Effective Date: 28 June 2021
We value your trust and take the protection of your personal information very seriously. This document outlines the way in which we collect, hold, secure, use and share your personal information. We encourage you to read it, so that you are comfortable with what we do with your personal information.
If you have any questions regarding its contents, we invite you to contact our Privacy Officer, whose contact details are contained in Section 17 below.
Woolworths Group (referred to as ‘Woolworths’, ‘we’ or ‘us’) includes Woolworths Group Limited ABN 88 000 014 675 and its subsidiaries, including businesses such as Woolworths Supermarkets, Metro, Everyday Rewards, Cartology, WooliesX and BIG W.
Endeavour Group (comprising Endeavour Group Limited and its subsidiaries including BWS) was part of the Woolworths Group prior to July 2021 but is no longer related to Woolworths Group.
There are some matters to which this policy does not apply. Please refer to Section 15 below.
As defined by the Privacy Act 1988 (Cth), "personal information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Any time we use the term “personal information” in this policy, we are referring to this legal definition of the term.
We always want to provide you with the highest level of service, so we collect and hold personal information necessary for our business activities and to enable us to provide the information, goods or services you might be looking for. If we do not collect the information, we may not be able to provide these things.
We collect your personal information directly from you when you activate or use our services, interact with us, either in person, over the telephone or electronically (e.g. via websites, apps, social media posts, chats, telephone, emails and/or SMS) or as otherwise permitted by law. We may also collect personal information about you from third parties, including Endeavour Group (which includes BWS). Below are some examples of personal information we may collect from you and how we collect that information:
When you register to participate in one of our loyalty programs or when you use your loyalty card:
When you shop with us, including online, or browse our sites or apps:
When you contact us or we contact you to take part in competitions, promotions, testimonials, reviews, surveys, focus groups or make other enquiries:
When you visit us in person, including for events:
When you purchase a Woolworths Group Gift Card (e.g. a WISH Gift Card) from us:
When you use Woolworths Mobile Services:
From time to time we may also collect personal information about you from other sources to help us supplement our records, improve the personalisation of our service to you, provide services to third parties such as Endeavour Group and detect fraud.
For example, we may collect personal information from:
For many of our services, you generally have the option not to give us your name and can use a pseudonym if you prefer.
We may need your real name and a valid ID for specific purposes or where we are required to ask by law.
Yes, you may provide someone else’s personal information to us, for example,
You must have their consent beforehand and we may ask you to provide evidence of that consent. You should not provide someone else’s information if you don’t have their consent, or for malicious purposes.
Some of our products and services, like health-related and insurance services, may require us to collect (or result in us collecting) your “sensitive information” from you or from other sources. ‘Sensitive information’ is defined in the Privacy Act and includes information like health information. Sensitive information is only obtained with your consent or in certain limited permitted situations.
Your personal information is important to us. We design our systems with your security and privacy in mind.
Any personal information we hold is generally stored electronically in computers or cloud systems operated by us or by our service providers. We implement a range of information security measures and encryption protocols when we handle your personal information to protect it from unauthorised access, loss, misuse or wrongful alteration.
We may collect information from your current device using cookies or other technologies, including your online browsers or apps to protect your account security. See Section 3 for examples of what kinds of information we may collect.
We use security measures such as physical and technical security access controls or other safeguards, information security technologies, policies, procedures and training programs to ensure the security of your personal information.
We protect your payment card details with encryption and hashing methods. We ask that you not include your full card details when you communicate with us via email, SMS or chat messages. If we have to make a reference to your payment card number, we will only refer to the last four digits in any form of written communications.
We primarily collect, hold and use your personal information to supply, promote and sell goods and services that you have requested, or which we think may be of interest to you, so that we can improve and personalise your experiences. This may also include the products and services of our suppliers and trusted partners.
We may use your personal information for purposes which are incidental to the sale and promotion of our goods and services, or for other purposes which are within your reasonable expectation or permitted by law.
In addition, your personal information may be used for the following purposes:
Your personal information is important to us and we are very focused on making sure it stays safe.
We use data, including personal information in some cases, to understand the preferences and shopping patterns of our customers and to produce other insights.
In most cases, we employ techniques such as grouping, combining and anonymising, so that we don’t need to use your personal information to understand those preferences or patterns, or to produce insights.
We may also share anonymised preferences and insights with our suppliers, partners and service providers to assist with the marketing of products and services, without revealing your personal information.
There are limited circumstances when we share or use your personal information in a form that can clearly identify you, such as:
There are also limited circumstances in which we may share your personal information with third parties, such as:
When you register to hold an account or become a member of any Woolworths brand or program, we may send you commercial electronic messages and tailored advertising if you agree to let us do so. We may send you these messages via various channels and media (including by email, SMS, phone and mail, or via advertising on certain websites and social media), where you have not opted out of receiving such electronic messages from that Woolworths brand or program in that channel.
You can opt out of commercial electronic messages (e.g.) emails and SMS), by;
Details on how to opt out of commercial electronic messages in relation to each Woolworths brand or program are contained within the terms and conditions for the relevant brand or program. It’s important to note that opting out of receiving commercial electronic messages from any one Woolworths Group brand or program will not withdraw your consent to receive messages from other Woolworths Group brands or programs.
Regardless of whether you opt-out of any or all commercial electronic messages, you will still receive information we are required by law to provide to you or service-based communications. Each Woolworths Group brand and program sends different service-based communications (such as communications relating to terms and conditions, your account or your orders). The terms and conditions for each brand and program sets out what is considered a service-based communication for that brand or program.
If you would like more information about how we may, or may not, send you commercial electronic messages, including in relation to specific Woolworths Group brands or programs, please see the terms and conditions of each of those Woolworths Group brands or programs.
Some of our service providers, including data storage and technology service providers, may be located or use locations outside of Australia.
Where we share personal information overseas, we take steps to ensure that our service providers are obliged to protect this personal information in accordance with Australian legal requirements and that they are only permitted to use personal information for the purpose for which it is shared.
Our service providers or their data storage servers may be located, and may store your personal information from time to time, in a number of countries, including New Zealand, Switzerland, the United Kingdom, United States, India and Japan.
We may share your personal information overseas for reasons including:
You have a right to request access to the personal information we hold about you. You can access or correct your personal information on your online profile via your online account at any time.
However, before we provide you with access to your personal information we may require verification of proof of identity. There is no charge to submit a request to correct or access your personal information, however, we may charge a reasonable fee for giving access to your personal information if your request requires substantial effort on our part.
If you would like a copy of the personal information held by us about you, please contact Woolworths’ Privacy Officer using the details shown in Section 17 below.
If you believe that any of your personal information is inaccurate, out of date, incomplete, irrelevant or misleading, please contact our Privacy Officer. It is your right to have your personal information corrected.
If you would like to complain about a breach of the Australian Privacy Principles, you may contact our Privacy Officer. We may ask you to put your complaint in writing and to provide relevant details. We may discuss your complaint with our personnel and our service providers and others as appropriate.
We will respond to your complaint in a reasonable period of time (usually within 30 days).
If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC) (whose contact details are as set out here).
There may be additional privacy notices and terms relevant to you depending on the nature of your dealings with us and on our particular businesses. There are additional privacy terms in our loyalty program and club membership terms and for use of our online sites, for example.
This policy does not apply to the personal information of our team members (employees and contractors) in their capacity as such.