Privacy & Security Notice
At Coles, we respect the privacy of your personal information in our care. Personal information means information that identifies you as an individual or from which you can be reasonably identified.
For information about privacy generally, you may contact the Office of the Australian Information Commissioner whose details are set in Section 9.
2. Why do we collect and handle your personal information?
We collect, hold, use and disclose your personal information so that we can provide goods and services to you, improve and personalise our services for you and operate our business effectively. This includes, but is not limited to:
- Managing your requests for products and services, including deliveries, processing payments, providing refunds and discounts;
- Responding to feedback or concerns you have regarding our products and services;
- Registering and servicing your account, including keeping your information up-to-date, and verifying your identity;
- Communicating with you about our products, services, promotions (including direct marketing) and providing samples;
- Requesting feedback through surveys and research so that we can improve our products and services;
- Improving our operational processes to enhance your customer experience;
- Working with our service providers;
- Safety, security, investigative, fraud, and loss prevention activities;
- Facilitating corporate transactions like mergers and acquisitions, e.g. to assess those transactions and manage the transition of the business;
- Complying with our legal obligations and protecting and defending our legal rights and interests;
- Interacting with Regulators and relevant government entities; and,
- As otherwise required or permitted by law.
3. Types of personal information collected
The types of personal information we collect for the purposes listed in Section 2 includes, but is not limited to:
- Your identity and contact details: this includes your name, residential address, email address, telephone number(s), age and gender, government ID (e.g. driver’s license);
- Basic household information: this includes number and ages of people living in a household;
- Financial and transaction information: this includes payment cards and transaction history;
- Health information: this includes medical or hospital services in connection with an injury/condition related to a public liability or workers compensation claim that has been raised with Coles;
- Loyalty program information: information about your participation in Coles loyalty clubs and programs (e.g. Vintage Cellars Wine Club), Coles employee discount cards, and the flybuys loyalty program;
- Location information: our websites or apps might ask for location information to help better serve you information and, if you have given permission to our app, device data to help serve relevant information about nearby stores or information applicable to your region;
- User data: information about you as a customer of our stores and how you engage with our products and services. For example, transactional data, product purchases, interests, feedback you provide on your shopping experience and audio and video footage captured in-store and within facilities;
- Usage and Interaction data: details of how you interact with our products and services including what you click on and interact with across our Coles Digital Services (see Section 6 for further information);
- Contact history: details of your contact and interactions with our Customer Care teams across Coles; and,
- Marketing and communications data: this includes your marketing preferences, channel preferences, and your interaction with Coles Digital Services and marketing.
- Information collected through CCTV and monitoring technologies: this includes security and team safety cameras, or similar technologies that record footage that could identify you.
- Body Worn Camera footage: some team members may wear body worn cameras. When activated, the device records both audio and video which could identify you. These devices are activated in high-risk situations, such as when there is a threat to a team member or customer safety.
You have the option to engage with Coles anonymously. However, if you choose to interact with Coles anonymously, we may not be able to provide our products or services to you, or make some offers available to you without your personal information. For example, we may not be able to deliver items ordered online to your home address if you do not provide us with your residential address, or we may not be able to award you flybuys points for transactions made at store if you do not provide your flybuys number.
4. How personal information is collected and held
We collect your personal information when you interact or transact with us. This includes, but is not limited to, when you:
- Visit a store, make a purchase in store, or place an order online;
- Use your flybuys card and payment cards (i.e. credit card or debit card);
- Registering for a service where we collect personal information;
- Participate in flybuys and/or our other loyalty programs;
- Participate in a promotion, competition, or survey;
- Request customer service or contact us (including by email and telephone);
- Post a review or comment on one of our websites or social media pages, or post a rating, a review, or other user generated content on our websites or apps; or,
- Use our related websites, apps, social media, and other digital services (see Section 6 – Coles Digital Services for further information).
We may also collect personal information from third parties including from:
- Public sources (for example, in public registers or social media);
- Information service providers (for example, if you apply for credit, we may ask a credit reporting body for your credit report);
- Providers who administer Coles-branded products and services (for example, our financial service partners for payment cards and insurance); and,
- Anyone authorised to act on your behalf.
We may also generate new personal information from time to time – e.g. reports or analysis based on other information we hold about you.
We hold personal information electronically and in hard copy, at our own facilities and with the assistance of our service providers. We implement a range of measures, including people, process, and technology controls to protect the security of your personal information. Examples of these measures include:
- Access to personal information is controlled through access and identity management systems;
- Team members are bound by internal confidentiality and information security policies that require them to keep personal information secure at all times;
- Protecting personal information in accordance with the Office of the Information Commissioner’s Guide to Securing Personal Information; and,
- Maintaining an ongoing security program where we invest continually in cyber security.
Our security controls are continually reviewed to protect your personal information appropriately.
5. Sharing of personal information
We often work co-operatively within the Coles Group, and may share personal information with other members of the Group. We also work with suppliers and third parties that carry out specific functions on our behalf, so that we can provide you with goods and services and carry out the activities listed in Section 2. These third parties assist us with the below services, which includes, but is not limited to:
- Technology services including application development, technical support, and processing, storing, hosting and analysing data;
- Processing payments;
- Communicating our offers and promotions to you;
- Delivering your orders
- Product development and market research;
- Store security and investigative, fraud, loss prevention, and safety activities;
- Business advisory services, such as our lawyers, accountants, or other professional service providers to the extent reasonably required;
- Administrative services, including mailing services, printing, archival, and contact management services: and
- Digital Identity verification services.
Other third parties we share personal information with include:
- your representatives;
- police, courts, government agencies and lawyers, e.g. in in connection with regulatory and legal investigations and processes; and
- parties involved in business transfer transactions (and prospective transactions).
We use systems, customer service teams and service providers located within Australia and in overseas locations that include Argentina, Canada, EU Member States, Hong Kong, India, Israel, Japan, New Zealand, Philippines, Singapore, South Africa, United Kingdom, United States, and Vietnam. We may share personal information with third parties in these countries. From time to time, this list of countries may change.
6. Coles Digital Services
Coles operates a range of websites, mobile apps, email services, online advertisements and social media profiles, which are collectively known as Coles Digital Services. We want you to be confident that your personal information is being used to offer you a better and more personalised experience across Coles.
We and our suppliers (such as Facebook, Google, Oracle and Adobe) use various technologies, such as cookies, beacons, tags and pixels, to personalise and improve your customer experience as you use our Coles Digital Services. Cookies and similar technologies may also help us to detect fraudulent activity or to prevent security breaches and so we may collect information about your device from within the cookie.
These technologies within our Coles Digital Services may be used to do the following:
- Improve the performance of our websites and mobile apps – these technologies can help us to understand how our websites and mobile apps are being used, for example, by telling us if you get an error messages as you browse.
- Deliver relevant online advertising, including via social media – these technologies to help us deliver online advertising that we believe is most relevant to you on our websites, other organisations’ websites, and on social media. These technologies may collect information about your online behaviour, such as your IP address, the website you arrived from and information about your purchase history or the content of your shopping basket. This means that you may see our adverts on our websites and on other organisations’ websites. You may also see adverts for other organisations on our websites. To help us deliver online advertising that is relevant to you, we may also combine data we collect through cookies and similar technologies on your devices with other data that we have collected, for example your use of loyalty cards and in-store purchases.
You can opt out of receiving promotional email and SMS communications at any time by either:
- Clicking unsubscribe within the Coles email;
- Calling our Coles contact centre on 1800 061 562; or,
- Texting “STOP” to opt out of SMS.
7. Procedure to access or correct your personal information
If you wish to access or correct any personal information we hold about you, please contact us as set out in Section 9.
When making an access request, please provide as much detail as you can about the specific information you seek, in order to help us retrieve it. Under the Privacy Act and other relevant laws, we are required to provide a written response to you if we are unable to respond to your request, outlining the reasons why we were unable to do so.
Where you request Coles to correct information we hold about you, but Coles elects not to make the requested correction, you may request Coles to add a note to your information outlining your position.
8. Questions and complaints
If you have any questions or complaints about this Policy, or our handling of your personal information, you can contact us as set out in Section 9.
Once a complaint has been lodged, we will let you know who will be handling your matter and when you can expect a full response within 30 days. If you are not satisfied with our response, please let us know and we will investigate further and respond to you.
If you are still not satisfied, you can contact the Office of the Australian Information Commissioner, whose contact details are set out in Section 9.
9. Contact Details
Queries regarding privacy should be directed to Coles Customer Care at:
Phone: 1800 061 562
Post: Privacy Officer, Coles Group, 800 Toorak Road, Hawthorn East VIC 3123
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992