Security & privacy
This policy relates only to the personal information management practices of Wesfarmers and not our related companies. To view the privacy policies of other businesses in the Wesfarmers group of companies please visit their respective websites. This policy does not relate to personal information held about current or former employees of Wesfarmers.
What types of personal information do we collect?
We only collect personal information if it is necessary for one of our functions or activities. The types of personal information we collect will depend on the reason for collection. Generally the types of personal information we collect will include name, contact details and records of communications with us. In addition we collect personal information relating to:
- shareholders: information about the shareholding, banking details and tax file numbers for payment of dividends and other amounts;
- group company employees where we are providing services for our group companies. The information collected will depend on the services being provided, but may include birthdates and working conditions; health and workers compensation claims information (where we are proving workers compensation self-insurance services); banking and tax file number details (where we are administering our employee group share plan);and, in some limited cases, voluntarily provided ethnic background information (for functions related to our Reconciliation Action Plan);
- job applicants: employment and academic histories, the names of their referees and, in some cases, limited health information based on testing undertaken by or for us. We will collect this information directly, from organisations that provide recruitment related services to us, and from third parties who provide job applicants with professional or personal references;
We will also collect personal information, including names and contact details, about:
- people involved in or through organisations that we support or sponsor;
- our suppliers. This information is collected for business-related purposes but contains some limited personal information contact details of the people that we deal with;
- people who correspond with us, including through our website, in which case we may keep a copy of that correspondence and relevant contact details;
- people who request information updates about us through our website mailing list.
We collect information from the www.wesfarmers.com.au site using server logs and Google Analytics. More information on Google Analytics is available here. When you visit the site to read, browse or download information, our system will record/log your IP address (the address which identifies your computer on the internet and which is automatically recognised by our web server), date and time of your visit to our site, the pages viewed and any information downloaded. This information will only be used for the purpose of site analysis and to help us offer you improved online service. We may automatically collect non-personal information about you such as the type of internet browsers you use or the site from which you linked to our websites. You cannot be identified from this information and it is only used to assist us in providing an effective service on our Web Sites.
Our site may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and recommend that you review their privacy policies.
How we collect and hold personal information
Where it is reasonable and practicable to do so, we collect your personal information directly from you when you correspond or register your details with us, enter into arrangements with us, or provide feedback to us. Depending on the nature of our interaction with you, we may collect personal information from third parties – for instance, information regarding shareholders is collected from our share registrar or share plan registrar, and information about job applicants is collected in the manner set out above.
We hold personal information electronically and, in some cases, hard copy form, both at our own secure premises and with the assistance of our service providers. We take all reasonable steps to ensure that the personal information that we hold is protected from loss, misuse, unauthorised access by ensuring that this information is held on secure servers in controlled facilities and that information stored within our computer systems can only be accessed by those entrusted with authority and computer network password sanctions.
Why we collect, hold and use personal information
We may use personal information for the primary purpose for which it is collected (eg. provision of our services, including administration of our services), or for purposes related to the primary purpose where it would reasonably be expected that we would use the information in such a way, or in other limited circumstances set out in the Privacy Act.
We collect, hold and use personal information to:
- communicate with, and comply with our legal obligations to, our shareholders, and to process payments to them;
- enable third party service providers to provide us and our related companies with services such as information technology, auditing, legal advice, printing and mailing services, and services relating to our share register and group employee share plan;
- correspond with people who have contacted us, and deal with feedback;
- provide services to, and manage, our related companies;
- correspond with people regarding our corporate sponsorships;
- recruit and assess potential employees; and
- maintain and update our records.
Why we disclose personal information
We do not disclose personal information to third parties unless we are permitted to do so by law or we have obtained consent to do so. We may disclose personal information for the primary purpose for which it is collected or for purposes related to the primary purpose where it would reasonably be expected that we would use the information in such a way. Also, we are permitted to disclose personal information in circumstances set out in the Privacy Act (including but not limited to disclosures to our related companies).
Third parties we may disclose personal information to include:
- Our related companies;
- Our service providers and professional advisors including IT service providers, auditors, legal advisors, mail houses and to share registrar and share plan management services
- Financial institutions;
- The organisations we support or sponsor; and
- Government agencies.
We take steps to ensure that our service providers are obliged to protect the privacy and security of personal information and use it only for the purpose for which it is disclosed.
We may disclose personal information we have collected to organisations located overseas in circumstances permitted by the Australian Privacy Principles. Examples include disclosures of relevant group employee shareholder information to the manager of our United Kingdom employee share plan, and disclosures when necessary for making international payments, or in complying with foreign legal or regulatory requirements. The third parties to whom we disclose personal information may be located in Australia and other countries including New Zealand, United Kingdom and United States of America.
We may use cloud computing solutions or data storage located overseas in which case information may be stored, under our control, on computer servers located outside of Australia (predominantly located in the United States of America).
Accessing and correcting your personal information, and complaints and questions
You can request access to your personal information held by us, or request that it be corrected, by contacting us at the address below. To ensure confidentiality, details of your personal information will be passed on to you only if we are satisfied that the information relates to you. A fee will not be charged for an access request, but you may be charged the reasonable expenses we incur (such as search and copying costs). If we refuse to provide you with access or correct the personal information held about you by us (in accordance with the Privacy Act), then we will provide reasons for such refusal.
If you wish to make a formal complaint, please make your complaint in writing to our Privacy Officer. We will consider your complaint promptly and contact you to seek to resolve the matter. If we have not responded to you within a reasonable time or if your concerns are not resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner.
Wesfarmers Privacy Officer
Level 11, 40 The Esplanade, Perth WA 6000
Phone: (+61) 8 9327 4230
Office of the Australian Information Commissioner
Phone: 1300 363 992.
Last updated: March 2014
Wesfarmers Limited ABN 28 008 984 049