At Grub Lab Pty Ltd (ACN 633 870 621), herein referred to Grub Lab, we respect the privacy of your personal information in our care. Personal information means information which identifies you as an individual or from which you can be reasonably identified. This Privacy Policy relates to personal information we collect and handle about you as our customers, visitors to our website, apps, social media and other digital services and members of the public.

Grub Lab and Grub Lab Group companies do not sell personal data.

Types of personal information collected

The types of personal information we collect includes:

  • Name;
  • Contact details (including email address, telephone number(s), residential and delivery addresses);
  • Information to identify you;
  • Details regarding participation in loyalty programs and our other clubs and programs operated from time to time;
  • Points accrual and reward details;
  • Authorisations;
  • Records of your communications and interactions with us, and
  • Details/history of preferences, interests and behaviour relating to transactions, products, services and activity with our digital services.

We may not be able to provide our products or services, or make offers to you, without having your personal information. For example, we may not be able to ensure you are awarded loyalty points, contact you or include you on our mailing lists.

Where you provide us with personal information about someone else, you must have their consent to provide their personal information to us based on this Privacy Policy.

How personal information is collected and held

We may collect your personal information in relation to your interactions and transactions with us, which will include when you:

  • Conduct a transaction, or request a service where we collect personal information;
  • Participate in loyalty programs operated from time to time;
  • Participate in a promotion, competition, or survey;
  • Request customer service or contact us;
  • Post a review or comment on one of our websites or social media pages, or post a rating or review or other user generated content on one of our websites or apps; or
  • Otherwise use our related websites, apps, social media and other digital services.

We may monitor and record your communications with us (including email and telephone) for security, dispute resolution and training purposes.

We may also collect personal information about you from third parties including from:

  • Public sources;
  • Information service providers (including for data integrity purposes); or
  • Anyone authorised to act on your behalf.

We hold personal information electronically with the assistance of our service providers. We have a number of security controls in place and use a range of people, processes and technology controls to protect your personal information. Examples of these measures include:

  • Access to personal information is controlled through access and identity management systems;
  • We take steps to protect personal information in accordance with the Office of the Information Commissioner’s Guide to Securing Personal Information; and
  • We also take measures in respect of destroying or de‐identifying personal information that is no longer needed for any lawful purpose.

Our security controls are continually reviewed to ensure that the protection of your personal information is maintained.

Purposes for handling personal information

We handle your personal information in connection with providing, administering, improving and personalising our products and services, and to support our business functions. This can include:

  • To manage your requests for products and services;
  • To register and service your account, including keeping your information up‐to‐date, and verifying your identity;
  • To communicate with you about our products, services and promotions (including direct marketing);
  • To help us improve our products and services, including conducting product and market research;
  • To improve our operational processes to enhance your customer experience;
  • To respond to your feedback, queries or concerns;
  • Working with our service providers;
  • Investigative, fraud and loss prevention activities;
  • Interacting with Regulators and relevant government entities;
  • Any of our related companies and brands
  • As otherwise required or permitted by law.

Using personal information, we endeavour to improve our understanding of your interests, suitability and behaviour in relation to products, services and offers.

We may also handle your personal information to protect our lawful interests and facilitate purchases and potential purchases of our businesses.

We may provide marketing communications and targeted advertising to you on an ongoing basis by telephone, electronic messages (e.g. email, in-app notifications), our digital services and other means, unless you opt out by following the prompts in an electronic message, or by emailing support@grublab.io. These communications may relate to the products and services we provide, and other products which may be of interest to you.

Sharing of personal information

We work with a number of suppliers that carry out specific functions on our behalf involving personal information, and include companies that assist us with:

  • Technology services including application, development and technical support, processing, storing, hosting and analysing data;
  • Communicating our offers and promotions to you;
  • Product development and market research;
  • Business advisory services, such as our lawyers, accountants or other professional service providers to extent reasonably required; and
  • Administrative services, including mailing services, archival, and contact management services.

Some of our service providers, including technology or data storage providers, are multinational companies. However, all services, data and technology solutions are housed in Australian data centres.

The receipt, use, storage and handling of personal information by our suppliers is subject to their privacy policies. You can find more details in those policies, including information on how to opt‐out of certain conduct. Bear in mind, you may need to opt‐out separately from each service. You can contact us to request further details of the services we use. Many of these services operate without collecting or using any personal information.

Digital services

We provide information and services through a range of digital and online services including websites (e.g. grublab.io) apps, email, online advertisements, IPTV and social media profiles. These services may be operated by us to provide a consistent experience, personalised to your use of each of those services and to provide you with targeted marketing.

Our digital services may use “cookies”. A cookie is a piece of information that allows the server to identify and interact more effectively with your device. The cookie assists us in maintaining the continuity of your browsing session (e.g. to maintain a shopping cart) and remembering your details and preferences when you return. Other technologies that may be used with our digital services include web beacons (which may operate in conjunction with cookies) and JavaScript. Some of these cookies and other technologies are consistent across various digital services we provide, allowing us and the other providers of these services to understand you better and provide a more consistent experience across these services. You can configure your web browser to reject and delete cookies and block JavaScript, but you may find some parts of our digital services then have limited functionality.

Our systems record a variety of information in relation to interactions with our online service providers. This can include information about software versions used, device identifiers (like IP address), location data (where available and not disabled by the user), dates, times, file metadata, referring website, data entered and user activity such as links clicked.

In some cases, third party service providers may use cookies and other technologies such as those described above as part of our digital services. These technologies may be used in connection with activities like surveys, online behavioral advertising, website analytics and email campaign management. The services we may use from time to time include those offered by Google (including AdSense and DoubleClick) and Microsoft. As mentioned in Part 5 above, you can find more details in the privacy policies of those service providers, including information on how to opt‐out of certain conduct. Bear in mind, you may need to opt‐out separately from each service. You can contact us to request further details of the services we use. Many of these services operate without collecting or using any personal information.

Some information we collect in relation to our digital services is not related to an individual. In many cases the information only relates to a device or is of an aggregated or statistical nature, and we will have no way of knowing the identity of the user. In other cases, we may associate information about your use of our digital services over time with your personal information, e.g. when on any occasion you have logged in, followed a link sent to you by email or we have otherwise been able to identify you.

We are constantly developing and enhancing our use of online technologies and we make reasonable efforts to ensure we keep this Privacy Policy and related documents up to date in this regard. Please check back when you return to use our online services to ensure you are familiar with our current practices.

Our online services may contain links to other sites. We are not responsible for the privacy practices or policies of those sites and recommend that you review their privacy policies.

Procedures for access to or correction of your personal information

If you wish to access or correct any personal information we hold about you, please contact us as set out below.

When making an access request, please provide as much detail as you can about the particular information you seek, in order to help us retrieve it. Under the Privacy Act 1988 (Cth) and other relevant laws, we are required to provide a written response outlining our reasons if we refuse your request.

Where we decide not to make a requested correction and you disagree, you may ask us to add a note of your requested correction to the information that explains your correction request.

Complaints and concerns

If you have any complaints or concerns about this Policy, or our handling of your personal information, you can contact us as set out below.

Once a complaint has been lodged, we will let you know who will be handling your matter and when you can expect a full response within 30 days. If you are not satisfied with our response, please let us know and we will investigate further and respond to you.

If you are still not satisfied, you can contact the Office of the Australian Information Commissioner, whose contact details are set out below.

Contact Details

Queries regarding privacy should be directed to the Grub Lab Privacy Officer:

Email: privacy@grublab.io

Post: PO Box 4, Kurri Kurri 2327 NSW

Office of the Australian Information Commissioner

GPO Box 5218 Sydney NSW 2001

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au

Website: www.oaic.gov.au