null

Privacy Policy

Wesfarmers Health Privacy Policy

Updated: September 2025


This Privacy Policy explains how Wesfarmers Health collects and handles your personal information,
as well as how you can reach out to us with questions, concerns, or requests to access your data.

This Policy covers all of the Wesfarmers Health businesses and companies (referred to as ‘we’,
‘our’, ‘us’ and ‘Wesfarmers Health businesses’), including those operating under the ‘Priceline’,
‘Priceline Pharmacy’, and ‘atomica’ brands, the ‘Sister Club’ loyalty program, businesses and
companies operating under Australian Pharmaceutical Industries (‘API’), API Club Premium,
Pharmacist Advice, Clear Skincare, the SILK Group of laser clinics, Australian Skin Clinics (ASC),
Eden Laser Clinics, InstantScripts, InstantScripts Pharmacy Health Hub, Pharmacy 4 Less, Your
Chemist Shop, Soul Pattinson Chemist, and SiSU Health Group. Where relevant, this Policy
covers both franchises and other ownership structures.

References in this Policy to our ‘related entities’ cover other entities within the Wesfarmers Group
(such as Wesfarmers, Target, Officeworks, Bunnings, and OnePass).

Types of personal information we collect and hold
As part of our business, we may collect personal information about you (as that term is defined in
the Privacy Act 1988 (Cth) (the ‘Privacy Act’)).

The types of personal information we collect will depend on the products and services you use,
how you use them, and the types of dealings you have with us (such as if you are a retail customer
of ours or one of our franchisees, or if you are a franchise partner of ours).


The types of personal information we collect about you may include:

  • name, gender and date of birth;
  • contact details, including address, phone number, and email address;
  • information to enable us to verify your identity, including information from your driver
    licence, passport and health care and concession cards (where required);
  • government-issued identifiers such as Medicare numbers, aged care numbers and
    information to confirm citizenship (where required);
  • financial information, including payment information, banking and taxation information;
  • member number or identifiers for loyalty schemes you sign up for (including the ‘Sister Club’
    loyalty scheme, the Pharmacy 4 Less ‘4you Club’ and the OnePass membership program);
  • information contained in any communications between you and us, including information
    contained in recordings of telephone conversations that you have with us;
  • interactions with us on social media platforms;
  • information about your transactions and purchase history (both in-store and online);
  • information about the types of products and services that we provide to you, and
    information about how you use such products and services;
  • digital information that we collect based on your interaction with us and our websites and
    apps (see below for further information about how we use digital analytics for our
    businesses);
  • images and data from video surveillance and other cameras at our physical stores
    (including at store entrances);
  • inferred information and characteristics as a result of undertaking data analysis;
  • if you apply for employment with us, details regarding your employment history, educational
    qualifications, and similar information; and
  • if you apply to be one of our franchise partners, we may collect information required for
    backgrounds checks and issuing a contract.

If you are providing us with personal information about someone else (including a child), you must
have their consent to do so.


You can decline to provide us with your personal information or choose what information to provide
to us (including by remaining anonymous or using a pseudonym). However, without your personal
information, we may not be able to provide all our products and services to you or interact with you
in other ways set out in this Policy.

Sensitive information
In some cases, the personal information we collect includes health information or other sensitive
information (as those terms are defined in the Privacy Act). For example, where we or our
franchise partners provide health services to you or sell health products to you, we may collect
health information about you in the course of providing those services or selling those products.

The health or other sensitive information we collect about you may include:

  • information provided as part of the patient registration process and through the use of the
    InstantScripts platform;
  • information regarding the dispensing and verification of pharmacy items and prescriptions
    and vaccinations;
  • details of your medical history, including but not limited to imaging history, test results,
    medical conditions, treatments, allergies, medications, vaccinations, use of health services
    and photographs of you before and after your treatment; and
  • where relevant, family history and lifestyle information, which may include information about
    your occupation, race, ethnicity, religion, genetic information and sexual orientation.

    If you are engaged by us as an employee or contractor, we may also collect biometric information,
    such as fingerprints and voice data, where required for operational purposes.


How we collect your personal information
In most cases, we collect your personal information directly from you. This may be when you
contact us by phone, mail, email, online, via our apps or connected devices or visit us in person.
We may also collect your information when you complete a form or survey in relation to our
products and services.


We may also collect your personal information when you interact with us, including where you use
our websites or apps, and via tracking technologies such as cookies, pixels, web beacons,
application programming interfaces and other similar technologies.

Wesfarmers Health businesses may also collect your personal information from other Wesfarmers
Health businesses, franchise partners and other third parties, such as our related entities, service
providers, business partners, or persons who are authorised to share your personal information
with us on your behalf, such as your next of kin or carer.


Why we collect and handle your personal information
We collect, hold, use and disclose your personal information for purposes in connection with
carrying on our business. For example, we may collect and handle your information to:

Manage your relationship with us (including with franchise partners where relevant)

  • supply you with goods and services or information about those goods or services;
  • manage loyalty and membership programs (including Sister Club, 4you Club, and
    OnePass) and provide you with the benefits of these programs;
  • verify your identity, including where you contact us or apply for one of our loyalty or
    membership programs;
  • enable us to provide you with tailored services (including health services), including to
    make ourselves aware of any special product or service requirements you may have;
  • provide you with information about charities or charitable purposes or activities we proudly
    support;
  • enable us to provide you with offers, experiences, and marketing that interests you (unless
    you have opted out of receiving marketing from us);
  • assist in determining your preferred store or clinic locations, including when you use our
    websites or apps;

Communicate with you or others

  • send you service, support, and administrative messages, and identify and fix issues and
    incidents (including for product safety-related matters);
  • invite you to complete a review of our products and services, or to participate in
    promotions, competitions, surveys, or charitable events;
  • respond to and address any queries, feedback, or complaints we receive from you;
  • communicate with our employees, employment candidates, contractors and our suppliers;
  • make recommendations to government authorities or other public bodies in relation to
    health policy;

Improve your experience and developing new products and services

  • improve our product offerings and service offerings, including to assist us to develop and
    market new products and services;
  • personalise the appearance of our websites and apps for you;
  • undertake data analytics and matching to enable us to better understand your requirements
    and other preferences and develop insights for strategic and operational decision making;


Carry on our business

  • otherwise conduct our business and comply with relevant laws (including rules, regulations,
    codes, standards or similar); and
  • engage in transactions and other corporate activity, including mergers, acquisitions and
    business sales.

For all of the purposes identified above, we may also use automated tools to assist us, including to
improve the efficiency and accuracy of our dealings with you. For example, if you are a patient with
InstantScripts, we may use AI transcription software or summarising technology as part of our
telehealth consultations.

Disclosure of personal information to third parties
We may disclose your personal information to third parties for the purposes set out in this Policy,
including:

  •  third parties to facilitate the provision of products and services to you, such as:
    - our franchisees, product manufacturers, suppliers, and couriers;
    - service providers in connection with our business operations, such as for:
    • third party health engines and appointment booking service providers;
    • marketing, advertising, promotions and events;
    • data monitoring, analysis and matching activities, monitoring and analysing
      trends in customer preferences or transactions and for the improvement,
      personalisation, operation and maintenance of our websites, apps or other
      online services;
    • developing insights, and allowing us to better personalise our products and
      services for you;
    • displaying advertising or content (including personalised advertising) on or
      from third party platforms based on your Personal Information or preferences
      (such as on social media sites);

- security service providers, market research or feedback collection companies, IT
service providers, payment processors and collectors, mailing houses and card
manufacturers for other administrative and operational services;

- government-regulated software providers for the prescribing and dispensing of
medication (where you use our health services);

  • if you are a franchise partner of ours, to our data brokers;
  • your authorised agents or representatives;
  • our legal representatives and other professional advisers;
  • law enforcement agencies, government agencies or other third parties where required or
    authorised by law; and
  • any other persons disclosed to you at the time the relevant personal information is
    collected.


Wesfarmers Health businesses may also share your personal information with other Wesfarmers
Health businesses (and may share your non-sensitive personal information with related entities) for
them to use for their own benefit in a manner consistent with the purposes outlined above.

Where you visit our SiSU Health Stations, we may also share your data collected by this service
with research entities, governments, universities or other organisations engaged in public health,
research or innovation. The information shared in this context is de-identified (or, in the limited
circumstances where it is not de-identified, only shared with consent).

Our relationship with OnePass
As API and Priceline (‘Participants’) participate in the OnePass membership program they may
collect from OnePass and other participating brands owned by their related entities (and share and
combine personal information with OnePass and other participating brands) the personal
information of OnePass members and account-holders (including contact details, historical and
future transaction information, historical and future interactions with OnePass and other
participating brands and insights from interactions with OnePass and other participating brands):

  • to allow the Participants to engage with them and provide more personalised and targeted
    advertising when they use our website, apps, social media and other platforms;
  • to allow the Participants to personalise the communications, marketing offers, customer
    surveys and trading updates that they send;
  • to enable the Participants to improve product offerings, service offerings, advertising and
    offers based on shopping and browsing habits;
  • to develop insights about the preferences of OnePass members and account-holders;
  • for data analytics including for insights and strategic and operational decision making;
  • for product safety-related matters (including recalls);
  • for other purposes where they have been notified, provided consent to OnePass or the
    Participants, or which are otherwise permitted by law; and
  • for other purposes described in OnePass’ Privacy Policy.

The Participants may combine the personal information received from OnePass with other
personal information they collect from or about you. That combined information may be shared with
OnePass and its participating brands in accordance with this Privacy Policy and the OnePass
Privacy Policy.

The Participants may retain personal information about their customers after they cease to be a
OnePass member or account-holder (or after a Participant has ceased to be a OnePass
participating brand) for the uses set out in this Privacy Policy or any other lawful purpose.

InstantScripts may also collect and share data with OnePass solely for the purpose of confirming
whether an InstantScripts account is linked to a OnePass membership or account.

Transfer of personal information overseas
Some of our service providers may be located overseas or may store or process personal
information that we provide to them overseas. In addition to Australia, your personal information
may be held or processed in Brazil, Canada, the European Union countries, India, New Zealand,
Singapore, Türkiye, the United Kingdom, and the United States.

How we store your personal information
We hold personal information both electronically and in hard copy form, at our own premises and
with the assistance of our service providers. We implement a range of measures to protect the
security of that personal information.

We also take measures in respect of destroying or de-identifying personal information that we no
longer require.

Marketing and advertising
We may, from time to time, use and disclose your information for marketing and advertising in
relation to products, services or other offers (whether provided by us, by our related entities or by
selected third party suppliers) that we think may be of interest to you.

We may also share your information with selected third parties, including our related entities and
loyalty program partners as well as third party platforms (such as social media providers and other
digital advertisers), for those parties to use to derive insights and to use for targeted advertising
and marketing activities in relation to products, services or other offers (whether provided by us, by
our related entities or by selected third party suppliers) that we think may be of interest to you.

Where we use your personal information to send you direct marketing communications, we will
provide you with an opportunity to opt out of receiving such communications. You can opt out of
receiving direct marketing communications from us by:

  • using the opt out link or unsubscribe details provided in the marketing communication; or
  •  emailing your request to privacy@wesfarmershealth.com.au.

When you opt-out of direct marketing communications, we may still need to send you important
factual messages about the services we provide.


Cookies and tracking pixels
We may collect information, including technical data, metadata, browsing information and location
data (where available), when you use and access our digital services, and the digital services of
our related entities and those of selected third parties (such as social media platforms and other
third-party platforms). Like many website and app operators, we use digital service technologies
such as cookies (which are small data files transferred onto devices when a website or app is
accessed), tags, pixels, or other digital identifiers across these digital services that help us:

  • authenticate you;
  • maintain your browsing session and remember you and your preferences when you return;
  • monitor how you use our websites and apps, including the parts you visit and actions you
    take;
  • combine information with related entities and selected third party suppliers;
  • provide you with advertising, offers, and experiences that may interest you from us, our
    related entities and selected third party suppliers, both on our website and apps, and when
    you visit other websites and apps (such as social media and other third-party platforms);
  • protect the security of our website, apps, and customers and manage our network usage;
    and
  • allow you to interact with social media platforms, for example by ‘liking’ and sharing our
    content.

Some of the digital service technologies used on our website and apps are created or set for third
parties who provide content or services to us. These third parties include social media, online
platforms (for example, Google Analytics) and digital marketing services, advertising networks,
analytics providers and content providers.

We use cookies, including in combination with other digital services technologies, to help us collect
data about the way you use our website and apps. We will handle that personal information in the
ways set out in this Privacy Policy. The cookies we use include ‘session’ cookies (which are
retained only during a current browsing session) and ‘persistent’ cookies (which are retained by
your device or browser between sessions). We may also collect information about how you access,
use and interact with our websites and apps through the use of third party tracking pixels (for
example, Google Analytics). A tracking pixel is a small piece of code that is embedded on
webpages and functions as a type of digital marker, enabling us to collect information about your
browsing activities.

You can change your cookie settings on your web browser to block, remove or control cookies but,
if you do, our website or app may not work as well for you. See www.allaboutcookies.org for more
information on how to change your cookie settings for many common browsers, and to learn more
about cookies generally.


Accessing and correcting your personal information
You have the right to:

  • request access to any personal information we hold about you; and
  • request a correction of your personal information if you discover it is inaccurate, incomplete
    or out-of-date.

Requests should be made to the contact details listed below. We may require you to verify your
identity at the time you contact us, and to confirm the service to which the request relates, so that
we can ensure your personal information is disclosed only to you.

We will respond to any requests for access or correction within a reasonable time, depending on
the nature of the request. If we refuse your request for access or correction, we will provide
reasons for the refusal.

We will not charge you to submit a request to access or correct your personal information.
However, in some circumstances we may charge an administrative fee for providing access to your
personal information at your request.

Questions and complaints
If you have any questions about this Policy, or if you would like to make a complaint about how we
have handled your personal information, please contact us using the contact details listed below.

We will promptly investigate any complaint you make to us and we will aim to respond to you within
30 days. If you are not satisfied with our response, you may refer the matter to the Office of the
Australian Information Commissioner at www.oaic.gov.au.

How to contact us
If you wish to contact us, for example to access or correct your personal information, you may
contact us by email at privacy@wesfarmershealth.com.au.

Updates to this Policy
We may amend this Privacy Policy from time to time to keep it up-to-date. If we do so, we will
make the amended Privacy Policy available on our websites.