At Michael Hill, we want your online and in-store experience to be enjoyable and we take care to respect your privacy when you visit our website and our stores. We endeavour to handle your personal information responsibly and to act fairly and honestly with all our customer transactions. We do this gladly because we know that if you have a good experience with us, you will want to visit our website and our stores again... and maybe even tell your friends about us.
- how and when we collect personal information;
- how we use and disclose personal information;
- how we keep personal information secure, accurate and up-to-date;
- how an individual can access and correct their personal information; and
- how we will facilitate or resolve a privacy complaint.
If you have any concerns or complaints about the manner in which your personal information has been collected, used or disclosed by us, we have put in place an effective mechanism and procedure for you to contact us so that we can attempt to resolve the issue or complaint.
Please see Section 14 for further details.
We can be emailed at email@example.com or write to us at GPO Box 2922, Brisbane, QLD, Australia, 4001 and our privacy officer will then attempt to resolve the issue. We recommend that you keep this information for future reference.
1. What is personal information?
The Privacy Act 1988 (Cth) defines “personal information” to mean any information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
2. The kinds of personal information collected, used and disclosed by Michael Hill
We will only use or disclose your personal information for the primary purposes for which it was collected or as consented to by you.
At or around the time we collect personal information from you, we will endeavour to provide you with a notice which details how we will use and disclose that specific information.
We set out some common collection, use and disclosure instances in the table below.
|Type of Information||Uses||Disclosures|
Sales and enquiries (online and in-store)
In summary, we may disclose this type of personal information to:
Marketing services which includes social media
We may disclose your personal information to:
Background check information: Information obtained from you or third parties to perform background checks. In order to perform background checks we may require the following types of information from you:
We may disclose your personal information to:
3. How Michael Hill collects and holds personal information
3.1 Collection generally
When you engage in certain activities online or in-store, such as entering a contest or promotion, filling out a survey or sending us feedback, we may ask you to provide certain information. It is completely optional for you to engage in these activities.
Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory information or any other information we require in order for us to provide our products or services to you, we may be unable to provide our products or services to you in an effective manner, or at all.
3.2 Other collection types
We may also collect personal information about you from other sources, such as competitions and also from third parties. Some examples of these alternative collection events are:
- (a) trade promotions, competitions and games (whether in-store or online), including those run by us or run by third parties who participate with us;
- (b) when we collect personal information about you from someone you know, such as someone who buys a gift for you and your personal information is provided in connection with the purchase of that gift;
- (c) when we use digital devices and applications to automatically collect information about the digital devices you use near our stores or to otherwise interact with us;
- (d) when we collect personal information about you from a referee provided by you on an application made with us;
- (e) when we collect personal information about you from credit reporting bodies, in connection with any credit applications made with us or through us as an agent for a third party credit provider;
- (f) when we collect personal information about you from third parties (including other retailers) as part of a co-promotion that we participate in; or
- (g) when we collect personal information about you from publically available sources including but not limited to court judgments, directorship and bankruptcy searches, Australia Post, White Pages directory, and social media platforms (such as Facebook, Twitter, Google, Instagram etc).
3.3 Notification of collection
If we collect details about you from someone else, we will, whenever reasonably possible, make you aware that we have done this and why, unless special circumstances apply, including as described in this clause 3.3(a) to 3.3(d) below. Generally speaking, we will not tell you when we collect personal information about you in the following circumstances:
- (a) where information is collected from third party credit reporting bodies;
- (b) where information is collected from any credit referee, trade referee or personal referee you have listed on any application form (including any employment application) with Michael Hill;
- (c) where information is collected from publically available sources including but not limited to court judgments, directorship and bankruptcy searches, social media platforms (such as Facebook, Twitter, Google, Instagram etc); or
- (d) as otherwise required or authorised by law.
3.4 Unsolicited personal information
In the event we collect personal information from you, or a third party, in circumstances where we have not requested or solicited that information (known as unsolicited information), and it is determined by Michael Hill (in its absolute discretion) that the personal information is not required, we will destroy the information or ensure that the information is de-identified.
In the event that the unsolicited personal information collected is in relation to potential future employment with Michael Hill, such as your CV, resume or candidacy related information, and it is determined by Michael Hill (in its absolute discretion) that it may consider you for potential future employment, Michael Hill may keep the personal information on its human resource records.
3.5 How we hold your personal information
Once we collect your personal information, we will either hold it securely and store it on infrastructure owned or controlled by us or with a third party service provider who have taken reasonable steps to ensure they comply with the Privacy Act 1988 (Cth). We provide some more general information on our security measures in Section 12 (Data security and quality).
4. Uses and discloses of personal information
4.1 Use and disclose details
We provide a detailed list at Section 2 of some common uses and disclosures we make regarding the personal information we collect.
4.2 Other uses and disclosures
We may also use or disclose your personal information and in doing so we are not required to seek your additional consent:
- (a) when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose;
- (b) if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
- (c) if we have reason to suspect that unlawful activity has been, or is being, engaged in; or
- (d) if it is required or authorised by law.
4.3 Use and disclosure procedures
4.4 Communications opt-outs
5. Sensitive information
5.1 Sensitive information generally
Sensitive information is a subset of personal information. It means information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.
5.2 Collection and use of sensitive information
In general, we attempt to limit the collection of sensitive information we may collect from you, but depending on the uses you make of our products this may not always be possible and we may collect sensitive information from you in order to carry out the services provided to you. However, we do not collect sensitive information from you without your consent.
The type of sensitive information we may collect about you is dependent on the services provided to you by Michael Hill and will be limited to the purpose(s) for which it is collected. We set out some types of sensitive information we may collect about you in the “Human resources” section of the table at Section 2 above.
We do not use sensitive information to send you Direct Marketing Communications (as set out in Section 6 below) without your express consent.
We may collect other types of sensitive information where you have consented and agree to the collection of such information. Generally speaking, we will obtain this type of consent from you at (or around) the point in time in which we collect the information.
6. Direct Marketing
6.1 Express informed consent
You give your express and informed consent to us using your personal information set out in:
- (a) the “Sales and enquiries (ecommerce and in-store)” row of the table at Section 2 of this document above;
- (b) the “Credit services” row of the table at Section 2 of this document above; and
- (c) the “Marketing services which include Social Media” row of the table at Section 2 of this document above,
to provide you with information and to tell you about our products, services or events or any other direct marketing activity (including third party products, services, and events) which we consider may be of interest to you, whether by post, email, SMS, messaging applications and telephone (Direct Marketing Communications).
6.2 Inferred consent and reasonable expectations of direct marketing
Without limitation to paragraph 6.1, if you have provided inferred or implied consent (e.g. not opting out where an opt-out opportunity has been provided to you) or if it is within your reasonable expectation that we send you Direct Marketing Communications given the transaction or communication you have had with us, then we may also use your personal information for the purpose of sending you Direct Marketing Communications which we consider may be of interest to you.
If at any time you do not wish to receive any further Direct Marketing Communications from us or others under this Section 6, you may ask us not to send you any further information about products and services and not to disclose your information to other organisations for that purpose. You may do this at any time by using the “unsubscribe” facility included in the Direct Marketing Communication or by contacting us via the details set out at the top of this document.
7. Online Information
7.1 Online information generally
We endeavour to provide clear, complete and up-to-date information online about our business and the products and services we offer. This includes how to get in touch with us. This information helps you to make informed choices.
7.2 Online contracts and ecommerce
We keep complete and accurate records of online contracts when you accept one of our offers. Our system also helps you to keep an accurate record so there is no confusion about the contract.
If you have a problem with any of our products or services that you receive from us, our website provides further information about how to make a complaint, obtain redress or pursue dispute resolution. We can be emailed at firstname.lastname@example.org if there is a problem.
7.3 Collections of personal information via linked websites
7.4 Uses and disclosures for cross border shipments
If you engage in electronic commerce on this website, please be aware that cross border shipments are subject to opening and inspection by customs authorities. In order to facilitate customs clearance and comply with local laws, we may provide certain order, shipment and product information (such as name and titles) to our international carriers and such information may be communicated by the carriers to customs authorities. Customs authorities require the value of the product item to be stated directly on the package.
7.5 Cookies and IP addresses
If you use our website, we may utilise "cookies" which enable us to monitor traffic patterns, trends and to serve you more efficiently if you revisit a Michael Hill website or store. In most cases, a cookie does not identify you personally but may identify your internet service provider or computer.
We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance. However, if you disable cookies, you may not be able to access certain areas of our websites or take advantage of the improved web site experience that cookies offer.
8. Google Analytics, Display Advertising and Remarketing
8.1 Persistent cookies
We use persistent cookies to enable basic web traffic analysis using Google Analytics which, for example, shows us which areas of our website are popular against those that are not visited often. This allows us to prioritise our enhancements to our website and increase the productivity of our website. We also use persistent cookies in relation to affiliate marketing with web based traffic through affiliate networks.
8.2 Google features
We undertake and use the following Google features on our website, Google Analytics, Google Adwords, Remarketing and DoubleClick. These features do not use any sensitive personal information you have provided us, nor do they use any personal information. We do not facilitate the merging of your personal information with any non-personal information unless we notify you and you opt-in to that merger.
Google may include in-ads notice labels to disclose interest-based advertising to you. Third-party vendors and search engines, including Google, will show Michael Hill ads on websites and search-results across the Internet. Michael Hill and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimise, and serve ads based on an individual's past visits to the Michael Hill websites.
We will not facilitate the merging of personal information with non-personal information previously collected from Display Advertising features that are based on the DoubleClick cookie, unless we notify you and you opt-in to that merger.
8.3 Google Remarketing
We also use Google Remarketing with Google Adwords and Google Analytics to display content specific advertisements to visitors that have previously visited our website when those visitors go to other websites that have implemented the Google Display Network.
8.4 Opt-out via Google
9. Credit Information and our Credit Reporting Policy
9.1 Credit information generally
The Privacy Act 1988 (Cth) contains provisions regarding the use and disclosure of credit information, which applies in relation to the provision of both consumer credit and commercial credit.
9.2 Credit information and Michael Hill
When you apply for credit in relation to any products or services you may purchase from Michael Hill, or where you agree to be a guarantor, we may need to (or our credit provider may need to) carry out credit reference checks in relation to you. One of the credit checks will include, but is not limited to, obtaining a credit report about you.
To the extent necessary, you give your express voluntary consent to Michael Hill and its credit provider to obtaining credit reports about you from credit reporting bodies. We, or our credit provider, use credit related information for the purposes set out in the “Credit services” section of the table at Section 2 above and our Credit Reporting Policy which includes but is not limited to using the information for our own internal assessment of your credit worthiness.
9.4 Storage and access
To the extent we are required to keep a copy of your application for credit, we will store any credit information you provide us, or which we obtain about you, with any other personal information we may hold about you.
9.6 Credit providers and credit reports
Our credit service providers obtain credit reports from credit reporting bodies. More information about this is set out in our Credit Reporting Policy (including information about how those credit report bodies can be contacted).
9.7 Our Credit Reporting Policy
Please see our Credit Reporting Policy for further information as to the manner in which we collect, use, store and disclosure credit information.
10. Anonymity and pseudo-anonymity
To the extent practicable and reasonable, we will endeavour to provide you with the option of dealing with Michael Hill on an anonymous basis or through the use of a pseudonym. However, there may be circumstances in which it is no longer practicable for Michael Hill to correspond with you in this manner and your personal information may be required in order to provide you with our products and services or to resolve any issue you may have.
11. Cross Border Disclosure
11.1 Cross border disclosures
Any personal information collected and held by Michael Hill may be disclosed to, and held at, a destination outside Australia, including but not limited to the jurisdictions set out in our Cross Border Disclosures Table.
Generally speaking this may be because Michael Hill (being part of a global group of organisations) operates in other jurisdictions. Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies.
In addition we may utilise overseas IT services (including software, platforms and infrastructure), such as data storage facilities or other IT infrastructure (Cross Border IT Services). In such cases, we may own or control such overseas infrastructure or we may have entered into contractual arrangements with third party service providers to assist Michael Hill with providing our products and services to you.
Notwithstanding paragraph 11.1, as we utilise Cross Border IT Services and platforms which can be accessed from various countries via an Internet connection, it is not always practicable to know where your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed in the Cross Border Disclosures Table.
11.2 Provision of informed consent
11.3 If you do not consent
If you do not agree to the disclosure of your personal information outside Australia by Michael Hill, you should (after being informed of the cross border disclosure) tell Michael Hill that you do not consent. To do this, either elect not to submit the personal information to Michael Hill after being reasonably informed in a collection notification or please contact us via the details set out at the top of this document.
12. Data security and quality
12.1 Michael Hill’s security generally
In this age of internet shopping, we have learned that customers require peace of mind when it comes to the security of using the internet. We have taken steps to help ensure your credit card details and other personal information is safe and protected from unauthorised access, use, disclosure, alteration, or destruction. You will appreciate, however, that we cannot guarantee the security of all transmissions or personal information, especially where the Internet is involved.
Notwithstanding the above, we will take reasonable steps to:
- (a) make sure that the personal information we collect, use or disclose is accurate, complete and up to date;
- (b) protect your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
- (c) destroy or permanently de-identify personal information if it is no longer needed for its purpose of collection.
We can’t tell you all of the technical details behind our security systems and processes as this may compromise the effectiveness of them.
The accuracy of personal information depends largely on the information you provide to us, so we recommend that you:
- (a) let us know if there are any errors in your personal information; and
- (b) keep us up-to-date with changes to your personal information (such as your name or address).
We provide information about how you can access and correct your information in Section 13.
13. Access to and correction of your personal information
You are entitled to have access to any personal information relating to you which we hold, except in some exceptional circumstances provided by law (including the Privacy Act 1988 (Cth)). You are also entitled to edit and correct such information if the information is inaccurate, out of date, incomplete, irrelevant or misleading.
If you would like access to or correct any records of personal information we have about you, you are able to access and update that information (subject to the above) by contacting us via the details set out at the top of this document.
14. Resolving Privacy Complaints
14.1 Complaints generally
We have put in place an effective mechanism and procedure to resolve privacy complaints. We will ensure that all complaints are dealt with in a reasonably appropriate timeframe so that any decision (if any decision is required to be made) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision.
14.2 Contacting Michael Hill regarding complaints
If you have any concerns or complaints about the manner in which we have collected, used or disclosed and stored your personal information, please contact us by:
- Telephone: 1800 44 55 90
- Email: email@example.com
- Post: GPO Box 2922, Brisbane, QLD, Australia, 4001
Please mark your correspondence to the attention of the Privacy Officer.
14.3 Steps we take to resolve a complaint
In order to resolve a complaint, we:
- (a) will liaise with you to identify and define the nature and cause of the complaint;
- (b) may request that you provide the details of the complaint in writing;
- (c) will keep you informed of the likely time within which we will respond to your complaint; and
- (d) will inform you of the legislative basis (if any) of our decision in resolving such complaint.
14.4 Register of complaints
We will keep a record of the complaint and any action taken in a Register of Complaints.
15. Consent, modifications and updates
15.1 Interaction of this Policy with contracts
- (a) certain sections or paragraphs in this policy are incorporated into that contract, but in such a way that they do not give rise to contractual obligations onto the Michael Hill entity, but do create contractual obligations on the other party to the contract; and
- (b) the consents provided in this policy become contractual terms provided by the other party to the contract.
15.3 Modifications and updates
Last Updated: 10/05/2017