Privacy policy

Coles Group privacy policy

At Coles, we respect the privacy of your Personal Information in our care. Personal Information means information which identifies you as an individual or from which you can be reasonably identified. 

Coles Group Privacy Policy

Coles Car, Home and Landlord Insurance

Coles Pet Insurance

Coles Credit Cards

Coles Personal Loans

Coles Careers

1. Overview

At Coles, we respect the privacy of your Personal Information in our care. Personal Information means information which identifies you as an individual or from which you can be reasonably identified.

This Privacy Policy applies to all Coles group companies and divisions including Supermarkets (Coles Supermarkets, Coles Gift Cards, Coles Online, Coles Financial Services, Coles Local), Coles Liquor (Liquorland, First Choice, Vintage Cellars, First Choice Liquor Market, and Spirit Hotels), and Coles Convenience (Coles Express). This Privacy Policy relates to Personal Information we collect and handle about you as our customers, visitors to our website, users of Coles group apps, social media, and other digital services and members of the public.

Our Coles Team Members can contact their Line Manager or People and Culture team representative for details about the privacy of their Personal Information, and job applicants can review the applicable Privacy Policy on our careers page at www.colescareers.com.au/privacy.

Coles is a participant Partner in the flybuys program (“Loyalty Pacific Pty Ltd”) and retains a 50 per cent ownership stake in it as one of Australia’s most popular loyalty programs. The flybuys program a ‘coalition’ loyalty marketing program where members are able to earn and redeem points and rewards across a wide range of Partner entities, including organisations in the retail, financial services, travel, utility and health sectors. For more information about flybuys privacy practices or policies, we recommend that you review their Privacy Policy at www.flybuys.com.au/about/#/privacy-policy.

Coles group companies do not sell Personal Information about you.

2. Types of personal information collected

The types of Personal Information we collect includes:

  • Name;
  • Contact details (e.g. email address, telephone number(s), residential and delivery addresses);
  • Information to identify you (e.g. date of birth);
  • Household details (e.g. number of people living at a household and their ages);
  • Payment and transaction details/history (including information about payment cards linked to flybuys and associated transactions);
  • Details regarding participation in flybuys and our other clubs and programs operated from time to time;
  • Records of your communications and interactions with us; and Details/history of purchases, preferences, interests and behaviour relating to transactions, products, services and activity with our digital services.

We may not be able to provide our products or services, or make offers to you without your Personal Information. For example, we may not be able to deliver items ordered online to your home address if you do not provide us with your residential and delivery addresses. As another example, we may not be able to award you flybuys points for applying and holding our Coles Financial Services products if you do not provide your Personal Information, which includes your flybuys card number.

Where you provide us with Personal Information about someone else you must have their consent to provide their Personal Information to us based on this Privacy Policy.

3. How personal information is collected and held

We may collect your Personal Information in relation to your interactions and transactions with us and Coles group companies, which will include when you:

  • Use your flybuys card or number or associated identifiers such as payment cards;
  • Make a purchase in store or place an order online; Conduct a transaction including making a non-cash payment, or registering for a service where we collect Personal Information;
  • Participate in flybuys and/or our other loyalty programs operated from time to time;
  • Participate in a promotion, competition, or survey; Request customer service or contact us;
  • Post a review or comment on one of our websites or social media pages, or post a rating or review or other user generated content on one of our websites or apps; or
  • Otherwise use our related websites, apps, social media and other digital services.

We may monitor and record your communications with us (including email and telephone) for security, dispute resolution, and training purposes and operate video and audio surveillance devices in our premises.

We may also collect Personal Information from third parties including from:

  • Public sources;
  • Information service providers (including for data integrity purposes);
  • Providers who administer Coles-branded products and services such as payment cards and insurance; and
  • Anyone authorised to act on your behalf.

We hold Personal Information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We implement a range of measures, including people, process, and technology controls, to protect the security of your Personal Information. Examples of these measures include

  • Access to Personal Information is controlled through access and identity management systems;
  • Team members are bound by internal information security policies and are required to keep Personal Information secure at all times;
  • We take steps to protect Personal Information in accordance with the Office of the Information Commissioner’s Guide to Securing Personal Information; and
  • We also take measures in respect of destroying or de-identifying Personal Information that is no longer needed for any lawful purpose. 

Our security controls are continually reviewed to ensure that the protection of your Personal Information is maintained.

4. Purposes for handling personal information

We handle your Personal Information in connection with providing, administering, improving, and personalising our products and services, and to support our business functions. This can include:

  • To manage your requests for products and services, including delivery, processing payments, providing refunds and discounts;
  • To register and service your account, including keeping your information up-to-date, and verifying your identity;
  • To communicate with you about our products, services, and promotions (including direct marketing);
  • To help us improve our products and services, including conducting product and market research;
  • To improve our operational processes to enhance your customer experience;
  • To respond to your feedback, queries, or concerns;
  • Working with our service providers;
  • Investigative, fraud, and loss prevention activities;
  • Interacting with Regulators and relevant government entities;
  • Any of our related companies and brands including the Coles group; and
  • As otherwise required or permitted by law.

Using Personal Information, we endeavour to improve our understanding of your interests, suitability, and behaviour in relation to products, services, and offers, including conducting risk assessments for financial products (including credit and insurance).

We may also handle your Personal Information to protect our lawful interests and facilitate purchases and potential purchases of our businesses.

We may provide marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (e.g. email), our digital services, and other means unless you opt out by calling Coles Customer Care on 1800 061 562. These communications may relate to the products and services we, and other Coles group companies provide, and other products which may be of interest to you.

Where you provide us with Personal Information about someone else, you must have their consent to provide their Personal Information to us based on this Privacy Policy.

5. Sharing of personal information

We work with a number of suppliers that carry out specific functions on our behalf, and include companies that assist us with:

  • Technology services including application, development, technical support, processing, storing, hosting and analysing data;
  • Processing payments;
  • Communicating our offers and promotions to you;
  • Product development and market research;
  • Business advisory services, such as our lawyers, accountants, or other professional service providers to extent reasonably required; and
  • Administrative services, including mailing services, printing, archival, and contact management service.

Some of our service providers including technology or data storage providers may be located in countries outside Australia. While it is not reasonably practicable to list all of the countries to which your Personal Information may be disclosed from time to time, it is likely that such countries may include Germany, India, Ireland, Japan, Hong Kong, Malaysia, the Philippines, Singapore, South Africa, the United Kingdom, and the United States.

When we disclose your information overseas, we take steps to ensure that our service providers are obliged to protect the privacy and security of your Personal Information in accordance with the standards that apply in Australia including that they only use Personal Information for the purpose for which it is disclosed.

6. Digital services

We provide information and services through a range of digital and online services including websites (e.g. coles.com.au) , apps, email, online advertisements, IPTV, and social media profiles, which are collectively known as Coles Digital Services. These services may be operated by us and other Coles group companies to provide a consistent experience, personalised to your use of each of those services and provide targeted marketing.

Coles Digital Services may use “cookies”. A cookie is a piece of information that allows the server to identify and interact more effectively with your device. The cookie assists us in maintaining the continuity of your browsing session (e.g. to maintain a shopping cart) and remembering your details and preferences when you return. Other technologies that may be used with Coles Digital Services include web beacons (which may operate in conjunction with cookies), Flash local stored objects, and JavaScript. Some of these cookies and other technologies are consistent across various Coles Digital Services, allowing us and the other providers of these services to understand you better and provide a more consistent experience across these services. You can configure your web browser to reject and delete cookies and block JavaScript but you may find some parts of Coles Digital Services then have limited functionality. You can control your preferences regarding Flash local stored objects at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.

Our systems record a variety of information in relation to interactions with our online services. This can include information about software versions used, device identifiers (like IP address), location data (where available and not disabled by the user), dates, times, file metadata, referring website, data entered, and user activity such as links clicked. In some cases, third parties may use cookies and other technologies such as those described above as part of Coles Digital Services. These technologies may be used in connection with activities like surveys, online behavioural advertising, website analytics, and email campaign management. The services we may use from time to time include those offered by Google (including AdSense and DoubleClick), Yahoo, Adobe (including Campaign Manager and Analytics), and Microsoft. You can find more details in the privacy policies for those services, including information on how to opt-out of certain conduct. Bear in mind, you may need to opt-out separately from each service. The website www.youronlinechoices.com.au also allows you to opt-out of some online behavioural advertising and provides further information about how online behavioural advertising works. You can contact us to request further details of the services we use. Many of these services operate without collecting or using any Personal Information.

Some information we collect in relation to Coles Digital Services is not related to an individual. In many cases the information only relates to a device or is of an aggregated or statistical nature, and we will have no way of knowing the identity of the user. In other cases we may associate information about your use of Coles Digital Services over time with your Personal Information, e.g. where on any occasion you have logged in, followed a link sent to you by email or we have otherwise been able to identify you.

We are constantly developing and enhancing our use of online technologies, and make reasonable efforts to ensure we keep this Privacy Policy and related documents up to date in this regard. Please check back when you return to use our online services to ensure you are familiar with our current practices.

Our online services may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and recommend that you review their privacy policies.

7. Procedures for access, correction and feedback

If you wish to access or correct any Personal Information we hold about you, please contact us as set out below.

When making an access request, please provide as much detail as you can about the particular information you seek, in order to help us retrieve it. Under the Privacy Act and other relevant laws, we are required to provide a written response outlining our reasons if we refuse your request.

Where we decide not to make a requested correction and you disagree, you may ask us to add a note of your requested correction to the information that explains your correction request.

8. Complaints and concerns

If you have any complaints or concerns about this Policy, or our handling of your Personal Information, you can contact us as set out below.

Once a complaint has been lodged, we will let you know who will be handling your matter and when you can expect a full response within 30 days.

If you are not satisfied with our response, please let us know and we will investigate further and respond to you. If you are still not satisfied, you can contact the Office of the Australian Information Commissioner, whose contact details are set out below.

Contact Details

Queries regarding privacy should be directed to the Coles Privacy Officer:

Office of the Australian Information Commissioner

GPO Box 5218 Sydney NSW 2001

9. Additional privacy information

In addition to this Privacy Policy, many Coles group companies and brands have their own privacy statements and other terms which provide further information about your privacy, e.g. Coles Insurance, Coles MasterCard, and Coles Personal Loans. Please see the relevant material relating to those products and services for details, including where those Coles-branded products and services are provided by or with third parties who may collect your Personal Information.

For information about privacy generally, you may contact the Office of the Australian Information Commissioner on the contact details noted above.

Dated: November 2018