Privacy policy

We collect, hold, use and disclose your personal information so that we can provide goods and services to you, improve and personalise our services for you and operate our business effectively. This includes, but is not limited to:

• Managing your requests for products and services, including deliveries, processing payments, providing refunds and discounts;
• Responding to feedback or concerns you have regarding our products and services;
• Registering and servicing your account, including keeping your information up-to-date, and verifying your identity;
• Communicating with you about our products, services, and promotions (including direct marketing);
• Requesting feedback through surveys and research so that we can improve our products and services;
• Improving our operational processes to enhance your customer experience;
• Working with our service providers;
• Safety, security, investigative, fraud, and loss prevention activities;
• Facilitating corporate transactions like mergers and acquisitions, e.g. to assess those transactions and manage the transition of the business;
• Complying with our legal obligations and protecting and defending our legal rights and interests;
• Interacting with Regulators and relevant government entities; and,
• As otherwise required or permitted by law.

Where you provide us with personal information about someone else, you must have their consent to provide their personal information to us based on this Privacy Policy. 

The types of personal information we collect for the purposes listed in Section 2 includes, but is not limited to:

• Your identity and contact details: this includes your name, residential address, email address, telephone number(s), age and gender, government ID (e.g. driver’s license);
• Basic household information: this includes number and ages of people living in a household;
• Financial and transaction information: this includes payment cards and transaction history;
• Health information: this includes medical or hospital services in connection with an injury/condition related to a public liability or workers compensation claim that has been raised with Coles;
• Loyalty program information: information about your participation in Coles loyalty clubs and programs (e.g. Vintage Cellars Wine Club), Coles employee discount cards, and the flybuys loyalty program;
• Location information: our websites or apps might ask for location information to help better serve you information and, if you have given permission to our app, device data to help serve relevant information about nearby stores or information applicable to your region;
• User data: information about you as a customer of our stores and how you engage with our products and services. For example, transactional data, product purchases, interests, feedback you provide on your shopping experience and audio and video footage captured in-store and within facilities;
• Usage and Interaction data: details of how you interact with our products and services including what you click on and interact with across our Coles Digital Services (see Section 6 for further information);
• Contact history: details of your contact and interactions with our Customer Care teams across Coles; and,
• Marketing and communications data: this includes your marketing preferences, channel preferences, and your interaction with Coles Digital Services and marketing.

Anonymity

You have the option to engage with Coles anonymously. However, if you choose to interact with Coles anonymously, we may not be able to provide our products or services to you, or make some offers available to you without your personal information. For example, we may not be able to deliver items ordered online to your home address if you do not provide us with your residential address, or we may not be able to award you flybuys points for transactions made at store if you do not provide your flybuys number.  

We collect your personal information when you interact or transact with us.  This includes, but is not limited to, when you:

• Visit a store, make a purchase in store, or place an order online;
• Use your flybuys card and payment cards (i.e. credit card or debit card);
• Registering for a service where we collect personal information;
• Participate in flybuys and/or our other loyalty programs;
• Participate in a promotion, competition, or survey;
• Request customer service or contact us (including by email and telephone);
• Post a review or comment on one of our websites or social media pages, or post a rating, a review, or other user generated content on our websites or apps; or,
• Use our related websites, apps, social media, and other digital services (see Section 5 – Coles Digital Services for further information).
  

We may also collect personal information from third parties including from:

• Public sources (for example, in public registers or social media);
•  Information service providers (for example, if you apply for credit, we may ask a credit reporting body for your credit report);
• Providers who administer Coles-branded products and services (for example, our financial service partners for payment cards and insurance); and,
• Anyone authorised to act on your behalf.

We may also generate new personal information from time to time – e.g. reports or analysis based on other information we hold about you.

We hold personal information electronically and in hard copy, at our own facilities and with the assistance of our service providers.  We implement a range of measures, including people, process, and technology controls to protect the security of your personal information.  Examples of these measures include:

• Access to personal information is controlled through access and identity management systems;
• Team members are bound by internal confidentiality and information security policies that require them to keep personal information secure at all times;
• Protecting personal information in accordance with the Office of the Information Commissioner’s Guide to Securing Personal Information; and,
• Maintaining an ongoing security program where we invest continually in cyber security.

Our security controls are continually reviewed to protect your personal information appropriately. 

We often work co-operatively within the Coles Group, and may share personal information with other members of the Group. We also work with suppliers and third parties that carry out specific functions on our behalf, so that we can provide you with goods and services and carry out the activities listed in Section 1.  These third parties assist us with the below services, which includes, but is not limited to:

• Technology services including application development, technical support, and processing, storing, hosting and analysing data;
• Processing payments;
• Communicating our offers and promotions to you;
• Product development and market research;
• Store security and investigative, fraud, loss prevention, and safety activities; 
• Business advisory services, such as our lawyers, accountants, or other professional service providers to the extent reasonably required; and,
• Administrative services, including mailing services, printing, archival, and contact management services.

Other third parties we share personal information with include:

• your representatives;
• police, courts, government agencies and lawyers, e.g. in in connection with regulatory and legal investigations and processes; and
• parties involved in business transfer transactions (and prospective transactions).

We use systems, customer service teams and service providers located within Australia and in overseas locations that include Argentina, Canada, EU Member States, Hong Kong, India, Israel, Japan, New Zealand, Philippines, Singapore, South Africa, United Kingdom, United States, and Vietnam. We may share personal information with third parties in these countries. From time to time, this list of countries may change.

Coles operates a range of websites, mobile apps, email services, online advertisements and social media profiles, which are collectively known as Coles Digital Services. We want you to be confident that your personal information is being used to offer you a better and more personalised experience across Coles. 

We and our suppliers (such as Facebook, Google, Oracle and Adobe) use various technologies, such as cookies, beacons, tags and pixels, to personalise and improve your customer experience as you use our Coles Digital Services. Cookies and similar technologies may also help us to detect fraudulent activity or to prevent security breaches and so we may collect information about your device from within the cookie.

These technologies within our Coles Digital Services may be used to do the following:

• Improve the way our websites and mobile apps work – these technologies allow us to improve the way our websites and mobile apps work so that we can personalise your experience and allow you to use many of their useful features. For example, we use cookies so we can remember your preferences and the contents of your shopping basket when you return to our websites and mobile apps.
• Improve the performance of our websites and mobile apps – these technologies can help us to understand how our websites and mobile apps are being used, for example, by telling us if you get an error messages as you browse. 
• Deliver relevant online advertising, including via social media – these technologies to help us deliver online advertising that we believe is most relevant to you on our websites, other organisations’ websites, and on social media. These technologies may collect information about your online behaviour, such as your IP address, the website you arrived from and information about your purchase history or the content of your shopping basket. This means that you may see our adverts on our websites and on other organisations’ websites. You may also see adverts for other organisations on our websites. To help us deliver online advertising that is relevant to you, we may also combine data we collect through cookies and similar technologies on your devices with other data that we have collected, for example your use of loyalty cards and in-store purchases.
• Measuring the effectiveness of our marketing communications, including online advertising – marketing communications and online advertising may be in the form of email, SMS, push notification through our app, web notifications through our website, display banners on external websites, and social media platforms. Cookies and similar technologies can tell us, for example, if you have seen a specific advert, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advert. We also use cookies and similar technologies to measure the effectiveness of our marketing communications, for example by telling us if you have opened a marketing email that we have sent. 

You can configure your browser or device to reject and delete cookies, block JavaScript, disable GPS location services and anonymise your usage patterns. If you choose to do so, this may limit the functionality of some parts of Coles Digital Services for you. For example, you may not be able to add items to your shopping basket, proceed to checkout, or use our products and services that require you to sign in.

You can opt out of receiving promotional email and SMS communications at any time by either:

• Clicking unsubscribe within the Coles email; 
• Calling our Coles contact centre on 1800 061 562; or,
• Texting “STOP” to opt out of SMS.

There are, however, some service and transactional messages that we must be able to send you. These include, for example, messages relating to your account, forgotten passwords, transactional receipts, updates to our T&Cs and Privacy Policy, and product recall notices.

If you wish to access or correct any personal information we hold about you, please contact us as set out in Section 8.

When making an access request, please provide as much detail as you can about the specific information you seek, in order to help us retrieve it. Under the Privacy Act and other relevant laws, we are required to provide a written response to you if we are unable to respond to your request, outlining the reasons why we were unable to do so.

Where you request Coles to correct information we hold about you, but Coles elects not to make the requested correction, you may request Coles to add a note to your information outlining your position.

If you have any questions or complaints about this Policy, or our handling of your personal information, you can contact us as set out in Section 8.

Once a complaint has been lodged, we will let you know who will be handling your matter and when you can expect a full response within 30 days. If you are not satisfied with our response, please let us know and we will investigate further and respond to you.

If you are still not satisfied, you can contact the Office of the Australian Information Commissioner, whose contact details are set out in Section 8. 

Queries regarding privacy should be directed to Coles Customer Care at:

Email (via webform): www.coles.com.au/customer-service/contact-us

Phone: 1800 061 562

Post:    Privacy Officer, Coles Group, 800 Toorak Road, Hawthorn East VIC 3123

Office of the Australian Information Commissioner

GPO Box 5218 Sydney NSW 2001

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au

Website: www.oaic.gov.au