Effective as of 10 October 2022.

Click here for the PDF version.

This Privacy Policy describes how PPF OFF 150 California Street, LP a partnership with a place of business at 150 California Street, San Francisco, CA 94111 and our corporate subsidiaries and affiliates (collectively, “150 California”, “we”, “us”, or “our”) collects, uses and shares your personal information if you visit our property at 150 California Street in San Francisco, California, visit or our other websites or services that link to this Privacy Policy (collectively, the “Services”), contact us, receive our communications, or attend our events.

This Privacy Policy does not address your relationship with your employer if your employer is a tenant of the building nor the Host App, which is developed by a service provider to us. You can learn more about how the Host app developer and host (CBRE, Inc.) uses data on connection with Host here.

Table of Contents (click to jump)

Personal Information We Collect

Feedback or correspondence, such as information you provide when you contact us with questions or feedback or otherwise correspond with us. Angus is the online system we currently use for submitting maintenance requests (and in the future we may use the Host app for this functionality). The system requires name, building floor, phone number, and tenant identity and work email. And you must be logged in to the system to make these requests.

Usage information, such as information about how you use the Services and interact with us, including information you provide when you use any interactive features of the Services, such as through the Host app.

Marketing information, such as your preferences for receiving communications about the building (e.g., we have a newsletter that is sent to tenant contacts) and details about how you engage with our communications.

Other information that we may collect which is not specifically listed here, but which we will use in accordance with this Privacy Policy or as otherwise disclosed at the time of collection.

Cookies and Other Information Collected by Automated Means

We, our service providers, and our business partners may automatically log information about you, your computer or mobile device, and activity occurring on or through the Services or your use of our website. The information that may be collected automatically includes your computer or mobile device operating system type and version number, manufacturer and model; device identifier; browser type; screen resolution; IP address; the website you visited before browsing to our website; general location information such as city, state or geographic area; and information about your use of and actions on the Services, such as pages or screens you viewed, how long you spent on a page or screen, navigation paths between pages or screens, information about your activity on a page or screen, access times, and length of access. Our service providers and business partners may collect this type of information over time and across third-party websites and mobile applications.

How and Why We Use Your Personal Information

We use your personal information for the following purposes and as otherwise described in this Privacy Policy or at the time of collection:

To manage the building. We use your personal information as provided above and generally to:

To comply with law. We use your personal information as we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.

For compliance, fraud prevention, and safety. We may use your personal information and disclose it to law enforcement, government authorities, and private parties as we believe necessary or appropriate to: (a) protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern the Services; and (c) protect, investigate, and deter against fraudulent, harmful, unauthorized, unethical, or illegal activity.

With your consent. In some cases, we may specifically ask for your consent to collect, use, or share your personal information, such as when required by law.

To create anonymous data. Our service providers may create aggregated and other anonymous data from your personal information and other individuals whose personal information we collect. They may make personal information into anonymous data by removing information that makes the data personally identifiable to you. They may use this anonymous data and share it with third parties for lawful business purposes, including to analyze and improve the Services and promote our business.

How Long We Retain Your Personal Information

We retain personal information as long as necessary to provide the Services. Our policy is that when a person is terminated, they become inactive in our systems. When a tenant leaves, our policy is to delete the personal data related to their employees and contractors. Our current vendor allows us to identify and request deletion of personal data in 90 days and our policy is to do that when a person becomes inactive due to their or their employer's termination.

How We Share Your Personal Information

We do not share your personal information with third parties without your consent, except in the following circumstances or as otherwise described in this Privacy Policy

Affiliates. We may share your personal information with our corporate subsidiaries and affiliates for purposes consistent with this Privacy Policy.

Service providers. We may share your personal information with third-party companies and individuals that provide services on our behalf or help us operate the Services (such as CBRE). These third parties may use your personal information only as authorized by their contracts with us. As of the date we wrote this policy, we use CBRE to manage the building and provide the Host App (privacy policy is here); Avigilon as our surveillance company for CCTV; Blubox/Blusky for access control (privacy policy is here); Allied Universal PP0 14417 Security Services (physical, electronic security contractor with a privacy policy here).

Professional advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary in the course of the professional services that they render to us.

For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention, and safety purposes described above.

Business transfers. We may sell, transfer, or otherwise share some or all of our business or assets, including your personal information, in connection with a (potential) business transaction such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution.

Your Choices

In this section, we describe the rights and choices available to all users.

Access or update your information. If you have registered for an account with us, you may review and update certain personal information in your account profile by logging into your account. Tenant contacts, please contact us to do this. Tenant employees can do this in the Host app or by contacting us and for other purposes (bike agreement, showers, property checkout, etc.) please contact us.

Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not track users and hence do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit

Choosing not to share your personal information. Where we are required by law to collect your personal information, or where we need your personal information to provide the Services to you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with the Services. We will tell you what information you must provide to receive the Services by designating it as required at the time of collection or through other appropriate means.

Other Sites, Mobile Applications, and Services

The Services may contain links to, or content or features from, other websites and online services operated by third parties such as Host. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third-party websites, mobile applications, or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use, and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.

Security Practices

The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information. As of the date of this policy, it is our policy to use the following security practices:

International Data Transfer

We are headquartered in the United States and have service providers in other countries, and your personal information may be transferred outside of your state, province, or country to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.


The Services are not directed to, and we do not knowingly collect personal information from, anyone under the age of 16. If we learn that we have collected personal information of a child without the consent of the child’s parent or guardian, we will delete it. We encourage parents with concerns to contact us.

Changes to this Privacy Policy

We may amend this Privacy Policy at any time by posting the amended version on the Services and indicating the effective date of the amended version. We may announce any material changes to this Privacy Policy through the Service or Host and/or via email if we have your email address. In certain circumstances, we may also provide an email blast to tenant contacts and post it wherever else the new terms apply (and maybe highlight the changes in our newsletter). In all cases, your continued use of the Services after the posting of any modified Privacy Policy indicates your assent to the amended Privacy Policy.

How to Contact Us

If you have any questions or comments about this Policy or 150 California Street’s privacy practices, email us at You may also write to us via postal mail at:

Property Manager On Site, Attn: Legal – Privacy, 150 California Street, San Francisco, CA 94111

Your California Privacy Rights

Under California law, California residents are entitled to ask us for a notice identifying the categories of personal customer information that we share with certain third parties for marketing purposes, and providing contact information for such third parties. If you are a California resident and would like a copy of this notice, please submit a written request to us via email at You must put the statement "Your California Privacy Rights" in your request and include your name, street address, city, state, and ZIP code. We are not responsible for notices that are not labeled or sent properly, or do not have complete information.

We do not collect personal information for direct marketing purposes. As a result, California's Shine Your Light law does not apply.