Our Privacy Commitment
Harvey Norman Holdings Limited ACN 003 237 545 ("HNHL") and its subsidiaries are committed to managing your personal information openly and transparently and to keeping your personal information safe. We will take all necessary measures to fulfil this commitment, including to comply with the Privacy Act 1988 (Cth) (“Act”) and the Australian Privacy Principles ("APPs").
About this Policy
HNHL is the holding company of a number of different subsidiaries ("HNHL Subsidiaries"). Some HNHL Subsidiaries carry on their own businesses which include, but are not limited to, retail businesses, provision of credit businesses and installation of goods businesses.
References to "our", "us" and "we" in this policy are references to HNHL and the HNHL Subsidiaries.
We operate in multiple jurisdictions, currently including Australia, New Zealand, Ireland, Northern Ireland, Malaysia, Singapore, Croatia and Slovenia. The HNHL Subsidiaries operating overseas are bound by the respective privacy and personal data protection legislation of those countries. For such HNHL Subsidiaries, where a requirement of any applicable legislation in the relevant country is inconsistent with this policy, that legislative requirement will apply.
This policy is intended to explain clearly and in plain language some of the key processes and procedures that we have implemented to manage your personal information, to protect your privacy and to comply with the Act and the APPs.
This policy gives a broad overview of our policies in relation to privacy but if you require further information, you are welcome to contact us or to read any of the privacy statements or notices that will be issued to you as and when personal information is collected.
What sorts of personal information do we collect?
Depending on the exact nature of our relationship with you, we may request that you provide some or all of the following information:
information that we may require to initially identify you, including your name, home address and your date of birth;
information that we can use to contact you, including your telephone number, mobile number, email address, work address, mailing address;
information we may require to confirm your identity, including your driver's licence number, passport details, business name, Medicare card;
information that may assist us to confirm your financial position or credit history when you are considering a finance or credit arrangement, including your credit card details, bank details, purchase history or transaction details and loan and credit information where finance arrangements apply.
It would be unusual for us to need to collect all or even most of the above information from you however the information we will require will depend on the specific service or services that we are providing to you. We will only collect personal information from you that is necessary and relevant to our relationship with you and that we reasonably require in order to satisfactorily perform the services that you require from us.
Generally, we will not collect sensitive information (which includes information about your religion, political views, ethnicity, criminal records and sexual preferences). However, we may need to collect some sensitive information if you are applying for a job with us and you have provided us with your consent to do so or we are otherwise authorised to collect such information under the Act.
Why do we require your personal information?
There are various reasons why we might need to collect, hold, use or disclose your personal information and this will depend upon the specific services that we are providing to you but we will tell you the main reason for asking for your personal information at the time when we ask you to provide it.
Broadly, the reasons that we will need to collect your personal information include:
to provide a service to you, or in relation to a service that we are about to provide to you and for contacting you in relation to those services, which primarily include: the sale, rental and delivery of goods; issuing gift cards; providing credit; = processing of warranties and coordinating the installation of goods;
to contact you or otherwise deal with you in relation to any shares held or to be held by you in HNHL;
to contact you in relation to an event, special offer or product that you might be interested in;
preventing fraud and other criminal activities;
to assist us to run our business and to improve our services and performance, including staff training, accounting, risk management, record keeping, archiving, systems development, developing new products and services and undertaking planning, research and statistical analysis; and
to comply with our legal obligations.
There is no obligation for you to provide us with any of your personal information but if you choose not to provide us with your personal information, we may not be able to provide the information, goods or services that you require.
How do we collect your personal information?
The means by which we collect your personal information will depend on the nature of the service that we are providing to you.
We may collect your personal information:
(a) directly from you, either in person or over the phone;
(b) when you register as a member of any of our websites;
(c) when you place an order via any of our websites;
(d) when you access and interact with any of our websites;
(e) from publicly available sources, for example, the electoral role, the telephone directory or from other websites; or
(f) from other sources.
We will always collect your personal information directly from you unless it is impracticable to do so.
Collecting personal information about others
You represent and warrant to us that where you provide personal information to us about another person:
(a) you are authorised to provide that information to us;
(b) you have obtained the express consent of the individual to disclose their personal information to us for the use of that personal information by us, including for use in our business and to provide services;
(c) you have complied with the Act, including the APPs in collecting that personal information, including by making all relevant notifications required under APP 5 and specific to our use of the personal information; and
Unsolicited personal information
How do we use or disclose your personal information?
We may use and disclose your personal information for the purposes for which it was collected or for a related purpose. Some examples include but are not limited to:
(a) considering your request for a product or service;
(b) enabling us to provide a product or a service to you;
(c) facilitating and processing your orders;
(d) carrying out or responding to your requests;
(e) communicating with you, maintaining records and carrying out all administrative functions in relation to, or in connection with, shares held or to be held by you in HNHL;
(f) disclosing your personal information to third party suppliers in connection with our goods or services;
(g) disclosing your personal information to third party service providers, including to assist us in providing and improving our services to you, and to analyse market trends and better understand your needs or to develop, improve and market our products and services to you;
(h) for regulatory reporting and compliance with our legal obligations;
(i) disclosing your personal information to our financial, taxation and legal advisors and to debt collectors;
(j) disclosing your personal information to relevant third parties to undertake fraud checks;
(k) disclosing your personal information to various regulatory bodies and law enforcement officials and agencies to protect against fraud and for related security purposes;
(l) performing administrative and operational tasks (including risk management, systems development and testing, staff training and collecting debts);
(m) for use in a database compiled by us or our third party service providers for use in direct marketing of promotions, products and services that we, or our third party service providers, think may be of interest to you;
(n) seeking your feedback in relation to particular products or services, customer satisfaction and our relationship with you and to manage any complaints;
(o) disclosing your personal information to our subsidiaries, related bodies corporate and controlled entities including for the direct marketing by those entities of promotions, products and services offered by those entities;
(p) monitoring or improving the quality and standard of service that we provide to you;
(q) considering any concerns or complaints you may raise against us;
(r) disclosing your personal information our agents, successors and/or assigns (including to any purchaser or proposed purchaser of any one or more of our businesses);
(s) notifying you of offers that may be of interest to you; and
(t) for better understanding your preferences.
Do we share your personal information with others?
Wherever possible, we will limit the information provided to independent third parties to that information required for those third parties to properly perform their functions.
Do we use your personal information for marketing purposes?
As part of the services that we provide to you, we may:
(a) use personal information that we have collected about you to identify a product or service that may benefit you;
(b) contact you from time to time to let you know about a product or service that we believe you might be interested in; and
(c) disclose your personal information to our related entities or business partners or to third parties to enable them to tell you about a product or service that you might be interested in.
Where we intend to use your personal information for direct marketing purposes, we will seek your consent to do so prior to using your personal information. You can opt-out, unsubscribe or make a request not receive direct marketing communications from us, by calling 02 9201 6111 or by writing to us at A1 Richmond Road, Homebush West, NSW 2140. Additionally, each direct marketing communication, including all emails and SMS, will include an opt-out or "unsubscribe" option which will immediately indicate to us that you no longer wish to receive materials of this kind. You may make a request that we do not disclose your personal information to facilitate direct marketing by another organisation and you may request that we provide you with the source of any personal information we use for direct marketing purposes. Any such requests will be actioned within a reasonable period of time and there will be no charges to you for making, or to you from us actioning, such requests.
How do we store your personal information?
We have implemented appropriate processes and techniques to protect personal information from loss, misuse and interference and from unauthorised access, modification or disclosure. In addition, access to your personal information is limited to those who specifically need it to conduct their responsibilities.
We take all necessary steps to destroy or permanently de-identify your personal information where it is no longer required and to protect your personal information from loss, misuse and interference and from unauthorised access, modification or disclosure.
While care is taken to protect your personal information on our websites, unfortunately no data transmission over the Internet is guaranteed as 100% secure. Accordingly, we cannot ensure or warrant the security of any information you send to us or receive from us online. This is particularly true for information you send to us via email as we have no way of protecting that information until it reaches us. Once we receive your personal information, we are required to protect it in accordance with the Act.
What if there is a breach in relation to my personal information?
We take breaches of your privacy very seriously. In the event that there is a data breach relating to personal information that we hold about you, such as loss of, unauthorised access to, or unauthorised disclosure of, the information (“Data Breach”), we will take steps to contain and remedy any effects of the Data Breach in accordance with our Data Breach Response Plan. Where required under the Act, we will notify you and the Office of the Australian Information Commissioner (“OAIC”) of the Data Breach.
Maintaining your personal information
We take reasonable steps to ensure that:
(a) the information that we collect about you is accurate, complete and up-to-date at the time of collection;
(b) when we use your personal information, it is accurate, up-to-date, complete and accurate at the time of use; and
(c) if we disclose your personal information, it is accurate, up-to-date, complete and accurate at the time of disclosure. You warrant that all information that you provide to us is accurate, complete and up to date at the relevant time.
Will we disclose your personal information to anyone overseas?
There may be circumstances where we need to disclose your personal information that we hold about you to a third party overseas ("Overseas Recipients"). This may occur, for example, where we have a database or server hosted outside Australia.
Prior to us disclosing your personal information to an Overseas Recipient, APP 8.1 requires that (unless an exemption applies) we take all reasonable steps to ensure that the Overseas Recipient complies with the APPs (other than APP 1) in relation to your personal information unless we reasonably believe that:
(a) the Overseas Recipient is bound by laws that offer you at least as much protection as the APPs; and
(b) that you are able to enforce your rights under those international laws in the event of any breach, (the "Overseas Disclosure Obligations").
We will take all reasonable steps to satisfy our Overseas Disclosure Obligations.
The countries to which we are most likely to send your personal information include New Zealand, United Kingdom, United States of America, Singapore, Malaysia, Croatia, Slovenia and Ireland.
How can you access your personal information?
Usually we will be able to provide you with access to your personal information upon receipt of your written request, either by email sent to HNPrivacy.Officer@au.harveynorman.com or by post sent to The Privacy Officer, A1 Richmond Road, Homebush West, NSW 2140, and confirmation of your identity. There are some limited circumstances in which we may not be able to provide you with access to your personal information when requested. Such circumstances might include where access would pose a serious threat to the life, health or safety of another person or where such access would unreasonably impact on the privacy of others.
Where you request access to your personal information, we will respond to any such request in accordance with the Act.
We may recover from you our reasonable costs of supplying you with access to your personal information but we will not charge you for any request you might make to access your information.
How can you seek to correct your personal information?
We do what we can to ensure that the information we hold about you is accurate, complete, up-to-date, relevant and not misleading. To assist us to do this, it is imperative that you provide us with correct information at the time you provide it to us and immediately inform us if any of the information changes at any time. You may make a request that we correct any of your information. We would prefer your request to be in writing.
We will respond to any requests regarding the correction of your personal information within a reasonable period after the request is made in accordance with the Act.
We will not charge you for any request to correct your personal information, nor will we pass on to you any costs incurred by us in correcting your personal information or for associating a statement with your personal information.
What if you want to make a complaint about some aspect of our privacy procedures?
We are committed to maintaining and protecting your privacy but it is possible that in limited circumstances, mistakes might be made. If you are concerned with the way your personal information has been handled then you are entitled to make a complaint. If you would like to lodge a complaint, please contact us through our Privacy Compliance Officer, whose details are set out below.
The Privacy Officer
Postal address: A1 Richmond Road Homebush West NSW 2140
E-mail address: HNPrivacy.email@example.com
Phone: 02 9201 6111
If your personal information has not been handled in an appropriate way, we will do our best to remedy your concerns as quickly as possible.
If your complaint is not satisfactorily resolved, you may approach an external dispute resolution service or apply to the OAIC to have the complaint heard and determined.
Protecting your identity
Wherever it is practicable, we will always provide you with the option not to identify yourself when dealing with us. Alternatively, you may elect to use a pseudonym to protect your identity.
Links to other websites
The website may contain links to websites which are owned or operated by third parties (being parties that are unrelated to us). You should make your own enquiries as to the privacy policies of these parties. We are not responsible for information on, or the privacy practices of, such websites.
Changes and exemptions to this policy
How can you contact us?
Please find below our contact details. Please do not hesitate to contact us in relation to any privacy-related concerns and we will use our best endeavours to address any such concerns thoroughly and in a timely manner.
The Privacy Officer
Postal address: A1 Richmond Road Homebush West NSW 2140
E-mail address: HNPrivacy.firstname.lastname@example.org
Phone: 02 9201 6111
You can contact us without identifying yourself. However, if you choose not to identify yourself, it may be more difficult for us to assist you with your enquiry. This will depend on the nature of your enquiry.
Express consent to collection, storage, use and disclosure