Thank you for visiting our website. We respect and protect the privacy of our users. This privacy policy tells you how we collect and use information.

Pallas Development Management Pty Ltd (ACN 616 131 090) which trades as Fortis Development Group (Fortis) is committed to managing personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy laws.

We take protecting your privacy seriously and we want to be open and transparent with you about how we handle your personal information.

This document sets out how we manage your personal information and is referred to as our Privacy Policy.

In this Privacy Policy, “we“, “us” and “our” refers to Fortis and “you” and “your” refers to any individual about whom we collect personal information.

This Privacy Policy applies to all Fortis websites, subsidiaries, affiliates and businesses, unless that website subsidiary, affiliate or business has adopted a separate privacy policy.

Our Privacy Policy explains how we collect, hold, store, process, use and disclose personal information (including personal information we collect, and personal information submitted to us, whether offline or online).

Other terms and conditions may also apply, such as:

• collection notices and privacy statements which may be provided to you at the time your personal information is collected.

2.1 Personal information

Personal information is defined in the Privacy Act as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:

• whether the information or opinion is true or not; or
• whether the information or opinion is recorded in a material form or not’.

In this Privacy Policy, whenever we use the term “personal information”, we are referring to this legal definition.

Some examples of personal information include:

• your contact details such as name, date of birth and address;
• employee record information;
• internet (IP) addresses; and
• photographs

Personal information does not include aggregated or de-identified data.

2.2 Sensitive information

Sensitive information is personal information that includes information or an opinion about an individual’s:

• racial or ethnic origin;
• political opinions;
• memberships of a political association;
• membership of a trade union;
• sexual orientation or practices;
• criminal record;
• health information about an individual;
• genetic information about an individual;
• biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
• biometric templates.

Fortis is required to obtain your consent before it collects any sensitive information from you. Sensitive information will only be collected if it is deemed necessarily required for us to carry out our functions and/or activities.

3.1 How do we collect personal information?

Normally we collect your personal information from you directly, however on occasion, we may also collect personal information about you from other people and organisations.

In summary, we may collect your personal information when you:

• enquire about a property (including directly with us or through real estate agencies or websites);
• purchase a property with us;
• subscribe to our newsletter;
• attend one of our events or open homes;
• enquire about prospective tenancy at one of our developments;
• become a tenant in a Fortis residential and/or commercial building (i.e., our developments) and interact with us or otherwise use and access the building (for example, when you communicate with us or access buildings in the development);
• interact with us (including when you visit one of our premises in person, when you visit our website (https://www.fortis.com.au / or a satellite website owned by us), or contact and communicate with us via our social media channels (Facebook, LinkedIn, Instagram), phone or online); and
• apply for a position with us (including for work experience).

In addition, we may also collect any additional personal information you provide to us, or authorise us to collect, as part of your interaction with Fortis.

We may also:

• collect and receive information from third parties such as real estate agencies, and other organisations with whom we have an affiliation, to respond to any enquiries you may make with respect to our developments; and
• collect personal information from third parties such as through acquisition of third-party mailing lists and from organisations with whom we have an affiliation, to improve the personalisation of our offerings for you.

3.2 Summary of what personal information we collect and how we collect this personal information.

Type of Personal Information	What information do we collect?	How do we collect this information?
Prospective buyers, tenants and general enquiries: Personal Information and contact details	This may include your: • full name; • address, telephone number and email address; • gender; • employment details; • identity documents (including Driver Licence and Passport details); • details of the property you are enquiring about; • living circumstances; • family demographic; • residency status; and/or • financial information (for processing transaction including bank account, credit card details, financial circumstances, assets, income, liabilities, expenditure and investment preferences).	Depending on the manner in which you deal with us, we may collect this information: • directly from you as a prospective buyer during an in-person walk-in appointment, a designated appointment, an event organised by us or one of our related entities or agents, over the phone or online; and/or • when you are making a general enquiry on our website.
Online and digital services information for website users	We may collect information from you electronically, which includes information such as your: • device ID; • device type; • geo-location information; • IP address; and/or • browsing information.	We may collect this information when you use our website or our social media channels, via use of online behavioural technologies, such as cookies. We also use HubSpot which tracks and measures user interaction and provides data to help improve our products and services.
Digital platforms integration	If you access our products or services by connecting a social media login (such as Facebook or Google) we collect information derived, associated or connected with that platform where permitted by the platform's terms of service.	Any information we collect from social media, or other online, platforms is collected in accordance with that platform's terms and conditions.
Workplace information	This may include: • information relating to your work history; • information about your education and qualifications; • your working eligibility rights; • your suitability for the role you are applying for; and • details about your referees.	We may collect this information if you apply for a position at Fortis (including if you are applying for work experience with us).
Tenants: Personal information, contact details and camera surveillance information	We may collect the following kinds of information when you are a tenant in our residential or commercial buildings: • first and last name; • email address; • IP address; • physical address; • mobile device ID; • job title (if applicable); • photo (if you choose to provide this to us); • phone number (if you choose to provide this to us); • payment information (if you choose to provide this to us); and • geolocation (if you choose to provide this to us). We may also collect camera surveillance information which includes photographs or video recordings of you.	If you are a tenant, we may collect this information from you when you access our residential and/or commercial buildings.
Publicly available online information, and other sources	We may collect information that is publicly available online, such as on online forums, websites, and social media channels. This can include information relating to an individual's credit worthiness and other information from credit providers, subject to legal restrictions. Where necessary we use collect information from public registers such as those maintained by the Australian Securities and Investments Commission, Australian Financial Security Authority (PPSR), and land titles offices in each state.	We may collect this information directly from the publicly available source (e.g. on the online forum, website, or social media channel).

3.3 Information you provide about someone else

If you provide us with personal information about someone else, you must ensure that you are authorised to disclose that information to us and that, without us taking any further steps, we are authorised to collect, store, use and disclose such information for the purposes described in this policy. Where we request that you do so, you must assist us with any requests by the individual to access or update the personal information you have collected from them and provided to us.

3.4 Unsolicited information

‘Unsolicited’ personal information is personal information about an individual which we have unintentionally received.

Where Fortis obtains unsolicited information, we will protect this personal information with the same rigour as we treat personal information we intended to collect.

Most of the time when you deal with us, you will have the option of not providing your name or you can use a pseudonym, where it is lawful and practicable. This includes, for example, when you make a general enquiry.

In some circumstances we may need your real name as it may not be practicable for us to deal with you anonymously or pseudonymously on an ongoing basis.

We collect personal information that is necessary to provide you with our services, and to carry out our business.

We may use your personal information for purposes which are related to carrying out our business, or for other purposes which are within your reasonable expectation or permitted by law.

The purpose for which we usually collect, store, and use your personal information depends on how you interact with us, but may include:

• to provide you with our services you have acquired or otherwise inquired about (for example, a property transaction or tenancy) and otherwise manage our relationship with you (for example, to respond to and deal with your enquiry regarding our developments);
• to administer, manage and communicate with you about existing services we are providing to you;
• to improve our services and your experience with us;
• to assess your suitability for a position with us, and, if you successfully join us, to manage your working relationship with us;
• to train staff and to investigate any incidents that may occur (both in relation to cyber security, as well as any health and safety incidents that occur at our premises) and handle and respond to any complaints;
• to create deidentified or aggregate data sets (which is no longer personal information). We do this by deidentifying or aggregating your information such as combining your information with information we have about our other customers and with data we obtain from other sources. We use this deidentified or aggregate data to assist with our business decisions, such as to understand customer behaviour, improve our offerings and develop new services; and
• for the purpose of facilitating or implementing a transfer or sale of all or part of our assets or business or if we undergo any other kind of corporate restructure, acquisition or sale.
• Unless specifically authorised by you, we do not provide Personally Identifiable Information to third parties for marketing purposes.
• Credit information: such as consumer credit liability information, type and amount of credit sought, default information, repayment history information, payment information relating to overdue payments.

We may share your information with third parties:

• for the reasons for which we collect, store and use that information (see above);
• for other purposes explained at the time we collect your personal information; or
• where we are otherwise allowed or required to do so under law.

Some of the third parties we may share your information with include the following:

• our partners, suppliers and entities we do business with (who assist us with providing our services) – for example, we may share your information with real estate agents to facilitate your enquiry or purchase of our one of our developments;
• our service providers and advisors (who assist us with providing, promoting and managing our services). These may include our IT service providers and third-party storage providers, marketing and communications providers, real estate agencies, digital marketing agencies, data analysis organisations, and professional advisors and consultants (e.g. legal, insurance and financial advisors);
• third parties, whether affiliated or unaffiliated, for the purpose of facilitating or implementing a transfer or sale of all or part of our assets or business or if we undergo any other kind of corporate restructure, acquisition or sale. In this context, your personal information may be transferred to another entity (or if such a sale, transfer, acquisition or corporate restructure is being contemplated by us); and
• government and law enforcement agencies (including regulatory bodies) to comply with our legislative or regulator obligations (such as to assist with our obligations under Anti-Money Laundering and Counter-Terrorism Financing Laws).

Use or disclosure of government-related identifiers

Fortis will not use or disclose a Government-related identifier of an individual unless:

• the use or disclosure of the identifier is reasonably necessary for Fortis to verify the identity of the individual for the purposes of the business activities or functions;
• the use or disclosure of the identifier is reasonably necessary for Fortis to fulfil its obligations to a Government agency or a State or Territory authority; or
• the use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order.

We generally only collect personal information in Australia. However, we may share some personal information with our external service providers located overseas.

We only ever share your personal information outside Australia where we are permitted to do so under the Privacy Act. This means we will take reasonable steps to ensure your personal information is treated securely and in accordance with the requirements of the Privacy Act.

There are other circumstances where we may share your personal information to an overseas recipient. For example, where you have provided your consent or we are otherwise permitted to do so under the Privacy Act or other relevant laws.

When you provide your personal information to us, we may use that personal information to send you direct marketing communications to keep you informed about products and services offered by Fortis.

We may communicate with you through various channels, such as via regular mail, email and social media.

We will only send these communications in accordance with applicable privacy and marketing laws, and only where you have not opted out from receiving such communications from us.

Important information regarding opting out

You are always in control of the direct marketing communications which you receive and can opt-out at any time. Generally, you can opt-out by following the relevant opt-out or unsubscribe instructions in the relevant communication (such as email).

You can also contact us using our contact details set out in Section 13 to tell us you would like to stop receiving direct marketing communications from us.

For cookies which use your personal information for direct marketing (such as targeted advertising) you can opt-out by adjusting your device setting and online privacy settings (for advertising on certain websites and social media channels).

Importantly, regardless of whether you opt out from receiving any or all direct marketing communications, we will still communicate with you if we are required by law to provide you with information, or in relation to the services we are providing you with (for example, in relation to sending you an invoice in relation to your purchase of a property with us).

9.1 Third party links and sites

Our website contains links to other websites or applications. When a user clicks on a link to another site they are no longer subject to this Privacy Policy. We have no responsibility for linked websites or applications and provide them solely for your information and convenience. We specifically disclaim responsibility for their content, privacy practices and terms of use, and we make no endorsements, representations or warranties about their accuracy, content, or thoroughness. Your disclosure of personal information to third party websites/applications is at your own risk.

9.2 Website use and cookies

You may visit our websites without identifying yourself. If you identify yourself (for example, by making an enquiry), any personal information you provide to us will be managed in accordance with this Privacy Policy.

Cookies are small text files placed on your device (computer, smartphone, tablet) as a tool to remember your preferences when you visit a website.

They store information about your browsing actions and preferences. They help us to improve your browsing experience, remember your preferences, and understand how users interact with our website.

We collect certain information such as your:

• device type
• browser type
• “click-through” information
• IP address
• pages you have accessed on our websites and on third-party websites.

Depending on the circumstances, this may or may not be personal information.

Please refer to our Cookie Policy for details on how we use cookies and how you can control them.

We are committed to protecting your personal information and ensuring that we securely store any personal information we collect and in accordance with applicable privacy laws. We may hold your personal information in hard copy (paper) or electronic form.

We take all reasonable steps to ensure that any personal information we collect, use or disclose is accurate, complete, up-to-date and stored in a secure environment protected from misuse, interference and loss, and from unauthorised access, modification or disclosure.

We store electronic records in secure databases, using trusted third-party storage providers. We also maintain physical security measures in relation to storage of our electronic records (such as through locks and security systems at our electronic data stores). Using technical methods, we also maintain computer and network security.

We will only keep your personal information for as long as is necessary for the purposes set out in this Privacy Policy or as required to comply with any applicable legal obligations. When we no longer require your personal information (subject to and in accordance with any applicable laws), we will take steps to delete, destroy or de-identify that information.

While we take all steps reasonable in the circumstances to protect your information, in the unlikely event of a reportable data breach we will notify you and any relevant authorities in accordance with our obligations under the Privacy Act and other laws as necessary.

You are entitled to request access to your personal information that we have. To do so, please contact us using the details set out below in Section 13.

We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date. You can help us to do this by letting us know if you notice errors or discrepancies in the information we hold about you and informing us of any change in your personal details (for example, if your email address changes).

If you consider any personal information we have about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you are entitled to request correction of the information by contacting us. After receiving a request from you, we will take reasonable steps to correct your information.

We may decline your request to access or correct your information in certain circumstances in accordance with the applicable privacy laws. If we do refuse your request, we will provide you with a reason for our decision. In addition, if we refuse your request for correction, we will include a statement about your request with the personal information we store.

If you have any questions or concerns, please contact us using the details set out below.

Please contact us in writing if you have a complaint about privacy. If you make a complaint about privacy, the following will occur:

• Step 1: We will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint.
• Step 2: If your complaint requires more detailed consideration or investigation:
  • we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly; and
  • we may ask you to provide further information about your complaint and the outcome you are seeking.
• Step 3: We will then typically gather relevant facts, locate and review relevant documents and speak with the individuals involved.
• Step 4: In most cases, we will respond to your complaint within 30 business days from when we receive your complaint. If the matter is more complex or our investigation may take longer, we will let you know.

If you are not satisfied with our response to a complaint, or you consider that we may have breached the Privacy Act (including the Australian Privacy Principles), you are entitled to make a complaint to the Office of the Australian Information Commissioner (the Australian privacy regulator).

Further information about Australian privacy law is available from the Office of the Australian Information Commissioner (OAIC):

Website: www.oaic.gov.au
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

If you have any questions about our Privacy Policy, or about the ways we handle your personal information, please contact us using the details set out below.

Privacy Officer
Fortis
L5, 30-36 Bay Street
Double Bay, NSW 2028

Phone: 02 8188 1123 
Email: privacy@fortis.com.au

We may make changes to this Privacy Policy, with or without notice to you. We recommend you visit this Privacy Policy regularly to keep you up to date with any changes we make.

The latest version will be available on our website with the effective date stated below.

Effective Date: 12 January 2026