skip to main content

Privacy & Security Notice

1. Overview

At Coles, we take the protection of personal information seriously. Personal information means information that identifies you as an individual or from which you can be reasonably identified.

This Privacy Policy effective August 2024 applies to Coles Group Limited and its subsidiaries except as noted below1 (together, “Coles”, “we”, “us”). The brands used by the entities covered by this Privacy Policy include Liquorland, Vintage Cellars and First Choice Liquor Market.

This Privacy Policy provides you with information about the personal information we collect and handle about our customers, members of the public, visitors to our websites, and users of Coles apps, social media, digital wallets and other digital services.

In addition to this Privacy Policy, some Coles Group businesses and their third-party partners (where applicable) have privacy notices and other terms that provide further information about your privacy. These include Coles Mobile, Coles Insurance, Coles Pet Insurance, Coles MasterCard, Coles Personal Loans, Swaggle and QuiteLike. Those additional privacy notices and terms contain important information about the collection, use and disclosure of personal information by those business and the third- party partners.

Coles is a participating partner in the flybuys program (Loyalty Pacific Pty Ltd). You can find the flybuys privacy policy at http://www.flybuys.com.au/about/#/privacy-policy.

Job applicants and Coles team members should refer to the Coles Careers Privacy Policy available via www.coles.com.au/privacy for information on how Coles handles their personal information.

General information about privacy, can be obtained from the Office of the Australian Information Commissioner. Details are set out in Section 10.

Coles may update this privacy policy from time to time, with the most up to date policy always available at www.coles.com.au/privacy.

1 The following Coles Group Limited subsidiaries are not covered by this Privacy Policy: CGBV1 Pty Ltd (trading as Swaggle), and BetaElementCo Pty Ltd (trading as QuiteLike).

2. Why do we collect and handle your personal information?

We collect, hold, use and disclose your personal information so that we can provide our goods and services, improve and personalise our goods, services and communications and operate our business effectively. This includes, but is not limited to:

  • Managing your requests for products and services, including deliveries, processing payments, providing refunds and discounts;
  • Responding to feedback or concerns you have regarding our products and services;
  • Registering and servicing your account, including keeping your information up- to-date, and verifying your identity;
  • Communicating with you about products, services, promotions (including direct marketing) and providing samples;
  • Requesting feedback through surveys and research so that we can improve our products and services;
  • Improving our operational processes to enhance your customer experience;
  • Working with our service providers;
  • Managing our risks, including activities relating to business continuity, safety, security, investigations, fraud, and loss prevention activities;
  • Facilitating corporate transactions like mergers and acquisitions, e.g. to assess those transactions and manage the transition of the business;
  • Complying with our legal obligations and collecting personal information as required or authorised by law, such as under the Corporations Act, liquor acts, public health acts, surveillance devices acts, Telecommunications (Interception and Access) Act and tobacco/smoking acts;
  • Protecting and defending our legal rights and interests;
  • Interacting with Regulators and relevant government entities;
  • Monitoring and recording your communications with us for security, dispute resolution, and quality and training purposes; and,
  • As otherwise required or permitted by law.

Where you provide us with personal information about someone else, you must have their consent to provide their personal information to us, and advise them of the matters in this Privacy Policy, and, where relevant, the Coles Careers Privacy Policy.

3. Types of personal information collected

The types of personal information we collect for the purposes listed in Section 2 includes, but is not limited to:

  • Your identity and contact details: this includes your name, residential address, email address, telephone number(s), age and gender, government ID (e.g. driver’s license);
  • Basic household information: this includes number and ages of people living in a household;
  • Financial and transaction information: this includes payment cards, transaction history and digital wallet provided by Coles.
  • Health information: this includes medical or hospital services in connection with an injury/condition related to a public liability or workers compensation claim that has been raised with Coles;
  • Loyalty/Team member discount program information: information about your participation in and purchases through Coles loyalty programs (e.g. Vintage Cellars Wine Club, Coles Plus, Coles Plus Saver), Coles employee discount cards, and the flybuys loyalty program;
  • Location information: our websites or apps might ask for location information to help better serve you information and, if you have given permission to our app, device data to help serve relevant information about nearby stores or information applicable to your region;
  • User data: information about you as a customer and how you engage with our products and services. For example, transactional data, product purchases, interests, feedback you provide on your shopping experience and audio and video footage captured in-store and within facilities;
  • Usage and Interaction data: details of how you interact with our products and services including what you click on and interact with across our Coles Digital Services (see Section 6 for further information);
  • Marketing and communications data: this includes records of your marketing preferences, channel preferences, interaction with Coles Digital Services, marketing and communications with us;
  • Information collected through CCTV and monitoring technologies: this includes security cameras automotive number plate recognition IT monitoring or similar technologies that record footage or activity that could identify you; and
  • Body Worn Camera footage: some team members may wear body worn cameras. When activated, the device records both audio and video which could identify you. These devices are activated in high-risk situations, such as when there is a threat to a team member or customer safety.

Anonymity

You can choose to interact with Coles without revealing your identity, but doing so might limit our ability to offer you certain products or services. For instance without your address, we can’t deliver items to you, and won’t be able to give you flybuys points if we don’t have your flybuys details.

4. How do we collect personal information

We collect your personal information when you interact or transact with us. This includes, but is not limited to, when you:

  • Visit a store, make a purchase in store, or place an order online;
  • Use your flybuys card, Coles discount card and/or payment cards (i.e. credit card or debit card);
  • Use of Coles provided digital wallet
  • Register for a service where we collect personal information;
  • Participate in flybuys and/or our other loyalty programs;
  • Participate in a promotion, competition, or survey;
  • Request customer service or communicate with us (including by email, telephone, text, webform or social media);
  • Post a review or comment on one of our websites or social media pages, or post a rating, a review, or other user-generated content on our websites or apps; or,
  • Use our related websites, apps, social media, and other digital services (see Section 7 – Coles Digital Services for further information).

We may also collect personal information from third parties including from:

  • Public sources (for example, public registers, social media and digital platforms);
  • Information service providers (for example, if you apply for credit, we may ask a credit reporting agencyfor your credit report);
  • Providers who administer Coles-branded products and services (for example, our financial service partners for payment cards and insurance);
  • Our other service providers and the parties described in Section 6; and,
  • Anyone authorised to act on your behalf.

We may also generate new personal information from time to time e.g. reports or analysis based on other information we hold about you.

5. How do we protect the personal information we hold

We hold personal information electronically and in hard copy, at our own facilities and with the assistance of our service providers. We implement a range of measures, including people, process, and technology controls to protect the security of your personal information. Examples of these measures include:

  • access to personal information through access and identity management systems;
  • Confidentiality and information security policies that require team members to protect the security of personal information;
  • Network firewalls;
  • ‘Hashing’, de-identification and other techniques designed to limit the extent to which personal information is shared; and
  • Maintaining and updating an ongoing cyber security program.

Our security controls are continually reviewed to protect your personal information appropriately.

6. Sharing of personal information

We often work co-operatively within the Coles Group, and may share personal information with other members of the Group. We also work with suppliers and third parties that carry out specific functions on our behalf, so that we can provide you with goods and services and carry out the activities listed in Section 2. Third parties assist us with services such as:

  • Technology services including application development, technical support, and processing, storing, hosting and analysing data;
  • Processing payments or providing digital wallet services;
  • Communicating with you;
  • Marketing and providing offers and promotions to you;
  • Delivering your orders;
  • Loyalty program management such as flybuys;
  • Product development and market research;
  • Store security and investigative, fraud, loss prevention, and safety activities;
  • Business advisory services, such as our lawyers, accountants, income recovery services or other professional service providers;
  • Administrative services, including mailing services, printing, archival, and contact management services; and
  • Digital Identity verification services.

Other third parties we share personal information with include:

  • your representatives;
  • police, courts, government agencies and lawyers, e.g. in connection with regulatory and legal investigations and processes; and
  • parties involved in business transfer transactions (and prospective transactions).

We use systems, customer service teams and service providers located within Australia and in overseas locations that include Argentina, Canada, EU Member States, Hong Kong, India, Israel, Japan, New Zealand, Philippines, Singapore, South Africa, United Kingdom, United States, and Vietnam. We may share personal information with third parties in these countries. From time to time, this list of countries may change.

7. Coles Digital Services and direct marketing

Coles operates a range of websites, mobile apps, email services, online advertisements and social media profiles, which are collectively known as Coles Digital Services. We want you to be confident that your personal information is being used to offer you a better and more personalised experience across Coles.

We and our suppliers (such as Meta, Google, Oracle and Adobe) use various technologies, such as cookies, beacons, tags and pixels, to personalise and improve your customer experience. Cookies and similar technologies may also help us to detect fraudulent activity or to prevent security breaches and so we may collect information about your device from within the cookie.

These technologies within our Coles Digital Services may be used to do the following:

  • Improve the way our websites and mobile apps work – these technologies allow us to improve the way our websites and mobile apps work so that we can personalise your experience and allow you to use many of their useful features. For example, we use cookies so we can remember your preferences and the contents of your shopping basket when you return to our websites and mobile apps.
  • Improve the performance of our websites and mobile apps – these technologies can help us to understand how our websites and mobile apps are being used, for example, by telling us if you get an error message as you browse.
  • Measure the effectiveness of our marketing communications, including online advertising – cookies and similar technologies can tell us, for example, if you have seen a specific advertisement, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advertisement. We also use cookies and similar technologies to measure the effectiveness of our marketing communications, for example by telling us if you have opened a marketing email that we have sent, or if you subsequently purchased the advertised item.
  • Communicate relevant advertising, including via third party platforms and social media – marketing communications and online advertising may be in different forms, including email, SMS, push notification through our app, web notifications through our website, display banners on external websites, and social media platforms. Technologies used within Coles Digital Services may collect information about your online behaviour, such as your IP address, the website you arrived from and information about your purchase history or the content of your shopping basket. You may also see adverts for other organisations on our websites. To help us and our service providers deliver online advertising that is relevant to you, we may also combine data we collect through cookies and similar technologies on your devices with other data that we have collected, for example your use of loyalty cards and in-store purchases. Coles may share a “hashed” email address and/ or other contact details2 along with information on which advertisement to display, or information associated with an order you make with us to our advertising partners for the purpose of displaying relevant advertisements to you on our websites and on other organisations’ websites.

If you wish to limit or restrict direct marketing or the use of these technologies you can:

  • Configure your browser or device to reject and delete cookies, block JavaScript, disable GPS location services and anonymise your usage patterns. If you choose to do so, this may limit the functionality of some parts of Coles Digital Services for you. For example, you may not be able to add items to your shopping basket, proceed to checkout, or use products and services that require you to sign in.
  • Navigating within your Coles Online Account to “Account > Preferences” and choose your desired option.
  • Click unsubscribe within the marketing email;
  • Call the relevant contact centre: Coles on 1800 061 562; Coles Liquor on 1300 300 640; Flypay on 1300 359 729; Coles Insurance on 1300 265 374 or,
  • Text “STOP” as instructed in a marketing SMS to opt out of SMS marketing. There are, however, some service and transactional messages that we must be able to send you. These include, for example, messages relating to your account, forgotten passwords, transactional receipts, updates to our T&Cs and Privacy Policy, and product recall notices.

2An e-mail and/ or other personal information is “hashed” by applying a formula to an e-mail address which produces a string of numbers and letters that is impossible for a human to read. If two organisations use the same formula against a list of e-mail addresses or information they hold, it generates the exact same string of numbers and letters. This enables us to specify to external platforms which individual to show an advertisement to, without sending personal information in plain text.

8. Procedure to access or correct your personal information

If you wish to access or correct any personal information we hold about you, please contact us as set out in Section 10.

When making an access request, please provide as much detail as you can about the specific information you seek, in order to help us retrieve it. Under the Privacy Act and other relevant laws, we may be required to provide a written response to you if we are unable to respond to your request, outlining the reasons why we were unable to do so.

Where you request Coles to correct information we hold about you, but Coles elects not to make the requested correction, you may request Coles to add a note to your information outlining your position.

9. Questions and complaints

If you have any questions or complaints about this Policy, or our handling of your personal information, you can contact us as set out in Section 10.

Once a complaint has been lodged, we will let you know who will be handling your matter and when you can expect a full response within 30 days. If you are not satisfied with our response, please let us know and we will investigate further and respond to you.

If you are still not satisfied, you can contact the Office of the Australian Information Commissioner, whose contact details are set out in Section 10.

10. Contact Details

Queries regarding privacy should be directed to Coles Customer Care at:
Webform: www.coles.com.au/customer-service/contact-us
Phone: 1800 061 562
Post: Privacy Officer, Coles Group, 800 Toorak Road, Hawthorn East VIC 3123

Office of the Australian Information Commissioner

GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au