We value your trust and take the protection of your personal information very seriously. This document outlines the way in which we collect, hold, secure, use and share your personal information. We encourage you to read it, so that you are comfortable with what we do with your personal information.
If you have any questions regarding its contents, we invite you to contact our Privacy Officer, whose contact details are contained in Section 17 below.
About Woolworths Group
Woolworths Group (referred to as ‘Woolworths’, ‘we’ or ‘us’) includes Woolworths Group Limited ABN 88 000 014 675 and its subsidiaries, including businesses such as Woolworths Supermarkets, Metro, Everyday Rewards, Cartology, WooliesX and BIG W.
Endeavour Group (comprising Endeavour Group Limited and its subsidiaries including BWS) was part of the Woolworths Group prior to July 2021 but is no longer related to Woolworths Group.
the kinds of personal information we collect and hold
how we collect and hold it
the purposes for which we collect, hold and use it
how we secure it
how, and to whom, we share your personal information, including overseas, and why
your right to access and correct it
how you may contact us if you wish to make a complaint or enquire about privacy matters.
3. What kinds of personal information does Woolworths collect and hold and how does Woolworths collect it?
We always want to provide you with the highest level of service, so we collect and hold personal information necessary for our business activities and to enable us to provide the information, goods or services you might be looking for. If we do not collect the information, we may not be able to provide these things.
We collect your personal information directly from you when you activate or use our services, interact with us, either in person, over the telephone or electronically (e.g. via websites, apps, social media posts, chats, telephone, emails and/or SMS) or as otherwise permitted by law. We may also collect personal information about you from third parties, including Endeavour Group (which includes BWS). Below are some examples of personal information we may collect from you and how we collect that information:
When you register to participate in one of our loyalty programs or when you use your loyalty card:
your contact details (including your name, email addresses, telephone numbers and residential and delivery addresses)
date of birth and gender
payment card and transaction details
information about purchases for which you earn loyalty points as well as your use of those loyalty points.
When you shop with us, including online, or browse our sites or apps:
your contact details, delivery address, and loyalty card number
information about your orders and purchases, including what, how, and when you buy from us
we may ask for your ID, such as your driver’s licence, if you purchase alcohol or tobacco or other forms of identification so that you can use certain services we provide
whether you have taken up or subscribed to any of our offerings such as clubs, subscriptions or loyalty programs, financial services products including insurance and credit cards or our apps
information about your online browsing behaviour on our internet sites and apps, including promotions you activated, as well as items you have added to your carts
information collected and held via our secure financial systems about the payment method you use for your purchases from us
like many websites, tracking technologies, such as "cookies", are used to obtain certain types of information such as application activities, current location of your device, type and version of your browser, your device ID and other device metrics when you visit our websites, apps or our trusted partners’ websites or apps (see Cookies Statement for details)
images and videos that you post online to facilitate our service provision or sales promotions
information we collect via our apps on mobile devices or smart devices (e.g. smart watches), for example the current location of your device, type and version of your browser and, your device ID and other device metrics, as allowed by your device permissions.
When you contact us or we contact you to take part in competitions, promotions, testimonials, reviews, surveys, focus groups or make other enquiries:
your contact details and loyalty card number
whether you activated the promotion
the content of online communications with you, including competitions, promotions, feedback, reviews, ratings, comments and images included on any of our websites, apps or social media pages or any of our other digital services
an electronic copy of the written communication or voice recording of the conversation.
When you visit us in person, including for events:
your contact details and loyalty card number for in-store services such as pick up, home delivery or special orders
we may ask for your ID, such as your driver’s licence, if you purchase alcohol or tobacco
cameras (including security, smart and team safety cameras) may record footage and other data which may identify you
your contact details if security or team members are investigating whether you may have breached any store procedures or if you are injured in any one of our stores or are witness to an incident.
any other information that you provide to us (for example if you choose to leave your details with us for recruitment or other purposes).
When you purchase a Woolworths Group Gift Card (e.g. a WISH Gift Card) from us:
your contact details
your gift card ‘Card Number’ and the corresponding ‘PIN’
balance on the gift card and its transaction history.
When you use Woolworths Mobile Services:
metadata generated through your usage (e.g. the date, time and duration of your communications), and information required for us to discharge our obligations relating to law enforcement under applicable laws in relation to telecommunications services that we provide.
your personal information when you activate or use a telecommunication service we provide, or when we are otherwise required by law to collect personal information about you.
From time to time we may also collect personal information about you from other sources to help us supplement our records, improve the personalisation of our service to you, provide services to third parties such as Endeavour Group and detect fraud.
For example, we may collect personal information from:
our trusted partners to confirm your membership of the loyalty program, e.g. to convert Everyday Rewards points to your Qantas membership
information service providers to improve data quality e.g. we validate addresses with Australia Post to improve your delivery experience
Endeavour Group, in order for Woolworths to provide services to Endeavour Group
financial services organisations for fraud prevention.
5. Can I provide someone else's personal information to Woolworths?
Yes, you may provide someone else’s personal information to us, for example,
when you purchase a gift for others; or
place an order on someone else’s behalf.
You must have their consent beforehand and we may ask you to provide evidence of that consent. You should not provide someone else’s information if you don’t have their consent, or for malicious purposes.
Some of our products and services, like health-related and insurance services, may require us to collect (or result in us collecting) your “sensitive information” from you or from other sources. ‘Sensitive information’ is defined in the Privacy Act and includes information like health information. Sensitive information is only obtained with your consent or in certain limited permitted situations.
7. How does Woolworths secure my personal information?
Your personal information is important to us. We design our systems with your security and privacy in mind.
Any personal information we hold is generally stored electronically in computers or cloud systems operated by us or by our service providers. We implement a range of information security measures and encryption protocols when we handle your personal information to protect it from unauthorised access, loss, misuse or wrongful alteration.
We may collect information from your current device using cookies or other technologies, including your online browsers or apps to protect your account security. See Section 3 for examples of what kinds of information we may collect.
We use security measures such as physical and technical security access controls or other safeguards, information security technologies, policies, procedures and training programs to ensure the security of your personal information.
We protect your payment card details with encryption and hashing methods. We ask that you not include your full card details when you communicate with us via email, SMS or chat messages. If we have to make a reference to your payment card number, we will only refer to the last four digits in any form of written communications.
8. For what purposes does Woolworths collect, hold and use my personal information?
We primarily collect, hold and use your personal information to supply, promote and sell goods and services that you have requested, or which we think may be of interest to you, so that we can improve and personalise your experiences. This may also include the products and services of our suppliers and trusted partners.
We may use your personal information for purposes which are incidental to the sale and promotion of our goods and services, or for other purposes which are within your reasonable expectation or permitted by law.
In addition, your personal information may be used for the following purposes:
Personalisation: To identify your preferences, to recommend features, products, and services that may be of interest to you, and to personalise your experience with Woolworths.
Communication: To send you offers and other communications that may be of interest to you.
Create and maintain your loyalty account: To capture and reward your shopping behaviour, and to provide customer support if needed.
Investigation: To assist in responding to your complaints or enquiries and to undertake investigations.
Fraud detection and security: To verify your identity and to detect fraud activities. We may conduct auditing and monitoring of transactions and financial engagement.
Improve our services and customer experience: To analyse performance, improve our systems and improve the usability, functionality and effectiveness of our products and services.
Corporate services: Allow us to provide support services, including recruitment services, to third parties such as Endeavour Group.
Analysis: To analyse your personal information in an anonymised and combined way when we communicate with you about your preferences; for example weekly personalised specials.
9. Who does Woolworths share my personal information with and why?
Your personal information is important to us and we are very focused on making sure it stays safe.
We use data, including personal information in some cases, to understand the preferences and shopping patterns of our customers and to produce other insights.
In most cases, we employ techniques such as grouping, combining and anonymising, so that we don’t need to use your personal information to understand those preferences or patterns, or to produce insights.
We may also share anonymised preferences and insights with our suppliers, partners and service providers to assist with the marketing of products and services, without revealing your personal information.
There are limited circumstances when we share or use your personal information in a form that can clearly identify you, such as:
when you make a written request to share your information with a third party
to related bodies of, or business units or brands within, Woolworths Group
for fraud detection and security protection
when legally permitted or required, including assisting with contact tracing or police investigations or where required by law enforcement agencies
with third parties, such as partners, suppliers, or service providers, when we need their assistance in our day-to-day business operations or so we can work with them to provide services to you.
There are also limited circumstances in which we may share your personal information with third parties, such as:
financial services organisations or specialised service providers for fraud detection (when we process your payments)
print partners for direct mail and card fulfilment (when you register and order a loyalty card from us)
those helping us to improve data quality, such as Australia Post (when you provide your address to us)
expert data partners (in encrypted form) to provide us with insights (when you shop with us or when you join our loyalty programs)
to combine your personal information as an Everyday Rewards member and BWS and/or Dan Murphy's customer so that Endeavour Group can provide you with better personalised shopping experiences
our partners, e.g. Qantas, so that they can allocate Qantas points to you (when you choose to convert Everyday Rewards points to your Qantas membership)
When you register to hold an account or become a member of any Woolworths brand or program, we may send you commercial electronic messages and tailored advertising if you agree to let us do so. We may send you these messages via various channels and media (including by email, SMS, phone and mail, or via advertising on certain websites and social media), where you have not opted out of receiving such electronic messages from that Woolworths brand or program in that channel.
You can opt out of commercial electronic messages (e.g.) emails and SMS), by
using the unsubscribe facility in any commercial electronic message; or
for in-app notifications and advertising on certain websites and social media, by adjusting your device setting or online privacy settings.
Details on how to opt out of commercial electronic messages in relation to each Woolworths brand or program are contained within the terms and conditions for the relevant brand or program. It’s important to note that opting out of receiving commercial electronic messages from any one Woolworths Group brand or program will not withdraw your consent to receive messages from other Woolworths Group brands or programs.
Regardless of whether you opt-out of any or all commercial electronic messages, you will still receive information we are required by law to provide to you or service-based communications. Each Woolworths Group brand and program sends different service-based communications (such as communications relating to terms and conditions, your account or your orders). The terms and conditions for each brand and program sets out what is considered a service-based communication for that brand or program.
If you would like more information about how we may, or may not, send you commercial electronic messages, including in relation to specific Woolworths Group brands or programs, please see the terms and conditions of each of those Woolworths Group brands or programs.
11. Does Woolworths share personal information overseas?
Some of our service providers, including data storage and technology service providers, may be located or use locations outside of Australia.
Where we share personal information overseas, we take steps to ensure that our service providers are obliged to protect this personal information in accordance with Australian legal requirements and that they are only permitted to use personal information for the purpose for which it is shared.
Our service providers or their data storage servers may be located, and may store your personal information from time to time, in a number of countries, including New Zealand, Switzerland, the United Kingdom, United States, India and Japan.
We may share your personal information overseas for reasons including:
where we have made a business decision to engage with a trusted service provider to assist us with certain functions, including data storage, combining and analysing data and processing data
for disclosures between our Group companies. Our main business locations are in Australia and New Zealand, but some of our Group companies may be based in other countries from time to time
when our business which collected your personal information is in a different country to your location
when our supply to you necessarily involves overseas disclosures. For example, a reinsurer of some of our insurance offerings uses computer systems in Switzerland and the United States to store insurance-related personal information
where you are involved with public liability issues, we may share your personal information with our overseas insurer or other supplier of relevant services in the course of managing those issues.
You have a right to request access to the personal information we hold about you. You can access or correct your personal information on your online profile via your online account at any time.
However, before we provide you with access to your personal information we may require verification of proof of identity. There is no charge to submit a request to correct or access your personal information, however, we may charge a reasonable fee for giving access to your personal information if your request requires substantial effort on our part.
If you would like a copy of the personal information held by us about you, please contact Woolworths’ Privacy Officer using the details shown in Section 17 below.
If you believe that any of your personal information is inaccurate, out of date, incomplete, irrelevant or misleading, please contact our Privacy Officer. It is your right to have your personal information corrected.
14. How can I make a complaint about the management of my personal information?
If you would like to complain about a breach of the Australian Privacy Principles, you may contact our Privacy Officer. We may ask you to put your complaint in writing and to provide relevant details. We may discuss your complaint with our personnel and our service providers and others as appropriate.
We will respond to your complaint in a reasonable period of time (usually within 30 days).
If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC) (whose contact details are as set out here).
There may be additional privacy notices and terms relevant to you depending on the nature of your dealings with us and on our particular businesses. There are additional privacy terms in our loyalty program and club membership terms and for use of our online sites, for example.
This policy does not apply to the personal information of our team members (employees and contractors) in their capacity as such.
Woolworths uses tracking technologies like cookies to tailor and improve your online experience on our websites. As a customer, we value your trust and want to make it easy to understand what cookies are, how we use them to improve your experience on our websites and your options to control them on your devices.
Please read our Cookies Statement below to find out more. If you have any questions regarding the following content, we invite you to contact our Privacy Officer.
How does Woolworths collect electronic information?
Like most companies, we collect electronic information about you (which may or may not be personal information) using cookies and similar technologies when you visit our websites to personalise and improve your experience.
A cookie is a small file downloaded onto your device when you interact with any online content such as websites, social media sites and apps. The content may be our own, or may be the content of others in which we have an interest, such as our digital banner advertisements.
The information that we collect through cookies may not identify, or relate, to a particular individual. Generally, the information collected through cookies relates to a device used to access online content, such as an IP address or location data about the device (where available and not disabled by the user) and metadata (a set of data that describes and gives information about other data). Cookies may also collect information about the behaviours of the user of the device, such as the websites visited by the user and their activity on the website.
In some circumstances, the information collected through cookies may be combined with information that identifies the end user of the relevant device. This may occur, for example, if you log into your account, or if you interact with certain content (such as a link) that we have sent to you in an email.
First, we allow session cookies to be used when you visit our online content, including our websites. Session cookies enable your device to move from page to page without you having to log in repeatedly. The placement of this type of cookie generally improves your browsing experience. These cookies are removed when you close your browser and end your online session.
Secondly, we set persistent (permanent) cookies on our website(s) to remember your preferences so that we can improve your website browsing experience. We also allow trusted third parties to set persistent cookies. Persistent cookies will be remembered when you visit the site again and are not removed when you close your browser. These cookies allow us to serve you with targeted advertising and measure the effectiveness of our site functionality and advertising.
Thirdly, we use other tracking technologies (such as pixels, beacons and tags) to record your behaviour and activities when you visit our website(s) for the purpose of analytics and targeted online advertising. Collecting this information enables us to:
• assess marketing activities such as what promotions to send to you, when and how
• send you tailored advertising about products and services that may interest you. You may receive tailored advertising on the websites you visit in the form of banner advertising, or on the social media platforms you use
• measure the effectiveness of promotions.
We may for example, access information from cookies set by others such as Google, Adobe, Microsoft and social media platforms.
This information is collected directly by the providers of those features and is subject to the privacy policies or notices of those providers. Please see their privacy policies for further details, including how you can opt out of specific offerings.
We have listed the main types of cookies used by Woolworths below.
To disable these cookies, please go to the section “What are my choices about cookies?”.
• Essential website cookies: These cookies are needed to provide you with services available through our websites and to use some of their features, such as access to secure areas, maintain your security and privacy against potential risks and fraud activities to enable us to tailor our menu to your location. Because these cookies are strictly necessary to deliver the websites to you, the websites might become inaccessible if you block those cookies.
• Performance and functionality cookies: These cookies enhance the performance and functionality of our websites. While not essential, certain functionality like videos and product recommendations may become unavailable without them.
• Analytics and customisation cookies: These cookies collect information that is used either in aggregate form to help us understand how our websites are being used or how effective our marketing campaigns are, or to help us customise our websites for you.
• Advertising cookies: These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
• Social networking cookies: These cookies are used to enable you to share pages and content that you find interesting on our websites through third party social networking and other websites. These cookies may also be used for advertising purposes too.
You can control which sites and devices allow cookies to be used.
• You can change the settings on the software your device uses to access the internet (e.g. your browser settings). For example, depending on which browser your device uses, you may be able to disable certain third party cookies. If you do disable these cookies, you may find that the websites you intend to visit are not accessible or have only limited functionality.
• You can also control the extent to which you receive tailored advertising facilitated by cookies by changing your settings on the websites on which you receive tailored advertising. For example, you can disable tailored advertising on social media sites like Facebook by changing the settings on your account.
Please note that it may be necessary for you to opt out separately from each device and browser that you use to access online content.
Opting out of cookies may not necessarily remove all advertising from pages you visit. Rather, it may mean that the ads you see may not reflect your interests.