(Updated May 2018)
We understand that privacy and the security of your personal information is extremely important.
Because of that, this policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.
This policy applies to you if you use our products or services in store, over the phone, online, through our mobile applications or otherwise by using any of our websites or interacting with us on social media (our "Services"). This policy gives effect to our commitment to protect your personal information and has been adopted by all of the companies and businesses in our group (including Sainsbury's, Sainsbury's Bank, Argos, Tu Clothing, and Habitat and Argos Financial Services*).
When we say 'we' or 'us' in this policy, we're generally referring to the separate and distinct legal entities that make up the Sainsbury's Group (although it does depend on the context). These include:
It also includes any other businesses we add to this group in the future. If you'd like more information about which Sainsbury's Group Company you're dealing with, check the terms and conditions of the product or service you're using.
The information we collect may be used to:
i. When you apply to us to open an account, we will:
a. Check our own records for information on:
i. Your personal accounts:
ii. And, if you have one, your spouse/(personal) partner's personal accounts (A personal partner will be someone with whom you have a relationship that creates a joint financial unit in a similar way to a married couple. You will normally, but not necessarily, be living at the same address. It is not intended to include temporary arrangements such as students or flat sharers); and
iii. If you are a director or partner in a small business we may also check on your business accounts (A small business is defined as an organisation, which might be sole trader, partnership or a limited company that has three or less partners or directors).
b. Search at credit reference agencies for information on:
i. Your personal accounts; ii. And, if you have ever done the following we will check your financial associate's personal accounts as well:
Made a joint application now;
Previously made joint applications;
Have joint account(s);
Are financially linked (Credit reference agencies may link together the records of people that are part of a financial unit. They may do this when people are known to be linked, such as being married or have jointly applied for credit or have joint accounts. They may also link people together if they, themselves, state that they are financially linked.);
If there is insufficient information to enable us to assist you, we may also check other members of your family;
If you are a director or partner in a small business we may also check on your business accounts; and
Search at fraud prevention agencies for information on you and other members of your household and your business (if you have one).
ii. What we do with the information you supply to us as part of the application:
a. Information that is supplied to us will be sent to the credit reference agencies;
b. If you tell us that you have a spouse or (personal) partner, we will:
i. Search, link and/or record information at credit reference agencies about you both;
ii. Link joint applicants and/or any individual identified as your spouse or partner, in our own records;
iii. Take both your and their information into account in future applications by either or both of you; and
iv. Continue this linking until the account closes, or is changed to a sole account and one of you notifies us that you are no longer linked,
so you must be sure that you have their agreement to disclose information about them.
c. If you give us false or inaccurate information and we suspect fraud, we will record this and may also pass this information to financial and other organisations involved in fraud prevention to protect us, them and our respective customers from theft and fraud.
iii. With the information that we obtain we will:
a. Assess this application for credit and/or;
b. Verify your identity and the identity of your spouse/partner and/or;
c. Undertake checks for the prevention and detection of fraud and/or money laundering;
d. We may use scoring methods to assess this application and to verify your identity;
e. If you are applying for one of our insurance products, share your details with our chosen group of insurers for them to process your application and, if appropriate, offer you an insurance product. The insurers may hold your information for a reasonable period for record keeping purposes, and may be required to share your information either where required by law, with regulators or statutory bodies or with third parties where you have been notified or it is obvious that they will do so;
f. Manage your personal account with us; and
g. Undertake periodic statistical analysis or testing to ensure the accuracy of existing and future Services, any or all of these processes may be automated.
iv. What we do when you have an account:
a. Where you borrow or may borrow from us, we will give details of your personal account including names and parties to the account and how you manage it/them to credit reference agencies;
b. If you borrow and do not repay in full and on time, we will tell credit reference agencies;
c. We may make periodic searches of our records, credit reference and fraud prevention agencies to manage your account with us, to take decisions regarding your identity and also credit, including whether to make credit available or to continue or extend existing credit, or to close your account if it is dormant or you are no longer resident in the UK;
d. If you have borrowed from us and do not make payments that you owe us, we will trace your whereabouts and recover payment. (where appropriate, this may be carried out by third party debt collection and recovery agencies on behalf of the Sainsbury's Group, or by a third party debt purchaser); and
e. If you hold one of our insurance products and wish to make an insurance claim, we may pass your information to our agents who will process your claim. Such information may also be put on a register of claims and shared with other insurers to prevent fraudulent claims.
In order to meet the requirements of our regulator, the Financial Conduct Authority (FCA), we will contact you shortly before the maturity of any fixed term or fixed rate products. This ensures that you are aware of the options available and helps you make an informed decision about your maturity instructions.
In order to comply with money laundering regulations, there are times when we need to confirm (or reconfirm) the name and address of our customers.
If you apply for any of our credit-based products (e.g. insurance, loan or credit card) we will perform searches with credit reference agencies. We may give details of your account and how you conduct it to credit reference agencies. If you borrow and do not repay in full and on time, we may inform credit reference agencies who will record the outstanding debt.
The information below provides further details about how credit reference agencies, us and other lenders use your information.
Q: What is a credit reference agency?
A: Credit reference agencies (CRAs) collect and maintain information on consumers' and businesses' credit behaviour, on behalf of lenders in the UK.
Q: What is a fraud prevention agency?
A: Fraud Prevention Agencies (FPAs) collect, maintain and share information on known and suspected fraudulent activity. Some CRAs also act as FPAs.
Q: Why do you use them when I have applied to your organisation?
A: Although you have applied to us and we will check our own records, we will also contact CRAs to get information on your credit behaviour with other organisations. This will help us make the best possible assessment of your overall situation before we make a decision.
Q: Where do they get the information?
A: Publicly available information:
Q: How will I know if my information is to be sent to a CRA or FPA?
A: When you apply for a product, where relevant, we will notify you if your information may be sent to a CRA or FPA.
Q: Who controls what credit reference agencies are allowed to do with my personal information?
A: All organisations that collect and process personal information are regulated by the Data Protection Act 1998, overseen by the Information Commissioner's Office. All credit reference agencies are in regular dialogue with the Commissioner. Use of the Electoral Register is controlled under the Representation of the People Act 2000.
Q: Can just anyone look at my personal information held at credit reference agencies?
A: No, access to your information is very strictly controlled and only those that are entitled to do so may see it. Usually that will only be with your consent or (very occasionally) if there is a legal requirement.
i: What do Credit Reference Agencies do?
When credit reference agencies receive a search from us they will:
a. Place a search "footprint" on your credit file whether or not this application proceeds. If the search was for a credit application the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when you apply for credit in the future. This may affect your ability to obtain credit elsewhere in the near future; and
b. Link together the records of you and anyone that you have advised is your financial associate including previous and subsequent names of parties to the account. Links between financial associates will remain on your and their files until such time as you or your partner successfully files for a disassociation with the credit reference agencies.
ii. Supply to us:
a. Credit information such as previous applications and the conduct of the accounts in your name and of your associate(s) (if there is a link between you);
b. Public information such as County Court Judgments (CCJs) and bankruptcies;
c. Electoral Register information; and
d. Fraud prevention information
iii. When information is supplied by us, to them, on your account(s):
a. Credit reference agencies will record the details that are supplied on your personal account including previous and subsequent names of parties to the account and how you manage it/them;
b. If you borrow and do not repay in full and on time, credit reference agencies will record the outstanding debt; and
c. Records shared with credit reference agencies remain on file for 6 years after they are closed whether settled by you or defaulted.
iv. How your personal information will NOT be used by credit reference agencies:
a. It will not be used to create a blacklist; and
b. It will not be used by the credit reference agency to make a decision.
How your personal information WILL be used by credit reference agencies:
a. The information which we, other organisations and fraud prevention agencies provide to the credit reference agencies about you and your financial associates may be supplied by credit reference agencies to other organisations and used by them to:
i. Verify your identity if you or your financial associate applies for other facilities including all types of insurance applications and claims;
ii. Make decisions on credit, credit related services and on motor, household, life and other insurance proposals and insurance claims, about you, your partner, other members of your household or your business;
iii. Trace your whereabouts and recover payment if you do not make payments that you owe;
iv. Conduct checks for the prevention and detection of crime including fraud and/or money laundering;
v. Manage your personal, your partner's and/or business account (if you have one);
vi. Manage your personal, your partner's and/or business insurance policies (if you have one/any); and
vii. Undertake statistical analysis and system testing.
b. Your personal information may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under the terms of the Data Protection Act 1998 and any other relevant or replacement legislation, such as the General Data Protection Regulation.
c. Your personal information may also be used to offer you other Services, but only if you have given your permission. That will be on the front of any form that you have completed.
If you would like to find out more, you can contact the 3 agencies currently operating in the UK; the information they hold may not be the same so it is worth contacting them all. They will charge you a small statutory fee.
CallCredit, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ or call 0870 0601414 or log on to www.callcredit.co.uk
Equifax Ltd, Customer Service Centre, PO Box 10036, Leicester, LE3 4FS or call 0800 014 2955 or log on to www.equifax.co.uk
Experian Ltd, Consumer Help Service, PO Box 8000, Nottingham NG80 7WF or call 0344 481 8000 or log on to www.experian.co.uk.
If you have been refused credit you can get advice from your local Trading Standards Department, Citizens Advice Bureau or Consumer Advice Centre and the agencies' web sites. The Information Commissioner also produces a useful leaflet entitled 'Credit Explained'. You can obtain a free copy on the Information Commissioner's website or by telephoning 0870 600 8100.
Fraud Prevention Agencies We have systems that protect our customers and ourselves against fraud and other crime. Personal information can be used to prevent crime and trace those responsible. If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
Please contact us on firstname.lastname@example.org if you want to receive details of the relevant fraud prevention agencies. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
The Sainsbury's Group
We may share your personal information with other Sainsbury's Group Companies from time to time so we can provide you with a high quality service across our group. That includes sharing information with the companies that operate Sainsbury's stores and online shopping, Sainsbury's Bank, Argos, Argos Financial Services, Habitat and our clothing brand Tu.
Our service providers
We work with partners, suppliers, insurers and agencies so they can process your personal information on our behalf...but only where they meet our standards on the
processing of data and security! We only share information that allows them to provide their services to us or to facilitate them providing their services to you.
For example, some of our service providers place advertising for us online, about our products and services and those of our retail partners, suppliers and third parties.
As a result, where you have indicated you are happy to receive marketing from us, you might see online advertising that we have placed on the web sites you visit,
or the interactive services you use. Or if you hold a credit card or travel money card with us, we will share transaction details with our scheme providers (e.g.
Visa or MasterCard).
Our retail partners
We might share your personal information with retail partners we do business with. This is so they can give you their services. For example, as part of the Nectar programme we pass on relevant information to whoever's operating it (at the moment that's Aimia Coalition Loyalty Limited) - if we didn't do that we couldn't give our customers Nectar points.
Other organisations and individuals:
We may transfer your personal information to other organisations in certain scenarios. For example:
We would like to tell you about the great offers, ideas, products and services of the Sainsbury's Group from time to time that we think you might be interested in. Where you have consented to us doing so, we may do this through the post, by email, text message, online, using social media, push notifications via apps, or by any other electronic means. We won't send you marketing messages if you tell us not to but we will still need to send you occasional service-related messages. If you wish to amend your marketing preferences, you can do so either logging into any of your Sainsbury's Group accounts and following the directions or by calling our Customer Care Team on 0800 636262.
We will retain a record of your personal information. This is done in order to provide you with a high quality and consistent service across our group. We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary.
When using one of our websites or mobile applications, you may be able to share information through social networks like Facebook and Twitter. For example when you 'like', 'share' or review our Services. When doing this your personal information may be visible to the providers of those social networks, their other users and/or J Sainsbury's Group Companies. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.
We take security measures to protect your information including:
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is
processed, please contact us by one of the following means:
If your enquiry relates to Sainsbury's Supermarkets, Argos, Habitat or Tu:
By email: email@example.com
By post: Data Protection Officer at Privacy Team, Sainsbury's Supermarkets Ltd, 16th Floor, Arndale House, Manchester, M4 3AL
Or if your enquiry relates to Sainsbury's Bank or Argos financial services:
By email: Privacy.Bank@sainsburysbank.co.uk
By post: Data Protection Officer, Sainsbury's Bank, 3 Lochside Avenue, Edinburgh Park, Edinburgh EH12 9DJ
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to ico.org.uk/concerns to find out more...