Privacy & Security

Coles Privacy Policy

1. Overview

At Coles, we respect the privacy of your personal information in our care. Personal information means information which identifies you as an individual or from which you can be reasonably identified.

This Privacy Policy applies to all of our Coles businesses including Coles Supermarkets, Coles Liquor (Liquorland, First Choice, Vintage Cellars and Liquor Market), Coles Express and Coles Gift Cards. This Privacy Policy relates to personal information we collect and handle about you as our customers, visitors to our website, apps, social media and other digital services and members of the public.

Coles Financial Services, including our insurance and credit cards, have separate Privacy Policies which you can find on their respective websites. Spirit Hotels also has its own Privacy Policy. We are part of the Wesfarmers group. Wesfarmers has its own privacy policy which is available at www.wesfarmers.com.au.

Our Coles Team Members and job applicants can contact our human resources team for details about the privacy of their personal information, and review the applicable Privacy Policy on our careers page.

Coles and Coles Group companies do not sell personal data.

2. Types of Personal Information Collected

The types of personal information we collect includes:

  • Name;
  • Contact details (including email address, telephone number(s), residential and delivery addresses);
  • Information to identify you;
  • Household details (e.g. number of people living at a household and their ages);
  • Payment and transaction details/history (including information about payment cards linked to flybuys and associated transactions);
  • Details regarding participation in flybuys and our other clubs and programs operated from time to time;
  • Points accrual and reward details;
  • Authorisations;
  • Records of your communications and interactions with us, and the flybuys program; and
  • Details/history of purchases, preferences, interests and behaviour relating to transactions, products, services and activity with our digital services.

We may not be able to provide our products or services, or make offers to you without your personal information. For example, we may not be able to ensure you are awarded flybuys points, contact you or include you on our mailing lists.

Where you provide us with personal information about someone else you must have their consent to provide their personal information to us based on this Privacy Policy.

3. How Personal Information is collected and held

We may collect your personal information in relation to your interactions and transactions with us and Wesfarmers group companies which will include when you: 

  • Use your flybuys card or number or associated identifiers such as payment cards;
  • Make a purchase in store or place an order online;
  • Conduct a transaction including making a non‐cash payment, or request a service where we collect Personal Information;
  • Participate in flybuys and/or our other loyalty programs operated from time to time,
  • Participate in a promotion, competition, or survey;
  • Request customer service or contact us,
  • Post a review or comment on one of our websites or social media pages, or post a rating or review or other user generated content on one of our websites or apps, or
  • Otherwise use our related websites, apps, social media and other digital services.

We may monitor and record your communications with us (including email and telephone) for security, dispute resolution, and training purposes and operate video and audio surveillance devices in our premises.

We may also collect personal information from third parties including from:

  • Public sources;
  • Information service providers (including for data integrity purposes);
  • Providers who administer Coles‐branded products and services such as payment cards and insurance; and
  • Anyone authorised to act on your behalf.

We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We have a number of security controls in place and use a range of people, process and technology controls to protect your personal information. Examples of these measures include:

  • Access to personal information is controlled through access and identity management systems;
  • Team members are bound by internal information security policies and are required to keep personal information secure at all times;
  • We take steps to protect personal information in accordance with the Office of the Information Commissioner’s Guide to Securing Personal Information; and
  • We also take measures in respect of destroying or de‐identifying personal information that is no longer needed for any lawful purpose.

Our security controls are continually reviewed to ensure that the protection of your personal information is maintained.

4. Purposes for Handling Personal Information

We handle your personal information in connection with providing, administering, improving and personalising our products and services, and to support our business functions. This can include:

  • To manage your requests for products and services, including delivery, processing payments, providing refunds and discounts;
  • To register and service your account, including keeping your information up‐to‐date, and verifying your identity;
  • To communicate with you about our products, services and promotions (including direct marketing);
  • To help us improve our products and services, including conducting product and market research;
  • To improve our operational processes to enhance your customer experience;
  • To respond to your feedback, queries or concerns;
  • Working with our service providers;
  • Investigative, fraud and loss prevention activities;
  • Interacting with Regulators and relevant government entities;
  • Any of our related companies and brands including the Wesfarmers group; and
  • As otherwise required or permitted by law.

Using personal information, we endeavour to improve our understanding of your interests, suitability and behaviour in relation to products, services and offers, including conducting risk assessments for financial products (including credit and insurance).

We may also handle your personal information to protect our lawful interests and facilitate purchases and potential purchases of our businesses.

We may provide marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (e.g. email), our digital services and other means unless you opt out by calling us on 1800 061 562. These communications may relate to the products and services we, and other Wesfarmers group companies provide, and other products which may be of interest to you.

5. Sharing of Personal Information

We work with a number of suppliers that carry out specific functions on our behalf, and include companies that assist us with: 

  • Technology services including application, development and technical support, processing, storing, hosting and analysing data;
  • Processing payments;
  • Communicating our offers and promotions to you;
  • Product development and market research;
  • Business advisory services, such as our lawyers, accountants or other professional service providers to extent reasonably required; and
  • Administrative services, including mailing services, printing, archival, and contact management services.

Some of our service providers including technology or data storage providers may be located in countries outside Australia. While it is not reasonably practicable to list all of the countries to which your Personal Information may be disclosed from time to time, it is likely that such countries may include Germany, India, Ireland, Japan, Hong Kong, Malaysia, the Philippines, Singapore, South Africa, the United Kingdom and the United States.

When we disclose your information overseas, we take steps to ensure that our service providers are obliged to protect the privacy and security of your personal information in accordance with the standards that apply in Australia including that they only use Personal Information for the purpose for which it is disclosed.

6. Digital Services

We provide information and services through a range of digital and online services including websites (e.g. coles.com.au) apps, email, online advertisements, IPTV and social media profiles. These services may be operated by us, other Wesfarmers group companies and flybuys program participants (collectively, Coles/flybuys Digital Services) to provide a consistent experience, personalised to your use of each of those services and provide targeted marketing.

Coles/flybuys Digital Services may use “cookies”. A cookie is a piece of information that allows the server to identify and interact more effectively with your device. The cookie assists us in maintaining the continuity of your browsing session (e.g. to maintain a shopping cart) and remembering your details and preferences when you return. Other technologies that may be used with Coles/flybuys Digital Services include web beacons (which may operate in conjunction with cookies), Flash local stored objects and JavaScript. Some of these cookies and other technologies are consistent across various Coles/flybuys Digital Services, allowing us and the other providers of these services to understand you better and provide a more consistent experience across these services. You can configure your web browser to reject and delete cookies and block JavaScript but you may find some parts of Coles/flybuys Digital Services then have limited functionality. You can control your preferences regarding Flash local stored objects at http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Our systems record a variety of information in relation to interactions with our online services. This can include information about software versions used, device identifiers (like IP address), location data (where available and not disabled by the user), dates, times, file metadata, referring website, data entered and user activity such as links clicked.

In some cases third parties may use cookies and other technologies such as those described above as part of Coles/flybuys Digital Services. These technologies may be used in connection with activities like surveys, online behavioural advertising, website analytics and email campaign management. The services we may use from time to time include those offered by Google (including AdSense and DoubleClick), Yahoo, Adobe (including Campaign Manager and Analytics) and Microsoft. You can find more details in the privacy policies for those services, including information on how to opt‐out of certain conduct. Bear in mind, you may need to opt‐out separately from each service. The website http://www.yourchoiceonline.com.au/ also allows you to opt‐out of some online behavioural advertising and provides further information about how online behavioural advertising works. You can contact us to request further details of the services we use. Many of these services operate without collecting or using any personal information.

Some information we collect in relation to Coles/flybuys Digital Services is not related to an individual. In many cases the information only relates to a device or is of an aggregated or statistical nature, and we will have no way of knowing the identity of the user. In other cases we may associate information about your use of Coles/flybuys Digital Services over time with your personal information, e.g. where on any occasion you have logged in, followed a link sent to you by email or we have otherwise been able to identify you.

We are constantly developing and enhancing our use of online technologies, and make reasonable efforts to ensure we keep this Privacy Policy and related documents up to date in this regard. Please check back when you return to use our online services to ensure you are familiar with our current practices.

Our online services may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and recommend that you review their privacy policies.

7. Procedures for access to or correction of your personal information

If you wish to access or correct any personal information we hold about you, please contact us as set out below.

When making an access request, please provide as much detail as you can about the particular information you seek, in order to help us retrieve it. Under the Privacy Act and other relevant laws, we are required to provide a written response outlining our reasons if we refuse your request.

Where we decide not to make a requested correction and you disagree, you may ask us to add a note of your requested correction to the information that explains your correction request.

8. Complaints and concerns

If you have any complaints or concerns about this Policy, or our handling of your personal information, you can contact us as set out below.

Once a complaint has been lodged, we will let you know who will be handling your matter and when you can expect a full response within 30 days. If you are not satisfied with our response, please let us know and we will investigate further and respond to you.

If you are still not satisfied, you can contact the Office of the Australian Information Commissioner, whose contact details are set out below.

Contact Details

Queries regarding privacy should be directed to the Coles Privacy Officer:

Phone: 1800 061 562
Email: privacy@coles.com.au
Post: 800 Toorak Road, Hawthorn East VIC 3123

Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au

9. Additional Privacy Information

In addition to this Privacy Policy, many Coles and Wesfarmers companies and brands have their own privacy statements and other terms which provide further information about your privacy, e.g. flybuys, Coles Insurance and Coles MasterCard. Please see the relevant material relating to those products and services for details, including where those Coles‐branded products and services are provided by or with third parties who may collect your personal information.

For information about privacy generally, you may contact the Office of the Australian Information Commissioner on the contact details noted above.

Dated: October 2017