Privacy Policy

Last updated: 26 August 2024

1. Scope of This Policy

Retail Food Group Limited ACN 106 840 082, RFGA Management Pty Ltd ACN 071 765 609 trading as Retail Food Group (Australia) and our subsidiaries ("we", "our", "us", "Retail Food Group") recognise the importance of your privacy and are committed to ensuring compliance with the Australian Privacy Principles, the Privacy Act 1988 (Cth) ("Privacy Act") and to the extent that it applies to you and the processing of your personal information, the European Union General Data Protection Regulation ("GDPR").

This privacy policy ("Privacy Policy") sets out how we collect, use and manage your personal information and how to contact us about the matters outlined herein.

By using our websites, applications, products and services, or providing your personal information to us, you consent to your personal information being collected, held, used and disclosed as set out in this Privacy Policy.

2. Who We Are

When you engage with us via the methods outlined under Section 4 of this Privacy Policy, your information is controlled by a member of Retail Food Group. The list of relevant Retail Food Group data controllers include the following (and are subject to change from time to time):-

  • Retail Food Group Limited ACN 106 840 082;

  • RFGA Management Pty Ltd ACN 071 765 609;

  • Donut King (Donut King System Pty Ltd ACN 097 339 645);

  • Gloria Jean's (Gloria Jean's Coffees International Pty Ltd ACN 111 885 413 and Jireh International Pty Ltd ACN 071 676 661);

  • Crust (CGP Systems Pty Ltd ACN 1595 979 469);

  • Rack Em Bones BBQ Ribs (Rack 'em Bones System Pty Ltd ACN 659 537 961);

  • Pizza Capers (Capercorp Pty Ltd ACN 121 441 414);

  • Brumby's (Brumby's Bakeries System Pty Ltd ACN 106 815 025);

  • Beefy's (Meaty Trading Pty Ltd ACN 672 672 481);

  • Café2U (Cafe2U Pty Ltd ACN 108 220 177);

  • The Coffee Guy (TCG IPROP Pty Ltd ACN 160 830 213);

  • Di Bella Coffee (Di Bella Coffee Retail and Wholesale Pty Ltd ACN 099 088 436, Di Bella Coffee Domestic GJC Supply Pty Ltd ACN 104 806 813 and Di Bella Coffee Network Supply Pty Ltd ACN 123 183 737);

  • Café Palazzo (Di Bella Coffee Retail and Wholesale Pty Ltd ACN 099 088 436); and

  • Michel's Patisserie (Michel's Patisserie System Pty Ltd ACN 132 424 947).

3. What is Personal Information?

For the purposes of this Privacy Policy, "Personal Information" is information or an opinion relating to you as an identified individual or an individual who is reasonably identifiable, whether or not the information or opinion is true and whether or not it is recorded in a material form. 

4. Information We Collect and Hold and Methods of Collection

The type of Personal Information collected by us may differ depending on the circumstances of collection, including whether you are a customer or are one of our suppliers, employees, independent contractors, consultants, franchise partners, master franchise partners, area developers or are applying to be any of these things.

We collect information you provide to us

For example, we may collect information about you that may be Personal Information during the course of:

  • you using any of our websites ("Websites") to purchase products or access our services, creating an account, signing up to our newsletters and/or joining our loyalty programs. We may ask you information such as your name, username, password, city of birth, date of birth, mobile phone number, e-mail address, postal address, telephone number and financial account information, such as your credit card number and other payment information. We will deal with your credit card number and other financial account information in a secure manner;

  • you buying products or receiving services at our stores or those operated by our franchise partners, master franchise partners, area developers or their licensees, including through our loyalty programs or otherwise. We may collect information on what you buy, where you buy, how frequently you buy and rewards you earn;

  • you applying to be a franchise partner, area developer or master franchise partner. We may also collect necessary Sensitive Information (as defined in the Privacy Act) or Sensitive Personal Data (as defined in the GDPR) from you to process your application, which may include your name, date of birth, mobile or cell number, business experience, criminal history, drivers licence information, residency status, English comprehension, general family unit information and information regarding your financial position. We will not disclose any Sensitive Information or Sensitive Personal Data collected from you to any third parties without your prior consent or unless required by law;

  • you participating in competitions, promotions, or surveys. We may collect your name, mobile or cell phone number, e-mail address, postal address, demographic information and information about subjects that may interest you;

  • you applying to be a supplier. Information we collect may include your name, mobile or cell phone number and e-mail address;

  • your use any of our mobile or tablet applications ("Apps");

  • you interacting with us and provide Personal Information by any other means, including either physically or electronically (including but not limited to any chat box on our Websites); and/or

  • you applying for employment with us, are employed by us, or are employed by any of our franchise partners, master franchise partners or other licensees.

We collect information through automated technology methods

Every time you use our Apps and/or Websites, information may be collected by our providers or otherwise on our behalf (including but not limited to Google Analytics) via automated technology such as cookies and tracking technologies ("Automated Technology").

Types of information collected via Automated Technology include:

  • The date and time you visit our Apps and/or Websites;

  • Your IP address;

  • The type of browser and operating system you are using;

  • Any referring webpage (a page that has led you to ours) or application;

  • Online activity on other websites, applications or social media;

  • Usage data, including how you use the Website or App, such as the pages you visit, the links you click on, the time you spend on each page and the actions you take;

  • General geographical location of the operating system you are using.

Cookies

"Cookies" are small pieces of data sent from a web server to a web browser that enable a web server to track activity on our Websites and Apps store certain information. For further information on cookies, visit allaboutcookies.org.

We use cookies to:

  • identify you on our Websites and Apps so that we can provide more customized information and services to you;

  • track browsing behaviour and engagement with social media plugins;

  • provide personalised advertisements or content; and

  • analyse our traffic and how users use our Websites and Apps.

The types of cookies we may use include the following:

  • Necessary: Necessary cookies are required to enable the basic features of the website, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Functional: Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Analytic: Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Performance: Performance cookies are used to understand and analyse the key performance indexes of the website which helps in delivering a better user experience for visitors.

  • Advertisement: Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.

The cookies we may use in these categories may be identified in our cookie banner which displays on our Websites and Apps and in the cookie preferences under the Cookie Icon or Cookie Preferences button (as the case may be) at the bottom of our Websites and Apps.

How to Manage Cookies

You may at any time opt out or customise your cookie preferences for our use of cookies on each of our Websites and Apps by:

  • disabling the use of cookies by reviewing your browser's preferences and options;

  • adjusting your cookie preferences via the cookie banner or the Cookie Icon or the Cookie Preferences button (as the case may be) at the bottom the Website or App you are visiting.

Please note that disabling or blocking some types of cookies may affect your experience of our Websites and Apps and the services we are able to offer. Further, opting-out of the use of cookies on our Websites or Apps does not opt you out from the use of cookies on all of our Websites and Apps.

Online Tracking

We use tracking technologies on our Websites and Apps (such as beacons, pixels, clear gifs, single pixel gifs, tags and scripts) to make our Websites and Apps accessible, collect and track website visitor information and to improve and or analyze our services.

The trackers used on our Websites and Apps are identified in the cookie banner. They track and share the content you provide to the mentioned service provider. We recommend that you refer to the privacy policies maintained by these service providers for information on their privacy practices.

If you want to opt out of the above trackers using cookies to collect and track information from your device, you can adjust your cookie preferences via the cookie banner or the blue Cookie Icon on the bottom left corner of our Websites and Apps.

We collect information through third parties

We may also collect Personal Information about you from third parties, including when:

  • You apply for employment with us via job application platforms such as Seek or through other service providers, agents or contractors acting on our behalf (such as recruiters);

  • You participate in or follow our social media pages or profiles;

  • You lace any order via any online ordering platform or application; and

  • You have consented to a third party disclosing your Personal Information to us (i.e when you enter a competition or promotion run by a third party for us).

5. Opt-Out of Marketing Communications

We may send you information about products and services of ours that we think you might like, in the form of newsletters, marketing or promotional materials.

If you are subscribed to our marketing communications, you can later opt out by:-

  • following the unsubscribe link in marketing communication from us; and/or

  • contacting us directly at privacy@rfg.com.au.

Upon receipt and processing of an "opt out" request, we will remove your information from the marketing communication to which your request relates to. Please note that we may still send service communications about your transactions, applications or your account. We may also send you communications if you subsequently enter our contests, competitions, prize draws or have otherwise resubscribed. Furthermore, opting out of one communication does not mean you have opted out of other forms of communication as well.

6. How Do We Use the Information We Collect?

We may use the information collected (including Personal Information) to:

  • maintain, develop, operate, evaluate and improve our products and services;

  • analyse and monitor trends and usage;

  • offer you other products or services that we believe may be of interest to you;

  • process your franchise, area development or master franchise applications;

  • manage your account, including processing and fulfilling your requests for our products and services and business affiliates and to respond to your enquiries;

  • communicate with you, including by email and to assist you with any questions you have about our products and services (including your franchise agreement, master franchise agreement, area development agreement, or employment agreement, if applicable);

  • provide you with marketing information, including news, special offers, and general information (unless you have opted out of receiving such communications);

  • improve the design and content of our Websites and Apps;

  • protect the security or integrity of our Websites and Apps;

  • cooperate with government officials or parties in litigation under process of law, or as otherwise required by law;

  • protect against a threat of safety or destruction of property;

  • protect against legal liability;

  • evaluate or conduct a merger, divestiture, restructuring, reorganisation, dissolution or other sale, assignment, licence or transfer or some or all of our assets in which Personal Information held by us is among the assets transferred; and/or

  • comply with our legal obligations.

In all cases, however, our agents, employees and contractors who have access to Personal Information are required to protect this information in a manner that is consistent with this Privacy Policy.

7. How Do We Share the Information We Collect?

We recognise the trust with which you provide Personal Information to us and except as stated in this Privacy Policy or required by law, your Personal Information will not be used or disclosed other than for purposes described herein without your consent.

We may share your Personal Information with:

  • parties that provide services to us (such as credit card processors, mailing houses or website hosts) and that help us market and sell our products and services (such as email vendors or marketing consultants);

  • our franchise partners, master franchise partners or their sub franchisees, area developers or other licensees;

  • product or service suppliers and/or distributors;

  • our sponsors, advertisers, business partners and third-party vendors;

  • our affiliates, related entities and subsidiaries under common control (some of which may be located overseas);

  • others that you have been informed of at the time any Personal Information is collected from you;

  • third party organisations for purposes directly related to the purpose for which the Personal Information is collected;

  • our professional advisors auditors, bankers, insurers consultants, contractors, agents and representatives;

  • our agents, affiliates or service providers who act for or on our behalf in connection with any of our franchise systems or other businesses;

  • required parties in connection with or during the negotiations of any merger, or sale of company assets, financing or refinancing, or acquisition of all or a portion of our business by another party;

  • other users, for example, where you share Personal Information or otherwise interact in public areas (such social media or public forums) such information may be viewed by all users and may be made publicly available;

  • landlords (including their agents), landlord brokers or advisors, and franchise business brokers or advisors;

  • other parties where required or authorised by law or regulation to do so;

  • other parties, if it is in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend our rights, investigate possible wrongdoing in connection with us or you, to protect personal safety of our users or the public or to protect against legal liability; and/or

  • other parties not mentioned above, for any other purpose with your consent.

8. Retention of Your Personal Information

We will retain and use your Personal Information only for:

  • as long as reasonably necessary for the purposes contemplated by this Privacy Policy;

  • compliance with our legal obligations (for example, if we are required to retain your information to comply with applicable laws);

  • resolution of disputes; and/or

  • enforcement of our legal agreements and policies.

9. Storage and Transfer of Information

Your Personal Information is processed and securely stored at a cloud computing location in Sydney, Australia. Some third party vendors collect our data and are located in the United States. Data is transferred using secure communication protocols. Please note that your information may be maintained or transferred to servers located outside your state, province, country or other governmental jurisdiction where data protection laws may differ to those from your jurisdiction. Your consent to this Privacy Policy followed by your submission of Personal Information represents your agreement to that transfer.

We will take reasonable steps to ensure that your Personal Information is treated securely and in accordance with this Privacy Policy, and no transfer of your information will take place to an organisation or a country unless there are adequate security controls in place.

10. Third Party Service Providers

We use third party service providers and as a result, they may have access to your Personal Information. These third party service providers collect, use, process and transfer information about your activity with us in accordance with their privacy policies.

Examples of the third party service providers we use include (but are not limited to):

  • Website: We use third party service providers to establish, host and or maintain functionality of our Websites, delivery locations and ordering services.

  • Analytics: We use third-party service providers to monitor and analyze the use of our service on our Websites.

  • Franchise Applications: We may use third-party service providers or platforms to collect information from you to process your application to be a franchise partner, area developer, master franchise partner and/or issue relevant documentation for e-signature.

  • Payments: We use third-party services for payment processing and will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your Personal Information is governed by their privacy policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa and Mastercard. PCI-DSS requirements help ensure the secure handling of payment information.

This Privacy Policy does not apply to other companies or organisations or websites to which Retail Food Group is linked (including where we provide links to third party websites on our websites or applications), and we are not responsible for the privacy practices of any third parties. Any information you provide via platforms of third parties such as those listed above, will be managed by the terms, conditions and policies of that service provider.

11. Children's Privacy

We do not knowingly address or collect Personal Information from Children (as defined by applicable laws). If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us.

If we become aware that we have collected Personal Information from a child without verification of parental consent, we will take steps to remove that information from our servers.

12. Security

The security, integrity and confidentiality of your Personal Information is extremely important to us. We endeavour to take all reasonable steps to protect your Personal Information from misuse, interference, loss, unauthorised access, modification or disclosure. Such security measures include technical, administrative and physical security measures. We regularly review our security measures to consider new and improved methods and technology.

Please note that, despite our best efforts, such security measures are not perfect or impenetrable, and we are not responsible for any damages or liabilities relating to any such security failures. Furthermore, our Websites and Apps may contain links to other websites. We are not responsible for nor can we ensure the privacy practices or content of such other websites or their owners or operators.

Nothing in this Privacy Policy is intended to limit any rights you or we may have under applicable law that cannot be legally limited.

13. Master Franchise Partners

Many of our master franchise partners operate their own websites and customer lists and are required to comply with data protection laws in their territory. We do not control the use or disclosure of Personal Information by them and are unlikely to have access to Personal Information held by them outside of Australia. Our master franchise partners outside of Australia are independently responsible for ensuring the processing and storage of Personal Information in compliance with all applicable laws. As such, please contact the relevant master franchise partner directly if you feel there is a breach of your privacy and/or data protection rights.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will post the updated policy on our Websites and Apps and update the effective date. We will provide you with notice if these changes are material and where applicable, obtain your consent. Such notice may be via email to the last email address you provided us, by posting notice on our Websites and/or Apps, or by other means in accordance with applicable law. We otherwise encourage you to review this Privacy Policy periodically to stay informed about our information and privacy practices.

15. Your Rights

We use our reasonable endeavours to ensure that your Personal Information is accurate, complete, and relevant for the purposes for which we use your Personal Information under this Privacy Policy.

In addition to your rights related to automated decision making under Section 4 of this Privacy Policy you have the right to access and correct the Personal Information we hold about you. There are some circumstances in which we are not required to give you access to your Personal Information. If this is the case, we will, to the extent we are able to, let you know the reason why.

If you are an EU resident, in addition to the rights above, you may also have the right to data erasure, data portability, restriction of processing, and the right to object to processing of your personal data.

You can exercise your rights by contacting us via a method noted below.

16. Contacting Us

If you have questions regarding our Privacy Policy, the information we collect or hold, wish to exercise your rights in relation to any of your Personal Information we may hold, or if you have a complaint about our privacy practices, you can contact our Privacy Officer via the methods below

Email: privacy@rfg.com.au.

Online Form: Privacy Rights Request Form

We will respond to you within 30 days (or where a period is specified by applicable law, that period) to acknowledge your query or request and inform you of next steps.

17. Contacting Appropriate Authority

If you remain dissatisfied with the outcome or if you wish to lodge a complaint, you may refer the matter to the Office of the Australian Information Commissioner (contact details as at the date of this Privacy Policy):

Website: Lodge a privacy complaint with us | OAIC

Phone: 1300 363 992

Alternatively, if you are located outside Australia and your rights are subject of different privacy legislation or regulations, please contact the relevant government body of your jurisdiction who handles privacy and/or data protection complaints.