Wesfarmers Health

Menu
wesfarmers-health

Search

Privacy policy

Updated: September 2025

This Privacy Policy explains how Wesfarmers Health collects and handles your personal information, as well as how you can reach out to us with questions, concerns, or requests to access your data.

This Policy covers all of the Wesfarmers Health businesses and companies (referred to as ‘we’, ‘our’, ‘us’ and ‘Wesfarmers Health businesses’), including those operating under the ‘Priceline’, ‘Priceline Pharmacy’, and ‘atomica’ brands, the ‘Sister Club’ loyalty program, businesses and companies operating under Australian Pharmaceutical Industries (‘API’), API Club Premium, Pharmacist Advice, Clear Skincare, the SILK Group of laser clinics, Australian Skin Clinics (ASC), Eden Laser Clinics, InstantScripts, InstantScripts Pharmacy Health Hub, Pharmacy 4 Less, Your Chemist Shop, Soul Pattinson Chemist, and SiSU Health Group. Where relevant, this Policy covers both franchises and other ownership structures.

References in this Policy to our ‘related entities’ cover other entities within the Wesfarmers Group (such as Wesfarmers, Target, Officeworks, Bunnings, and OnePass).

Types of personal information we collect and hold

As part of our business, we may collect personal information about you (as that term is defined in the Privacy Act 1988 (Cth) (the ‘Privacy Act’)).

The types of personal information we collect will depend on the products and services you use, how you use them, and the types of dealings you have with us (such as if you are a retail customer of ours or one of our franchisees, or if you are a franchise partner of ours).

The types of personal information we collect about you may include:

  • name, gender and date of birth;
  • contact details, including address, phone number, and email address;
  • information to enable us to verify your identity, including information from your driver licence, passport and health care and concession cards (where required);
  • government-issued identifiers such as Medicare numbers, aged care numbers and information to confirm citizenship (where required);
  • financial information, including payment information, banking and taxation information;
  • member number or identifiers for loyalty schemes you sign up for (including the ‘Sister Club’ loyalty scheme, the Pharmacy 4 Less ‘4you Club’ and the OnePass membership program);
  • information contained in any communications between you and us, including information contained in recordings of telephone conversations that you have with us;
  • interactions with us on social media platforms;
  • information about your transactions and purchase history (both in-store and online);
  • information about the types of products and services that we provide to you, and information about how you use such products and services;
  • digital information that we collect based on your interaction with us and our websites and apps (see below for further information about how we use digital analytics for our businesses);
  • images and data from video surveillance and other cameras at our physical stores (including at store entrances);
  • inferred information and characteristics as a result of undertaking data analysis;
  • if you apply for employment with us, details regarding your employment history, educational qualifications, and similar information; and
  • if you apply to be one of our franchise partners, we may collect information required for backgrounds checks and issuing a contract.

If you are providing us with personal information about someone else (including a child), you must have their consent to do so.

You can decline to provide us with your personal information or choose what information to provide to us (including by remaining anonymous or using a pseudonym). However, without your personal information, we may not be able to provide all our products and services to you or interact with you in other ways set out in this Policy.

Sensitive information

In some cases, the personal information we collect includes health information or other sensitive information (as those terms are defined in the Privacy Act). For example, where we or our franchise partners provide health services to you or sell health products to you, we may collect health information about you in the course of providing those services or selling those products.


The health or other sensitive information we collect about you may include:

  • information provided as part of the patient registration process and through the use of the InstantScripts platform;
  • information regarding the dispensing and verification of pharmacy items and prescriptions and vaccinations;
  • details of your medical history, including but not limited to imaging history, test results, medical conditions, treatments, allergies, medications, vaccinations, use of health services and photographs of you before and after your treatment; and
  • where relevant, family history and lifestyle information, which may include information about your occupation, race, ethnicity, religion, genetic information and sexual orientation.

If you are engaged by us as an employee or contractor, we may also collect biometric information, such as fingerprints and voice data, where required for operational purposes.

How we collect your personal information

In most cases, we collect your personal information directly from you. This may be when you contact us by phone, mail, email, online, via our apps or connected devices or visit us in person. We may also collect your information when you complete a form or survey in relation to our products and services.

We may also collect your personal information when you interact with us, including where you use our websites or apps, and via tracking technologies such as cookies, pixels, web beacons, application programming interfaces and other similar technologies.

Wesfarmers Health businesses may also collect your personal information from other Wesfarmers Health businesses, franchise partners and other third parties, such as our related entities, service providers, business partners, or persons who are authorised to share your personal information with us on your behalf, such as your next of kin or carer.

Why we collect and handle your personal information

We collect, hold, use and disclose your personal information for purposes in connection with carrying on our business. For example, we may collect and handle your information to:

Manage your relationship with us (including with franchise partners where relevant)
  • supply you with goods and services or information about those goods or services;
  • manage loyalty and membership programs (including Sister Club, 4you Club, and OnePass) and provide you with the benefits of these programs;
  • verify your identity, including where you contact us or apply for one of our loyalty or membership programs;
  • enable us to provide you with tailored services (including health services), including to make ourselves aware of any special product or service requirements you may have;
  • provide you with information about charities or charitable purposes or activities we proudly support;
  • enable us to provide you with offers, experiences, and marketing that interests you (unless you have opted out of receiving marketing from us);
  • assist in determining your preferred store or clinic locations, including when you use our websites or apps;
Communicate with you or others
  • send you service, support, and administrative messages, and identify and fix issues and incidents (including for product safety-related matters);
  • invite you to complete a review of our products and services, or to participate in promotions, competitions, surveys, or charitable events;
  • respond to and address any queries, feedback, or complaints we receive from you;
  • communicate with our employees, employment candidates, contractors and our suppliers;
  • make recommendations to government authorities or other public bodies in relation to health policy;
Improve your experience and developing new products and services
  • improve our product offerings and service offerings, including to assist us to develop and market new products and services;
  • personalise the appearance of our websites and apps for you;
  • undertake data analytics and matching to enable us to better understand your requirements and other preferences and develop insights for strategic and operational decision making;
Carry on our business
  • otherwise conduct our business and comply with relevant laws (including rules, regulations, codes, standards or similar); and
  • engage in transactions and other corporate activity, including mergers, acquisitions and business sales.

For all of the purposes identified above, we may also use automated tools to assist us, including to improve the efficiency and accuracy of our dealings with you. For example, if you are a patient with InstantScripts, we may use AI transcription software or summarising technology as part of our telehealth consultations.

Disclosure of personal information to third parties

We may disclose your personal information to third parties for the purposes set out in this Policy including:

  • third parties to facilitate the provision of products and services to you, such as:
    • our franchisees, product manufacturers, suppliers, and couriers;
    • service providers in connection with our business operations, such as for:
      • third party health engines and appointment booking service providers;
      • marketing, advertising, promotions and events;
      • data monitoring, analysis and matching activities, monitoring and analysing trends in customer preferences or transactions and for the improvement, personalisation, operation and maintenance of our websites, apps or other online services;
      • developing insights, and allowing us to better personalise our products and services for you;
      • displaying advertising or content (including personalised advertising) on or from third party platforms based on your Personal Information or preferences (such as on social media sites):
    •  security service providers, market research or feedback collection companies, IT service providers, payment processors and collectors, mailing houses and card manufacturers for other administrative and operational services;
    • government-regulated software providers for the prescribing and dispensing of medication (where you use our health services);
  •  if you are a franchise partner of ours, to our data brokers;
  • your authorised agents or representatives;
  • our legal representatives and other professional advisers;
  • law enforcement agencies, government agencies or other third parties where required or authorised by law; and
  • any other persons disclosed to you at the time the relevant personal information is collected.

Wesfarmers Health businesses may also share your personal information with other Wesfarmers Health businesses (and may share your non-sensitive personal information with related entities) for them to use for their own benefit in a manner consistent with the purposes outlined above.

Where you visit our SiSU Health Stations, we may also share your data collected by this service with research entities, governments, universities or other organisations engaged in public health, research or innovation. The information shared in this context is de-identified (or, in the limited circumstances where it is not de-identified, only shared with consent).

Our relationship with OnePass

As API and Priceline (‘Participants’) participate in the OnePass membership program they may collect from OnePass and other participating brands owned by their related entities (and share and combine personal information with OnePass and other participating brands) the personal information of OnePass members and account-holders (including contact details, historical and future transaction information, historical and future interactions with OnePass and other participating brands and insights from interactions with OnePass and other participating brands):

  • to allow the Participants to engage with them and provide more personalised and targeted advertising when they use our website, apps, social media and other platforms;
  • to allow the Participants to personalise the communications, marketing offers, customer surveys and trading updates that they send;
  • to enable the Participants to improve product offerings, service offerings, advertising and offers based on shopping and browsing habits;
  • to develop insights about the preferences of OnePass members and account-holders;
  • for data analytics including for insights and strategic and operational decision making;
  • for product safety-related matters (including recalls);
  • for other purposes where they have been notified, provided consent to OnePass or the Participants, or which are otherwise permitted by law; and
  • for other purposes described in OnePass’ Privacy Policy.

The Participants may combine the personal information received from OnePass with other personal information they collect from or about you. That combined information may be shared with OnePass and its participating brands in accordance with this Privacy Policy and the OnePass Privacy Policy.

The Participants may retain personal information about their customers after they cease to be a OnePass member or account-holder (or after a Participant has ceased to be a OnePass participating brand) for the uses set out in this Privacy Policy or any other lawful purpose.

InstantScripts may also collect and share data with OnePass solely for the purpose of confirming whether an InstantScripts account is linked to a OnePass membership or account.

Transfer of personal information overseas

Some of our service providers may be located overseas or may store or process personal
information that we provide to them overseas. In addition to Australia, your personal information may be held or processed in Brazil, Canada, the European Union countries, India, New Zealand, Singapore, Türkiye, the United Kingdom, and the United States.

How we store your personal information

We hold personal information both electronically and in hard copy form, at our own premises and with the assistance of our service providers. We implement a range of measures to protect the security of that personal information.

We also take measures in respect of destroying or de-identifying personal information that we no longer require.

Marketing and advertising

We may, from time to time, use and disclose your information for marketing and advertising in relation to products, services or other offers (whether provided by us, by our related entities or by selected third party suppliers) that we think may be of interest to you.

We may also share your information with selected third parties, including our related entities and loyalty program partners as well as third party platforms (such as social media providers and other digital advertisers), for those parties to use to derive insights and to use for targeted advertising and marketing activities in relation to products, services or other offers (whether provided by us, by our related entities or by selected third party suppliers) that we think may be of interest to you.

Where we use your personal information to send you direct marketing communications, we will provide you with an opportunity to opt out of receiving such communications. You can opt out of receiving direct marketing communications from us by:

When you opt-out of direct marketing communications, we may still need to send you important factual messages about the services we provide.

Cookies and tracking pixels

We may collect information, including technical data, metadata, browsing information and location data (where available), when you use and access our digital services, and the digital services of our related entities and those of selected third parties (such as social media platforms and other third-party platforms). Like many website and app operators, we use digital service technologies such as cookies (which are small data files transferred onto devices when a website or app is
accessed), tags, pixels, or other digital identifiers across these digital services that help us:

  • authenticate you;
  • maintain your browsing session and remember you and your preferences when you return;
  • monitor how you use our websites and apps, including the parts you visit and actions you take;
  • combine information with related entities and selected third party suppliers;
  • provide you with advertising, offers, and experiences that may interest you from us, our related entities and selected third party suppliers, both on our website and apps, and when you visit other websites and apps (such as social media and other third-party platforms);
  • protect the security of our website, apps, and customers and manage our network usage; and
  • allow you to interact with social media platforms, for example by ‘liking’ and sharing our content.

Some of the digital service technologies used on our website and apps are created or set for third parties who provide content or services to us. These third parties include social media, online platforms (for example, Google Analytics) and digital marketing services, advertising networks, analytics providers and content providers.

We use cookies, including in combination with other digital services technologies, to help us collect data about the way you use our website and apps. We will handle that personal information in the ways set out in this Privacy Policy. The cookies we use include ‘session’ cookies (which are retained only during a current browsing session) and ‘persistent’ cookies (which are retained by your device or browser between sessions). We may also collect information about how you access, use and interact with our websites and apps through the use of third party tracking pixels (for example, Google Analytics). A tracking pixel is a small piece of code that is embedded on webpages and functions as a type of digital marker, enabling us to collect information about your browsing activities.

You can change your cookie settings on your web browser to block, remove or control cookies but, if you do, our website or app may not work as well for you. See www.allaboutcookies.org for more information on how to change your cookie settings for many common browsers, and to learn more about cookies generally.

Accessing and correcting your personal information

You have the right to:

  • request access to any personal information we hold about you; and
  • request a correction of your personal information if you discover it is inaccurate, incomplete or out-of-date.

Requests should be made to the contact details listed below. We may require you to verify your identity at the time you contact us, and to confirm the service to which the request relates, so that we can ensure your personal information is disclosed only to you.

We will respond to any requests for access or correction within a reasonable time, depending on the nature of the request. If we refuse your request for access or correction, we will provide reasons for the refusal.

We will not charge you to submit a request to access or correct your personal information. However, in some circumstances we may charge an administrative fee for providing access to your personal information at your request.

Questions and complaints

If you have any questions about this Policy, or if you would like to make a complaint about how we have handled your personal information, please contact us using the contact details listed below.

We will promptly investigate any complaint you make to us and we will aim to respond to you within 30 days. If you are not satisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner at www.oaic.gov.au.

 

How to contact us

If you wish to contact us, for example to access or correct your personal information, you may contact us by email at privacy@wesfarmershealth.com.au.

Updates to this Policy

We may amend this Privacy Policy from time to time to keep it up-to-date. If we do so, we will make the amended Privacy Policy available on our websites.