WH Smith Australia Pty Ltd (WHSmith), respects the privacy of individuals and is committed to safeguarding all personal information you give to us. This policy describes how WHSmith collects, protects, and uses your personal information, and how WHSmith meets its obligations under the Australian Privacy Principles and the Privacy Act 1988 (Cth).
What is Personal Information?
Personal information is any information or opinion, whether true or not and whether recorded in a material form or not, that can identify or reasonably identify an individual.
Provision of Personal Information
We understand that anonymity is an important element of privacy. In some situations, you may choose not to identify yourself or identify yourself using a pseudonym. However, if you don’t provide accurate personal information to us it may mean that we’re unable to provide you with products, payments or services that depend on the provision of that information.
Collection of Personal Information
We usually collect personal information directly from you or your authorised representative only and, at the time of collection, we’ll let you know how we intend to use the information.
We’ll only collect personal information about you from an external party or from a publicly available source if:
- You’ve consented to the collection or you’d reasonably expect your personal information to be collected this way;
- it is necessary to enable us to comply with legal obligations; or
- we need it for a specific purpose, such as to investigate a complaint, and it’s unreasonable or it’s impracticable to obtain the information directly from you.
Types of personal information
WHSmith may collect and hold personal information provided by contractors, suppliers or service providers or their representatives, job applicants, and customers. The type of information might include:
- Information that identifies you such as your name, contact details, and date of birth;
- your bank account details if you are a supplier, contractor or service provider; and/or
- information disclosed in your resume, your skills, job history, education, and membership of any trade or professional associations.
Use of Personal Information
We’ll only use your personal information for our primary business purposes which include:
- Communicating with you or providing you with marketing and promotional information;
- providing payment to you for your services or goods;
- recording proof of purchase, validating credit card transactions, or validating the legitimacy of refunds;
- fulfilling and processing lay-by requests or rainchecks;
- enabling regulatory compliance, reporting and legal obligations; or
- recruiting, assessing the suitability of, or engaging prospective employees, contractors or service providers.
We’ll only use and disclose your personal information for a non primary business purpose if:
- You have consented to this other use and disclosure;
- the purpose is directly related to the primary purpose and you would reasonably expect that particular use and disclosure;
- it’s required or authorised by or under law, or
- it’s reasonably necessary for enforcement related activities conducted by, or on behalf of, an enforcement body.
Disclosure to Other Parties
We may distribute personal information within WHSmith and our related entities, in connection with normal business operations, in which case your information will be treated in strictest confidence.
We may also provide external parties with access to your personal information in certain circumstances, such as to WHSmith’s contractors and service providers who assist WHSmith in the operation of its business or to provide a customer service (for example, a company which helps maintain WHSmith’s computer system or who sends out WHSmith’s mail or other communications).
How We Will Not Use Personal Information
We won’t otherwise sell, release or disclose your personal information to any other external party unless:
- We are required to by law;
- It’s necessary to investigate any unlawful or malicious action; or
- to otherwise protect our business.
Sensitive Personal Information
The Privacy Act imposes restrictions on the collection of sensitive personal information (which includes information about religious views, ethnicity, personal health, and political opinions). WHSmith does not usually collect sensitive personal information but would do so if:
- Required to by law, or by a court or tribunal order;
- necessary to establish, exercise or defend a legal or equitable claim; or
- we have your consent.
If you register with us for direct marketing purposes (for example, to enter competitions, or to receive product updates, emails, newsletters and other information), WHSmith may send marketing material to you as long as you haven’t asked us to stop doing so.
We have a simple opt-out mechanism including an “unsubscribe” link at the foot of our direct marketing emails. You can ask to stop receiving information from us by using the link or by contacting our Privacy Officer.
We won’t disclose your personal information to an external party for their use in marketing to you and we don’t obtain personal information from external parties for the purposes of marketing. If we do receive an individual’s personal information from external parties, we wouldn’t use the information for marketing purposes without first obtaining that individual’s consent.
Applying for Employment with WHSmith
Applicants applying for roles with WHSmith provide personal information as part of their application. If the application is unsuccessful, WHSmith retains the information in case a more appropriate opportunity becomes available and WHSmith can contact the applicant. Unsuccessful applicants can request that we not retain their information.
Storage of Personal Information
We endeavour to ensure your personal information is kept confidential and is stored in a secure manner, protected from inappropriate and/or unauthorised access, modification, interference, loss, misuse, or disclosure.
WHSmith data, including electronic records of personal information, are:
- Routed through secure IPVPN encrypted connections;
- backed up daily and stored offsite; and
- protected through the use of passwords with access limited only to authorised employees.
Non-electronic information records may be stored in secure offsite storage facilities, or in secure drawers and cabinets which are in secured locations accessible only by authorised WHSmith employees.
WHSmith does not generally transfer personal information to foreign countries. If it becomes necessary for WHSmith to disclose your information internationally, for example to allow external parties to perform their services for us, WHSmith will only do so if:
- You provide your consent;
- we are satisfied that the recipient of the personal information is bound by obligations to protect information in a way that, overall, is at least substantially similar to the way in which the Privacy Act protects the information and there are mechanisms available to you to enforce that protection; or
- it is permitted by the Privacy Act.
Access to Personal Information
We endeavour to keep personal information up to date, complete and accurate. You may request a copy of (or update) your personal information held by us by writing to WHSmith’s Privacy Officer (you will need to provide evidence to verify your identity). Reasonable requests carry no charge.
We’ll acknowledge your request within 14 days of receiving contact and we’ll provide a copy of the information, update your information or advise reasons why we cannot provide the information, within 21 days.
There are some circumstances under the Privacy Act where WHSmith is exempted from providing information (for example, where laws, courts or tribunal orders require or authorise us to deny access, or where giving access would be unlawful). If this occurs, we will provide you with reasons why your request cannot be complied with and let you know what mechanisms are available to you to complain about the refusal.
Destruction or De-identification of Personal Information
Personal information that is no longer required will be destroyed in a secure manner or deleted or de-identified as appropriate. Security bins are utilised for the secure and confidential destruction of paper containing personal information, confidential and/or sensitive material.
Application of This Policy
Any mention of WHSmith (including we, us or our) in this policy also means subsidiaries and related entities including Wild Retail Group Pty Ltd (ABN 40 099 349 345), Supanews, WHSmith Fresh Plus, WHSmith Express, Gadgetshop by WHSmith, Zoodle, and Kenny’s Cardiology.
Personal information of all WHSmith employees remains exempt from the provisions of the Privacy Act.
Future Updates to This Policy
WHSmith Australia Pty Ltd
Suite 401, Level 4
80 William Street
Woolloomooloo NSW 2011