At Coles, we respect the privacy of your personal information in our care. Personal information means information which identifies you as an individual or from which you can be reasonably identified.
Coles and Coles Group companies do not sell personal data.
2. Types of Personal Information Collected
The types of personal information we collect includes:
- - Name;
- - Contact details (including email address, telephone number(s), residential and delivery addresses);
- - Information to identify you;
- - Household details (e.g. number of people living at a household and their ages);
- - Payment and transaction details/history (including information about payment cards linked to flybuys and associated transactions);
- - Details regarding participation in flybuys and our other clubs and programs operated from time to time;
- - Points accrual and reward details;
- - Authorisations;
- - Records of your communications and interactions with us, and the flybuys program; and
- - Details/history of purchases, preferences, interests and behaviour relating to transactions, products, services and activity with our digital services.
We may not be able to provide our products or services, or make offers to you without your personal information. For example, we may not be able to ensure you are awarded flybuys points, contact you or include you on our mailing lists.
3. How Personal Information is collected and held
We may collect your personal information in relation to your interactions and transactions with us and Wesfarmers group companies which will include when you:
- - Use your flybuys card or number or associated identifiers such as payment cards;
- - Make a purchase in store or place an order online;
- - Conduct a transaction including making a non‐cash payment, or request a service where we collect Personal Information;
- - Participate in flybuys and/or our other loyalty programs operated from time to time,
- - Participate in a promotion, competition, or survey;
- - Request customer service or contact us,
- - Post a review or comment on one of our websites or social media pages, or post a rating or review or other user generated content on one of our websites or apps, or
- - Otherwise use our related websites, apps, social media and other digital services.
We may monitor and record your communications with us (including email and telephone) for security, dispute resolution, and training purposes and operate video and audio surveillance devices in our premises.
We may also collect personal information from third parties including from:
- - Public sources;
- - Information service providers (including for data integrity purposes);
- - Providers who administer Coles‐branded products and services such as payment cards and insurance; and
- - Anyone authorised to act on your behalf.
We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We have a number of security controls in place and use a range of people, process and technology controls to protect your personal information. Examples of these measures include:
- - Access to personal information is controlled through access and identity management systems;
- - Team members are bound by internal information security policies and are required to keep personal information secure at all times;
- - We take steps to protect personal information in accordance with the Office of the Information Commissioner’s Guide to Securing Personal Information; and
- - We also take measures in respect of destroying or de‐identifying personal information that is no longer needed for any lawful purpose.
Our security controls are continually reviewed to ensure that the protection of your personal information is maintained.
4. Purposes for Handling Personal Information
We handle your personal information in connection with providing, administering, improving and personalising our products and services, and to support our business functions. This can include:
- - To manage your requests for products and services, including delivery, processing payments, providing refunds and discounts;
- - To register and service your account, including keeping your information up‐to‐date, and verifying your identity;
- - To communicate with you about our products, services and promotions (including direct marketing);
- - To help us improve our products and services, including conducting product and market research;
- - To improve our operational processes to enhance your customer experience;
- - To respond to your feedback, queries or concerns;
- - Working with our service providers;
- - Investigative, fraud and loss prevention activities;
- - Interacting with Regulators and relevant government entities;
- - Any of our related companies and brands including the Wesfarmers group; and
- - As otherwise required or permitted by law.
Using personal information, we endeavour to improve our understanding of your interests, suitability and behaviour in relation to products, services and offers, including conducting risk assessments for financial products (including credit and insurance).
We may also handle your personal information to protect our lawful interests and facilitate purchases and potential purchases of our businesses.
We may provide marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (e.g. email), our digital services and other means unless you opt out by calling us on 1800 061 562. These communications may relate to the products and services we, and other Wesfarmers group companies provide, and other products which may be of interest to you.
5. Sharing of Personal Information
We work with a number of suppliers that carry out specific functions on our behalf, and include companies that assist us with:
- - Technology services including application, development and technical support, processing, storing, hosting and analysing data;
- - Processing payments;
- - Communicating our offers and promotions to you;
- - Product development and market research;
- - Business advisory services, such as our lawyers, accountants or other professional service providers to extent reasonably required; and
- - Administrative services, including mailing services, printing, archival, and contact management services.
Some of our service providers including technology or data storage providers may be located in countries outside Australia. While it is not reasonably practicable to list all of the countries to which your Personal Information may be disclosed from time to time, it is likely that such countries may include Germany, India, Ireland, Japan, Hong Kong, Malaysia, the Philippines, Singapore, South Africa, the United Kingdom and the United States.
When we disclose your information overseas, we take steps to ensure that our service providers are obliged to protect the privacy and security of your personal information in accordance with the standards that apply in Australia including that they only use Personal Information for the purpose for which it is disclosed.
6. Digital Services
We provide information and services through a range of digital and online services including websites (e.g. coles.com.au) apps, email, online advertisements, IPTV and social media profiles. These services may be operated by us, other Wesfarmers group companies and flybuys program participants (collectively, Coles/flybuys Digital Services) to provide a consistent experience, personalised to your use of each of those services and provide targeted marketing.
Our systems record a variety of information in relation to interactions with our online services. This can include information about software versions used, device identifiers (like IP address), location data (where available and not disabled by the user), dates, times, file metadata, referring website, data entered and user activity such as links clicked.
Some information we collect in relation to Coles/flybuys Digital Services is not related to an individual. In many cases the information only relates to a device or is of an aggregated or statistical nature, and we will have no way of knowing the identity of the user. In other cases we may associate information about your use of Coles/flybuys Digital Services over time with your personal information, e.g. where on any occasion you have logged in, followed a link sent to you by email or we have otherwise been able to identify you.
Our online services may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and recommend that you review their privacy policies.
7. Procedures for access to or correction of your personal information
If you wish to access or correct any personal information we hold about you, please contact us as set out below.
When making an access request, please provide as much detail as you can about the particular information you seek, in order to help us retrieve it. Under the Privacy Act and other relevant laws, we are required to provide a written response outlining our reasons if we refuse your request.
Where we decide not to make a requested correction and you disagree, you may ask us to add a note of your requested correction to the information that explains your correction request.
8. Complaints and concerns
If you have any complaints or concerns about this Policy, or our handling of your personal information, you can contact us as set out below.
Once a complaint has been lodged, we will let you know who will be handling your matter and when you can expect a full response within 30 days. If you are not satisfied with our response, please let us know and we will investigate further and respond to you.
If you are still not satisfied, you can contact the Office of the Australian Information Commissioner, whose contact details are set out below.
Contact DetailsQueries regarding privacy should be directed to the Coles Privacy Officer:
Phone: 1800 061 562
Post: 800 Toorak Road, Hawthorn East VIC 3123
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
9. Additional Privacy Information
For information about privacy generally, you may contact the Office of the Australian Information Commissioner on the contact details noted above.
Dated: October 2017