Privacy Policy
Snap Franchising Limited (ACN 009 016 013) is the franchisor of the Snap system in Australia (referred to as ‘Snap’, ‘we’, ‘us’ or ‘our’) and we are committed to protecting your privacy and ensuring that your personal information is handled in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy outlines how we collect, use, disclose and protect your personal information.
A copy of the APPs may be obtained from the website of the Office of the Australian Information Commissioner at https://www.oaic.gov.au.
We may update this Privacy Policy from time to time, so please review it periodically to stay informed of any changes. Your continued use of our services signifies your acceptance of any updates to this Privacy Policy. All personal information we collect, use and hold will be managed in accordance with the latest version of our Privacy Policy.
1. Collection of Personal Information by Snap
We collect personal information only when necessary for our business operations or activities and do so by lawful and fair means.
Depending on your interaction with us, we may collect various types of personal information, including but not limited to:
- Customer transactions: information such as your name, postal address, email address, telephone number, date of birth, previous transaction history and payment details when you place an order instore, by telephone or via our website and electronic ordering platform (https://www.snap.com.au and https://printonline.snap.com.au), or interacting with customer service. Personal information is also collected when you request a quote or create an account with Snap.
- Promotions, competitions and surveys: personal details such as your name, postal address, email address, telephone number, date of birth and occupation when you participate in promotions, surveys or market research.
- Social media: information such as your name, social media identifier and email address when you interact with our social media pages such as Facebook, Instagram, Twitter/X and LinkedIn.
- Employment applications: personal details including your name, contact information, educational background and work experience when you apply for a position at Snap (see clause 8 below)
- Franchise applications: information such as your name, contact details, business experience, financial information, and other relevant details when you apply to become a Snap franchisee (see clause 9 below).
- Store locator: if you choose to use our ‘Find a Centre’ feature, location data will be temporarily stored and then deleted to help you find the nearest Snap Centre.
- CCTV: video footage of individuals within Snap premises for security purposes and to investigate incidents. Access to this footage is strictly controlled and limited to authorised personnel only.
Snap may integrate the information collected from these sources with other data we hold to enhance our services and operations.
Use of Images
As part of our commitment to documenting and promoting our fundraising events, Snap may collect and use images and video footage of participants, including children under the age of 18. This media may be used for promotional purposes and published on our website, social media platforms and other marketing materials.
By participating in our events or activities, you consent to the collection, use and publication of such images and video footage. If you are a parent or legal guardian of a minor participating in these events and do not wish for your child’s image to be used, please notify us in writing. You can provide your written notice via the contact information provided below.
Public information and Third-Party Data Collection
Please be aware that any personal information or comments you voluntarily share on our websites, social media, comment pages or blog forums become publicly accessible. Your name will be visible to other users when you post messages or comments. Content that you post is considered public and is not covered by this Privacy Policy as personal information.
In certain circumstances, we may collect personal information from third parties, such as credit reporting agencies or marketing agencies, and will ensure compliance with privacy laws.
Except in cases where you are applying for position with us or seeking to become a franchisee, we will not collect sensitive information about you (e.g., racial or ethnic groups, political or religious beliefs) unless required by law or with your consent.
2. Where your personal information is stored
We store your personal information in physical and electronic formats, and we implement physical, electronic and procedural safeguards to protect it. Information storage may include:
- databases for processing customer orders, enquiries or feedback
- marketing communications databases
- franchise network administration databases
Snap operates a network of stores across Australia and internationally. Due to the scale of our operations, it is occasionally necessary to share and store your personal information with our related companies and third-party service providers. When stored electronically, your information is hosted by a third-party cloud service provider, which may store back up data in locations such as Australia, New Zealand, India, Ireland, Indonesia, the United States, or other locations determined by the provider.
Your data may be transferred to and stored on these servers or processed by organisations operating in other countries that work for or are engaged by Snap or our suppliers. We will take reasonable measures to ensure that any disclosure of personal information to an overseas recipient complies with the Privacy Act. This means that we will require the overseas recipient to handle the personal information in a manner consistent with the Australian Privacy Principles.
3. How your personal information is protected
We take reasonable steps to protect your personal information from loss, misuse and unauthorised access. Despite our efforts, no data transmission over the internet can be guaranteed as completely secure. We do not warrant the security of information transmitted to us, and you use our online services at your own risk.
The security of your personal information is important to us.
In the event of a substantial data breach, we will notify you and the Office of the Australian Information Commissioner as required. We will retain your personal information only as long as necessary for its intended purpose or as required by law and will securely destroy or de-identify it when no longer needed.
4. Use of your personal information
We collect and use your personal information for purposes including:
- processing orders and providing customer support
- managing promotions, competitions, surveys and marketing activities
- improving our services and product offerings
- responding to messages or comments submitted to our websites or via our contact forms
- supporting our internal operations, including meeting legal and regulatory requirements, such as those related to our franchise network disclosure obligations
- assessing and managing employment and franchise applications
- meeting our obligations under the Franchising Code of Conduct, including storing and disclosing personal information about former franchise directors (such as names, locations and contact details) with written consent
- complying with other legal and regulatory requirements
Additionally, your personal information may be shared within the Snap network and with franchisee entities to facilitate that above purposes and ensure consistent service delivery across our network.
We also use Google Analytics for website analytics. You can learn more about Google Analytics at www.google.com/policies/privacy/partners.
5. Disclosure of personal information to third parties
We may disclose your personal information to:
- related companies, contractors and agents for purposes related to our business operations
- marketing providers, market research and data analytics companies to perform direct marketing activities
- franchisees for handling inquiries or complaints
- others with your consent or as required by law
When we use third party contractors to handle personal information, we will take reasonable steps to prevent the contractor from using the personal information except for the purpose for which it was supplied.
6. Franchisees
A number of Snap Centres are owned and operated by franchisees. As a franchisor, we recognise the importance of protecting customer data and ensuring compliance with privacy regulations across our franchise network. Franchisees are required to obtain consent from customers before using their personal information for marketing purposes and ensure that all marketing activities comply with applicable privacy laws and regulations. Franchisees are prohibited from sharing customer data to third parties without the written consent of Snap.
If you have concerns that there may be a breach of this Privacy Policy, please contact the relevant franchisee or Snap directly.
Please note that this Privacy Policy does not cover the practices of franchisees on their own websites or social media platforms.
7. Opting in or out
We may communicate with you electronically through SMS, email, via direct mail or other forms of communication in compliance with the Spam Act 2003 (Cth) and the Privacy Act. By using our services, you consent to receive these communications. If you wish to opt-out of marketing communications, you can do so by contacting us at [email protected] or by using the unsubscribe option provided in electronic marketing messages. Please note that opting out of SMS or email may affect your Snap experience and limit our ability to reach you.
8. Employment Applications
We collect personal information provided in employment applications for, including but not limited to, assessing suitability for positions, conducting reference checks and storing information for future opportunities. We may disclose this information to referees, previous employers, law enforcement agencies, educational institutions (to verify your qualifications where necessary) and our related entities as necessary.
9. Franchise Applications
We collect personal information from franchise applicants for, including but not limited to, assessing franchise suitability, conducting due diligence and complying with franchise disclosure requirements. We may disclose this information to our related entities, potential franchisees, referees, financial institutions, law enforcement agencies, educational institutions (to verify your qualifications where necessary), and relevant authorities.
In accordance with Item 6.5 of Schedule 1 of the Franchising Code of Conduct (Code), we may include the name, location and contact details of our franchisees in our disclosure document if they are involved in an event specified under Item 6.4 of the Schedule 1 of the Code. This includes collecting, holding and disclosing the names and personal contact details of both current and former franchisees.
We acknowledge that, in line with the Code, former franchisees can request in writing that their personal information not be disclosed in the disclosure document.
10. Cookies
We use cookies to enhance your experience on our websites, track usage patterns and improve our services. You can control cookies through your browser settings, but disabling cookies may affect the functionality of our websites.
11. Third party websites
Our website may contain links to third party websites for your convenience. Please note that these links are provided as a service and may not be current or maintained. We are not responsible for the privacy practices, content or policies of these third parties. The privacy policies of these external sites may differ significantly from our own, so we encourage you to review their privacy policies before using those websites.
12. International Users
If you access our services or website for a region with data protection laws different from those in Australia, please be aware that your personal information will be transferred and used in accordance with the privacy laws of Australia. By using our services, you consent to this transfer and the processing of your information in Australia.
13. Access, correction and deletion of personal information
You may request access to, correction or deletion of your personal information by contacting us. To process a request, we may ask you to verify your identity and submit your request in writing for security purposes. We may charge a reasonable administration fee for processing your request.
14. Questions and complaints
For questions or complaints regarding our handling of personal information or breaches of the Privacy Act or APPs, please contact us at:
Mail | The Snap Privacy Officer Snap Franchising Ltd Suite 3.01, Level 3 6 Eden Park Drive Macquarie Park NSW 2113 |
Telephone | +61 2 8870 5100 |
Email | [email protected] |
In addressing your complaint or questions, we may request additional information to better understand your concerns. If we determine that your complaint is valid, we will work with you to implement suitable measures to resolve the issue. Should you remain unsatisfied with the resolution, you may refer the matter to the Office of the Australian Information Commissioner.
15. Effective Date
This Privacy Policy was last updated in August 2024.
Data Policy
1. Purpose
1.1. SFL is committed to adhering to privacy obligations related to Customer Data.
1.2. SFL must comply with the Privacy Act 1988 (Cth), the Australian Privacy Principals and any other applicable privacy laws.
1.3. The improper collection, use or disclosure of Customer Data is illegal and exposes SFL to substantial fines.
1.4. This Policy aim to provide information on:
1.4.1. SFL’s approach to managing, retaining and destroying (or de-identifying) Customer Data we collect and hold, to ensure compliance with the APPs;
1.4.2. Your obligations and responsibilities in connection with the collection, use and disclosure of Customer Data; and
1.4.3. What to do if you have any concerns about the Customer Data that are contrary to this Policy.
2. Scope and Application
2.1. This Policy applies to all Snap Personnel.
2.2. This Policy is adhered to in conjunction with other relevant policies, procedures and contractual obligations related to data privacy and security within SFL, including the Snap Privacy Policy.
2.3. Where there is any inconsistency between this Policy, other policies or individual agreements, then the terms of this Policy prevail. In the case of this Policy and the law, the law prevails.
2.4. This Policy does not cover all circumstances that may arise. If you are unsure or have any questions about this Policy, or SFL’s obligations, you should contact the Data Protection Officer at [email protected].
3. Definitions
3.1. In this Policy:
APPs | Australian Privacy Principles as outlined in Schedule 1 of the Privacy Act 1988 (Cth). |
Customer Data | means any information which is contained in a Record pertaining to a customer of Snap, including but not limited to, a customer’s Personal Information. This definition encompasses all Personal Information collected by SFL. |
Data Protection Officer | means the Data Protection Officer of SFL, as appointed from time to time or a position of similar nature. |
OAIC | means the Office of the Australian Information Commissioner. |
Personal Information | means any information about an identifiable individual, or an individual who is reasonably identifiable, regardless of whether the information or opinion is true or recorded in material form. Examples include, but are not limited to, a person’s name, postal address, email address, phone number and bank account details. |
Policy | this Customer Data Policy. |
Privacy Act | means the Privacy Act 1988 (Cth). |
Record | means any paper document or electronic file in accordance with the Privacy Act. Records may include physical documents, digital scans of documents, databases, and electronic files such as text, images, video or audio files. Generally, any medium that captures and contains information constitutes a Record. |
SFL | means Snap Franchising Limited. |
SFL Privacy Policy | means the Snap Privacy Policy at https://www.snap.com.au/privacy-policy.html |
Snap Personnel | means all individuals and entities affiliated with SFL, including but not limited to support office employees, temporary employees, agents, franchisees and their employees, who have access to, or are involved in the process of collecting, storing and transmitting the Customer Data. This Policy extends to any third-party service providers or contractors engaged by SFL who have access to Customer Data while providing services on behalf of Snap. |
Third Party | means any individual or organisation that interacts with SFL Personnel their employment or business relationship with SFL. |
4. Collection of Customer Data
4.1. Purpose of Collection
4.1.1. SFL collects Personal Information only when it is reasonably necessary for one or more of its functions or activities. This includes purposes such as providing goods and services, managing customer relationships and complying with legal obligations.
4.1.2. The collection of Personal Information must be directly relevant to these purposes and must not be excessive or unrelated.
4.1.3. The integrity of the Personal Information collected by SFL must be accurate, up-to-date and complete.
4.2. Consent for Collection
4.2.1. All Snap Personnel must obtain consent from customers or individuals before collecting their Personal Information.
4.2.2. In accordance with the Privacy Act, consent is either express consent or implied. The four key elements of consent are:
(a) the customer or individual is adequately informed before giving consent;
(b) the customer or individual gives consent voluntarily;
(c) the consent is current and specific; and
(d) the individual has the capacity to understand and communicate their consent.
4.2.3. It is the responsibility of Snap Personnel to ensure customers and individuals are made aware of the purpose for which their information is being collected, how it will be used and who it may be disclosed to.
4.2.4. Snap Personnel will not seek from individuals or customers broader consent than what is necessary, for example, consent for undefined future uses.
4.3. Minimising collection of Customer Data
4.3.1. Snap Personnel shall take reasonable steps to ensure that the Customer Data collected is adequate, relevant and limited to what is necessary for the intended purposes.
4.3.2. SFL is committed to minimising the collection of Customer Data by avoiding the collection of unnecessary or excessive information. This practice ensures that only information directly pertinent to fulfilling the intended purpose is collected, enhancing the efficiency and effectiveness of Customer Data handling.
5. Use and disclosure of Customer Data
5.1. Customer Data shall only be used for the purposes for which it was collected, unless otherwise authorised by law or with the consent of the customer or individual.
5.2. Snap Personnel shall not use customer data for any secondary purposes without the prior written consent of SFL.
5.3. Any disclosure of Customer Data must align with the original purpose for which it was collected.
5.4. Confidentiality
5.4.1. Snap Personnel shall maintain the confidentiality of Customer Data and shall not disclose it to any unauthorised third party, except as required by law or with the consent of the customer or individual.
5.4.2. Any sharing of Customer Data with third parties shall be done in accordance with contractual agreements and with due regard for data security and privacy.
5.4.3. This includes ensuring that appropriate safeguards are in place to protect the confidentiality and security of the data during transmission and storage.
5.5. Data sharing within the Franchise Network
5.5.1. Where necessary for the provision of products or services, employees may share customer data within the SFL Franchise Network. Such sharing shall be limited to what is necessary for the fulfilment of customer orders or requests.
5.5.2. Snap Personnel must ensure that appropriate safeguards are implemented to protect the confidentiality and security of the Customer Data.
5.5.3. Any sharing of Customer Data must comply with relevant contractual agreements and the SFL Privacy Policy.
6. Storage and security of Customer Data
6.1. Data Security
6.1.1. Snap Personnel shall take reasonable steps to protect Customer Data from unauthorised access, use or disclosure. This includes implementing appropriate technical and organisational measures to safeguard data against misuse, interference and loss and from unauthorised access, modification or disclosure, such as encryption, access control and regular security audits.
6.2. Data Retention
6.2.1. Customer Data shall not be kept for longer than is necessary for the purposes of which it was collected, unless required by law or with the consent of the customer or individual.
6.2.2. With the approval of the Data Protection Officer, Snap Personnel shall take such steps as are reasonable in the circumstances to destroy information that is no longer necessary or to ensure that the information is de-identified. This includes securely shredding hard copy documents containing Customer Data using designated disposal bins.
6.3. Data Disposal
6.3.1. Customer Data will be securely de-identified or destroyed at the discretion of the Data Protection Officer, who will determine the appropriate method and timing of disposal, ensuring compliance with legal and regulatory requirements.
7. Eligible Data Breaches
7.1. Definition and Scope
7.1.1. A data breach occurs when Personal Information held by SFL is lost or subjected to unauthorised access or disclosure. This may include, but is not limited to, instances where:
(a) a device containing Customer Data is lost or stolen;
(b) a database holding Customer Data is hacked or otherwise compromised; and or
(c) Customer Data is given to the wrong person.
7.2. Notification and Response
7.2.1. In the event of a data breach, SFL is committed to complying with the Notifiable Data Breach Scheme under the Privacy Act. This includes promptly assessing the breach to determine whether it meets the threshold for notification to affected customers or individuals and the OAIC.
7.3. Cyber Security Incident Response Plan
7.3.1. SFL has developed the Cyber Security Incident Response Plan to address and manage data breaches effectively. Snap Personnel must refer to this plan to guide their actions in the event of a breach.
8. Access and correction of Customer Data
8.1. Access to Personal Information
8.1.1. In accordance with the Privacy Act, customers and individuals have the right to access their Personal Information held by SFL.
8.1.2. Customers or individuals seeking to request access to their Personal Information should be referred to the SFL Privacy Policy for detailed instructions on how to contact SFL and submit their request.
8.2. Deletion of Personal Information
8.2.1. Customers and individuals have the right to request the deletion of their Personal Information under certain circumstances.
8.2.2. SFL will assess such requests in line with the requirements of the Privacy Act.
8.2.3. If it is determined that the Personal Information is no longer required for the purposes for which it was collected or where the individual withdraws consent, SFL will take reasonable steps to securely delete or de-identify the information, unless retention is required or authorised by law.
8.3. Verification of Identity
8.3.1. To prevent unauthorised access to Customer Data, Snap Personnel shall verify the identity of individuals requesting access to or correction of their Personal Information.
8.3.2. This verification process ensures that Personal Information is only disclosed or modified in response to valid requests from the rightful owner.
8.3.3. All requests for access to personal information must be directed to the Data Protection Officer or the SFL head office.
9. Accountability and Responsibility
9.1. Snap Personnel have a responsibility to uphold the principles and requirements of this Policy in their day-to-day activities involving Customer Data. Snap Personnel who handle Customer Data shall be accountable for their actions and must ensure compliance with this Policy at all times. Adherence to these guidelines is essential for protecting Customer Data and maintaining trust.
9.2. Reporting breaches
9.2.1. Snap Personnel shall promptly report any actual or suspected breaches of this Policy or incidents involving unauthorised access, use or disclosure of Customer Data to the Data Protection Officer.
10. External Platform Usage and Data Storage
10.1. All Snap Personnel must adhere to the following guidelines unless prior written approval has been obtained from the Data Protection Officer:
10.1.1. Prohibited activities: Customer Data must not be downloaded, used or uploaded to any external platform, including but not limited to, Customer Relationship Management (CRM) tools, email marketing platforms, or digital marketing tools. All external use of Customer Data must adhere to privacy laws and the SFL Privacy Policy.
10.1.2. Storage Restrictions: Customer Data must not be stored on any local or external drives, such as personal computers, USB drives or cloud storage services.
10.2. Authorisation Process: All requests for the download, usage or upload of Customer Data to external platforms, including requests for alternative storage methods must be submitted for review and approval to the Data Protection Officer. Requests must include a detailed justification for the proposed activity and demonstrate how the activity complies with data privacy and security requirements.
10.3. Compliance Monitoring: The Data Protection Officer is responsible for monitoring and reviewing all requests related to the use and storage of Customer Data on external platforms. This includes ensuring compliance with this Policy and relevant privacy laws. Unauthorised activities will be addressed promptly, and appropriate corrective actions will be implemented to mitigate any risks.
11. Additional Policies
11.1. This Policy must be read in conjunction with all policies available on the intranet and the Snap Privacy Policy. The Privacy Policy provides additional details on how Personal Information is collected, used and disclosed.
12. Policy Enforcement
12.1. Non-compliance with this Policy may result in disciplinary action, up to and including, termination of employment or engagement.
12.2. SFL may also face legal and regulatory consequences for breaches of privacy laws, including potential fines or other civil penalties as determined by the OAIC or a court.
12.3. Where a breach of this Policy also results in the breach of any law, Snap Personnel may be also personally liable for their actions.
13. Policy Review
13.1. This Policy will be reviewed annually or as required to ensure compliance with legal requirements and industry best practice.
13.2. Updates will be communicated to all relevant employees.
14. Contact
14.1. For any questions regarding this Policy or Customer Data, please contact the Data Protection Officer at [email protected].
15. Effective Date
15.1. This Policy was last updated in August 2024.
