Protecting your privacy and the confidentiality of your personal information is very important to us. This Privacy Policy explains why we collect personal information and how we collect, use, disclose, store and protect your personal information. It also explains how you can access, correct, update or delete any personal information provided to us, or make a complaint if you have concerns.
We comply with the Australian Privacy Principles (“APPs”) which regulate how we collect, use, disclose, store and protect your personal information.

Which Cotton On entities does this Privacy Policy cover?

This Privacy Policy applies to Cotton On Clothing Pty Ltd (ACN 052 130 462) and all of its related entities in Australia (referred to in this document as “we”,” us” or” our”), including our Australian- based businesses Cotton On, Cotton On Body, CO. by Cotton On, Free by Cotton On, Cotton On Kids, Rubi Shoes, T-Bar and Typo.

What is personal information?

Personal information is any information that can be used to identify you, such as your name, gender, date of birth, address, telephone number, email or medical, educational, financial, and employment information.

What personal information do we collect?

We may collect personal information including your name, gender, date of birth, address, telephone number and email.

We do not collect your financial information or retain credit card numbers used to purchase products or services as this information is collected by a financial institution that has their own privacy policy. If you receive a request to provide sensitive personal information (such as credit card details) in an email, do not provide this information because the request may be fraudulent. You can help us identify attempts at fraud- if anything suspicious occurs, please contact our Privacy Officer.

Why do we collect your personal information?

We may collect your personal information when required by law but generally we collect personal information from you (or about you) to allow us to: supply you with tailored products, services or offers that may benefit you; better communicate with you; improve your experience with us; and notify you about our new products and services, discounts, promotions or upcoming events. Personal information collected or received by us will only be used for the stated purpose for which it was provided.

When and how do we collection your personal information?

We collect most personal information directly from you when you consent to communications from us. Your consent may be express (e.g. you agree to the use of your information by ticking a box) or implied by an action you take or do not take (i.e. because you have agreed to terms and conditions that contain information about the use or disclosure of your information). You provide us your information when you purchase (or enquire to purchase) products or services from us, you ask to find out more about our products or services, you apply to work with us, you participate in our competitions, you make a refund, return or other claim, you use our website(s) or other applications, you deal with us on the phone, you write to us, or when you visit one of our stores.

We may also collect information about how you use our website(s) or applications to help us better serve you. For example, we may do this when you click on a link from our website(s) or visit a website which displays our advertisements. This information is derived from cookies that identify the computer you used to access our website(s) or applications, and the cookies collect your server address; your top level domain name (for example .com, .gov, .au, .net, .edu, etc); the time and date of your visit to the website; the pages and documents you have accessed or viewed and the type of browser you are using. When we use cookies and other tracking technologies to collect your personal and non-personally identifiable information we are collecting this information to: better understand your browsing and purchasing behaviour; analyse and track website usage data; determine the popularity of certain content; deliver advertising and content targeted to your interest on our website; better understand your online activity; improve our website and your online experience; count the number of visits; and for other legitimate internal business purposes (together “re-marketing, traffic, demographics and interest reporting purposes”).

We have engaged Google to provide advertisements on our behalf and to provide analytics services. Google may use cookies and other tracking technologies to collect non-personally identifiable information for re-marketing, traffic, demographics and interest reporting purposes via Google advertising cookies and anonymous identifiers. If you have consented (“opted-in”) in accordance with APPs, your personal information may be merged with non-personally identifiable information collected through any Google advertising product or feature to be used by us for re-marketing, traffic, demographics and interest reporting purposes.

What if you don’t want us to collect your personal information?

You do not have to provide us with any personal information unless you want to. For example, it is your choice as to whether you purchase our products or services or receive communications from us. If you choose not to provide us with your personal information, we may be unable to provide a product or service or deal with you.

When you use our website or a web browser to search for our website or products, you can set your web browser to remove or reject cookies by selecting the appropriate settings on your browser. If you wish to opt-out of having your web browsing information used for re-marketing, traffic, demographics and interest reporting purposes, you must download and install Google Analytics Opt- out Browser Add-on (https://tools.google.com/dlpage/gaoptout). Removing or rejecting cookies may affect the availability and functionality of our website and updates to your web browser may affect the functionality of the Google Analytics Opt-out add-on.

What if you don’t want to receive any further communications from us?

At any time you can tell us that you do not want to receive such communications from us by unsubscribing online or by contacting our Privacy Officer.

When do we disclose your personal information?

Your personal information will not be used contrary to this Privacy Policy but we may disclose your personal information to third parties:

  • for the purpose it was collected – for example, to supply to you, respond to you and to operate our businesses;
  • if we sell all or part of our business(es) and the buyer also requires your personal information;
  • to enforce our legal rights or those of others;
  • to prevent actual or potential fraud or illegal activity;
  • who provide services to us ranging from technology, data storage, website hosting, marketing, operations and customer service; or
  • if we are required to do so by law.

If personal information is disclosed to a third party, we are required to take reasonable steps to ensure your personal information is treated in accordance with the APPs. Some of our suppliers, who provide services to us, may be located overseas and at present we have servers in Singapore and the USA hosting our website(s).

How can I access, correct, update and/or delete personal information you have collected?

You may request access to your personal information we have by contacting our Privacy Officer. We will provide you with access once you have proved your identity. If your request is unusual or onerous, you may be required to pay us a fee before we provide you access to your personal information. If your personal information is incorrect or you wish us to delete it, contact our Privacy Officer to update or delete it.

How do we store and protect your personal information?

Your personal information may be stored by us in various forms including both electronic and hardcopy. You should be aware that there are inherent risks associated with the transmission of personal information via the internet, however, we will take reasonable steps to maintain the integrity and security of any personal information we have stored, including taking reasonable steps to prevent interference and loss, misuse, unauthorised access, modification or disclosure of such personal information.

It is important that you protect your privacy by ensuring that no one obtains your personal information and you must contact us if your details change. If you do not wish to use the internet to transmit personal information you can mail or phone the Privacy Officer. If we no longer require your personal information for the purposes stated in this Privacy Policy or we have received it inadvertently, we will take reasonable steps to securely destroy or de-identify it as soon as practicable, as long as it is lawful to do so.

Do you have any questions or concerns?

If you have any questions about our Privacy Policy or if you have a complaint, please contact us with your concerns and we will endeavour to respond to your request within 30 days.

Mail: The Privacy Officer, Cotton On Group, 14 Shepherd Court, North Geelong, Victoria 3215
Phone: 1800 420 176 (from within Australia)
Email: privacyofficer@cottonon.com


Policy aim

The Cotton On Group is committed to an open, fair and supportive workplace. In line with our ethical framework, we promote a culture of honest and ethical behaviour, corporate and regulatory compliance. We recognise the important role whistleblowers perform within the Group and encourage the reporting of issues where there is a belief there has been a breach of the Group’s polices or the law. The purpose of this policy is to inform individuals how they can make whistleblower disclosures and how these will be
investigated. It also informs individuals of the whistleblower protections available to them. This policy will be available here.

Regions applicable to


Who is a whistleblower?

A whistleblower is an individual who makes a disclosure under this policy. It includes a Group team member, contractor, consultant, supplier, agent, licensee (and their employees), as well as a relative or dependent of either of these individuals.
Whistleblower disclosures Disclosures cover suspected or actual behaviour related to the Group, such as:
• Corruption
• Dishonesty
• Fraud
• Misconduct
• Negligence
• Unsafe actions
• Illegal actions
• Breaches
• Victimisation

A disclosure does not include a personal work related grievance (e.g. an operational concern with your manager or a team member).

Making a whistleblower report

Disclosures can be made to the Group’s confidential hotline or on the website www.cottonongroup.ethicspoint.com. The confidential hotline is operated independently of the Group and is available 24 hours a day, 7 days a week: 1800 940 758

Disclosures can also be made to lawyers, journalists, parliamentarians, ASIC, APRA or the ATO, but we encourage individuals to first disclose issues to the Group using one of the above methods, to allow the Group a reasonable amount of time to
investigate and address the issues raised. Whistleblowers can choose to remain anonymous and all disclosures will be treated confidentially.


Information disclosed by whistleblowers will be taken seriously and investigated where appropriate. Investigations will be conducted by an appropriately qualified member the Group. Where deemed necessary, we may engage external consultants.
Where disclosures are made anonymously, the Group may communicate through the confidential hotline with the whistleblower requesting additional or clarification of information. Following the investigation, a final report will be compiled to record the findings and other action taken in respect of the matter. This report may be escalated to an appropriate executive or to the Board, depending on the results of the investigation. In line with Group investigation standards, any team member, contractor or other officer implicated in a disclosure will be given a fair and reasonable opportunity to respond to allegations.

Protection and support

Where a disclosure is made, the Group will act in accordance with whistleblower laws to protect the whistleblower from any victimisation, adverse action or intimidation and ensure they will not be disadvantaged in their employment or engagement with the Group. This aligns with our Workplace Behaviour policy to help prevent bullying or victimisation resulting from a disclosure. An individual who makes a disclosure will not be subject to any liability or discipline for making the disclosure and the whistleblower’s identity will not be disclosed without their consent, unless:

• The disclosure is required to be provided to a government body (as required by law) or a lawyer (for legal advice); or
• Where the disclosure is reasonably necessary to investigate.

Independent and additional support is available to team members through the confidential Employee Assistance Program.

Non-compliance with this policy

Team members who knowingly violate this policy will be subject to appropriate disciplinary action, up to and including termination of employment. Contractors or consultants who fail to comply with this policy will be in breach of contract which will provide grounds for the termination of their contract.