At Coles, we respect the privacy of your Personal Information in our care. Personal Information means information which identifies you as an individual or from which you can be reasonably identified.
Coles group companies do not sell Personal Information about you.
2. Types of personal information collected
The types of Personal Information we collect includes:
- Contact details (e.g. email address, telephone number(s), residential and delivery addresses);
- Information to identify you (e.g. date of birth);
- Household details (e.g. number of people living at a household and their ages);
- Payment and transaction details/history (including information about payment cards linked to flybuys and associated transactions);
- Details regarding participation in flybuys and our other clubs and programs operated from time to time;
- Records of your communications and interactions with us; and Details/history of purchases, preferences, interests and behaviour relating to transactions, products, services and activity with our digital services.
We may not be able to provide our products or services, or make offers to you without your Personal Information. For example, we may not be able to deliver items ordered online to your home address if you do not provide us with your residential and delivery addresses. As another example, we may not be able to award you flybuys points for applying and holding our Coles Financial Services products if you do not provide your Personal Information, which includes your flybuys card number.
3. How personal information is collected and held
We may collect your Personal Information in relation to your interactions and transactions with us and Coles group companies, which will include when you:
- Use your flybuys card or number or associated identifiers such as payment cards;
- Make a purchase in store or place an order online; Conduct a transaction including making a non-cash payment, or registering for a service where we collect Personal Information;
- Participate in flybuys and/or our other loyalty programs operated from time to time;
- Participate in a promotion, competition, or survey; Request customer service or contact us;
- Post a review or comment on one of our websites or social media pages, or post a rating or review or other user generated content on one of our websites or apps; or
- Otherwise use our related websites, apps, social media and other digital services.
We may monitor and record your communications with us (including email and telephone) for security, dispute resolution, and training purposes and operate video and audio surveillance devices in our premises.
We may also collect Personal Information from third parties including from:
- Public sources;
- Information service providers (including for data integrity purposes);
- Providers who administer Coles-branded products and services such as payment cards and insurance; and
- Anyone authorised to act on your behalf.
We hold Personal Information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We implement a range of measures, including people, process, and technology controls, to protect the security of your Personal Information. Examples of these measures include
- Access to Personal Information is controlled through access and identity management systems;
- Team members are bound by internal information security policies and are required to keep Personal Information secure at all times;
- We take steps to protect Personal Information in accordance with the Office of the Information Commissioner’s Guide to Securing Personal Information; and
- We also take measures in respect of destroying or de-identifying Personal Information that is no longer needed for any lawful purpose.
Our security controls are continually reviewed to ensure that the protection of your Personal Information is maintained.
4. Purposes for handling personal information
We handle your Personal Information in connection with providing, administering, improving, and personalising our products and services, and to support our business functions. This can include:
- To manage your requests for products and services, including delivery, processing payments, providing refunds and discounts;
- To register and service your account, including keeping your information up-to-date, and verifying your identity;
- To communicate with you about our products, services, and promotions (including direct marketing);
- To help us improve our products and services, including conducting product and market research;
- To improve our operational processes to enhance your customer experience;
- To respond to your feedback, queries, or concerns;
- Working with our service providers;
- Investigative, fraud, and loss prevention activities;
- Interacting with Regulators and relevant government entities;
- Any of our related companies and brands including the Coles group; and
- As otherwise required or permitted by law.
Using Personal Information, we endeavour to improve our understanding of your interests, suitability, and behaviour in relation to products, services, and offers, including conducting risk assessments for financial products (including credit and insurance).
We may also handle your Personal Information to protect our lawful interests and facilitate purchases and potential purchases of our businesses.
We may provide marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (e.g. email), our digital services, and other means unless you opt out by calling Coles Customer Care on 1800 061 562. These communications may relate to the products and services we, and other Coles group companies provide, and other products which may be of interest to you.
5. Sharing of personal information
We work with a number of suppliers that carry out specific functions on our behalf, and include companies that assist us with:
- Technology services including application, development, technical support, processing, storing, hosting and analysing data;
- Processing payments;
- Communicating our offers and promotions to you;
- Product development and market research;
- Business advisory services, such as our lawyers, accountants, or other professional service providers to extent reasonably required; and
- Administrative services, including mailing services, printing, archival, and contact management service.
Some of our service providers including technology or data storage providers may be located in countries outside Australia. While it is not reasonably practicable to list all of the countries to which your Personal Information may be disclosed from time to time, it is likely that such countries may include Germany, India, Ireland, Japan, Hong Kong, Malaysia, the Philippines, Singapore, South Africa, the United Kingdom, and the United States.
When we disclose your information overseas, we take steps to ensure that our service providers are obliged to protect the privacy and security of your Personal Information in accordance with the standards that apply in Australia including that they only use Personal Information for the purpose for which it is disclosed.
6. Digital services
We provide information and services through a range of digital and online services including websites (e.g. coles.com.au) , apps, email, online advertisements, IPTV, and social media profiles, which are collectively known as Coles Digital Services. These services may be operated by us and other Coles group companies to provide a consistent experience, personalised to your use of each of those services and provide targeted marketing.
Some information we collect in relation to Coles Digital Services is not related to an individual. In many cases the information only relates to a device or is of an aggregated or statistical nature, and we will have no way of knowing the identity of the user. In other cases we may associate information about your use of Coles Digital Services over time with your Personal Information, e.g. where on any occasion you have logged in, followed a link sent to you by email or we have otherwise been able to identify you.
Our online services may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and recommend that you review their privacy policies.
7. Procedures for access, correction and feedback
If you wish to access or correct any Personal Information we hold about you, please contact us as set out below.
When making an access request, please provide as much detail as you can about the particular information you seek, in order to help us retrieve it. Under the Privacy Act and other relevant laws, we are required to provide a written response outlining our reasons if we refuse your request.
Where we decide not to make a requested correction and you disagree, you may ask us to add a note of your requested correction to the information that explains your correction request.
8. Complaints and concerns
If you have any complaints or concerns about this Policy, or our handling of your Personal Information, you can contact us as set out below.
Once a complaint has been lodged, we will let you know who will be handling your matter and when you can expect a full response within 30 days.
If you are not satisfied with our response, please let us know and we will investigate further and respond to you. If you are still not satisfied, you can contact the Office of the Australian Information Commissioner, whose contact details are set out below.
Queries regarding privacy should be directed to the Coles Privacy Officer:
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
9. Additional privacy information
For information about privacy generally, you may contact the Office of the Australian Information Commissioner on the contact details noted above.
Dated: November 2018