Heinemann Australia Pty. Ltd. (ABN 36 159 521 338) ("we", “us” or “our”) recognises and values the importance of protecting the privacy of our customers and complying with applicable privacy laws (including the Privacy Act 1988 (Cth)).
We recognise the importance of privacy and our respect for our customers' and other individuals' right to privacy of their personal information is paramount. We have policies and procedures to ensure that all personal information is handled by us in accordance with applicable privacy laws.
Why we collect personal information
Personal information is information that allows others to identify you. We only collect personal information that is reasonably necessary to carry out our business functions.
If you are our customer or do business with us, we collect personal information that permits us to provide you with our products and services. We also identify you in case you should need to have your purchased product exchanged or repaired. We also collect personal information for the purpose of letting you know about our products, services, promotions or opportunities that may interest you.
What personal information do we collect?
We collect personal information from customers in order to:
- Comply with Department of Home Affairs and Australian Border Force requirements;
- Process purchases on our Webshop and In-Store;
- Handling Customer Enquiries through our Customer Service centre; and
- Administer our Loyalty Program, Heinemann and Me
The types of personal information we may collect include but is not limited to your:
- name – (For “Shop & Collect”, “ Webshop” and Customer Service)
- telephone number
- email address
- age and birthdate - (Heinemann & ME)
- code for issuing country - (Nationality)
- flight number
- Airport or Crew ID
*** EXCLUDING NATIONALITY AND FLIGHT NUMBER, WE DO NOT RECORD ANY OTHER INFORMATION FOR STANDARD IN-STORE TRANSACTIONS
How we collect your personal information
We take steps to ensure that we collect personal information by lawful means, and obtain your personal information in various ways including but not limited to:
- when you contact us (including our customer service centre)
- when you shop in our stores
- if you order a product from our Webshop
- via social media
- from competitions or promotions you have participated in
- from publicly available sources
- when you apply to work with us
- from Government bodies, enforcement and regulatory authorities
At the cash registers, staff will ask you for your boarding pass and passport before the sale transaction begins. Staff will then scan the boarding pass and manually enter the Code of Issuing Country (Nationality Code) into our Point of Sale (POS) system.
The scanning of your boarding pass and manual entering of the nationality code enables Heinemann to demonstrate to Australian Border Force (ABF) that Duty Free sales have been made to a person (Relevant Traveller) making or returning from an international flight as per Section 96A and 96B of the Customs Act 1901.
The nationality code from your passport and flight number from your boarding pass is recorded in our IT systems. If you elect a ‘Shop and Collect’ transaction, your name will need to be entered manually into the POS and will be printed on the receipt. In addition to ABF requirements, the nationality code is provided to Sydney Airport Corporation Limited (SACL) for statistical purposes. Such information is anonymised and aggregated in nature and it is not possible for customers to be identified from it.
How we may use personal information
We will use your personal information for a number of purposes and will comply with our legal, regulatory, industry or workplace requirements. More specific purposes include but are not limited to:
- any purpose you have consented to
- any related purpose related to one or more of our functions or activities
- marketing, event and promotional activities;
- market research
- market research
- recruitment purposes; and
- to comply with industry, legal and regulatory requirements
How we store personal information
Heinemann takes all reasonable steps to keep secure any information we hold about you and keep this information accurate and up-to-date. Your personal information may be stored in hard copy or electronically (including on secure servers in controlled facilities).
Heinemann has security processes in place to protect personal information from misuse, loss or unauthorised access, modification or disclosure. The types of measures we take vary with the type of information and how it is collected and stored. Please note that Heinemann uses overseas facilities to process or back-up information and, as a result, personal information is transferred securely to these overseas facilities for storage. Customer Data for Heinemann & ME, Webshop and Customer Service is stored in our Customer Relationship Management (CRM) System located in our Headquarters in Hamburg Germany which is approved by the European General Data Protection Regulation. The relevant data for the Webshop Account is synchronised with the Webshop-System located in Sydney for caching and performance reasons.
How long do we retain your personal data for?
After that, we may continue to hold data that relates to you for research and statistical analysis, as permitted under the relevant sections of the Privacy Act and European Regulations. However, during the time you may contact us to request that we delete personal data we hold about you.
How you can control what we collect and how we use it
In some cases you may not want us to collect or use your information in a particular way. Alternatively, you may want to withdraw permission that you gave us earlier. We will give you an opportunity to tell us so that we can change the way we collect or use your personal information, where possible, or withdraw a service. However, you should be aware if we do not receive information that we need, we may not be able to provide you with our products, services or offers.
Access to information we hold about you
You are entitled to access the personal information we hold about you (except in limited circumstances in which it is permitted by law for us to withhold this information). If you require access to your personal information, please contact us. We will require you to provide us with your proof of identify before we provide access to your personal information. We will usually be able to respond to your request within 21 days.
Correction of information we hold about you
We also encourage you to actively engage with us and let us know when your details change or if your personal information needs correction or updating via our contact information provided below.
Deletion of Data
You have the right to ask us to erase your personal data or not to process your personal data. We will inform you (before collecting your data) if we intend to use your data for marketing purposes or if we intend to disclose your information to any third party for such purposes.
If at any point you believe the information we process on you is incorrect you may ask to see this information and have it corrected or deleted. You also have the right to ask that we restrict the processing of your personal data and to object to our processing of your personal data. You also have the right to obtain from us, and reuse, the personal data we maintain from you, for your own purposes.
Your Privacy on the Internet
It is our usual practice to collect information about all visitors to our online resources. We provide online shopping facilities through which we may also collect information.
We collect information to monitor the use of our online services. The information helps us improve our services by learning what our users prefer and what, if anything, needs fixing.
We take steps to ensure that information we obtain through our websites is protected. For example, our websites have electronic security systems in place, including the use of firewalls and data encryption. User identifiers, passwords or other access codes may also be used to control access to your personal information on our websites. We do not give personal information collected online to other agencies or organisations without your consent unless we are required to by law, or we believe an individual would reasonably expect us to do so.
Your order details are only stored and transmitted in encrypted form on our internet servers. This means that communication between your browser and our order system, for instance, cannot be read by others on the internet. Using our ordering system is regarded as consenting to the storage and use of your information by Heinemann.
Cookies and Local Storage
When you access or use the Webshop, we will use industry-wide technologies such as “cookies” or similar technologies, which stores certain information on your computer (“Local Storage”) and which will allow us to enable automatic activation of certain features, and make your Service experience much more convenient and effortless. The cookies used by the Webshop are created per session and does not include any information about you, other than your session key (usually removed as your session ends but sometimes can be kept in your device for no more than 6 months) and the ability to login again quickly. Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience with the Service may be limited.
Heinemann uses secured Cookies. That means a cookie with a secured flag which can only be transmitted over an encrypted connection. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
We use the following types of Cookies:
- Strictly necessary cookies
These are cookies that are required for the operation of our Site and under our terms with you. They include, for example, cookies that enable you to log into secure areas of our Service.
- Analytical/performance cookies
They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us for our legitimate interests of improving the way our Service works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies
These are used to recognise you when you return to our Site. This enables us, subject to your choices and preferences, to personalise our content, greet you by name and remember your preferences (for example, your choice of language or region).
The effect of disabling cookies depends on which cookies you disable but, in general, the Service may not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to use our Services.
If you want to disable cookies on our site, you need to change your browser settings to reject cookies. How you can do this will depend on the browser you use.
Except for essential cookies, all cookies used on our site will expire at the end of the session.
Credit card information is never stored in a cookie. Cookies created by our servers can only be read again by us and not by any external website.
Your full card details are not recorded or stored in our database. We only collect and store the final four numbers of your credit or debit card together with the expiry date and cardholder name in order for you to be able to select that card when making a future purchase. The details are encrypted and transferred securely to one or more third party payment service providers.
In addition to ABF requirements, the nationality code is provided to Sydney Airport Corporation Limited (SACL) for statistical purposes. Such information is anonymised and aggregated in nature and it is not possible for customers to be identified from it.
We will never sell your personal information.br>
Complaints and enquiries
If you believe that there has been a breach of the APPs, you may lodge a complaint with us via the contact details below. We will review your complaint and gather any relevant paperwork or documentation before responding which will ordinarily be within 7 days of receipt of your complaint. When we respond, we will give you written reasons for our decision.
E.U. citizens have the right to lodge a complaint with a supervisory authority (Data Protection Authority in your jurisdiction) in case of a breach of any E.U. data protection and privacy regulations. If the supervisory authority fails to deal with a complaint or inform you within the time frame set under applicable law, you have the right to an effective judicial remedy.
The Privacy Officer
Heinemann Australia Pty Ltd
PO Box 3027
Sydney International Airport
Mascot NSW 2020
By phone Aust: 1800 46 46 66 International: +61 2 9667 6800
For information about privacy generally, or if your concerns are not resolved to your satisfaction, please contact the Office of the Australian Information Commissioner at www.oaic.gov.au or on 1300 363 992.
Last Updated: 18 May 2018