(Updated October 2020)
We understand that your privacy and the security of your personal information is extremely important. This notice sets out what we do with your personal information, what we do to keep it secure, from where and how we collect it, as well as your rights in relation to the personal information we hold about you.
This policy applies if you interact with us through our stores, over the phone, online, via email, through our mobile applications or otherwise by using any of our websites or interacting with us on social media.
If you don't want to read all the detail, here are the things we think you'd really want to know:
- The Sainsbury's Group currently includes Sainsbury's Supermarkets, Sainsbury's Bank, Argos, Tu Clothing, Habitat, Argos Financial Services and Argos Distributors (Ireland) Ltd;
- Your personal information is, where appropriate, shared within the Sainsbury's Group;
- We do use a number of third parties to process your personal information on our behalf and some of them are based outside of the European Economic Area;
- You have a number of rights over your personal information. How you can exercise these rights is set out in this notice;
- We do send direct marketing, if we're allowed to. And we do this to encourage you to buy our products and services by sending you offers and ideas that we feel will be of benefit to you. If you want us to stop then here's how;
- We also use your information to display more relevant online advertising and marketing relating to our products and services on websites across the Sainsbury's Group, on other websites and online media channels;
- Our websites and apps are not intended for children and we do not knowingly collect children's data;
WHO ARE WE
When we say 'we' or 'us' in this policy, we are referring to the companies that make up the Sainsbury's Group.
The companies that currently make up the Sainsbury's Group are:
- Argos Distributors (Ireland) Ltd (registered office: Argos Distributors (Ireland) Ltd, Ballybin Road Ashbourne, Co. Meath);
- Sainsbury's Supermarkets Ltd (registered office: 33 Holborn, London, EC1N 2HT);
- Sainsbury's Bank Plc (registered office: 33 Holborn, London, EC1N 2HT);
- Argos Limited (registered office: 489-499 Avebury Boulevard, Milton Keynes MK9 2NW)
- Habitat Retail Limited (registered office: 489-499 Avebury Boulevard, Milton Keynes MK9 2NW);
- Argos financial services (which includes Home Retail Group Card Services Limited, ARG Personal Loans Limited and Home Retail Group Insurance Services Limited) (registered office: 489-499 Avebury Boulevard, Milton Keynes MK9 2NW);
- Nectar Loyalty Limited (registered office: 33 Holborn, London, EC1N 2HT);
- Argos Business Solutions Limited (registered office: 489-499 Avebury Boulevard, Milton Keynes MK9 2NW);
WHAT SORTS OF INFORMATION DO WE HOLD
- Information that you provide to us such as your name, address, date of birth, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
- Information about the services that we provide to you (including for example, the products you purchased from us, when and where, what you paid, the way you use our products and services, and so on);
- Information required to make decisions about your applications for products and services we offer;
- Your account login details for our websites and apps, including your user name and chosen password;
- Information about whether or not you want to receive marketing communications from us;
- Information about any device you have used to access our services (such as your device's make and model, browser or IP address) and also how you use our services. For example, we try to identify which of our apps you use and when and how you use them. If you use our websites, we try to identify when and how you use those websites too;
- Your contact details and details of the emails and other electronic communications you receive from us, and how you interact with them. For example whether the communication has been opened, if you have clicked on any links within that communication and the device you used. We do this because we want to make sure that our communications are useful for you, so if you don't open them or don't click on any links in them, we know we need to improve our Services;
- Information from other sources such as specialist companies that provide customer information. For example credit reference agencies such as Experian, fraud prevention agencies, claims databases, marketing and research companies, social media providers and pay TV providers, as well as information that is publicly available;
- Information captured by our CCTV, automatic number plate recognition (ANPR) and body worn recording devices (together 'CCTV') if you visit any of our premises;
OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
Whenever we process your personal information we have to have something called a "legal basis" for what we do. The different legal bases we rely on are:
- Consent: You have told us you are happy for us to process your personal information for a specific purpose (s);
- Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights;
- Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services;
- Vital interests: The processing of your personal information is necessary to protect you or someone else's life;
- Legal obligation: We are required to process your personal information by law;
HOW DO WE USE YOUR INFORMATION
We may use your information in the following ways:
- To provide our products and services - we need to use your personal information to make our products and services available to you. If you then decide to order any of our products or services, or enter one of our competitions then we're delighted, thank you. After that, we need to provide them to you and process your payment. We need to use your details to do all this;
- To improve your shopping experience - we try to understand our customers so we can provide you with a great shopping experience, personalised offers, shopping ideas and online advertising. Understanding how you use our Apps, how you interact with the Sainsbury's Group, where and when you shop, the products and services you buy and how you use and browse our websites helps us to do this;
- For safety and security - we use your personal information to help provide safe and secure environments for our customers to shop in, our colleagues to work in and for our businesses to be conducted. To enable this we use CCTV, ANPR technology, body worn recording devices, monitor online behaviour and carry out checks to help us ensure that our customers are genuine to prevent fraud and to help customers use our services appropriately;
- Analytics and profiling - we use your personal information for statistical analysis and to help us understand more about our customers. That includes understanding the products and services you buy, how you shop across the whole Sainsbury's Group and by creating profiles about you. This helps us to serve you better and to find ways to improve our services, stores, apps and websites. These profiles help us to send you offers that are more relevant to you;
- Contacting you - we use your personal information to contact you. This may be in relation to a service update, an issue you have raised with us, to conduct market research or to ask for your feedback;
- Marketing and advertising - we use your personal information to provide relevant marketing communications (including by email, phone, SMS, post or online advertising), relating to our products and services, and those of our suppliers and the Sainsbury's Group. As part of this, online advertising may be displayed on websites across the Sainsbury's Group and on other organisations' websites and online media channels. We may also use information about how you shop with us to measure the effectiveness of these campaigns;
COOKIES AND SIMILAR TECHNOLOGIES
We use CCTV across all sites in the Sainsbury's Group for the protection of our colleagues, customers and business. This includes investigating accidents, incidents, criminal activities and breaches of our policies. CCTV is also in operation in our petrol stations and car parks for these purposes. Some car parks are run by third parties, so please check the local notice.
Some of our colleagues also wear body worn devices to protect themselves and our customers in high risk situations such as when there is a threat of violence. These devices record audio and video.
Occasionally we share CCTV with public or regulatory authorities or in response to requests from individuals seeking to protect their rights, the rights of others or helping to prevent crime and nuisance. We will only share CCTV if we consider a request to be appropriate.
WHO MIGHT WE SHARE YOUR INFORMATION WITH
The Sainsbury's Group - we will share your personal information in certain circumstances with the other companies within the Sainsbury's Group so that we can provide you with a high quality, personalised and tailored service (including relevant marketing) across our Group. That includes sharing information with the companies which operate Sainsbury's stores and online shopping, Sainsbury's Bank, Argos, Argos Financial Services, Habitat, the Nectar loyalty scheme and our clothing brand, Tu.
Our service providers - we work with different companies so that they can help us provide the products and services you require from us or we think you might be interested in. These third parties include:
- Advertising companies, who help us place Sainsbury's Group adverts online and on other media;
- Social media providers - such as Facebook, Instagram and Twitter;
- Market research partners, who help us analyse customer behaviour;
- Companies that deploy our email campaigns because they need to know your email address to carry out these services;
- Companies that provide insights and analytics services so we can stock the right products, send the relevant marketing campaigns and understand our business and customers better;
- Scheme providers - such as Visa and MasterCard for your payments to be processed;
- Our agents, advisers or others involved in running accounts and services for you and your business or collecting what you or your business owe Group companies;
- Third party vendors who help us manage and maintain the Sainsbury's Group IT infrastructure;
- Logistics and delivery providers who enable us to deliver products you order on our websites;
- Where relevant, our professional advisors, such as lawyers and consultants;
- Security and fraud prevention companies to ensure the safety and security of our customers, colleagues and business;
- Companies which run our contact centres because they need your personal information to identify and contact you;
- Companies who assess faults and repair products on our behalf;
- Companies who administer competitions for us so they run smoothly;
- Companies that enable us to collect your reviews and comments, both online and offline;
- Companies that help us with our community and social goals;
If you use the services provided by another company to interact with us, such as a virtual assistant or a social media platform, please be aware that your data is also subject to the privacy policies of these companies.
Other organisations and individuals - we may share your personal information in certain scenarios. For example:
- If we're discussing selling or transferring part or all of a Sainsbury's Group business, we may share information about you to prospective purchasers and their advisers - but only so they can evaluate the relevant business;
- If we are reorganised or sold to another organisation, we may transfer information we hold about you to them so they can continue to provide the Services to you;
- If we are required to by law, under any code of practice by which we are bound or where we are asked to do so by a public or regulatory authority;
- If we need to do so in order to exercise or protect our legal rights, users, systems and services;
- In response to requests from individuals (or their representatives) seeking to protect their rights or the rights of others. We will only share your personal information in response to requests which do not override your privacy interests. For example, we will not share your personal information with individuals who are merely curious about you, but we will share your personal information to e.g. insurers, solicitors, employers etc. which have a legitimate interest in your personal information;
INTERNATIONAL TRANSFERS OF YOUR PERSONAL INFORMATION
KEEPING YOU INFORMED ABOUT OUR PRODUCTS AND SERVICES
We would like to tell you about the great offers, ideas, products and services of the Sainsbury's Group from time to time that we think you might be interested in. Where we have consent or it is in our legitimate interests to do so, we may do this through the post, by email, text message, phone, through online advertising or by any other electronic means.
We won't send you marketing messages if you tell us not to, but if you receive a service from us we will still need to send you occasional service-related messages and may still send you surveys (you can always opt out of these via the survey email itself). If you wish to amend your marketing preferences, you can do so by logging into your account or by unsubscribing from emails we send you.
Please note that it can take a little while for all marketing to stop once you either withdraw your consent or tell us you'd like to opt out of marketing. This is because some marketing may have been identified as relevant to your interests and may already be in transit, it cannot therefore be immediately stopped.
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.
- The right to access a copy of the personal information we hold about you;
- The right to correction of inaccurate personal information we hold about you;
- The right to restrict our use of your personal information;
- The right to be forgotten;
- The right of data portability;
- The right to object to our use of your personal information;
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the "Contact Us" section below. Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect the personal information belonging to our customer against fraudulent requests.
AUTOMATED DECISION MAKING AND PROFILING
We use automated decision making, including profiling, in certain circumstances, such as when it is in our legitimate interests to do so, or where we have a right to do so because it is necessary for us to enter into, and perform, a contract with you. We use profiling to enable us to give you the best service across the Sainsbury's Group, including specific marketing which we believe you will be interested in.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in any other significant way.
If you are seeking to exercise this right, please contact us using the details in the "Contact Us" section below.
HOW LONG WILL WE KEEP YOUR INFORMATION FOR?
We take protecting your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:
- We limit physical access to our buildings and user access to our systems to only those that we believe are entitled to be there;
- We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems & data;
- Systems are proactively monitored through a "detect and respond" information security function;
- We utilize industry "good practice" standards to support the maintenance of a robust information security management system;
- We enforce a "need to know" policy, for access to any data or systems;
If you would like to exercise one of your rights as set out in the "Your rights" or "Automated decision making and profiling" sections above, or you have a question or a complaint about this policy, or the way your personal information is processed, please contact us by one of the following means:
By email: firstname.lastname@example.org
By post: Data Protection Officer at Privacy Team, Sainsbury's Supermarkets Ltd, 17th Floor, Arndale House, Manchester, M4 3AL
You also have the right to lodge a complaint with the Data Protection Commissioner. Go to www.dataprotection.ie to find out more.