Privacy & Security Notice

 
Contents

Overview
Types of Personal Information Collected

How Personal Information is collected and held

Purposes for Handling Personal Information

Sharing of Personal Information

Digital Services

Procedures for access or correction of your personal information

Complaints and concerns

Contact Us

Additional Privacy Information

Security Notice

Card number, PINs and Passwords
Third Party Sites
Website security
Changes to Policies and Procedures
 

Overview

At Coles Group Limited (Coles), we respect the privacy of your personal information in our care. Personal information means information which identifies you as an individual or from which you can be reasonably identified.

This Privacy Policy relates to personal information we collect and handle about you as our customers, visitors to our website, apps, social media and other digital services and members of the public. Our personnel and job applicants can contact our human resources team for details about the privacy of their personal information.

Coles and Coles Group companies do not sell personal data. In order to provide goods and services to you, we share personal data with trusted operational suppliers. Again, these companies do not sell your personal data and they are contractually prevented from doing so. Further, all companies with whom we share data can use the data only for these contractually agreed purposes and must handle the data in a confidential and secure manner in accordance with Australian privacy legislation. Currently, we have a small number of suppliers who operate specialist services for us who are located in Ireland, Hong Kong, Singapore, Japan and the United States of America.

We are part of the Wesfarmers group. Wesfarmers has its own privacy policy which is available at www.wesfarmers.com.au.



Types of Personal Information Collected

The types of personal information we collect includes name, contact details, identification information, household details, payment and transaction details/history (including information about payment cards linked to flybuys and associated transactions), details regarding participation in flybuys and our other clubs and programs operated from time to time, records of your communications and interactions with us, and details/history of preferences, interests and behaviour relating to transactions, products, services and activity with our digital services.

We may not be able to provide our products or services, or make offers to you without your personal information. For example, we may not be able to ensure you are awarded flybuys points, contact you or deliver your orders.

Where you provide us with personal information about someone else you must have their consent to provide their personal information to us based on this Privacy Policy.



How Personal Information is collected and held

We may collect your personal information in relation to your interactions and transactions with us and Wesfarmers group companies. This includes: using your flybuys card or number or associated identifiers such as payment cards; making a purchase in store; placing an order online; making a non-cash payment; participating in a promotion, competition, or survey; registering for services; using related digital services. We may monitor and record your communications with us (including email and telephone) for security, dispute resolution, and training purposes, and we also operate video and audio surveillance devices in our premises. We may also collect personal information from third parties including public sources, information service providers, providers who administer Coles-branded products and services such as payment cards and insurance, anyone authorised to act on your behalf, and other Wesfarmers group companies including flybuys.

We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We have a number of security controls in place and use a range of people, process and technology controls to protect your personal information. Our security controls are periodically reviewed to ensure that the protection of your personal information is maintained. We also take measures in respect of destroying or de-identifying personal information that is no longer needed for any lawful purpose.



Purposes for Handling Personal Information

We handle your personal information in connection with providing, administering, improving and personalising our products and services. This can include processing payments, delivering orders, managing promotions, providing refunds and discounts, verifying your identity, communicating with you (including direct marketing), conducting product and market research, maintaining and updating our records, dealing with enquiries from you, and working with our service providers and other Wesfarmers group companies. Using personal information, we endeavour to improve our understanding of your interests, suitability and behaviour in relation to products, services and offers, including conducting risk assessments for financial products (including credit and insurance). 

We may also handle your personal information to protect our lawful interests and facilitate purchases and potential purchases of our businesses. We may provide marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (e.g. email), our digital services and other means. These communications may relate to the products and services we, and other Wesfarmers group companies provide, and other products which may be of interest to you. You can call us on 13 11 16 at any time to opt out of electronic and telephone direct marketing communications.



Sharing of Personal Information

To make it easy for you to deal with other Wesfarmers group companies (including flybuys) and provide you with a more personal and consistent experience, we may exchange and combine personal information with them for the purposes described in our respective privacy policies.

We and Wesfarmers group companies may exchange your personal information with service providers engaged to assist with services including data processing, data analysis, information broking, credit reporting, online computing, printing, contact management, legal, accounting, business consulting, marketing, research, auditing, archival, delivery, security, investigation and mailing services, and in the provision of Coles-branded products and services such as payment cards and insurance.

The third parties to whom we disclose personal information may be located in Australia and other countries including the Philippines, Singapore and the USA. We take steps to ensure that our service providers are obliged to protect the privacy and security of your personal information and use it only for the purpose for which it is disclosed.



Digital Services

We provide information and services through a range of digital and online services including websites, apps, email, online advertisements, IPTV and social media profiles. These services may be operated by us, other Wesfarmers group companies and flybuys program participants (collectively, Digital Services) to provide a consistent experience, personalise your use of each of those services and provide targeted marketing.

Digital Services may use “cookies”. A cookie is a piece of information that allows the server to identify and interact more effectively with your device. The cookie assists us in maintaining the continuity of your browsing session (e.g. to maintain a shopping cart) and remembering your details and preferences when you return. Other technologies that may be used with Digital Services include web beacons (which may operate in conjunction with cookies), Flash local stored objects and JavaScript. Some of these cookies and other technologies are consistent across various Digital Services, allowing us and the other providers of these services to understand you better and provide a more consistent experience across these services. You can configure your web browser to reject and delete cookies and block JavaScript but you may find some parts of Digital Services then have limited functionality. You can control your preferences regarding Flash local stored objects at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html.

Our systems record a variety of information in relation to interactions with our online services. This can include information about software versions used, device identifiers (like IP address), location data (where available and not disabled by the user), dates, times, file metadata, referring website, data entered and user activity such as links clicked.

In some cases third parties may use cookies and other technologies such as those described above as part of Digital Services. These technologies may be used in connection with activities like surveys, online behavioural advertising, website analytics and email campaign management. The services we may use from time to time include Google Analytics, Google Display Network, Google AdSense, DoubleClick, Yahoo, Adobe, Campaign Manager and Microsoft. You can find more details in the privacy policies for those services (e.g. Google’s Ads Preferences Manager), including information on how to opt-out of certain conduct. Bear in mind, you may need to opt-out separately from each service. The website www.yourchoicesonline.com.au also allows you to opt-out of some online behavioural advertising and provides further information about how online behavioural advertising works. You can contact us to request further details of the services we use. Many of these services operate without collecting or using any personal information.

Some information we collect in relation to Digital Services is not related to an individual. In many cases the information only relates to a device or is of an aggregated or statistical nature, and we will have no way of knowing the identity of the user. In other cases we may associate information about your use of Digital Services over time with your personal information, e.g. where on any occasion you have logged in, followed a link sent to you by email or we have otherwise been able to identify you.

We are constantly developing and enhancing our use of online technologies, and make reasonable efforts to ensure we keep this Privacy Policy and related documents up to date in this regard. Please check back when you return to use our online services to ensure you are familiar with our current practices.

Our online services may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and recommend that you review their privacy policies.



Procedures for access or correction of your personal information

If you wish to access or correct any personal information we hold about you, please contact us as set out below.

When making an access or correction request, please provide as much detail as you can about the particular information you seek, in order to help us retrieve it. Under the Privacy Act and other relevant laws, we are required to provide a written response outlining our reasons if we refuse your request. Where we decide not to make a requested correction and you disagree, you may ask us to make a note of your requested correction with the information.



Complaints and concerns

If you have any complaints or concerns about this Policy, or our handling of your personal information, you can contact us as set out below.

Once a complaint has been lodged, we will let you know who will be handling your matter and when you can expect a full response. If you are not satisfied with our response, please let us know and we will investigate further and respond to you.

If you are still not satisfied, you can contact the Office of the Australian Information Commissioner, whose contact details are set out below.


Contact Us

Queries regarding privacy should be directed to the Coles Privacy Officer:

Phone:  13 11 16

Email:  privacy@coles.com.au

Post:  800 Toorak Road, Hawthorn East VIC 3123


Office of the Australian Information Commissioner

GPO Box 5218 Sydney NSW 2001

Telephone:  1300 363 992

Email:  enquiries@oaic.gov.au

Website:  www.oaic.gov.au



Additional Privacy Information

In addition to this Privacy Policy, many Coles and Wesfarmers companies and brands have their own privacy statements and other terms which provide further information about your privacy, e.g. flybuys, Coles Insurance and Coles MasterCard. Please see the relevant material relating to those products and services for details, including where those Coles-branded products and services are provided by or with third parties who may collect your personal information.

For information about privacy generally, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au and on 1300 363 992.



Security Notice

When you register with Coles Group & Myer Corporate Services, your information is stored in a safe and secure environment. When you place a Gift Card order, it is sent to our supplier partners in an encrypted form using Secure Sockets Layer (SSL) technology. SSL technology is the standard form of encryption that is used by major banking institutions and e-commerce websites.

 

Card number, PINs and Passwords

When you sign in to any service that we may offer on this site, the information collected is compared with the details we stored when you first registered with us for that service.

When submitting feedback to questions via email, it is very important that you do not disclose any details that could be used by others to gain access to your personal information. This includes your card number and any PINs or passwords.

Please make sure you secure your card numbers, PINs and passwords at all times.

 

Third Party Sites

Our site contains links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the privacy practices of third parties or the content of other web sites to which you provide your personal information. Please take care at all times to check whose site you are visiting.

 

Website security

We use high security levels for our online services. We use security levels which are standard for Internet banking and large scale e-commerce sites. You can check the security level of a web page by clicking on your internet browser's padlock or key icon.

Encryption is the standard way of protecting your information as it is transmitted between you and us. This involves converting the information into an unreadable code using a "key" (and also de-coding it using this "key"). The longer the key, the more difficult it is for others to break the encrypted code.

 

Changes to Policies and Procedures

From time to time and in line with customer expectations and legislative changes, our privacy and security policies and procedures will be reviewed and, if appropriate, updated. You should therefore check this Privacy and Security Notice every time you propose to use our website or submit information to us.