© 2020 Brown Family Wine Group.
All Rights Reserved. Privacy policy.

Privacy Policy

Brown Family Wine Group (Brown Brothers Milawa Vineyard Pty Ltd), ABN 56 005 349 235 and its associated entities (collectively Brown Family Wine Group, we, us, or our) is committed to protecting the privacy of individuals’ personal information.

In accordance with the Privacy Act 1988 (Cth) (Privacy Act) this Privacy Policy sets out the ways in which Brown Family Wine Group may collect, store, use, disclose, manage and protect your personal information.

What is personal information?

“Personal information” is information or an opinion about an identified person, or information from which a person could reasonably be identified. That is regardless of whether the information or opinion is true, and whether or not it is stored in a material or intangible/electronic form.

We do not collect “sensitive information” without your consent. When we refer to “sensitive information” we mean information about a person’s racial or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, political, professional, trade association or trade union memberships, sexual orientation or practices, criminal records, or health, genetic or biometric information or templates.


From whom do we collect your personal information?

We may collect your personal information:

  • directly from you (for example, this may occur when we contact you, enter into contracts or arrangements with you, when you attend events arranged or sponsored by us, visit our websites, cellar doors or wineries, when you use our free Wi-Fi networks, when you post about us on social media or when you enter a competition);
  • from publicly available sources and databases (for example, this may occur if it is unreasonable or impractical for us to collect the personal information directly from you, because we have provided you with a reasonable opportunity to supply personal information which we reasonably require for our activities, but you have only partially provided it, or not at all);
  • through statutory, regulatory and other governmental processes; and
  • from third parties who you have authorised to provide us with personal information.

What types of personal information do we collect?

Depending on how you interact with us, we may collect the following personal information from you:

  • Contact details – if you contact us or use our free Wi-Fi networks, we may collect details which include your name, street/postal address, email address and telephone number.
  • Epicurean member details – if you submit a membership application form and/or subsequently interact with us, such as through our website, by email or at Epicurean member events, we may collect your abovementioned contact details, government identifiers (such as your driver’s licence number), demographic (age, gender, vocation, educational history), interests and our history of interactions or dealings with you.
  • Member surveys – we may collect details about a range of issues relating to your interest in wines and the Epicurean Club, such as wine preferences, qualities sought in a wine, purchase locations and feedback on our activities.
  • Visitor information, images and videos – if you visit our cellar doors, restaurants, wineries and hosted events (eg. wine and food festivals or dining functions) we may collect your abovementioned contact details, reservation details when making bookings, as well as travel details provided when you visit as a member of a tour group. From time-to-time we will collect photographs and video footage of visitors.
  • Restaurant diner information – if you dine at our restaurants, we may collect your abovementioned contact details, reservation details when making bookings, travel details and meal preferences. For larger bookings and functions, we may also collect credit card details.
  • Customer sales information – when you purchase goods and services from us, whether in person or through our website, we may collect your abovementioned contact details, demographic, credit card details and items purchased.
  • Competition entrant details – if you enter our competitions, we may collect your abovementioned contact details.
  • Acquisition of other businesses – if we acquire the assets or shares of another business to whom you have disclosed your personal information, such transactions generally involve the disclosure of personal information from the vendor organisation to Brown Family Wine Group, either as part of the due diligence process or as a result of a transfer of assets. In such instances, Brown Family Wine Group collects the personal information held by the newly acquired business.

If you attend any of our sites, facilities or offices (such as our cellar doors, restaurants, wineries, vineyards or bottling or packaging facilities), we may use closed-circuit television cameras and other photographic equipment to record:

  • your image;
  • the date and time of your attendance; and
  • your actions whilst at the relevant site.

Unsolicited personal information

If we receive unsolicited personal information, we will assess whether we would have been entitled to collect that personal information. If we would not have been entitled to collect that personal information, we will destroy or de-identify it as soon as practicable (provided that it is lawful and reasonable to do so).


We collect personal information when individuals communicate with, or purchase products from, us through our website, such as contact details, items purchased, credit card details and other information you choose to provide. Payment details provided through our website are processed through a secure server.

When you access our website, we may receive information about you via a ?cookie’. A cookie is a piece of information that our web server may send to your computer when you visit the website. The cookie is stored on your machine, but does not identify you or give us any information about your computer. A cookie helps us to recognise when you re-visit the website, and helps us to optimise your experience. Through the use of sessional cookies, we collect information such as Internet Protocol ?IP’ addresses, device IDs, MAC addresses, browser information, installed software, hardware type, access date and time, number of visitors, pages viewed, types of transactions conducted, time spent on the website and documents downloaded. We use this information to evaluate the performance and effectiveness of our website.

This Privacy Policy does not apply in relation to any other websites linked to, from or associated with, our company owned and operated website. We are not responsible for the privacy practices or the content of such other websites. The operators of those other websites should be contacted directly for information regarding their information handling practices.


How do we secure your personal information?

We take all reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. We maintain physical, electronic, and procedural security measures to safeguard personal information including using appropriate computer system and network security;

  • where appropriate, specifying the confidentiality of your personal information in contracts with our partners with whom we exchange information;
  • having contingency plans for assessing critical system functions and establishing data backup, disaster recovery and emergency mode operations;
  • having formal, documented policies and procedures for the receipt, storage, processing and distribution of personal information;
  • imposing information access controls, including policies and procedures for access to our system and the various kinds of data it contains;
  • having policies and procedures for internal information systems auditing;
  • documented system and data authorisations, security clearance policies and procedures, and security training for affected staff; and

Storage of personal information in the Cloud

Personal information may be stored in the Cloud (that is, computer servers connected to one another via the Internet). To assist Brown Family Wine Group to store and access your personal information on the Cloud, we may store your personal information with, or allow it to be accessed by, overseas third parties who provide:

  • software and maintenance services for the Cloud
  • training services in connection with using and accessing the Cloud; and
  • infrastructure/hardware used to access the Cloud.

As those third parties are situated, and store content, offshore, your personal information may be transmitted, disclosed, stored or accessed to/from overseas jurisdictions.

If you proceed to submit your personal information to us, you are consenting to the transmission, disclosure, storage and access of your personal information by third parties in overseas jurisdictions. In that respect, Australian Privacy Principle 8 which ordinarily obliges Brown Family Wine Group to take reasonable steps to ensure that overseas recipients of your information do not breach the Australian Privacy Principles (except Principle 1) will not apply.

Please note that if any of those overseas recipients handle your personal information in a manner which is inconsistent, or does not comply, with the Australian Privacy Principles:

  • to the maximum extent permitted by law, Brown Family Wine Group will not be accountable under the Privacy Act for any resulting loss or damage that you may suffer;
  • to the maximum extent permitted by law, you will not be able to seek redress against Brown Family Wine Group under the Privacy Act 1988 (Cth);
  • the overseas recipient may not be subject to any privacy obligations at all, or to any principles similar to the Australian Privacy Principles;
  • you may not be able to seek redress against the overseas recipient in their jurisdiction; and

in holding access to your personal information, the overseas recipient may be subject to foreign laws which compel their disclosure of your personal information to other parties, such as overseas government authorities.


We disclose personal information in limited circumstances. Your personal information may be disclosed to:

  • our third party service providers, such as payment processors, data entry service providers, marketing agencies, market researchers, mailing houses, electronic network administrators, cloud service providers, debt collectors, and, where necessary, to professional advisers, such as solicitors and accountants;
  • other members/entities within our corporate group; and
  • governmental authorities or other statutory bodies where it is expressly permitted under the Privacy Act, for example, where it is with your consent or where we are legally required to do so, such as pursuant to a court order or warrant.


How do we use your personal information?

We may use your personal information for the following purposes:

  • to provide our goods and administer our services, including verifying your identify, contacting you about your orders, processing deposits and payments, training our staff and testing our systems;
  • to facilitate your participation in our loyalty program, The Epicurean Club and loyalty programs of other program partners;
  • to administer your membership account;
  • to develop and inform you about events, offers, promotions and our products and services;
  • to provide and conduct our competitions, promotions and events;
  • to distribute our newsletters and other communications, either ourselves or with the assistance of third party services providers;
  • for customer support, including resolving and providing assistance or responding to other enquiries or requests;
  • for publication in articles about our functions, in newsletters or on our websites (eg. in respect of your image);
  • to conduct marketing activities for our products and services, or products and services of third parties;
  • to conduct market and other research and analysis to improve our products, services and marketing activities, including contacting you for feedback about your experience with us;
  • to conduct quality audits and for risk management generally; and
  • to maintain records and comply with our legal obligations. For example, we use information regarding a person’s age to ensure that we do not supply alcohol to minors.

Do we use your personal information to conduct direct marketing?

We send to our customers, potential customers, Epicurean members’ and persons who access our free Wi-Fi networks, information about our products and services that we consider may be of interest. We also engage third parties to undertake those activities. These communications are sent in various forms, including mail, SMS and email. Where a person has indicated a preference in regards to a method of communication, we endeavour to use that method whenever it is practicable to do so. You can opt-out of receiving marketing communications at any time by lodging a request with our Privacy Officer (details below) or by using opt-out facilities provided in marketing communications. Once we have received your opt-out request, we will remove you from our direct marketing programs as soon as reasonably practicable. We do not trade in, rent or sell your personal information to other parties under any circumstances.


How can you access and correct your personal information?

You may request access to your personal information by sending a written request to our Privacy Officer (details below). Upon receiving an access request, we may request further details from you in order to verify your identity. We reserve the right to refuse access to personal information if we cannot verify your identity to our reasonable satisfaction. Access will generally be provided in an appropriate form within 30 days. We may charge a fee for providing access if it requires a significant amount of time to locate your information or to collate or present it in an appropriate form. This fee will be explained to you before it has been incurred. In limited circumstances, and only where it is permitted under the Privacy Act, we may not be able to provide access to information: for example, where it would have an unreasonable impact upon the privacy of others or where we believe your request is frivolous or vexatious.

We will take reasonable steps to ensure personal information we collect and use is accurate, up-to-date and complete. Where personal information is out-of-date or incorrect, you may inform us of this and we will correct it accordingly.


Dealing with us anonymously or using a pseudonym

You can deal with us anonymously or by using a pseudonym if you choose. However, if you do so we may be unable to provide you with accurate or useful information and (in some circumstances) you may not be able to access a full range of our products and services. For example, we may not be able to process your request, sell you alcoholic beverages, provide a definitive response, assess your eligibility for events, offers or promotions, or we may need to ask you further questions and require more time to respond.

Privacy Policy may change

We may amend this Privacy Policy from time to time in order to ensure that it remains accurate in view of any alterations to our information handling practices or changed business circumstances. Any updated policy will be published on our website. Changes come into effect from the time when they are brought to your attention, or when you next logon to our website, whichever is earlier. Please make sure you review this Privacy Policy each time you visit our website to keep up to date on any changes.

Contacting us in regards to privacy matters

If you have any concerns or complaints regarding how we handle personal information, please contact our Privacy Officer. Correspondence should be addressed to:

Privacy Officer
Brown Family Wine Group (Brown Brothers Milawa Vineyard Pty Ltd)
239 Milawa Bobinawarrah Road, Milawa, Victoria, 3678, Australia
Phone: +61 (0)3 5720 5500
Facsimile: +61 (0)3 5720 5511
e-mail: privacy@brownbrothers.com.au

We take all complaints seriously and will respond to you within a reasonable period of time, unless we consider your complaint to be frivolous or vexatious.

If a privacy concern or complaint is not resolved to your satisfaction, you can contact the Office of the Australian Information Commissioner.

Last updated: – 22 January 2020.