OVERVIEW 

Dream Asset Management Corp., Dream Office REIT, Dream Industrial REIT, Dream Global REIT,
Dream Hard Asset Alternatives Trust and their respective affiliates and subsidiaries (collectively,
“Dream”) are committed to maintaining the accuracy, security and privacy of the personal
information of all individuals whom Dream deals with, in accordance with Canada’s privacy
legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA). This
Privacy Policy is a statement of principles and guidelines for the protection of the personal
information that Dream collects, uses or discloses in the conduct of business. The Privacy Policy
applies to all of Dream’s customers and potential customers, employees current, past, part time
and full time (including, without limitation, Trustees, Officers, Individual Consultants,
Contractors, Agents, and Co-op Students).

Table of Contents

i) Definition of Personal Information
ii) Privacy Policy Principles and Guidelines
iii) Collection and Usage of Personal Information
iv) Changes to the Privacy Policy
v) Accessing Personal Information
vi) Contact

i) Definition of Personal Information

Personal information means information about an identifiable individual, but does not include
the name, title or business address, or telephone number of an employee of an organization.1
This definition applies to Dream’s employees and to the personal information Dream collects,
uses or discloses in the course of commercial activities.²

ii) Privacy Policy Principles and Guidelines

Principle 1 – Accountability
Dream is responsible for personal information under its control. Dream has designated a
Chief Compliance Officer to be accountable for the organization’s personal information
handling policies and practices, including but not limited to the Ten Principles and
Guidelines.

---

1 https://www.priv.gc.ca/leg_c/interpretations_02_e.asp
2 https://www.priv.gc.ca/leg_c/interpretations_02_e.asp

Principle 2 – Identifying Purposes for Collection of Personal Information

Dream commits to identify why it is collecting personal information at or before the time of
collection. Dream will notify customers and employees before using personal information for
any purpose not identified at the time of collection.

Principle 3 – Obtaining Consent for Collection, Use or Disclosure of Personal Information

The knowledge and consent of an individual is required for the collection, use, or disclosure
of personal information, except where inappropriate or as permitted by law. In obtaining
consent, Dream uses reasonable efforts to ensure that an individual is advised of the purpose
for which the personal information will be used or disclosed. An individual may withdraw
consent at any time, subject to legal or contractual restrictions and reasonable notice. Dream
will advise the individual of the implications of such withdrawal.

Principle 4 – Limiting Collection of Personal Information

Dream limits the collection of personal information to what is necessary for identified
purposes and information is collected by fair and lawful means.

Principle 5 – Limiting Use, Disclosure, and Retention of Personal Information

Dream does not use or disclose personal information for purposes other than the identified
purposes for which it is collected, except with the consent of the individual or as required or
permitted by law. Dream retains personal information only as long as is necessary to fulfill
the identified purposes. Employee information is retained for seven years with the exception
of pension information, which is retained indefinitely, after the termination of employment.
Dream destroys, erases or makes anonymous personal information that is no longer required
to fulfill the identified purposes, in a manner that continues to maintain your privacy.

Principle 6 – Accuracy of Personal Information

Personal information held by Dream is as accurate, complete and up-to-date as is necessary
for the purposes for which it is to be used. Dream updates personal information about
individuals as and when necessary to fulfill the identified purposes or upon notification by
the subject individual. Dream does not routinely update personal information, unless such
process is necessary to fulfill the identified purposes.

Principle 7 – Security Safeguards

Dream protects personal information by security safeguards appropriate to the sensitivity of
the information. Dream uses reasonable efforts and security measures to protect personal
information against loss or theft, as well as unauthorized access, disclosure, copying, use,
modification, disposal or destruction. Dream operates secure data networks protected by
industry standard firewall and password protection systems. Dream protects personal
information disclosed to third parties by contractual agreements stipulating the
confidentiality of the information and the limited purposes for which it is to be used.

Principle 8 – Openness Concerning Policies and Practices

Dream makes its Privacy policies and practices readily available through the DNN (company
intranet) and through Dream’s websites.

Principle 9 – Individual Access to Personal Information

Upon written request from an individual, pursuant to Principle 8 – Openness Concerning
Policies and Practices, Dream will inform the individual of the existence, use, and disclosure
of his or her personal information and, subject to certain exceptions, will give the individual
access to that information. If access is denied, Dream will notify the requesting individual in
writing, give reasons for the denial, and inform the individual of the recourses open to him or
her. If access is granted, Dream will give the requesting individual a reasonable opportunity
to review the personal information collected by Dream.

Principle 10 – Challenging Compliance

Individuals may address a challenge concerning compliance to Dream’s Chief Privacy
Officer. See Contact information below.

iii) Collection and usage of personal information

We collect, use and disclose your personal information for the following purposes:
Recruitment for positions with Dream and its affiliates, including for the purpose of obtaining
and providing references regarding personnel;
Establishing, managing and terminating relationships with personnel, and assessing and
facilitating the implementation of programs, policies, procedures and opportunities for
personnel;
Administration of Dream’s policies and procedures regarding the training, retention,
performance, evaluation, discipline and termination of personnel;
Administration of compensation, benefits, travel, rewards, company vehicles and vehicle
allowances, advances, loans, garnishments, and other personnel services and fulfilling
taxation and other legal requirements in respect of same;
Complying with other requirements imposed by law, including without limitation, collecting
personal information required by applicable workplace insurance and safety legislation and
occupational health and safety legislation;
Administering the physical and technological security of Dream’s facilities and technology
systems, and the safety of personnel and visitors, through the collection of personal
information on security video, access-card access and other security surveillance systems,
in accordance with Dream’s policies;
4
Detecting and protecting Dream and other third parties against error, negligence, breach of
contract, theft, fraud and other illegal activity, and to comply with Dream audit requirements,
and to audit compliance with Dream’s policies, procedures, laws and contractual obligations;
Administration of Dream’s Intranet, website and computer systems, including remote access
from home or other non-Dream locations;
Providing computer system help desk services and technical support for personnel and
ensuring that computer system, email, Intranet and Internet use by personnel complies with
Dream’s technology policies and applicable laws;
Marketing and promotion of Dream, including the use of personnel photographs and
biographies on the Intranet, Internet, website and in responses to requests for proposals,
brochures, announcements, advertising and other marketing, promotional and informational
materials;
To promote the social interaction of personnel, including: organized events, contests, rebate
programs, and to celebrate birthdays and holidays;
To engage in and carry out business transactions that may involve the sale or transfer of
personal information, including the purchase, sale, lease, merger, amalgamation or any other
type of acquisition, disposal, securitization or financing involving Dream or its affiliates; as
permitted by and to comply with any legal or regulatory requirements and laws; and for any
other purpose to which an individual consents

iv) Changes to the Personnel Privacy Policy

Dream reserves the right to modify or supplement this Privacy Policy at any time. If we make
any change to this Privacy Policy, we will post such changes on the company’s internal
website, Dream Network News (DNN), and will be available upon request from the Chief
Privacy Officer.

v) Accessing Personal Information

Employees have a right to access personal information that Dream has and to know how it is
used, subject to certain legal exceptions. To submit a request to access your personal
information, please contact the Chief Privacy Officer.

vi) Contact

Should you have any questions or concerns about this policy or the procedures please
contact the Chief Privacy Officer, Steven Grant, Director, Controls & Compliance at
sgrant@dream.ca and at 416-365-6562