Privacy & Security Notice
Types of Personal Information Collected
How Personal Information is collected and held
Purposes for Handling Personal Information
Sharing of Personal Information
Procedures for access or correction of your personal information
Complaints and concerns
Additional Privacy Information
Card number, PINs and Passwords
Third Party Sites
Changes to Policies and Procedures
At Coles Group Limited (Coles), we respect the privacy of your personal information in our care. Personal information means information which identifies you as an individual or from which you can be reasonably identified.
Coles and Coles Group companies do not sell personal data. In order to provide goods and services to you, we share personal data with trusted operational suppliers. Again, these companies do not sell your personal data and they are contractually prevented from doing so. Further, all companies with whom we share data can use the data only for these contractually agreed purposes and must handle the data in a confidential and secure manner in accordance with Australian privacy legislation. Currently, we have a small number of suppliers who operate specialist services for us who are located in Ireland, Hong Kong, Singapore, Japan and the United States of America.
The types of personal information we collect includes name, contact details, identification information, household details, payment and transaction details/history (including information about payment cards linked to flybuys and associated transactions), details regarding participation in flybuys and our other clubs and programs operated from time to time, records of your communications and interactions with us, and details/history of preferences, interests and behaviour relating to transactions, products, services and activity with our digital services.
We may not be able to provide our products or services, or make offers to you without your personal information. For example, we may not be able to ensure you are awarded flybuys points, contact you or deliver your orders.
We may collect your personal information in relation to your interactions and transactions with us and Wesfarmers group companies. This includes: using your flybuys card or number or associated identifiers such as payment cards; making a purchase in store; placing an order online; making a non-cash payment; participating in a promotion, competition, or survey; registering for services; using related digital services. We may monitor and record your communications with us (including email and telephone) for security, dispute resolution, and training purposes, and we also operate video and audio surveillance devices in our premises. We may also collect personal information from third parties including public sources, information service providers, providers who administer Coles-branded products and services such as payment cards and insurance, anyone authorised to act on your behalf, and other Wesfarmers group companies including flybuys.
We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We have a number of security controls in place and use a range of people, process and technology controls to protect your personal information. Our security controls are periodically reviewed to ensure that the protection of your personal information is maintained. We also take measures in respect of destroying or de-identifying personal information that is no longer needed for any lawful purpose.
We handle your personal information in connection with providing, administering, improving and personalising our products and services. This can include processing payments, delivering orders, managing promotions, providing refunds and discounts, verifying your identity, communicating with you (including direct marketing), conducting product and market research, maintaining and updating our records, dealing with enquiries from you, and working with our service providers and other Wesfarmers group companies. Using personal information, we endeavour to improve our understanding of your interests, suitability and behaviour in relation to products, services and offers, including conducting risk assessments for financial products (including credit and insurance).
We may also handle your personal information to protect our lawful interests and facilitate purchases and potential purchases of our businesses. We may provide marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (e.g. email), our digital services and other means. These communications may relate to the products and services we, and other Wesfarmers group companies provide, and other products which may be of interest to you. You can call us on 13 11 16 at any time to opt out of electronic and telephone direct marketing communications.
To make it easy for you to deal with other Wesfarmers group companies (including flybuys) and provide you with a more personal and consistent experience, we may exchange and combine personal information with them for the purposes described in our respective privacy policies.
We and Wesfarmers group companies may exchange your personal information with service providers engaged to assist with services including data processing, data analysis, information broking, credit reporting, online computing, printing, contact management, legal, accounting, business consulting, marketing, research, auditing, archival, delivery, security, investigation and mailing services, and in the provision of Coles-branded products and services such as payment cards and insurance.
The third parties to whom we disclose personal information may be located in Australia and other countries including the Philippines, Singapore and the USA. We take steps to ensure that our service providers are obliged to protect the privacy and security of your personal information and use it only for the purpose for which it is disclosed.
We provide information and services through a range of digital and online services including websites, apps, email, online advertisements, IPTV and social media profiles. These services may be operated by us, other Wesfarmers group companies and flybuys program participants (collectively, Digital Services) to provide a consistent experience, personalise your use of each of those services and provide targeted marketing.
Our systems record a variety of information in relation to interactions with our online services. This can include information about software versions used, device identifiers (like IP address), location data (where available and not disabled by the user), dates, times, file metadata, referring website, data entered and user activity such as links clicked.
Some information we collect in relation to Digital Services is not related to an individual. In many cases the information only relates to a device or is of an aggregated or statistical nature, and we will have no way of knowing the identity of the user. In other cases we may associate information about your use of Digital Services over time with your personal information, e.g. where on any occasion you have logged in, followed a link sent to you by email or we have otherwise been able to identify you.
Our online services may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and recommend that you review their privacy policies.
If you wish to access or correct any personal information we hold about you, please contact us as set out below.
When making an access or correction request, please provide as much detail as you can about the particular information you seek, in order to help us retrieve it. Under the Privacy Act and other relevant laws, we are required to provide a written response outlining our reasons if we refuse your request. Where we decide not to make a requested correction and you disagree, you may ask us to make a note of your requested correction with the information.
If you have any complaints or concerns about this Policy, or our handling of your personal information, you can contact us as set out below.
Once a complaint has been lodged, we will let you know who will be handling your matter and when you can expect a full response. If you are not satisfied with our response, please let us know and we will investigate further and respond to you.
If you are still not satisfied, you can contact the Office of the Australian Information Commissioner, whose contact details are set out below.
Queries regarding privacy should be directed to the Coles Privacy Officer:
Phone: 13 11 16
Post: 800 Toorak Road, Hawthorn East VIC 3123
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
For information about privacy generally, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au and on 1300 363 992.
When you register with Coles Group & Myer Corporate Services, your information is stored in a safe and secure environment. When you place a Gift Card order, it is sent to our supplier partners in an encrypted form using Secure Sockets Layer (SSL) technology. SSL technology is the standard form of encryption that is used by major banking institutions and e-commerce websites.
When you sign in to any service that we may offer on this site, the information collected is compared with the details we stored when you first registered with us for that service.
When submitting feedback to questions via email, it is very important that you do not disclose any details that could be used by others to gain access to your personal information. This includes your card number and any PINs or passwords.
Please make sure you secure your card numbers, PINs and passwords at all times.
Our site contains links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the privacy practices of third parties or the content of other web sites to which you provide your personal information. Please take care at all times to check whose site you are visiting.
We use high security levels for our online services. We use security levels which are standard for Internet banking and large scale e-commerce sites. You can check the security level of a web page by clicking on your internet browser's padlock or key icon.
Encryption is the standard way of protecting your information as it is transmitted between you and us. This involves converting the information into an unreadable code using a "key" (and also de-coding it using this "key"). The longer the key, the more difficult it is for others to break the encrypted code.
From time to time and in line with customer expectations and legislative changes, our privacy and security policies and procedures will be reviewed and, if appropriate, updated. You should therefore check this Privacy and Security Notice every time you propose to use our website or submit information to us.