Privacy Policy

NANDO'S AUSTRALIA PRIVACY POLICY

  1. Introduction
    1. Thank you for visiting the http://www.nandos.com.au website (the "Website"). Nando’s Australia Pty Ltd (ABN 20 079 066 407), Nando’s Peri Peri Australia Pty Ltd (ABN 86 627 885 956), Nando’s New Zealand Limited (CN 4995100), NNZ Restaurants Limited (CN 5443130) and their related body corporates and related companies (collectively referred to as “Nando’s”, "we", "us" or "our") recognise the importance of protecting the privacy and rights of individuals in relation to their personal information and are committed to protecting the privacy of personal information in accordance with Australian and New Zealand privacy laws.
    2. We respect your rights to privacy under the Australian Privacy Act 1988 (the “Australian Act”), the Australian Privacy Principles (the “APPs”), the New Zealand Privacy Act 2020 (the “New Zealand Act”) and the New Zealand Information Privacy Principles (the “IPPs”) (together the “Privacy Laws”) and we comply with all of the Privacy Laws requirements with respect to the collection, use, management, storage, disclosure and access to your personal information.
    3. This Privacy Policy does not limit or exclude any of your rights under the Privacy Laws and if you would like further information regarding the Privacy Laws please visit the website of the Office of the Australian Information Commission (https://www.oaic.gov.au/) or the Office of the New Zealand Privacy Commissioner (www.privacy.org.nz).
    4. This Privacy Policy sets out Nando’s approach to handling personal information, and how a Nando’s restaurant franchise owner (“Nando’s Franchisee”) is expected to handle your personal information in the operation of their individually owned Nando’s restaurant, including how we collect, use, store, keep secure, disclose and provide access to your personal information.
    5. The scope of this Privacy Policy covers the personal information handling practices of restaurants owned by Nando’s in Australia and New Zealand. Nando’s does not control the collection, use, storage, security or disclosure of, and may not have access to, the personal information held by a Nando’s Franchisee. A Nando’s Franchisee is responsible for ensuring that your personal information collected by it is handled in accordance with this Privacy Policy, the Australian Act and the APPs.
    6. This Privacy Policy forms part of our terms of service of the Website and other websites that may be operated by us from time to time, which you should also read.
  2. What is personal information?
    1. When used in this Privacy Policy, the term “personal information” has the meaning given to it in the Australian Act. In general terms, it is any information that can be used to personally identify you. This may include your name, gender, date of birth, address, telephone number, email address, credit card details, financial information and profession or occupation.
    2. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.
  3. What personal information do we collect and how is it collected?
    1. We will collect your personal information in a fair and lawful manner. Where it is practical to do so, we will collect your personal information directly from you, and only to the extent that we reasonably require the personal information for one or more of our business functions or activities, to provide you with a Nando’s product or service or to determine your suitability as a Nando’s franchisee or employee (where appropriate).
    2. The kinds of personal information we may collect from you will depend on what type of interaction you have with us. However, it may include, amongst other things:
    3. personal information you give us when you participate in a promotion, competition, survey, market research, consumer panels, mobile service (e.g. SMS or MMS), subscribe to our mailing list, participate in our PERi-Perks loyalty program or similar, use the Nando’s mobile application (“App”), participate or contribute to our online forums or interact or follow our social media pages (e.g. Facebook, Twitter, LinkedIn, Instagram or Tik Tok). This information may include your full name, postal and physical addresses, email address, telephone numbers, age, date of birth and loyalty membership details;
    4. personal information you give us via our restaurants or when you place an order in a restaurant by telephone or via an online ordering system (e.g. @Table Ordering or orders through the Website or the App) (“Online Ordering System”), when purchasing a gift card or when you logon to wi-fi provided at one of our restaurants. This information may include your full name, postal and physical addresses, email address, telephone numbers, age, date of birth, menu preferences, previous order information, loyalty membership details, credit card details, financial information, Internet Protocol (“IP”) address and your demographic and other data for market research, advertising and promotional purposes;
    5. personal information you give us via telephone, email, online form, chat function or in person when making a request or enquiry or submitting compliments, complaints, queries, requests or feedback. This information may include your full name, postal and physical addresses, email address, telephone numbers, age, date of birth, loyalty membership details, previous order information, feedback on order issues, refund details (e.g. status, type and frequency), credit card details, financial information and IP address;
    6. information regarding your interests, preferences, purchasing behaviour and experience with our products and services, together with any additional information necessary for us to deliver those products and services to you and respond to your enquiries;
    7. if you are applying for a position with Nando’s, we will collect information as detailed in the section below titled “employment applications”;
    8. if you are applying to become a Nando’s franchisee, we will collect information as detailed in the section below titled “franchise applications”; and
    9. any additional information relating to you that you provide to us directly through our Online Ordering Systems, any third-party online ordering system (e.g. UberEats, DoorDash or MenuLog), your access and use of our Website or App or indirectly through use of our Website or App, social media platforms, online forums, applications, wi-fi services or online presence, through our agents and representatives and/or through our third party product and service providers.
    10. We may collect personal information about you from social media platforms and services if you register or log into your account through a third-party social media service.
    11. We may collect personal information about you from third parties where you have authorised this or where the information is publicly available.
    12. We may collect information that is not personal information because it does not identify you. For example, we may collect anonymous answers to surveys or aggregated information about how users use our Website, App or Online Ordering Systems.
    13. Except for when you apply for an employment position with Nando’s or to become a Nando’s franchisee, we will not collect sensitive information about you (e.g. information about your racial or ethnic groups, political or religious beliefs or vaccination status) unless you have specifically consented to such collection or the collection is required by the Privacy Laws or other applicable laws.
    14. We will use your personal information only for the particular purpose that you provided it, or for a directly related purpose. We may also use your personal information where that other use is required or permitted by the Privacy Laws or other applicable laws or with your express or implied consent.
  4. Cookies and web beacons
    1. Cookies are files that can identify you as a unique customer and can store your personal preferences as product preferences to tell us which website (including the Website) and website pages (including the Website pages) that you have visited and in what order (“Cookies”).
    2. We may collect your personal information using Cookies by directly, or through a third party, sending Cookies to your computer or devices, or use similar technologies, to enhance your online experience on our Website, Online Ordering Systems and across the Internet.
    3. Information we get through Cookies enables us to recognise your computer and greet you when you visit our Website or Online Ordering Systems. We use Cookies and other technical information to personalise your visit to our Website, to analyse traffic on our Website, to track user trends, patterns and selections for authorised downloads and for technical reasons connected with your use of our Website and Online Ordering Systems.
    4. Cookies can either be permanent (they remain on your computer until you delete them) or temporary (they last only until you close your browser). If you do not want to receive Cookies, you can set your browser so that your computer does not accept them. However, please note that certain areas of our Website and Online Ordering Systems can only be accessed with Cookies or similar devices.
    5. Web beacons (or web bugs) are small strings of code that deliver graphic images on a web page to transfer data (e.g. the IP address of the computer that downloaded the page that the web beacon appears, the Uniform Resource Locator (“URL”) of the page that the web beacon appears, the time the page containing the web beacon was viewed, the type of browser that fetched the web beacon or the identification number of any Cookie on the computer previously placed by that server) (“Web Beacon”).
    6. We may use Web Beacons to monitor your use of the Website, your use of the Online Ordering Systems or when corresponding with you via HTML capable e-mail which let us know whether you received and opened our email. By setting your web browser to display HTML emails as text only, you may be able to prevent the use of some Web Beacons if desired.
    7. On their own, Cookies and Web Beacons do not contain or reveal any personal information. However, if you choose to provide us with personal information, it can be linked to the anonymous data stored in the Cookies and/or Web Beacons.
  5. What happens if we can’t collect your personal information?
    1. You are not required to disclose your personal information to us, and where lawful, you may deal with us anonymously or using a pseudonym.
    2. If you remain anonymous, use a pseudonym or choose not to provide us with the personal information described above, the following may happen:
    3. we may not be able to provide the requested products or services to you, either to the same standard or at all;
    4. we may not be able to provide information about products and services that you may want, including information about special promotions and competitions;
    5. we may not be able to provide you with details, information or an appropriate response to any enquiries or requests you have made; and/or
    6. we may be unable to tailor the content of our Website, the Online Ordering Systems and/or other related sites to your preferences and your experience of our Website or Online Ordering Systems may not be as enjoyable or useful.
  6. For what purposes do we collect, hold, use and disclose your personal information?
    1. We collect personal information about you so that we can perform our business activities and functions and provide the best possible quality of customer service. The way we will collect, use and disclose your personal information depends on the reasons for which it was collected, however this is generally for the following purposes:
    2. processing meal orders that you place with us in our restaurants or via an Online Ordering System (including to delivery partners where you select third-party delivery), providing you with our products and services or processing automatic and/or manual refunds;
    3. processing orders for gift cards that you place with us in our restaurants, by telephone or via our Website or Online Ordering System;
    4. where you choose to receive mobile services and content via SMS, MMS and other mobile services, including the App, we use this information to deliver such mobile services and content to you, carry out market research, track sales data, inform you of upcoming events and help plan and promote other promotional activities which may be of interest to you;
    5. to respond to any questions, requests or queries you have and process, investigate and respond to any feedback, complaint or compliment you make;
    6. promoting, marketing and carrying out our current and future products, services, promotions, offers, games, programs and competitions to you;
    7. to improve the operation or navigation of our Website, App, Online Ordering Systems and social media platforms, and inform you of changes made to our Website, App, Online Ordering Systems and/or social media platforms;
    8. assisting you with remembering and re-ordering from our menu in the future, developing an online customer profile and keeping your personal details up to date;
    9. to obtain opinions or comments about products and/or services and to conduct other statistical and market research with a view to improving our products and services;
    10. for the purposes of and incidental to you registering for and/or using of our wi-fi services;
    11. processing and considering your employment application (see “employment application” section below) or your franchise application (see “franchise application” section below);
    12. providing information that you request about our franchised restaurants (where permitted by applicable laws); and
    13. facilitating our internal business operations, including fulfilment of any legal, security, information technology and regulatory requirements.
    14. We may use your personal information for other purposes not listed above which will be made clear to you at the time we collect your personal information, for a directly related purpose, where you have consented to such use or disclosure or for such other purposes as may be required or permitted by the Privacy Laws or other applicable laws.
  7. Who can we disclose your information to?
    1. For the purposes described in the section above, we may disclose your personal information to, and share your personal information with, the following:
    2. a Nando’s Franchisee, subsidiary and related body corporate, especially when you place an order online via an Online Ordering System or make an enquiry or complaint relating to a restaurant that is independently owned and operated by a Nando’s Franchisee;
    3. our officers, employees, contractors and agents for the purpose of operating our business, our Website, App or online Ordering Systems, fulfilling requests by you and otherwise providing products and services to you including, without limitation, web hosting providers, IT system administrators, agencies, advertisers, business partners and suppliers, product and service suppliers, payment processors, data entry service providers, regulatory authorities, auditors and professional advisors such as accountants, legal advisors, business advisors and consultants;
    4. suppliers and other third parties we have a commercial relationship with for business, marketing and other related purposes;
    5. third parties where Privacy Laws or other applicable laws require or authorise us to; and
    6. any person or entity for any authorised purpose with your express consent.
    7. We may combine or share any personal information that we collect from you with information collected by any of our related body corporates within Australia or outside Australia (see the “do we disclose your personal information to anyone outside Australia” section below).
  8. Direct marketing materials
    1. We may send you direct marketing communications and information about our own products and services and direct marketing communications on behalf of our related body corporates that we consider may be of interest to you. These direct marketing communications may be sent in various forms, including by post, telephone calls, SMS, MMS and email or messaging within the Website, App or Online Ordering System in accordance with Privacy Laws and other applicable laws. By providing your personal information to us, you consent to us sending you direct marketing communications in this way, unless you opt-out as described below.
    2. If you indicate a preferred communication method, we will try to use that preferred communication method whenever practical in the circumstance.
    3. At any time you may opt-out of receiving marketing communications from us by contacting us (see the “contacting us” section below), or by using the opt-out facilities provided in the marketing communication, and we will ensure that your name is removed from our marketing communications mailing list. You may choose to opt back in by contacting us (see the “contacting us” section below) or by resubscribing to receiving marketing information.
    4. If we obtain your prior consent, we may use your personal information for the purposes of direct marketing of products and services on behalf of selected third parties.
  9. Online forums
    1. We may give opportunities for you to engage with us through written discussions, communications and comments in interactive online forums, social media platforms, consumer and market research groups and articles. Material that we deem, in our absolute discretion, to be inappropriate or offensive will be removed from these forums and platforms.
    2. All statements and opinions expressed in any discussions, communications, forums, platforms and articles are those of the individual contributors and not those of Nando’s.
    3. Information you disclose to Nando’s through discussions, communications, forums, platforms and articles may be read, collected and used by Nando’s. However, as these discussions, communications, forums, platforms and articles are public, the information may also be read, collected and used by other users, the actions of whom Nando’s cannot control and for whom Nando’s takes no responsibility.
    4. We suggest using your discretion and exercising caution when providing your information.
  10. Employment applications
    1. The type of personal information we generally collect about employment applicants is the information requested and included in an employment application (e.g. your full name, postal address, telephone numbers, email address, residency status, work rights, education details, employment history, references and other information relating to your work experience).
    2. In considering your employment application, we may also obtain personal information about you from third parties (e.g. your previous education institutions, employers or nominated referees). Subject to your prior consent, we may also collect sensitive information about you (e.g. information about your health (including any disability) or any criminal record).
    3. We collect personal information for any one or more of the following purposes:
    4. assessing you for a position with us or one of our related body corporates;
    5. assessing whether you are suitable to progress through each stage of recruitment; and
    6. storing your information for future employment opportunities.
    7. If you do not provide us with the information requested, we will be unable to fulfil the purposes.
    8. We may disclose your information to:
  11. referees or previous employers;
  12. recruitment agencies, agencies or contractors acting on our behalf;
  13. a related body corporate;
  14. a Nando’s Franchisee;
  15. recruitment agencies and contractors acting on our behalf, employees and franchisees of related body corporates or global Nando’s entities, based in other locations worldwide;
  16. government agencies and service providers to verify your right to work; and
  17. law enforcement agencies to verify whether you have a criminal record.
    1. If we engage third party contractors to perform services for us, which involves the handling of personal information, we will take reasonable steps to prevent the contractor from using the personal information, except for the purpose for which it was supplied.
  18. Franchisee applications
    1. The type of personal information we generally collect about franchise applicants is the information requested and included in a franchise application (e.g. your full name, postal address, telephone numbers, email address, residency status, work rights, education details, employment history, business history, financial capacity (including income, assets, liabilities, account balances and risk profile) and other information relating to your qualifications and experience). If your application is successful, we will also obtain further information from you such as your bank account details for the purpose of monthly direct debits.
    2. In considering your franchise application, we may also obtain personal information about you from third parties (e.g. your previous employers or nominated referees). Subject to your prior consent, we may also collect sensitive information about you (e.g. information about any criminal record or your credit rating).
    3. We collect personal information for any one or more of the following purposes:
  19. assessing your application to become a Nando’s franchisee;
  20. assessing whether you are suitable to progress through each stage of recruitment; and
  21. storing your information for future franchise opportunities.
    1. If you do not provide us with the information requested, we will be unable to fulfil the purposes.
    2. We may disclose your information to:
  22. referees or previous employers;
  23. recruitment agencies, agencies, brokers or contractors acting on our behalf;
  24. a related body corporate;
  25. recruitment agencies and contractors acting on our behalf, employees and franchisees of related body corporates or global Nando’s entities, based in other locations worldwide;
  26. financial institutes to verify your financial capacity and position;
  27. government agencies and service providers to verify your right to work and/or own and operate a business; and
  28. law enforcement agencies to verify whether you have a criminal record.
    1. If we engage third party contractors to perform services for us, which involves the handling personal information, we will take reasonable steps to prevent the contractor from using the personal information, except for the purpose for which it was supplied.
  29. How can you access and correct your personal information?
    1. Subject to the Privacy Laws, you may request access to any personal information we hold about you at any time by contacting us (see the “contacting us” section below). Where we hold information that you are entitled to access pursuant to the Privacy Laws, we will try to provide you with suitable means of accessing it (e.g. by posting or emailing it to you). We may charge a reasonable administration fee to cover the costs of meeting your request. We will not charge you for simply making the request or for making any corrections to your personal information.
    2. There may be instances where we cannot grant you access to the personal information we hold (e.g. if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality). If that happens, we will give you written reasons for any refusal.
    3. If you believe that any personal information we hold about you is incorrect, incomplete or inaccurate then you may request us to amend it (see the “contacting us” section below).
    4. To protect your personal information, privacy and security we will take reasonable steps to verify your identity before granting access.
  30. What is the process for reporting a breach of privacy?
    1. If you believe that this Privacy Policy has been breached, or your personal information has not been collected, stored, used or disclosed appropriately, please contact our Privacy Officer using the contact information in the “contacting us” section below, and provide details of the incident so that we can investigate it. We request that reports about breaches of privacy be made in writing so that we can be sure about the details of the complaint.
    2. We will attempt to confirm with you directly what your understanding of the relevant conduct is and what you expect the outcome to be, as we deem appropriate and necessary. We will inform you whether we will investigate the report and include the name, title and contact details of the person investigating and the estimated completion date.
    3. After we have completed our investigation, we will contact you, usually in writing, to advise you of the outcome and invite a response to our conclusions. If we receive a response from you, we will assess it and advise if we have changed our view.
  31. Do we disclose your personal information to anyone outside Australia?
    1. We may disclose your personal information to entities located outside of Australia who require access to collect, use, store and disclose your personal information in connection with fulfilling the requirements of this Privacy Policy.
    2. We may disclose your personal information to the following:
  32. our related body corporates located overseas;
  33. third party suppliers, contractors and agencies based overseas that require the personal information to deliver the products and/or services to you; and
  34. third party providers located overseas that we have engaged to fulfil business operational requirements in our business that require access to your personal information (e.g. data backup and storage and database service providers).
    1. We will take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
  35. Security
    1. Where we store your personal information depends on what interaction you have with us. Some areas may include servers and databases for processing customer, franchisee and employee enquiries, comments and feedback, mail exchange servers, third party servers or email databases for marketing communications.
    2. We take reasonable steps to ensure that your personal information is protected from misuse, interference and loss and from unauthorised access, modification or disclosure.
    3. We may hold your personal information in electronic and/or hard copy form.
    4. We will only keep your personal information for as long as it is required for the purposes for which it was collected or as otherwise required by Privacy Laws or other applicable laws.
    5. We will take reasonable, commercially viable and appropriate measures to destroy or permanently de-identify your personal information if we no longer need to retain it. These measures may vary depending on the information type and how it was collected and stored.
    6. As our Website and Online Ordering Systems are linked to the Internet, and the Internet can be inherently insecure. We cannot provide any assurance regarding the security of information transmission that you may communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the Internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
  36. Links
    1. Our Website and Online Ordering Systems may contain links to other websites operated by third parties which may be of interest to you. We make no representations or warranties in relation to the privacy policies of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party website providers and suppliers are directly responsible for informing you about their own privacy practices.
    2. We may use third party advertisements on our Website and Online Ordering Systems. These are not recommendations or endorsements by Nando’s or any of its related body corporates or affiliates and we therefore take no responsibility for such information or content.
    3. To the extent permitted by law, Nando’s is not responsible for the content (including representations) of any third party advertisement on the Website or Online Ordering System. These third parties may view, edit or set their own Cookies. The use of these technologies by such third parties is subject to their own privacy policies and is not covered by this Privacy Policy.
  37. Franchisee privacy policies
    1. A Nando’s Franchisee directly owns and operates a Nando’s restaurant, making them an independent business owner. A Nando’s Franchisee may operate websites and social media pages separate from Nando’s and may collect your personal information directly. We expect a Nando’s Franchisee to comply with this Privacy Policy.
  38. Policy changes
    1. We may revise this Privacy Policy from time to time. Any updated version of this Privacy Policy will be posted on our Website, so we ask that you please review it regularly.
    2. Your continued use of the Website, the App and any Online Ordering Services and acceptance of Nando’s products and services, will be deemed acceptance of any amended Privacy Policy.
  39. Contacting us
    1. If you have any questions or comments about this Privacy Policy, please use the contact link on our Website or contact our Privacy Officer using the details set out below:

Nando’s Australia Pty Ltd and Nando’s Peri-Peri Australia Pty Ltd

Attn: Nando’s Privacy Officer

40 Mollison Street, Abbotsford, VIC 3067

Telephone: 1300 NANDOS (1300 626 367)

Email: ANZ.PrivacyOfficer@nandos.com.au

Nando’s New Zealand Limited and NNZ Restaurants Limited

Email: ANZ.PrivacyOfficer@nandos.com.au

  1. We are committed to working with our customers, franchisees and employment applicants to obtain a fair resolution of any complaint or concern about privacy. To contact us with a query, feedback, compliment or complaint, please provide our Privacy Officer with full details of your query, feedback, compliment or complaint and any supporting documentation.
  2. Upon receipt of your query, feedback, compliment or complaint our Privacy Officer will endeavour to provide an initial response within 7 business days and investigate and attempt to resolve your query, feedback, compliment or complaint within 30 business days, or such longer period as is necessary and notified to you by our Privacy Officer.

This Privacy Policy was last updated on 4 August 2023.