Maximo Suite Privacy Policy


Maximo Suite Privacy Policy

CBRE Group, Inc. , together with its subsidiaries (collectively, “ CBRE ”, “ we ”, “ us ” or “ our ”), recognizes the importance of protecting your privacy. This Maximo Suite Privacy Notice is designed to assist you in understanding how we collect, use and safeguard your personal information and your choices in making informed decisions when using Maximo Suite and associated applications.

Maximo Suite Privacy Policy

Last updated: January 13, 2022

The Types of Information Collected

We collect the following categories of information about your employees to provide our services to you:

  • Contact information (such as name, postal or e-mail address, and phone number);
  • Professional information (such as job title, department and name of organization);
  • Employee ID number, for CBRE employees only;
  • Username and password;
  • Geo-location information, for service providers using our mobile apps to manage work orders;
  • Information about your use of our websites. For more information, see our Cookies Policy.


How We Use Your Information

We may use the personal information we obtain about you for the following purposes:

  • Creating and managing any accounts you may have with us and responding to your inquiries on the basis of your consent. This includes responding to service and maintenance requests you submit to us and communicating with you about their status;

  • Extracting timesheet data for CBRE employees to be sent to HR systems;

  • Creating and assigning work orders for completion in accordance with your contract(s) with CBRE;

  • Verifying the completion of work orders through location tracking and geofencing on the basis of your consent;

  • To fulfill CBRE’s interests in operating, evaluating and improving our business (including developing new products and services; managing our communications; analyzing our products, services, websites, mobile applications and any other digital assets; facilitating the functionality of our websites, and mobile applications and any other digital assets);

  • Anonymizing personal information and preparing and furnishing aggregated data reports showing anonymized information;

  • Enforcing our Terms and Conditions or other legal rights;

  • As may be required by applicable laws and regulations or requested by any judicial process or governmental agency having or claiming jurisdiction over CBRE.

  • We also may use the information in other ways for which we provide specific notice at the time of collection.

Our Retention of Your Information

To better protect your privacy, we take steps to mask, and eventually delete, certain information about you. When you open a service request, it will be linked in our database to your name and other personal information. After one year, we will “mask” the requester so that the service request is no longer attributable to you. After two years, we will “archive” service request records by restricting access to a limited number of our support personnel. When our Master Service Agreement to provide services to your building or facility expires or is terminated, we will permanently delete all service request records.

We also perform daily backups of our database, which we retain for three months in a secure facility. These backups are accessible only by a limited number of our support personnel. Your information may be temporarily retained on these backups after it is masked or deleted from our database.

Geo-Location Information:

Our mobile apps use geo-location to verify completion of work orders we may assign to you. For example, our apps may require your geographic location to check in at a job site, and our apps may track your location throughout the workday.

To ensure your privacy when not working, it is essential that you close and log out of our apps at the end of the work day, so that the app will no longer collect your location.

Personal Information We Share


We may share your personal information with companies acting as our authorized agents in providing our services (e.g., customer/support services) to you, all of which agree to use your information only for such specified purposes. Each vendor must agree to implement and maintain reasonable security procedures and practices appropriate to the nature of your information in order to protect your personal information from unauthorized access, destruction, use, modification or disclosure. Because we operate globally, we may transfer your information to countries or jurisdictions that do not provide the same level of data protection as the country in which you are based. If we make such a transfer, we will, or our vendors will, as applicable, provide for the proper safeguards required by applicable law to ensure that your information is protected. More information on International Data Transfers of your personal information is below. 

Legally Affiliated Entities:

In the event that CBRE is merged, or in the event of a transfer of our assets or operations, CBRE may disclose or transfer your personal information in connection with such transaction. In the event of such a transfer, CBRE will notify you via email or by posting a prominent notice on our website for 30 days of any such change in ownership of CBRE resulting in a change of control of your personal information. We may also share your personal information with CBRE affiliates in order to provide or offer services to you. 

Legally Compelled Disclosure:

We will also disclose your personal information when required to do so by law, for example, in response to a court order or a subpoena or other legal obligation, in response to lawful requests by public authorities, including to meet national security or law enforcement agency's requirements, or in special cases when we have reason to believe that disclosing your personal information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (whether intentionally or unintentionally) our rights or property. 


You should also be aware that courts of equity, such as U.S. Bankruptcy Courts, may have the authority under certain circumstances to permit your personal information to be shared or transferred to third parties without your permission.

International Data Transfers

CBRE is a global business. We may transfer the personal information we collect about you to recipients, and your personal information may be stored and processed, in countries other than the country in which the information was originally collected, including the United States and elsewhere that may have less stringent data protection laws than the country in which you initially provided the information.

When we transfer your information to countries other than the country in which the information was originally collected, we will protect your information as described in this Notice and will comply with all applicable data protection laws in making such transfers.

If you are located outside the United States, the transfer of personal information is necessary to provide you with the requested information and/or to perform any requested service. To the extent permitted by law, such submission also constitutes your consent for the cross-border transfer.

With respect to transfers originating from the European Economic Area to the United States and other non-EEA jurisdictions:

  • CBRE has executed EU Standard Contractual Clauses with respect to personal information collected in the European Economic Area and transferred to CBRE in the United States and elsewhere.

Where allowed by applicable law, you may ask for further information on the safeguards that we have put in place to safeguard the transfer of your data to outside of the EEA by contacting us as indicated below.



CBRE endeavors to protect the security of your personal information and your choices for its intended use. We use Secure Socket Layer or SSL technology to protect the transmission of sensitive personal information such as your credit card number. We store your personal information on a secure server, and use procedures designed to protect the personal information we collect from unauthorized access, destruction, use, modification or disclosure.

Although we will take (and require our third-party providers to take) commercially reasonable security precautions regarding your personal information collected from and stored in our CMMS services, due to the open nature of the Internet, we cannot guarantee that any of your personal information stored on our servers, or transmitted to or from a user, will be free from unauthorized access, and we disclaim any liability for any theft or loss of, unauthorized access or damage to, or interception of any data or communications. By using our CMMS services, you acknowledge that you understand and agree to assume these risks.


The privacy laws in many countries grant you certain rights concerning your personal data. CBRE honors requests to exercise rights granted to you by applicable law.

European Economic Area

If we collect or process your data in the context of our operations within the European Economic Area, you have the following rights under Regulation 2016/679, the General Data Protection Regulation (GDPR):

  • The right to request access to your data

  • The right to request a copy of your data in a portable format

  • The right to request the correction data we hold about you

  • The right to request that we erase your data

  • The right to request restriction of the processing of your data

  • The right to object to our processing of your data

  • Where we process data based on your consent, the right to withdraw that consent at any time

To exercise any of these rights, please submit a request through our Data Subject Rights Portal or contact us at [email protected].

If you do not receive a timely response to your request or are not satisfied with the response you receive, you have the right to file a complaint with the applicable Data Protection Authority. A list of Data Protection Authorities is available from the European Data Protection Board.


As a consumer residing in the state of the State of California, you have the right under the California Consumer Privacy Act (“CCPA”) to request that: (i) CBRE discloses the categories of Personal Information that we collected, the categories of the sources of such Personal Information, the business or commercial purposes for collecting such Personal Information, the categories of third parties to whom we disclosed such Personal Information, and/or, if we sold or disclosed your Personal Information, the categories of Personal Information that each category of recipient purchased or obtained, and/or (ii) that we provide you with copies of such Personal Information. You may make two such (2) requests in any 12-month period.

Subject to certain exceptions, you may also request that we delete any Personal Information about you that we may hold. We may have grounds to deny your deletion request as provided for in the CCPA.

Upon receipt of your request to know, for access, or for deletion, we will need to reasonably verify that you are the person about whom we collected Personal Information. We may do so by asking for additional information (“Verifiable Information”) to compare against the information we hold about you, or if you have an account with us, by asking you to log in to that account. We will only use Verifiable Information to verify your identity or authority to make the request. We may also ask you to provide additional detail or clarify your request to allow us to properly understand, evaluate and respond to it.

Types of Verifiable Information we may ask for depend on the context of your relationship with CBRE, but may include:

  • Name of a CBRE employee with whom you interacted,

  • Date or other details of a transaction you had with CBRE,

  • Email address, phone number, or other contact information we may have on file for you.

You may exercise your rights to know, access, delete or opt out by completing the form in our Data Subject Rights Portal or by calling us at +1 (866) 428 4722. We will ask for your name, email address, and your relationship to us in order to begin processing your request.

You may authorize someone to submit a rights request on your behalf. You may do this by providing that person with power of attorney pursuant to the California Probate Code. Alternatively, you may provide that person with signed, written permission to submit requests on your behalf, but we will still require you to verify your identity with us directly by one of the methods listed above. In either case, we will also require that person to verify their personal identity via one of the above methods, or, in the case of a business entity, by response to communications directed at a well-known internet domain associated with that business or to contacts provided in that entity’s official filings with the California Secretary of State.


Withdrawing your consent: : If we have collected and process your personal information based on your consent, then you may have the right to withdraw your consent under applicable law at any time.

You may also have rights under applicable law to request to review, access, correct, delete, port or object to our processing your personal information processed by us, and to lodge a complaint with a supervisory authority. If so, you may do so by making a request on CBRE’s Data Subject Rights Portal or submitting your request to [email protected].

Contact Us

You are always free to contact us if you have questions or concerns regarding this Policy or have a question or problem related to your use of the Services. Our standard business practice is to retain any communications from our users to help us to serve each of you better.

You may contact us by emailing [email protected] or by writing to us at 321 North Clark Street, Suite 3400, Chicago, Illinois 60654, Attention: Global Director, Data Privacy.

Users in Europe, the Middle East or Africa:

If you are located in Europe, the Middle East or Africa, you may also e-mail us at [email protected] or write to us at St. Martins Court, 10 Paternoster Row, London EC4M 7HP, United Kingdom, Attention: EMEA Director, Data Privacy. 

Users in Asia or the Pacific:

If you are located in Asia or the Pacific, you may also e-mail us at [email protected] or write to us at 40/F GT Tower International, 6813 Ayala Ave. cor H.V. Dela Costa Street, Salcedo Village, Makati City, Philippines 1227, Attention: APAC Senior Manager, Data Privacy. 

Appendix A: Cookie Policy

This is our Cookie Policy as of October 21, 2018. The current version of the policy can be found at

Cookie Policy – Automatic Data Collection

By browsing on our Site, you are agreeing to our use of cookies.

What is a Cookie:  A cookie is a small text file that a website stores on your personal computer, telephone or any other device, with information about your navigation on that website. Cookies facilitate browsing and to make it more user-friendly. A cookie contains the name of the server it came from, the expiry of the cookie, and a value – usually a randomly generated unique number. Cookies do not give access to nor damage your computer. 

  1. Cookie Use By Us

    How we use Cookies:

    When you visit our Site, we use cookies to identify you as a valid user, to ensure that no one else can sign on simultaneously with your account from another computer and to help us serve you better based on your registration preferences. We may also use cookies to help us facilitate any promotions or surveys that we provide.

    Cookies Are Not Used to Store Sensitive Data:

    The cookies we use do not store sensitive personal information, such as your address, your password, or your credit card data.

    Main Cookies we use: 

    Here's a list of the main cookies we use, and what we use them for:

  2. Cookie Type






    Used to record anonymous data about your visit.The information is aggregated to our Google Analytics account. We do not share this data in any form.

    2 years



    Same as above.

    30 minutes



    Same as above.

    When you close your browser



    Same as above.

    6 months



    This cookie establishes whether the user is are turning or first-time visitor for the purpose of analytics. This is done simply by a yes/no toggle - no further information about the user is stored.

    90 days



    Allows web analytics to identify unique users across browsing sessions, but it cannot identify unique users across different browsers or devices.

    90 days



    Allows web analytics to identify unique users across browsing sessions, but it cannot identify unique users across different browsers or devices.

    90 days



    Identifies repeat visits from an anonymous single user across CBRE websites.

    1 year



    Performance Cookie for technical monitoring of the server load

    On session close



    Collects and reports on aggregate non-identifiable information, which can then be used to report on the performance of the website and provide insights on how the site is currently used and how it can be improved.

    1 year

    User Login State


    Identifies if a user is logged in to the CBRE Global Research Gateway. The Login is able to persist up to 90 days or on log out by the user.

    90 days

    User Login Stat


    Identifies a user is authenticated by Single Sign on and able to download CBRE Research

    90 days

  3. Performance Tracking

    We sometimes use cookies, as well as tracking technology, such as web beacons, within the promotional emails that we send to our subscribers or advertisements for our Site. These performance tracking devices help us to track whether an e-mail recipient has completed an event, such as signing up for a free trial for example. Such information is non-personally identifying and collected on an aggregate level. We sometimes utilize third party service providers to help us track the activity within our Site. These third parties may use temporary cookies and/or web beaconing technology to facilitate such tracking but the data would not be tracked in a personally identifiable way. Third parties whose products or services are accessible on our Site may also use cookies, and we advise you to check their privacy policies for information about their cookies and other privacy practices. 

  4. Avoiding and Disabling Cookies

    Avoiding Use of Cookies on this Site: If you prefer to prevent us from using Cookies on your devices, before navigating on this Site, you must first disable the use of Cookies in your browser and then delete the Cookies saved in your browser associated with this Site.

    Disabling and Preventing Further Use of Cookies:  You may restrict, block or delete the Cookies from this Site at any time by changing the configuration of your browser. You can find out how to do this, and find more information on cookies, at: In addition, while each browser has different settings and configurations, cookies settings can typically be adjusted in the "Preferences" or "Tools" menu. Your browser’s "Help" menu may provide additional information.