PRIVACY POLICY AUSTRALIA

ON THIS PAGE

1.1 This Privacy Policy sets out the policy of Bakers Delight Holdings Limited and each Bakers Delight franchisee (“together “we”, “us”, “Bakers Delight”) with respect to the way we obtain, use, hold and disclose information about you including through our website at www.bakersdelight.com.au. We adopt and are bound by the Australian Privacy Principles (“APPs”) contained in Privacy Act 1988 (Cth) (“the Act”).

1.2 We understand and appreciate that you are concerned about privacy, particularly in relation to the use and disclosure of Personal Information. We are committed to providing a high level of privacy in relation to all Personal Information that is collected by us.

1.3 This Privacy Policy applies to Bakers Delight and each of its franchisees but not to other companies or organisations or websites to which Bakers Delight is linked.

1.4 For the sake of clarity, this Privacy Policy covers Personal Information collected, held and used by Bakers Delight (including by Bakers Delight franchisees) in relation to any of the following (to the extent that such information is capable of identifying an individual):

(a) franchisees or prospective franchisees;

(b) customers;

(c) suppliers or prospective suppliers; and

(d) independent contractors or any person who applies to become an employee or independent contractor;

(e) employees, except where the use or disclosure is directly related to the relationship between us as employer and you as the
employee and relates to an “employee record” about you as a present or past employee.

2. Your Consent

2.1 You consent to your Personal Information being used in accordance with this Privacy Policy by any one or more of the following:

(a) by providing us with your Personal Information in relation to a competition, complaint or for any other reason;

(b) by making enquiries about or submitting an application to become a franchisee, employee, independent contractor, supplier of us or any of our franchisees;

(c) by visiting our website, including any individual website established for a bakery or participating in an online enquiry;

(d) by setting up a user account in any online ordering service we make available and by submitting an order through such online ordering;

(e) by participating in our loyalty program, including by downloading and/or using the Bakers Delight official loyalty program application;

(f) by visiting any website or social media site established by us, including but not limited to Facebook, Twitter, Pinterest, Instagram, Google+, YouTube and LinkedIn (“Social Media Sites”); and

(g) by participating in any activity on a Social Media Site, including but not limited to entering competitions, subscribing to our blog, posting, pinning or uploading any material on any Social Media Site, following, liking and/or commenting on us or anything on any Social Media Site (“Social Media Activity”).

3. What is Personal Information?

3.1 For the purposes of this Privacy Policy, “Personal Information” is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether or not the information or opinion is true and whether or not it is recorded in a material form.

3.2 Personal Information does not include an “employee record” for the purposes of the Act. An “employee record” is a record of personal information relating to the employment of the employee. This includes health information and personal information relating to the:

(a) engagement, training, disciplining of an employee,

(b) resignation or termination of an employee;

(c) terms and conditions of employment of an employee;

(d) employee’s performance or conduct;

(e) hours of employment, salary or wages;

(f) personal and emergency contact details;

(g) employee’s membership of professional or trade associations or trade union membership;

(h) employee’s recreation, long service, sick, personal, maternity, paternity and other leave; and

(i) employee’s taxation, banking and superannuation affairs.

3.3 Having said that, we treat the personal and health information of each of our employees with absolute confidentiality and strict controls are placed on who has access to such information. We will not disclose your employee records to any third party other than as permitted by law or this Privacy Policy without your prior consent. If a request is made in writing from a third party and you consent to disclosure, we will only confirm or deny information that they have already received from you.

4. What Personal Information do we collect from you?

4.1 The type of Personal Information collected by us may differ, depending on whether you are or would like to become a franchisee, customer, supplier, employee or independent contractor. Generally, the type of Personal Information collected by us includes your name, address, telephone numbers, facsimile number, email addresses, credit card details and other information that is reasonably necessary for our functions and activities. If relevant, we may ask for your date of birth.

4.2 From our franchisees, we collect and maintain company and business details including ABN and/or ACN, contact information for business owners and key personnel, and financial information such as bank account and credit card details, profit and loss statements, balance sheets, weekly takings information, sales data and other business related information which may contain Personal Information.

4.3 We may also collect other business-related information that may contain Personal Information, including employee and payroll records, lease and supplier details, product and inventory data, and operational performance metrics.

4.4 This information is collected to enable us to establish, administer and support the franchise relationship, including assessing franchise performance, providing business, marketing, and operational support, ensuring compliance with the Bakers Delight System, and fulfilling our legal obligations.

4.5 We may share relevant franchisee information within our corporate group, with professional advisers, service providers and regulatory authorities as required, but only to the extent necessary to perform these functions or meet legal requirements.

4.6 From our employees and/or prospective employees, we collect several types of information, including, but not limited to, commencement dates, employment status, location, gender, bank account details, emergency contact details, qualifications, previous employment details, driver’s licence numbers, car registration numbers, medical and health information, passports, leave summaries, wages and salary information, date of birth, superannuation information, tax file numbers, visa and immigration information, information relating to performance and conduct.

4.7 From time to time, photos may be taken and used for marketing and promotional purposes which may include images of franchised businesses, franchisees, employees or employees of franchisees and/or customers, from which individuals may be able to be identified. As an employee, your photo may be used within Bakers Delight to identify you, including by being electronically attached to your email address.

4.8 Via Social Media Sites, we may be able to obtain other information about you which may itself constitute Personal Information or which, when combined with other information, is capable of identifying you, including photos, videos and any other information that you include on our Social Media Sites or sites linked to our Social Media Sites (“Other Sites”). The level of information to which we have access may depend on your privacy settings on such Other Sites.

4.9 In some circumstances, you may deal with us anonymously or using a pseudonym. However, in most circumstances it is impracticable to do so because if you do not provide us with the Personal Information that we require or if you provide it in a way that does not identify you, we are likely to be unable to carry out the services requested by you.

5. How do we collect your Personal Information?

5.1 We collect Personal Information in a number of ways, including:

(a) from you when you make a general or specific telephone or online enquiry including but not limited to when you enter a competition or lodge a complaint;

(b) from you when you submit an order via any online ordering service we make available;

(c) from you when you register for and/or participate in our loyalty program, including by downloading and/or using the Bakers Delight official loyalty program application;

(d) from you when you provide us with such information to us via application forms, customer feedback forms, business cards, contracts, mobile applications, or any other document provided by you to us and when you participate in a competition, program or promotion or Social Media Activity;

(e) through analysis of the Social Media Sites conducted by us or by third parties on our behalf;

(f) from third parties such as credit reporting agencies, recruitment agencies, insurers and insurance brokers, health professionals, referees nominated by you, or your representatives;

(g) from publicly available sources of information; and

(h) from our own records.

5.2 Through our website we can obtain Personal Information if you send such information in an email or when you complete an online enquiry.

5.3 When you look at our website, we may make a record of your visit. The following information may be logged for statistical purposes and for the purposes of marketing and advertising to you:

(a) your internet protocol address;

(b) the date and time of your visit to our site;

(c) the pages that you have accessed and the documents downloaded; and

(d) the type of browser you were using.

(e) This type of statistical information does not identify you.

5.4 Tracking technologies such as cookies may be used on our website to recognise a user’s browser each time that user visits our site and to track which pages the user visits whilst on our site and also to send Bakers Delight advertisements to your internet protocol address. Cookies are pieces of information that a website transfers to a computer’s hard disk for record keeping purposes. Most web browsers are set to accept tracking technologies such as cookies. These tracking technologies do not personally identify the user. If you do not wish to receive any cookies, you may set your browser to refuse them. However, your use of our website may be affected.

5.5 A “cookie” is a small text file placed on your computer by a web server when you access a website. The cookie identifies the computer being used, but not an individual user. Like many other Websites, the Website uses cookies to make a record of your visit to the Website, and will record the following information:

(a) your server address;

(b) your top level domain name;

(c) the date and time of access to the Website;

(d) the pages accessed and documents downloaded;

(e) the previous web site visited; and

(f) the type of browser software in use.

5.6 BDH use this information for various purposes, including statistical purposes, but in each case, the information collected cannot be used to identify you personally.

5.7 You may be able to disable cookies on your web browser, but doing so may limit your ability to use the Website fully.

6. How do we use your Personal Information?

6.1 We will use your Personal Information for purposes that relate to our business functions and activities and the provision of our services to you. These are the “primary purposes” for which we use your Personal Information.

6.2 These purposes generally include:

(a) supplying our products and services (including our loyalty program and online ordering service) to you;

(b) providing quality assurance for our products and services;

(c) responding to your enquiries and feedback regarding our business, our products and services;

(d) monitoring the performance of our business and our franchisees;

(e) advertising and marketing, including email marketing, promotional and educative activities;

(f) improving the performance of our website(s);

(g) invoicing, accounting and related administration purposes;

(h) enforcing the terms and conditions of our engagement with you;

(i) for the management of our database; and

(j) ensuring compliance with statutory obligations.

6.3 In relation to the Personal Information of franchisees, the purposes include those mentioned above and the following:

(a) conducting appropriate credit checks;

(b) verifying information required under the franchise agreement, including by accessing and assessing information received from suppliers, trade referees, insurers, banks, local municipal council or any other entity;

(c) to confirm and enforce compliance with the franchise agreement, including but not limited to ensuring you are complying with the terms and conditions you have with your suppliers of goods and services to your bakery;

(d) providing franchisee support;

(e) to comply with disclosure requirements under the Franchising Code of Conduct; and

(f) all things of or incidental to carrying out our role as a franchisor.

6.4 In relation to the Personal Information of customers, the purposes include the general purposes mentioned above and also include verifying, notifying and/or responding to you in relation to any enquiries, complaints, or if you win a competition and/or processing orders submitted by you via any online ordering service we make available and processing payments for orders placed via such online ordering service.

6.5 We use and disclose information we hold about you as an employee, of or incidental to our role as your employer and in accordance with applicable laws.

7. Direct Marketing

7.1 We may from time to time, communicate with you directly to promote our products or services. On each communication, we will advise how you may unsubscribe or opt out of receiving such communications. You may, at any time, request not to receive direct marketing communications from us and we will comply with that request.

7.2 We will seek your consent to provide you with direct marketing materials if sensitive information is involved or if we have obtained your Personal Information from a third party.

8. SMS Communications

8.1 When you opt-in to our loyalty program – either through our Website or in-bakery, or make an online order – we collect your phone number. By providing your phone number and opting in, you consent to receive text messages from us.

8.2 We may use your phone number to:

(a) send account or transaction-related messages (e.g., order updates, account setup prompts).

(b) send promotional or marketing messages, but only with your prior consent.

8.3 We will not sell or share your phone number with third parties for their own marketing purposes. Your information is stored securely, and access is limited to authorised personnel only.

8.4 You can opt out of receiving marketing text messages at any time by following the unsubscribe instructions in our messages or updating your account preferences. Please note that you may still receive necessary transactional or account-related texts even after opting out of marketing messages.

9. How is your Personal Information disclosed by Bakers Delight?

9.1 Your Personal Information and your employees’ information may be disclosed to us as franchisor and to third parties as necessary to facilitate any of the above mentioned purposes.

9.2 We do not and will not rent, sell or otherwise disclose your Personal Information to any other company or organisation, without your prior consent, where that consent is required by law.

9.3 You do, however, consent to our use and disclosure of your Personal Information in the following ways:

(a) some Personal Information of franchisees, franchisee’s weekly takings information and profit and loss statements and other bakery financial results information, being available to be viewed by other franchisees;

(b) franchisees’ details may be provided to charity organisations including Breast Cancer Network Australia which are supported by us and our franchisees or which have requested sponsorship via an online enquiry;

(c) being shared with the Bakers Delight network of franchisees via the Bakers Delight Portal and other electronic means. This means Personal Information of Bakers Delight employees will be viewable by all franchisees and their employees;

(d) franchisees’ details will to be provided to landlords and some suppliers, to enable them to contact franchisees;

(e) franchisees’ details will be provided to our lawyers, for the production of legal franchising documentation and of or incidental to any matter requiring us to seek legal advice or assistance;

(f) to third party consultants who may from time to time manage all or part of our database or computer systems or internet sites;

(g) to a third party where we outsource any of our functions, including but not limited to development, production and/or printing of advertising and marketing material and campaigns, including where such material contains photos or video of individuals, mystery shopping and customer satisfaction surveys, and to facilitate our online ordering services;

(h) of or incidental to a sale of all or part of our business, to prospective purchasers and their legal and accounting representatives;

(i) to the general public, for example, via internet when notifying of competition results or via media when photographs or video are used in advertising material or campaigns;

(j) some employees’ Personal Information will be supplied to third parties to enable such employees to carry out their roles as our employees. This includes, but is not limited to, provision to NAB to facilitate a corporate credit card, and to Qantas to set up Qantas Club membership (where relevant);

(k) employees’ Personal Information will be submitted to the superannuation fund nominated by each employee; and

(l) as required by law.

9.4 If you are a franchisee, you also consent to BDH having access to information relating to your accounts with your suppliers, including but not limited to, copies of invoices and statements. This is to enable BDH to ensure you are complying with your franchise agreement.

10. Disclosure of your Personal Information via Social Media Sites

10.1 By engaging in any Social Media Activity on our Social Media Sites, you agree to and are subject to the terms and conditions of such Social Media Sites. Any Personal Information pinned or posted or uploaded by you onto Social Media Sites can be disclosed in accordance with the terms and conditions and privacy policies of such Social Media Sites.


10.2 Generally, photos and other material pinned or posted to Social Media Sites will be able to be viewed by the general public. Such photos and other material may be re-pinned and re-posted by others indefinitely and will be visible by anyone visiting the locations to which the photos or other material have been re-pinned. You may be able to remove the photos or other material that you have pinned or posted from the location at which you pinned or posted it. However, any material that has been re-pinned will be out of our control and neither you nor we will be able to remove it from any re-pinned location. We are not responsible for any material that has been re-pinned or re-posted.

10.3 We reserve the right to remove any photos, comments or other material that is in any way inappropriate or offensive (in our opinion) from our Social Media Sites.

11. Cross Border Disclosure

11.1 Some of your Personal Information may be disclosed overseas to New Zealand, Canada and/or United States of America to enable us to carry out our functions as parent company or related entity of Bakers Delight (NZ) Ltd, BD Canada Ltd and BD US Inc (“Bakers Delight Overseas Entities”). The Bakers Delight Overseas Entities are the companies through which we operate Bakers Delight in New Zealand and COBS BREAD in the United States of America and Canada.

11.2 In addition, some programs, software, online tools or Social Media Sites used by us and/or our third party service providers, are based in and/or housed overseas. The use of such programs by us or by our third party service providers may involve disclosure of your Personal Information to such organisations overseas. Use and disclosure of your Personal Information by such organisations is in accordance with the terms and conditions and privacy policies of such organisations.

11.3 Some overseas countries may be prescribed by regulations under the Act as having comparable privacy laws or schemes which provide you with adequate protection, in which event we are not required to take further precautions or to obtain your consent. It is possible, however, that some foreign jurisdictions will not provide the same level of protection of Personal Information as in Australia in which case (unless we have obtained your consent to the disclosure) we will take reasonable steps to ensure that entities in those countries are obliged to act in accordance with the Australian Privacy Principles when handling your Personal Information.

11.4 See the table below showing the products we use (which may change from time to time) and links to their privacy policies.

Adyen

Netherlands, Germany, Belgium, United Arab Emirates, Hong Kong, Malaysia, United States, United Kingdom, Spain, Mexico, Italy, India Germany, France, Brazil, China, Sweden, Australia, Japan, Canada, Poland, Singapore

https://www.adyen.com/policies-and-disclaimer/privacy-policy

Microsoft

Microsoft maintains major data centres in Australia, Austria, Brazil, Canada, Finland, France, Germany, Hong Kong, India, Ireland, Japan, Korea, Luxembourg, Malaysia, the Netherlands, Singapore, South Africa, the United Kingdom, and the United States

https://privacy.microsoft.com/en-us/privacystatement;
https://clarity.microsoft.com/terms

Freshdesk

United States, the United Kingdom, the European Economic Area and other countries where their third party service providers operate.

https://www.freshworks.com/privacy/

Shopify

Canada, United States, Ireland, Switzerland, United Kingdom and the European Economic Area and other countries.

https://www.shopify.com/au/legal/privacy

Klaviyo

Australia, United States, United Kingdom and Ireland.

https://www.klaviyo.com/legal/privacy/privacy-notice

Formstack

USA, Ireland and other countries where their group of companies and third party service providers operate.

https://www.formstack.com/legal/website-privacy-policy

Zoho

USA, China, India, Mexico, Singapore, UAE, Japan, The Netherlands,

https://www.zoho.com/privacy.html

Powerful Contact Form Builder

Information not available.

https://powerfulform.com/pages/privacy-policy

Brandwatch

United Kingdom, United States, the European Economic Area and other countries where their group of companies and third party service providers operate.

https://www.brandwatch.com/legal/user-privacy-policy/;

Smartsheet

USA and other countries where their group of companies and third party service providers operate

https://www.smartsheet.com/legal/privacy

Talon One

Australia, Germany, Unites, States, United Kingdom, Singapore, Finland, Ireland and Sweden.

https://www.talon.one/legal/privacy-policy 

11.5 If you consent to disclosure of your Personal Information as described above, we are not required to take reasonable steps to ensure that such organisations do not breach the APPs in relation to the disclosed information, we will not be liable under the Act for a breach of APP 8.1. The overseas organisation may not be subject to any privacy obligations in their own country that are similar to the APPs and you may not be able to seek redress in the overseas jurisdiction. The overseas recipient could be subject to foreign laws that compel disclosure to third parties, such as overseas authorities. Having been informed of the possibility that such disclosures may occur, you consent to that disclosure by undertaking the type of activities specified above which indicate your consent.

12. Security

12.1 We are committed to ensuring the security of your Personal Information and we will take all reasonable steps to protect this Information from misuse, interference, loss, unauthorised access, modification or disclosure, including:

(a) having a robust physical security of our premises and databases/records;

(b) taking measures to restrict access to personnel who need that information in order for us to be able to provide our products and services;

(c) technological measures, such as strong passwords, data encryption, with Multi Factor Authentication, routine back-ups, EDR solutions, and firewalls; and

(d) 24×7 cyber-security monitoring and surveillance or networks and server infrastructure via an industry leading Security

13. Operations centre service

13.1 We will take all reasonable steps to ensure your Personal Information is accurate and kept up-to-date and relevant for the purposes for which it may be used pursuant to this Privacy Policy.

13.2 Please note that our website does not provide systems for secure transmission of Personal Information across the internet, except where otherwise indicated. When emailing or providing Personal Information to us via our website, please be aware that there are risks involved in transmitting Personal Information via the internet. Our website may contain links to other websites. We have no control over the privacy practices employed at other websites and we accept no responsibility for Personal Information provided via unsecured websites.

13.3 We cannot provide a guarantee with respect to the security of your Personal Information and we will not be liable for any breach of security or unintended loss or disclosure of information due to the website being linked to the internet.

13.4 Orders submitted through our online ordering service must be paid for by credit card or debit card via a payment facility provided by a third-party payment gateway provider.

13.5 We do not collect or store your credit card or debit card details. By placing an online order with Bakers Delight, you are providing your credit card or debit card information to the third-party payment gateway provider and not to us. Whilst we have taken reasonable steps to ensure the third-party payment gateway provider will comply with privacy laws, Bakers Delight and its franchisees cannot provide a guarantee with respect to the security of your payment information. To the extent permitted by law, Bakers Delight and its franchisees are not liable to you for any loss, claim, cost, expense, damages or liability, including but not limited to loss of data, loss of profits, loss of goodwill or any other direct, indirect, special or consequential loss or damage, suffered or incurred by you or any other person as a result of or arising from any breach of security or unintended loss or disclosure of your payment information.

14. How to check or change your details

14.1 There is a Bakers Delight Privacy Officer at our national office.

14.2 If you wish to view the Personal Information we hold about you, please send your request to our Privacy Officer by email, mail or fax using the contact details at the end of this Privacy Policy. A fee may apply for such access. If we deny your request for access, we will let you know why.

14.3 We will endeavour to keep all Personal Information accurate, up-to-date and complete.

14.4 If you wish to amend your Personal Information because it is inaccurate, out of date, incomplete, irrelevant or misleading, or if you wish your Personal Information to be deleted, please contact our Privacy Officer who will verify your identity. If we refuse to comply with your request, we will let you know why.

15. How long will we keep your Personal Information?

15.1 We will keep your Personal Information only for as long as required for our functions or activities and otherwise as required by Australian law. Where we no longer need to keep your Personal Information, we will take reasonable steps to destroy or de-identify your Personal Information.

15.2 If you wish to have your Personal Information destroyed or de-identified, and if we are not required to keep it for legal, auditing or internal risk management purposes, please contact us in any of the ways specified at the end of this Privacy Policy and we will take reasonable steps to comply with your request.

16. Changes to our Privacy Policy

16.1 From time to time we may decide to amend or update this Privacy Policy. When this occurs, we will post the new version of the Privacy Policy on our website. We encourage you to periodically review this Privacy Policy so that you remain informed as to how we are protecting your Personal Information.

17. Mandatory data breach reporting

17.1 In the event of a notifiable data breach, we will comply with our obligations under the Act and report the breach to the Office of the Australian Information Commissioner (“OAIC”) and those individuals who are affected by the breach.

17.2 A data breach is a “notifiable data breach” if it is a breach which is likely to cause “serious harm” to an individual. Serious harm is not defined in the Act but includes physical, psychological, emotional and reputational harm as well as financial/economic harm.

17.3 In determining whether a data breach does or may cause serious harm, we will consider the following factors:

(a) the kind or kinds of information involved;

(b) the sensitivity of the information;

(c) whether the information is protected (e.g. encrypted, password protected) and the strength of those security measures;

(d) the persons who have or could obtain the information;

(e) the likelihood that the information could be misused;

(f) the nature of any potential harm that would result from the data breach; and

(g) any other relevant matters.

17.4 If we become aware that a notifiable date breach may have occurred, we will conduct a prompt assessment and, if a serious breach is confirmed, will notify the Privacy Commissioner as soon as practicable. If the data breach does not constitute a notifiable breach, we are not required by law to report it.

17.5 If you think that a data breach at Bakers Delight may have affected your Personal Information and you have not been told, you have the right to contact us for information about the data breach (including whether your Personal Information was affected).

18. Complaints

18.1 If you believe that we have not complied with our obligations pursuant to the Act, or have a complaint about the use or disclosure of your Personal Information by us or any of our franchisees, please contact our Privacy Officer or a member of our Human Resources department. We will discuss your concerns with you and take action as necessary to address such concerns which may include contacting us to take the matter further.

18.2 We will endeavour to resolve your complaint as soon as possible. However, the length of time will depend on the nature and complexity of the issues you have raised.

18.3 You will receive an acknowledgement of receipt of the complaint from us within five business days. We will give you an estimate of how long it may take us to deal with the matter but we will endeavour to finalise the matter within 30 days.

18.4 If we decide that your complaint is justified, we will then decide what action we should take in response. We will always try to match our response to the nature of your complaint and your desired outcome, but this may not always be possible.

18.5 Some of the things that we may decide to do include:

(a) take steps to rectify the problem or issue you have raised;

(b) provide you with additional information or advice so that you can understand what happened and how we have dealt with it;

(c) take steps to change our policies or procedures if your complaint identifies a problem in the way we are doing things.

18.6 It will not always be possible to resolve a complaint to everyone’s satisfaction. In that case, you might want to escalate the matter to the Privacy Commissioner via an online privacy complaint form which can be found at: http://www.oaic.gov.au/privacy/making-a-privacy-complaint.

18.7 You can find out more information about the Privacy Act and the Australian Privacy Principles from the Australian Information Commissioner. The Information Commissioner may be contacted at www.oaic.gov.au (email - enquiries@oaic.gov.au).

18.8 We welcome your questions and comments regarding this Privacy Policy. If you have any suggestions as to how we may improve our Privacy Policy, please contact the Privacy Officer at Bakers Delight.

Privacy Officer Details

Bakers Delight Holdings Ltd

Corporate Support Office

Level 1, 293 Camberwell Road, Camberwell Vic 3124

Privacy Officer: Group Manager of Human Resources

Telephone: +613 9811 6111

Email: privacy@bakersdelight.com.au