PRIVACY POLICY

 

About this policy

This privacy policy relates to how DIIDA PTY LTD (ACN 647 444 568) (DIIDA) collects and handles your personal information. In this policy “we”, “our” and “us” refers to DIIDA.

We review our Privacy Policy regularly to ensure it is up-to-date so we encourage you to review it from time to time.

What is Personal Information?

For the purposes of this policy, “personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Examples include (but is not limited to) your name, contact details, date of birth, state of residence, credit card and personal identification such as a drivers licence.

This Privacy Policy explains how we will treat your personal information.

1                           Open and transparent management

We are committed to maintaining the confidentiality and security of your personal information and managing it in an open and transparent way.

We take our obligations under the Privacy Act 1988 (the “Act”) and the Australian Privacy Principles (“APPs”) very seriously and have implemented practices, procedures and systems to ensure we comply with those laws.

2                           Using a pseudonym or being anonymous

In certain circumstances you may not to identify yourself or use a pseudonym, such as making an enquiry or engaging on our social media accounts.

However not providing us with accurate personal details may prevent us providing you with our services. For example you cannot collect ‘click and collect’ items without showing us identification.

For clarification on circumstances where you must identify yourself, please send an anonymous email to our Privacy Officer at contactus@diida.com.au.

3                           Collection of personal information from you

3.1                 Collection, use and disposal of Personal Information

We collect, use and disclose your personal information to carry out our business including when you visit or shop with us at our stores;

a)         use and contribute to our social media;

b)         use our other digital services;

c)         join our club membership programs;

d)         apply for a job with us; or are engaged to work with us as a contractor or an employee;

e)         otherwise engage with us, such as when you make an enquiry or contact us, or participate in a survey, promotion or competition.

3.2                 Personal information (that is not sensitive information)

We will only collect your personal information where:

(a)       it is reasonably necessary in order for us to carry out one or more of our functions or activities; or

(b)      we are required to by law.

3.3                 Sensitive information

Some personal information (e.g. race, ethnicity, health information etc.) is sensitive and requires a higher level of protection under the Privacy Act. We will only collect your sensitive information when:

(a)      we have your consent; and

(b)     the collection is reasonably necessary for us to carry out one or more of our functions or activities.

3.4                 Exceptions to the need for your consent

We will not need your consent to collect your sensitive information when:

(a)      it is required or authorised by law;

(b)     a “permitted general situation” exists as defined under the Act; and

(c)      a “permitted health situation” exists as defined under the Act.

3.5                 Collection by lawful and fair means

We will only collect your personal information by lawful and fair means. This includes:

Cookies

(a)      Cookies: through various browser tracking software such as “Cookies”. Cookies are small files that are transferred to your computer's hard drive through your web browser and enable our site to recognise your browser and remember certain information. We use cookies to keep track of advertisements and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. You should be able to configure your computer so that it disables cookies or does not accept them. For example, some third party vendors including Google use cookies to deliver advertisements based on your prior visits to their website. You have the option to opt out of Google's use of cookies by visiting the Google advertising opt out page at www.google.com/privacy_ads.html

(b)     Surveillance: by video surveillance in public areas for safety and security purposes;

(c)      Social media and other third party websites: We also use a number of third party websites and social media platforms including Twitter, Instagram, LinkedIn, Facebook and YouTube. We may use information that you provide to us (for example via private messages) or that you make public when you use these services or platforms. The types of information available for use by us may include images and text relating to us or our products, services, promotions, events, club memberships and club cards.

3.6                 Collection from you

Our preference is to try and collect your personal information directly from you as this is the best way to ensure its accuracy.  It also provides you with an opportunity to ask us any questions about our Privacy Policy before collection.

We may collect your personal information when you:

(a)      communicate with us in person, by email, telephone, facsimile, direct mail, visit our website;

(b)     when you enter into agreements with us or through our website;

(c)      purchase or make enquiries about our products or services;

(d)     enter competitions, register for promotions or loyalty programs;

(e)      subscribe to receive marketing materials or request brochures or other information from us; and

(f)        complete surveys, other research or provide us with feedback.

In some circumstances we may not directly collect your personal information.  These include:

(a)      we have your consent to collect it from a third party; or

(b)     we are required or authorised by law; or

(c)      it is unreasonable or impracticable to do so.

4                           Dealing with unsolicited personal information

If we receive your personal information from a third party without having asked you for it, then within a reasonable time, we will determine whether we could have collected it in the ways outlined in paragraph 3 above. If we determine that it could not have been collected in one of those ways and it is lawful and reasonable to do so, then as soon as practicable we will:

(a)      destroy the information; or

(b)     ensure that it is de-identified.

5                           Notification of collection

Before or at the time of collecting your personal information (or as soon as practicable afterwards) we will take reasonable steps to notify you or ensure you are aware of the following:

(a)      our identity and contact details;

(b)     circumstances where we have collected your personal information from you without your knowledge or from someone other than you;

(c)      circumstances where we are required or authorised by law to collect your personal information;

(d)     reasons why we have collected your personal information;

(e)      what may happen if we do not collect all or some of your personal information;

(f)        details of the persons or entities that we usually disclose personal information to;

(g)      how you may access and seek correction of your personal information;

(h)      how you can lodge a complaint with us;

(i)         whether we are likely to disclose your personal information to overseas recipients and if so, details of the likely countries that may receive your personal information.

6                           How we use your Personal Information

6.1                 Personal information that is not sensitive

We will only hold your personal information for the particular purpose of for which we collected it (“Primary Purpose”).

We will not use or disclose your personal information (not being sensitive information) for another purpose (“Secondary Purpose”) unless:

(a)      we first obtain your consent;

(b)     you would reasonably expect us to use or disclose it for a Secondary Purpose that is related to the Primary Purpose or - in the case of sensitive information – directly related to the Primary Purpose;

(c)      we are required to by law;

(d)     a permitted general purpose exists;

(e)      a permitted health situation exists; or

(f)        we reasonably believe it is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.  In this circumstance we will make a note of such disclosure.

6.2                 Analytics and display advertising

(a)      We may anonymise and aggregate your personal information with other information. We may do this to assist us in determining shopping and purchasing preferences and patterns, and to improve our product and service offerings including as described in section 5.

(b)     Where you have not opted out of direct marketing from us (see section 6.1), we may also disclose your personal information to our trusted third party providers. This includes online advertisement networks (such as those operated by Google), social media platforms (such as Meta) or other third party services so they can provide measurement services to us and targeted advertisements to you. Where advertisements are presented on a third-party site (such as Google or Meta), please see their privacy policies for details about how you can opt out.

6.3                 Sharing your personal information

(a)      In some cases we may need to disclose your personal information to third parties who perform functions or services in connection with our business (such as delivery; product repair or recall; payment processing; marketing; surveys; banking; mailing functions; gateway provision; insurance; document management; information technology services including data storage, hosting and security; employment matters; for operation of our websites; or for management of share registry services) or where we are otherwise required to do so by law.

(b)     We may also disclose your personal information to our related companies, and to other third parties where you have specifically consented to that disclosure.

7                           Direct marketing

7.1                 What is direct marketing?

For the purposes of this policy, “direct marketing” is the promotion of goods and services directly to you including through emails, SMS, phone calls, social media and the post.

7.2                 Adoption of direct marketing laws

How we use your personal information for direct marketing is tightly controlled by the Act.

We may use your personal information for the purposes of direct marketing if:

(a)      we have collected your personal information directly from you; and

(b)     you reasonably expect us to use your personal information for the purpose of direct marketing.

7.3                 When we need your consent for direct marketing

Unless it would be impracticable or unreasonable, we need your consent when:

(a)      collecting your personal information from a third party for the purpose of direct marketing; or

(b)     you would not reasonably expect to receive the direct marketing.

If at any time you want to know who provided us with your personal information, then please send a request to our Privacy Officer at contactus@DIIDA.com.au.

We will provide the details of that third party within a reasonable time and without charge.

7.4                 Sensitive information

We will not use your sensitive information for the purposes of direct marketing unless you have given us prior permission in writing.

7.5                 Opting-out

We will always provide a simple means for you to “opt-out” from receiving direct marketing which typically involves a “tick-a-box” on the collection form or through a pop-up on your screen when you provide personal information online.

We will not use or disclose your personal information for the purposes of direct marketing material if you have previously told us not to.

If at any time in the future you do not want us (or one of our service providers) to send you direct marketing material, then you can simply inform our Privacy Officer by contacting them at contactus@DIIDA.com.au. We will affect the change in a reasonable time and without charge.

8                           Cross-border disclosure of personal information

8.1                 Circumstances where we disclose overseas

We may disclose your personal information to an overseas entity in circumstances where we:

(a)      have taken reasonable steps to ensure that they also treat it in accordance with the Act; or

(b)     reasonably believe that the overseas entity is subject to the same or similar laws to that found in the Act and there are ways that you can take action to enforce those overseas laws;

(c)      expressly inform you of your option to consent to that disclosure and you then provide us with informed consent to do so; or

(d)     are required or authorised by law;

(e)      a permitted general purpose exists;

(f)        a permitted health situation exists;

(g)      we reasonably believe it is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.  In this circumstance we will make a note of such disclosure.

8.2                 Overseas disclosure of your personal information

(a)      Some of our related companies and third party service providers perform the functions we have engaged them for in overseas locations.

(b)     Due to the number of third party services providers we work with, it is not practicable to provide an exhaustive list of every country where your personal information may be sent. However, it is likely that your personal information will be sent to the following countries: Australia, China, Germany, India, New Zealand, Singapore, Switzerland, United Kingdom and United States. We may also disclose your personal information internally within our related companies located in Australia, China, and New Zealand.

9                           Government related identifiers

We will not adopt a government related identifier as your identifier unless:

(a)      we are required or authorised by law;

(b)     it is reasonably necessary to verify your identity for the purposes of our activities or functions;

(c)      it is reasonably necessary to fulfil our obligations to an agency or State or Territory authority;

(d)     it is required or authorised by or under an Australian law, or a court/tribunal order;

(e)      some (but not all) permitted general situations exist;

(f)        we reasonably believe it is reasonably necessary for enforcement related activities by, or on behalf of, an enforcement body; and

(g)      where it is allowed under the regulations.

10                   Quality of personal information

We will take such steps (if any) as are reasonable in the circumstances to ensure that your personal information we collect, use or disclose is accurate, up-to-date, complete and relevant.

11                   Security of personal information

11.1         Protection

We will take such steps as are reasonable in the circumstances to protect your personal information:

(a)      from misuse, interference and loss; and

(b)     from unauthorised access, modification or disclosure.

11.2         Our websites

Our Sites may contain links to other websites we have no control over and there are always risks in sharing information over the internet. While we take reasonable precautions so that our Sites are hosted and operate securely, you should also take precautions to protect your information. This might include checking that you are accessing a secure server or for the presence of the unbroken key or closed lock symbol generally located either at the bottom left or top right of your browser window. You could also check that your URL is secure by looking for the first characters ‘https’ (rather than just ‘http’).

11.3         Credit card details

As a merchant, we are required to comply with the Payment Card Industry Data Security Standard (PCI DSS) which is an information security standard for organisations that handle credit or debit card data. This means that when you shop with us, both in-store and online, and we store your credit or debit card details, we are required to use secure processes. But you should still exercise caution when shopping online, and never enter any credit or debit card details when contacting us via email or through our website “Contact Us” form as in these instances those details will not be protected by encryption.

11.4         Storage and destruction

When we no longer need your personal information for a permitted purpose and we are not required to keep it to comply with any laws, we will take such steps as are reasonable in the circumstances to destroy your personal information or to ensure that the information is de-identified.

12                   Access to personal information

Upon your written request we will provide you with a copy of your personal information that we hold unless:

(a)      we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or

(b)     giving access would have an unreasonable impact on the privacy of other individuals; or

(c)      your request for access is frivolous or vexatious; or

(d)     the information relates to existing or anticipated legal proceedings between us and you, and would not be accessible by the process of discovery in those proceedings; or

(e)      giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations; or

(f)        giving access would be unlawful; or

(g)      denying access is required or authorised by or under an Australian law or a court/tribunal order; or

(h)      we have reason to suspect that unlawful activity, or misconduct of a serious nature, which relates to our functions or activities has been, is being or may be engaged in and you giving access would be likely to prejudice the taking of appropriate action in relation to those matters; or

(i)         giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

(j)         giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.

13                   Correction of personal information

13.1         Correction of personal information

We will take reasonable steps to correct your personal information (at no charge) if we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading. This extends to third parties that we have provided your personal information to unless it is impracticable or unlawful to do so.

13.2         Circumstances when we decline to make corrections

In certain circumstances we may decline to correct your personal information. When this occurs, we will provide you with a written notice that sets out:

(a)      the reasons for the refusal; and

(b)     the mechanisms available to complain about the refusal

14                   Making a Complaint

If you have a concern or complaint relating to our handling of your personal information or any breaches of the AAPs please send a written note to our Privacy Officer at contactus@diida.com.au outlining the nature of the complaint. We will endeavour to respond to your complaint within 30 days of receipt. If unresolved, the complaint may be referred to an external complaints resolution entity and finally, if necessary, taken to the OAIC.

If you would like a copy of this Privacy Policy sent to you then please request it by contacting our Privacy Officer at contactus@diida.com.au and we will provide you a copy of this Privacy Policy free of charge.

This policy is current to 20 March 2026.