Privacy Policy

Heinemann Australia Pty. Ltd. (ABN 36 159 521 338) ("we", “us” or “our”) recognises and values the importance of protecting the privacy of our customers and complying with applicable privacy laws (including the Privacy Act 1988 (Cth)).
We recognise the importance of privacy and our respect for our customers' and other individuals' right to privacy of their personal information is paramount. We have policies and procedures to ensure that all personal information is handled by us in accordance with applicable privacy laws.

Why we collect personal information
Personal information is information that allows others to identify you. We only collect personal information that is reasonably necessary to carry out our business functions.
If you are our customer or do business with us, we collect personal information that permits us to provide you with our products and services. We also identify you in case you should need to have your purchased product exchanged or repaired. We also collect personal information for the purpose of letting you know about our products, services, promotions or opportunities that may interest you.

What personal information do we collect?
We collect personal information from customers in order to:

  • Comply with Department of Home Affairs and Australian Border Force requirements;
  • Process purchases on our Webshop and In-Store;
  • Handling Customer Enquiries through our Customer Service centre; and
  • Administer our Loyalty Program, Heinemann and Me

The types of personal information we may collect include but is not limited to your:

  • name – (For “Shop & Collect”,  “ Webshop” and Customer Service)
  • telephone number
  • email address
  • age and birthdate - (Heinemann & ME)
  • code for issuing country - (Nationality)
  • passport number – (For “Shop & Collect”)
  • flight number
  • Airport or Crew ID


How we collect your personal information
We take steps to ensure that we collect personal information by lawful means, and obtain your personal information in various ways including but not limited to:

  • when you contact us (including our customer service centre)
  • when you shop in our stores
  • if you order a product from our Webshop
  • via social media
  • from competitions or promotions you have participated in
  • from publicly available sources
  • when you apply  to work with us
  • from Government bodies, enforcement and regulatory authorities

At the cash registers, staff will ask you for your boarding pass and passport before the sale transaction begins. Staff will then scan the boarding pass and manually enter the Code of Issuing Country (Nationality Code) into our Point of Sale (POS) system.
The scanning of your boarding pass and manual entering of the nationality code enables Heinemann to demonstrate to Australian Border Force (ABF) that Duty Free sales have been made to a person (Relevant Traveller) making or returning from an international flight as per Section 96A and 96B of the Customs Act 1901.
The nationality code from your passport and flight number from your boarding pass is recorded in our IT systems. If you elect a ‘Shop and Collect’ transaction, your name will need to be entered manually into the POS and will be printed on the receipt. In addition to ABF requirements, the nationality code is provided to Sydney Airport Corporation Limited (SACL) for statistical purposes. Such information is anonymised and aggregated in nature and it is not possible for customers to be identified from it.

How we may use personal information
We will use your personal information for a number of purposes and will comply with our legal, regulatory, industry or workplace requirements. More specific purposes include but are not limited to:

  • any purpose you have consented to
  • any related purpose related to one or more of our functions or activities
  • marketing, event and promotional activities;
  • market research
  • administration
  • market research
  • recruitment purposes; and
  • to comply with industry, legal and regulatory requirements

How we store personal information

Heinemann takes all reasonable steps to keep secure any information we hold about you and keep this information accurate and up-to-date. Your personal information may be stored in hard copy or electronically (including on secure servers in controlled facilities).

Heinemann has security processes in place to protect personal information from misuse, loss or unauthorised access, modification or disclosure. The types of measures we take vary with the type of information and how it is collected and stored. Please note that Heinemann uses overseas facilities to process or back-up information and, as a result, personal information is transferred securely to these overseas facilities for storage. Customer Data for Heinemann & ME, Webshop and Customer Service is stored in our CRM-System located in our Headquarters in Hamburg Germany, approved by the European ‘General Data Protection Regulation’. The relevant data for the Webshop Account is synchronised with the Webshop-System located in Sydney for caching and performance reasons.

How you can control what we collect and how we use it

In some cases you may not want us to collect or use your information in a particular way. Alternatively, you may want to withdraw permission that you gave us earlier. We will give you an opportunity to tell us so that we can change the way we collect or use your personal information, where possible, or withdraw a service. However, you should be aware if we do not receive information that we need, we may not be able to provide you with our products, services or offers.


We are part of an international group of companies with a head office in Germany, which is located within the European Union, and local operations in Singapore. We will disclose your personal information to members of our corporate group located in Germany and Singapore for the purposes set out above, however we will take such steps as are reasonable to ensure that such recipients continue to hold your personal information in accordance with the Act, the APPs and this Privacy Policy.
In addition to ABF requirements, the nationality code is provided to Sydney Airport Corporation Limited (SACL) for statistical purposes. Such information is anonymised and aggregated in nature and it is not possible for customers to be identified from it.

We will never sell your personal information.

Access to information we hold about you

You are entitled to access the personal information we hold about you (except in limited circumstances in which it is permitted by law for us to withhold this information). If you require access to your personal information, please contact us. We will require you to provide us with your proof of identify before we provide access to your personal information. We will usually be able to respond to your request within 21 days.

Correction of information we hold about you
We also encourage you to actively engage with us and let us know when your details change or if your personal information needs correction or updating via our contact information provided below.

Your Privacy on the Internet
It is our usual practice to collect information about all visitors to our online resources. We provide online shopping facilities through which we may also collect information.

We collect information to monitor the use of our online services. The information helps us improve our services by learning what our users prefer and what, if anything, needs fixing. We collect this information using ‘cookies’. Cookies are small text files that are created during your visit to our website and stored on your browser. Cookies do not identify individual users, although they do identify a user’s internet browser type and internet service provider. Credit card information is never stored in a cookie. Cookies created by our servers can only be read again by us and not by any external website.

We take steps to ensure that information we obtain through our websites is protected. For example, our websites have electronic security systems in place, including the use of firewalls and data encryption. User identifiers, passwords or other access codes may also be used to control access to your personal information on our websites. We do not give personal information collected online to other agencies or organisations without your consent unless we are required to by law, or we believe an individual would reasonably expect us to do so.

Your order details are only stored and transmitted in encrypted form on our internet servers. This means that communication between your browser and our order system, for instance, cannot be read by others on the internet. Using our ordering system is regarded as consenting to the storage and use of your information by Heinemann.

Complaints and enquiries
If you believe that there has been a breach of the APPs, you may lodge a complaint with us via the contact details below. We will review your complaint and gather any relevant paperwork or documentation before responding which will ordinarily be within 7 days of receipt of your complaint. When we respond, we will give you written reasons for our decision.

The Privacy Officer
Heinemann Australia Pty Ltd
PO Box 3027 
Sydney International Airport 
Mascot NSW 2020 
By phone Aust: 1800 46 46 66 International: +61 2 9667 6800 
From time to time, we may amend this Privacy Policy and will publish the amended version to our website.

You may also request a physical copy of the Privacy Policy by contacting our Customer Service Centre on +61 2 9667 6800.

For information about privacy generally, or if your concerns are not resolved to your satisfaction, please contact the Office of the Australian Information Commissioner at or on 1300 363 992.

Last Updated: 11 January 2018

Terms of use