Privacy Policy
Preamble
IBA Retail Asset Management Pty Ltd (IRAM) and the related bodies corporate it manages on behalf of, are committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
IBA Retail Asset Management Pty Ltd and the related bodies corporate are defined at the end of this policy.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
The use of the term IRAM in this policy relates to all entities managed by IRAM.
At IRAM, we respect the privacy of your personal information in our care. Personal information means information which identifies you as an individual or from that you can be reasonably identified.
This Policy
In the course of IRAM’s business in Australia, there may be circumstances where IRAM collects personal information and this IRAM Privacy Policy has been developed to ensure that such information is handled appropriately.
IRAM is committed to complying with the Privacy Act in relation to all personal information it collects. This commitment is demonstrated in this Policy. The Privacy Act incorporates the Australian Privacy Principles, and personal information held by IRAM will be treated in accordance with those Principles.
This Policy sets out the broad controls which IRAM has adopted to govern the way it collects and uses personal information, the circumstances in which it might disclose personal information to third parties, how persons can access their personal information held by IRAM and what they can do if they are unhappy with IRAM’s treatment of their personal information.
We may make changes to this Privacy Policy from time to time without notice. The most current version will be posted on the IRAM website (www.iram.com.au) and will be effective from the date of posting. A copy of this Privacy Policy is also available by contacting our Privacy Officer by email or at the address detailed below under the heading “Questions and complaints”.
In some circumstances alternative specific privacy policies or notices may apply to you in addition to or instead of this one. For example, we have specific privacy policies and notices for IGA Rewards, BP Rewards and other customer rewards programs.
Why we collect and handle your personal information
We collect, hold, use and disclose your personal information so that we can provide our goods and services, improve and personalise our goods, services and communications and operate our business effectively. This may include, but is not limited to:
· Managing your requests for products and services, including deliveries, processing payments, providing refunds and discounts;
· Responding to feedback or concerns you have regarding our products and services;
· Registering and servicing your account, including keeping your information up-to-date, and verifying your identity;
· Communicating with you about products, services, promotions (including direct marketing) and providing samples;
· Requesting feedback through surveys and research so that we can improve our products and services;
· Improving our operational processes to enhance your customer experience;
· Working with our service providers;
· Managing our risks, including activities relating to business continuity, safety, security, investigations, fraud, and loss prevention activities;
· Facilitating corporate transactions like mergers and acquisitions, e.g. to assess those transactions and manage the transition of the business;
· Complying with our legal obligations and collecting personal information as required or authorised by law, such as under the Corporations Act, public health acts, surveillance devices acts, Telecommunications (Interception and Access) Act and tobacco/smoking acts;
· Protecting and defending our legal rights and interests;
· Interacting with Regulators and relevant government entities;
· Monitoring and recording your communications with us for security, dispute resolution, and quality and training purposes; and,
· As otherwise required or permitted by law.
Where you provide us with personal information about someone else, you must have their consent to provide their personal information to us and advise them of the matters in this Privacy Policy.
Types of personal information collected
The types of personal information we may collect includes, but is not limited to:
· Your identity and contact details: this includes your name, residential address, email address, telephone number(s), age and gender, government ID (e.g. driver’s license);
· Basic household information: this includes number and ages of people living in a household;
· Financial and transaction information: this includes payment cards, transaction history and most related to the credit applications and arrangements with IRAM;
· Health information: this includes medical or hospital services in connection with an injury/condition related to a public liability or workers compensation claim that has been raised with IRAM;
· Loyalty/Team member discount program information: information about your participation in and purchases through relevant loyalty programs (e.g. IGA Rewards and/or BP Rewards), , and similar loyalty programs;
· Location information: our websites or apps might ask for location information to help better serve you information and, if you have given permission to our app, device data to help serve relevant information about nearby stores or information applicable to your region;
· User data: information about you as a customer and how you engage with our products and services. For example, transactional data, product purchases, interests, feedback you provide on your shopping experience and audio and video footage captured in-store and within facilities;
· Usage and Interaction data: details of how you interact with our products and services including what you click on and interact with across our IRAM Digital Platforms and Services;
· Marketing and communications data: this includes records of your marketing preferences, channel preferences, interaction with IRAM Digital Platforms and Services, marketing and communications with us;
· Information collected through CCTV and monitoring technologies: this includes security cameras, IT monitoring or similar technologies that record footage or activity that could identify you; and
Anonymity
You can choose to interact with IRAM without revealing your identity, but doing so might limit our ability to offer you certain products or services. For instance, without your address, we can’t deliver items to you and won’t be able to provide response to your feedback or enquiries if we don’t have your contact details.
How do we collect personal information
We collect your personal information when you interact or transact with us. This may include, but is not limited to, when you:
· Visit a store, make a purchase in store, or place an order online;
· Use your relevant rewards card, similar loyalty card and/or payment cards (i.e. credit card or debit card);
· Register for a service where we collect personal information;
· Participate in our loyalty programs;
· Participate in a promotion, competition, or survey;
· Request customer service or communicate with us (including by email, telephone, text, webform or social media);
· Post a review or comment on one of our websites or social media pages, or post a rating, a review, or other user-generated content on our websites or apps; or,
· Use our related websites, apps, social media, and other digital services).
We may also collect personal information from third parties including from:
· Public sources (for example, public registers, social media and digital platforms);
· Information service providers (for example, if you apply for credit, we may ask a credit reporting agency for your credit report);
· Providers who administer IGA or BP branded products and services (for example, our financial service partners for payment cards and insurance);
· Anyone authorised to act on your behalf.
We may also generate new personal information from time to time e.g. reports or analysis based on other information we hold about you.
How we protect the personal information we hold
We hold personal information electronically and in hard copy, at our own facilities and with the assistance of our service providers. We implement a range of measures, including people, process, and technology controls to protect the security of your personal information. Examples of these measures include:
· access to personal information through multi-factor authentication (MFA) access and identity management systems;
· Confidentiality and information security policies that require team members to protect the security of personal information;
· Network firewalls;
· ‘Hashing’, de-identification and other techniques designed to limit the extent to which personal information is shared; and
· Maintaining and updating an ongoing cyber security program.
Our security controls are continually reviewed to protect your personal information appropriately.
Sharing of personal information
We often work co-operatively with the related bodies of IRAM and may share personal information with other members of related bodies of IRAM. We also work with suppliers and third parties that carry out specific functions on our behalf, so that we can provide you with goods and services. Third parties assist us with services such as:
· Technology services including application development, technical support, and processing, storing, hosting and analysing data;
· Processing payments or providing digital wallet services;
· Communicating with you;
· Marketing and providing offers and promotions to you;
· Delivering your orders;
· Loyalty program management;
· Product development and market research;
· Store security and investigative, fraud, loss prevention, and safety activities;
· Business advisory services, such as our lawyers, accountants, bookkeepers, income recovery services or other professional service providers;
· Administrative services, including mailing services, printing, archival, and contact management services; and
· Digital Identity verification services.
Other third parties we share personal information with include:
· People you may choose to represent you;
· police, courts, government agencies and lawyers, e.g. in connection with regulatory and legal investigations and processes; and
· parties involved in business transfer transactions (and prospective transactions).
We use systems, customer service teams and third-party Australian located service providers contractually obligated to comply with Australia law including privacy.
Our third-party service providers may separately disclose your personal information to other entities in accordance with their own privacy policies or notices.
IRAM does not sell or receive payment for disclosing your personal or sensitive information to third parties.
IRAM Digital Services and direct marketing
IRAM operates a range of websites, mobile apps, email services, online advertisements and social media profiles, which are collectively known as IRAM Digital Services. We want you to be confident that your personal information is being used to offer you a better and more personalised experience across IRAM.
We and our suppliers (such as Meta, Google, Oracle and Adobe) use various technologies, such as cookies, beacons, tags and pixels, to personalise and improve your customer experience. Cookies and similar technologies may also help us to detect fraudulent activity or to prevent security breaches and so we may collect information about your device from within the cookie.
These technologies within our IRAM Digital Services may be used to do the following:
· Improve the way our websites and mobile apps work – these technologies allow us to improve the way our websites and mobile apps work so that we can personalise your experience and allow you to use many of their useful features. For example, we use cookies so we can remember your preferences and the contents of your shopping basket when you return to our websites and mobile apps.
· Improve the performance of our websites and mobile apps – these technologies can help us to understand how our websites and mobile apps are being used, for example, by telling us if you get an error message as you browse.
· Measure the effectiveness of our marketing communications, including online advertising – cookies and similar technologies can tell us, for example, if you have seen a specific advertisement, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advertisement. We also use cookies and similar technologies to measure the effectiveness of our marketing communications, for example by telling us if you have opened a marketing email that we have sent, or if you subsequently purchased the advertised item.
· Communicate relevant advertising, including via third party platforms and social media – marketing communications and online advertising may be in different forms, including email, SMS, push notification through our app, web notifications through our website, display banners on external websites, and social media platforms. Technologies used within IRAM Digital Services may collect information about your online behaviour, such as your IP address, the website you arrived from and information about your purchase history or the content of your shopping basket. You may also see adverts for other organisations on our websites. To help us and our service providers deliver online advertising that is relevant to you, we may also combine data we collect through cookies and similar technologies on your devices with other data that we have collected, for example your use of loyalty cards and in-store purchases.
If you wish to limit or restrict direct marketing or the use of these technologies, you can:
· Configure your browser or device to reject and delete cookies, block JavaScript, disable GPS location services and anonymise your usage patterns. If you choose to do so, this may limit the functionality of some parts of IRAM Digital Services for you. For example, you may not be able to add items to your shopping basket, proceed to checkout, or use products and services that require you to sign in.
· Navigating within your Online Account to “Account > Preferences” and choose your desired option.
· Click unsubscribe within the marketing email;
· Contact us using the contact details shown below;
· Text “STOP” as instructed in a marketing SMS to opt out of SMS marketing.
There are, however, some service and transactional messages that we must be able to send you. These include, for example, messages relating to your account, forgotten passwords, transactional receipts, updates to our Terms and Conditions and product recall notices where we have your details related to a specific product affected by a recall.
Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of seven (7) years.
Access to your Personal Information
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.
IRAM will not charge any fee for your access request but may charge an administrative fee for providing a copy of your Personal Information.
In order to protect your Personal Information, we may require identification from you before releasing the requested information.
Maintaining the Quality of your Personal Information
It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Procedure to access or correct your personal information
If you wish to access or correct any personal information we hold about you, please contact us using the contact details shown below.
When making an access request, please provide as much detail as you can about the specific information you seek, in order to help us retrieve it. Under the Privacy Act and other relevant laws, we may be required to provide a written response to you if we are unable to respond to your request, outlining the reasons why we were unable to do so.
Where you request IRAM to correct information we hold about you, but IRAM elects not to make the requested correction, you may request IRAM to add a note to your information outlining your position.
Definitions
IBA Retail Asset Management (IRAM) and IRAM’s related bodies corporate include the following legal entities:
· IBA Retail Asset Management Pty Ltd ABN 69 604 304 172
· Tennant Creek Foodbarn Partnership ABN 98 562 889 218
Contact us.
If you have any questions or complaints about this Policy, or our handling of your personal information, you can contact us the web form to the right.
If you are still not satisfied, you can contact the Office of the Australian Information Commissioner, whose contact details are set out below.
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au