Our privacy commitment
SRG is committed to protecting the privacy of your personal information. We manage your personal information in an open and transparent way.
SRG will only use your personal information when it is necessary for us to deliver you a service or perform other necessary business functions and activities.
SRG will not use or disclose your personal information for purposes unrelated to the services we provide, unless we first obtain your consent.
This policy is structured so that you can view information relevant to you if you are a:
- Privacy Act 1988 (Australia);
- Privacy Act 1993 (New Zealand);and
- Personal Data Protection Act 2012 (Singapore).
SRG is bound by the requirements of these laws, which regulates how we may collect, use, disclose and store personal information. These laws also specify how individuals may access and correct personal information held about them.
“Personal Information” means information or an opinion about an identified individual (or an individual who is reasonably identifiable), whether true or not, or recorded in a material form or not. For example, these types of information could include your name, contact details, age and health information.
“Personal data” refers to data, whether true or not, about an individual who can be identified from that data, or from that data and other information to which the organisation has or is likely to have access.
In this policy ‘we’, ‘us’, ‘our’ and ‘SRG’ refers to (and this policy applies to) the Spotlight Retail Group which includes Spotlight Pty Ltd (ACN 005 180 861), Anaconda Group Pty Ltd (ACN 107 364 563) Spotlight Ltd (NZ Company No. 553661) and Spotlight Pte Ltd (Singapore Reg # 199504543C).
How and why does SRG collect and hold your personal information?
What kind of personal information does SRG collect and hold?
How does SRG use your personal information?
In what circumstances will SRG disclose your personal information?
Who do we disclose your personal information to?
Does SRG disclose your personal information to overseas recipients?
Use of Government Identifiers
Data quality and Security
Links to third party sites
How you can access or correct your personal information
How you can notify us of a privacy concern or contact our Privacy Contact Officer
SRG will only collect personal information about you by lawful and fair means, and not in an unreasonably intrusive manner.
It is SRG’s usual practice to collect personal information directly from you when you:
- submit a SRG VIP club or Anaconda Adventure club registration form or amendment form;
- submit the Kids Club application form;
- register with any of our other loyalty or marketing programs;
- place an order via the Shop-At-Home service or complete any online form on one of our websites or online payment gateways;
- visit or use an SRG website (including any forums);
- subscribe to marketing and sales material or communications;
- complete an online form on one of our social media channels;
- enter a trade promotion or competition;
- register a gift card;
- complete an online form on one of our online advertisements that is placed on a third party website;
- complete a hard copy form or provide information in one of our stores;
- complete and return to us a hard copy form that is provided with one of our products;
- complete and return to us a wholesale account application form;
- request delivery of products;
- make a purchase, return or exchange a product where we request you to verify your identity;
- speak with us, or one of our representatives directly during a product or sales enquiry; or
- contact us directly by telephone, via mail, e-mail or online.
We may collect personal information about you from a third party or a publicly available source, but only if you have consented to such collection, or would reasonably expect us to collect your personal information in this way.
Where we can, we will allow you to deal with us anonymously or by using a pseudonym. However, in some circumstances, this may not be possible, and SRG may need to collect personal information from you to provide you with a delivery or other service. In some cases, if you do not provide the required personal information we will not be able to provide you with a service.
If we receive information about you from a third party and it is not information we need in respect of our business activities, we will destroy or de-identify that information (provided it is lawful to do so).
Any personal information that you provide via our websites or directly is collected and managed by SRG.
The types of personal information SRG may collect includes your:
- date of birth;
- marital status and family details;
- residential, business and postal address;
- email address;
- contact telephone numbers;
- identification details;
- testimonials or opinions;
- photos of you;
- financial information, such as credit card details;
- written or verbal contact with SRG, including voice recordings of telephone conversations you have had with our employees; and
- activities, including but not limited to lifestyle and other interests.
Whilst you may opt not to provide us with your personal information, you should be aware that without this personal information, we may not be able to provide you with some of the services and/or products you are seeking.
If you provide us with information about any third party, you must obtain that person’s permission to give us the information and inform them that you have given the information to us.
We use your personal information for a variety of reasons including to:
- contact you in relation to one of our loyalty or marketing programs;
- provide services and products to you;
- answer your inquiries and deliver customer service to you;
- to tell you about other products that we think may be of interest to you;
- to enable us to undertake a credit assessment;
- maintain and improve customer services;
- to manage your gift card balance;
- meet our legal obligations;
- to consider making offers for employment purposes;
- manage and resolve any legal, consumer or commercial complaints and issues;
- carry out internal functions including training; and
- conduct marketing research and analysis.
In the course of conducting our business and providing our products and services to you, we may disclose your personal information.
We only disclose personal information for the purposes for which it was given to us, or for purposes which are directly related to one of our functions or activities. We do not give it to anyone else unless one of the following applies:
- you have consented to the disclosure;
- you would reasonably expect, or have been told, that your information is passed to those individuals, businesses or agencies; or
- it is otherwise required or authorised by law.
If we engage third party agents or contractors, we will take all reasonable steps to ensure that they do not breach privacy requirements in relation to the information, before we share your personal information with them.
We may disclose your personal information to:
- another SRG business or entity;
- to companies that perform services on our behalf, such as delivery companies, data entry service providers, trade promotion or gift card administration and account management providers;
- professional advisers (such as lawyers or auditors);
- payment systems operators and financial institutions;
- organisations authorised by SRG to conduct promotional, research or marketing activities;
- upon lawful request from law enforcement agencies or government authorities; and
- any persons acting on your behalf including those persons nominated by you, executors, trustees and legal representatives.
In all circumstances where your personal information is disclosed, we will take all steps reasonable to ensure that these third parties undertake to protect your privacy.
We are committed to compliance with all laws and requirements relating to the use of your personal information. We will only use or disclose your personal information for direct marketing purposes if you have provided your information for that purpose (and you would expect us to use the information for that purpose), or if you have provided consent for your information to be used in this way.
From time to time, we may contact you with information about products and services offered by us and our related entities and our business partners, which we think may be of interest to you. When we contact you it may be by mail, telephone, email, SMS/text message or social media message.
Where we use or disclose your personal information for the purpose of direct marketing, we will:
- allow you to request not to receive direct marketing communications (also known as ‘opting-out’); and
- comply with your request to ‘opt-out’ of receiving further communications within a reasonable timeframe.
SRG will only ever contact you if you have consented to this, and you can ask to be removed from our marketing lists at anytime by contacting us directly.
If you do not wish to be contacted by SRG please e-mail us at firstname.lastname@example.org.
Your personal information may be disclosed to other SRG entities, business partners and service providers in Australia and overseas.
The countries this information may be disclosed to will vary from time to time, but may include Australia, New Zealand, Singapore, Malaysia, the Philippines, and the United States of America.
Sometimes we use third party platforms and services to process sales, provide web support, send marketing messages, deliver products or otherwise deliver information. These services are hosted and managed by organisations other than ourselves, and some of these services are hosted overseas. We use products and services maintained in Australia, New Zealand, Singapore, Malaysia, the Philippines, and the United States of America.
Your personal information may be stored in a secure and encrypted form overseas (e.g. in data storage and cloud computing facilities operated by us (or by third parties on SRG’s behalf).
SRG will not use Government Identifiers, such as a driver's licence number as its own identifier of individuals.
We will take all reasonable steps to ensure that your personal information is stored securely and is protected from misuse and loss and from unauthorised access, modification or disclosure.
The personal information that we collect about you is stored on our database servers & filing systems managed by us in Australia.
Our websites are professionally hosted and operate in a secure environment. You should however be aware that there is always an inherent risk in transmitting your personal information via the Internet.
We use secure payment platforms to process online orders. Customers can see their cards being debited in real time, all in an SSL secure environment.
We take website and credit card security extremely seriously, and always endeavour to provide a secure safe platform on which to conduct online transactions, all our websites use 2048 bit SSL with up to 256 bit encryption for capturing personal information and processing transactions. We do not store your credit card details
To make sure you are accessing a secure server, check for the unbroken key or closed lock symbol located generally either at the bottom left or top right of your browser window. If it appears, then SSL is active. You can double check this by looking at the URL as well. If SSL is active, then the first characters of that line will read ‘https’ rather than just ‘http’. It is important for you to protect against unauthorised access to your password and to your computer.
Ensure you logout when you have finished visiting our websites especially if you accessed them from a shared computer.
Cookies are pieces of information that a website transfers to your computer for record-keeping purposes. The information collected may be used by SRG to improve your experience on our website.
If you visit an area of the website where you are not required to log on, to read, browse or download information, our system will record the date and time of your visit to our site, the pages viewed and any information downloaded.
Whilst links to third party websites may be provided on our website, we are not responsible for the content or practices of these third party websites.
These links are provided for your convenience and do not represent SRG's endorsement of any linked third party website. We recommend that you check the privacy policies of these third parties prior to providing them with your personal information.
No links may be made to this website without our prior written consent.
You can request access to the personal information we hold about you at any time, and we will
provide you with that information unless we are prevented by law from giving it to you.
If we are unable to give you access to the information you have requested, we will give you reasons for this decision when we respond to your request.
You will not be charged for accessing your information, although we might have to charge the reasonable cost of processing your request, including photocopying, administration and postage. We will advise you of any fee payable before we process your request.
If you believe that your personal information is not accurate, complete or up to date, please contact us via email to email@example.com or address your request to The Privacy Officer, Legal Department, SRG Retail Group, Level 6, 111 Cecil Street, South Melbourne Vic 3205, Australia, and we will correct this information.
- have queries, concerns or complaints about the manner in which your personal information has been collected or handled by SRG; or
- would like to request access to or correction of the personal information we hold about you;
please write to:
The Privacy Officer
SRG Retail Group
Level 6, 111 Cecil Street
South Melbourne Vic 3205
If you consider your privacy concerns have not been resolved satisfactorily by us, or you wish to obtain more information on privacy requirements, you can contact:
The Office of the Australian Information Commissioner on 1300 363 992 or visit their website at www.oaic.gov.au.
Department of Personal Data Protection (Jabatan Perlindungan Data Peribadi) on 03-8911 5000 or visit their website at www.pdp.gov.my
Privacy Commissioner (New Zealand) on 0800 803 909 or visit their website at www.privacy.org.nz
Personal Data Protection Commissioner (Singapore) on +65 6377 3131 or visit their website at www.pdpc.gov.sg.
SRG collects personal information (which may include sensitive information) from its employees (past, current and future) in order to provide a range of employment related services.
SRG collects personal information directly from job applicants (and their referees) or from recruitment agencies and relates service providers. The information we collect may include your name, address contact details, employment and education history, the names of your referees and other relevant information.
This information we collect about you will be used for recruitment purposes and may be disclosed to third party service providers who provide recruitment related services to us. This may include overseas recruitment related services located in Australia, New Zealand, Singapore and Malaysia.
We collect information from our suppliers to facilitate sourcing and purchasing products and services. This information can be collected directly from suppliers and related service providers. We may share supplier information with entities located overseas in the Asia Pacific Region.