app uses various technologies, including Software Development Kits (SDKs), to enhance your user experience. SDKs are pre-built code libraries that developers integrate into apps to enable features like push notifications, social logins, and in-app advertising. While SDKs enhance app capabilities, they may also collect user data such as device information (model, operating system), app usage data, location data (with your consent), and unique online identifiers. We regularly review and update the SDKs integrated into our App. If you have concerns about specific SDKs, please contact us as described in Section 15.

  • Functional or Preference SDKs:
    Preference SDKs allow us to store specific user selections or preferences, resulting in a more personalized app experience.
    These SDKs are activated only with your consent.
  • Analytics SDKs:
    Statistical analytics assess app performance and gather aggregated information on usage to optimize your digital experience.
    This method does not collect individual-level behavioral data.
    For European users, these SDKs are active only upon clicking “Accept” Non-European users have an option to opt out.
  • Marketing/Tracking/Profiling SDKs:
    Some SDKs collect personal data (e.g., device identifiers, IP addresses, location information) to provide targeted ads or personalized content.
    These SDKs are activated only with your consent.

4. Cookies and similar technologies

Cookies are small pieces of data being placed on the hard drive of your device. With the help of cookies, we can store information for a certain period and identify your device for the purposes mentioned below. These periods may vary depending on the type of cookies. Some cookies will be stored only for the time you are visiting our website (session cookie) and are automatically deleted once you close your browser, others cookies will be stored for a longer period than your session (persistent cookies).

On this website, we also use technologies that function similarly to cookies such as local shared objects. These are small data files that enhance your web-browsing experience, for example, by allowing you to personalize the look of a website that you frequently visit.

We transparently inform you about our use of cookies and similar technologies in the sections below. In case you would like to further understand more about these technologies, you can also set your browser settings to inform you about the cookies or similar technologies downloaded to your device.

  • Strictly Necessary Cookies:
    Strictly necessary cookies maintain website security, facilitate network management, ensure site functionality, and enhance accessibility. You have the option to disable strictly necessary cookies in your browser settings, although this may impact your website experience.
  • Functional or Preference Cookies:
    Preference cookies allow us to store specific user selections or preferences, leading to a more personalized website experience. These cookies are activated only with your consent.
  • Analytics:
    Statistical analytics gauge website performance and gather aggregated information on your site usage to optimize your digital experience. This method does not collect individual-level behavioral data. On European sites, these cookies are only active upon clicking "Accept." Non-European sites allow you to opt out."
  • Marketing/Tracking/Profiling Cookies:
    Marketing/tracking/profiling cookies, typically placed by advertising networks, deliver relevant content and assess campaign effectiveness. Information regarding website usage and visits may be shared with third-party organizations such as advertisers. These cookies are activated only with your consent.
  • Conversational Cookies:
    Conversational cookies link conversations and interactions to a specific visitor on our website, particularly when engaging with our chatbot. Accepting these cookies is necessary for interacting with the chatbot on our websites.

5. Sources from which we collect your Personal Information

As you interact with the app, we collect Personal Information directly from you, as well as Information that you generate in connection with your use of the app.

6. Purposes and legal bases for processing and disclosing Personal Information

a) Based on our legitimate interest:
To help us improve the functionality of the App, detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity; or

b) With your consent:
When Hines processes your personal requests made through the App, and when processing personal data through cookies you accepted; or

c) Due to legal obligations
When required so to comply with and in order to assess compliance with applicable laws, rules and regulations, and internal policies and procedures.

7. Sharing of Personal Information with third parties

In connection with one or more of the purposes outlined in the “How we use your personal data” section above, we may disclose your personal information to third parties such as our group members, our professional advisers, our external and internal service providers that provide services to us (such as distribution of newsletters, IT hosting and market research). We are using special platforms to store, unify and process our consumer data with care and certified security.

We may disclose your personal information for the purposes set out above and only for specific purposes according to the relevant data protection laws. Those service providers are bound to process your personal data only on our strict instructions and when they can offer adequate technical and organizational measures to protect your data.

We may also disclose your personal information if it is required or authorized by law, where disclosure is necessary to prevent a threat to life, health or safety, or where we are otherwise permitted by the relevant data protection laws.

8. Data Sharing with a venue

If you make an order or reservation for a given service, like food ordering, we will share your personal data (name, e-mail address and order details) with the Venue / Restaurant that services the order so that the Venue / Restaurant can process your order. Please note that the Venue / Restaurant acts as a separate and independent controller of your personal data, subject to the applicable data protection laws. If you have any questions about how the Venue / Restaurant processes your personal data, please reach out directly to the Venue / Restaurant.

9. International data transfers

As a global company, Hines may need to transfer your Personal Information out of the country or jurisdiction in which it was originally collected1. You should be aware that these countries may not have similar data protection laws to the country in which your Personal Information was originally collected. In such cases, Hines will ensure that there are adequate safeguards in place to protect your Personal Information with the aim of ensuring that your privacy rights continue to be protected as outlined in this Privacy Notice.

For transfer of Personal Information outside of the original location of collection for any other country or jurisdiction, it will be protected and transferred in a manner consistent with the applicable legal requirements, and Hines will take reasonable steps (for example through a contract with the overseas recipient) to ensure that the overseas recipient does not breach the applicable privacy laws in relation to the data.

You can obtain more details of the protection given to your Personal Information by contacting us as described in section 15 below.

10. How we protect your Personal Information

At Hines, we take your security seriously. We've put in place strong measures to keep your information safe and secure. This includes special protection for client files, tailored to the sensitivity of the information they contain. We also have controls in our computer systems to restrict access appropriately.

Only authorized Hines employees have physical access to areas where Personal Information is stored or processed. We make sure our team members are trained to follow all laws and regulations, especially when it comes to data protection. Access to sensitive information is limited to employees who really need it for their jobs and who are authorized to see it.

If you want more details about how we protect your Personal Information, just reach out to us as described in Section 11 below. When you contact us about your file, we may ask for some Personal Information to make sure that only you or someone you've authorized can access your information.

11. How long we keep your Personal Information

We will retain your Personal Information for as long as is necessary to fulfill the purpose for which it was collected or to comply with applicable legal, regulatory, or internal policy requirements.

12. Modification of your choices and preferences

If you don't want to get marketing messages from us, no problem! You can opt out anytime by unsubscribing, sending us an email, or writing to us at the contact details listed in Section 15 below. If you receive an email from us about marketing stuff, just reply to that email and ask us not to send you any more marketing messages.

13. Your rights

Where applicable and under the conditions set forth under applicable data protection laws, you may request the following rights concerning the processing of your personal information:

  • access to and/or a copy of the Personal Information we hold in relation to you and be informed about how we process it;
  • object to the processing of your Personal Information if:
    • We process it based on legitimate interests or for public interest (including profiling).
    • We process it for direct marketing purposes.
  • corrections to your Personal Information where inaccurate or incomplete;
  • delete your Personal Information;
  • restrict how we process your Personal Information;
  • receive your Personal Information in a structured, commonly used electronic format for easy transfer to another controller;
  • withdraw your consent easily and at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

In the event that you wish to make a complaint about how we process your Personal Information, please contact us in the first instance as described in Section 11 below and we will endeavor to deal with your request as soon as possible.

14. Changes in the Privacy Notice.

We reserve the right to revise this Privacy Notice at any time. In the event of any changes, we will update this posting. If we decide to use or disclose Personal Information differently from how it was originally collected, we will promptly inform you. If you object to these changes, please reach out to us using the contact methods detailed in the section below titled “Contact Information.”

15. Contact information.

If you have any questions about our Privacy Notice or wish to exercise your rights, please contact your Hines representative or Hines Compliance via e-mail at: privacyNotice@hines.com.

In order to verify your identity, we request that you provide your name and other data we may hold associated with your name. We may also request a copy of your driver’s license if we are unable to verify your information. In addition, we request that you provide an email address in order to contact you regarding your request.

1 This includes transfers to the USA or to countries located in or outside of the European Economic Area (the “EEA”).


Annex A - Additional information under the CCPA.

a) What Personal Information do we process?

    • (i) Identifiers such as a real name, online identifier, Internet Protocol address, email address, and account name;
    • (ii) Sensitive personal information: precise geolocation data (only for certain features within the application, e.g. to find the nearest commute options)

    b) Processing operations

    We do not use or disclose your sensitive personal information for purposes other than those allowed under the CCPA, including Section 7027, subsection (m).

    c) Sharing your Personal Information

    We may share the following categories of Personal Information for a business purpose as further elaborated in section 4:

    • Category (i): Identifiers.
    • Category (ii): Protected classification characteristics under California or federal law.

    In the preceding 12 months we have not “sold” (as the term “sale” is defined in the CCPA) or “shared” (as the term “share” is defined in the CCPA) Personal Information.

    d) Additional contact information

    Additionally, to the information provided in section 11, you can contact us by


    Annex B - Additional information under the GDPR

    a) Lawfulness of processing

    As further elaborated in section 3, We process your personal lawfully being given the following applies:

    • Art. 6(1)(a) GDPR: with your consent where applicable;
    • Art. 6(1)(c) GDPR: to comply with the legal obligations imposed on Us
    • Art. 6(1)(f) GDPR: our legitimate interests

    b) Your right to lodge a complaint

    You have the right to file a complaint with the competent Supervisory Authority of any EU member state in the event you have concerns about the processing of their Personal Information. An overview of such authorities can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en