We understand that privacy and the security of your personal information is extremely important. Because of that, this policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.
When we say ‘we’ or ‘us’ in this policy, we’re generally referring to the separate and distinct legal entities that make up the Sainsbury’s Group (although it does depend on the context). These include:
- Sainsbury’s Supermarkets Limited (registered office: 33 Holborn, London, EC1N 2HT)
- Sainsbury’s Bank Plc (registered office: 33 Holborn, London, EC1N 2HT)
- Argos Limited (registered office: 489–499 Avebury Boulevard, Milton Keynes MK9 2NW)
- Habitat Retail Limited (registered office: 489–499 Avebury Boulevard, Milton Keynes MK9 2NW)
- Argos financial services (which includes Home Retail Group Card Services Limited, ARG Personal Loans Limited and Home Retail Group Insurance Services Limited) (registered office: 489–499 Avebury Boulevard, Milton Keynes MK9 2NW).
It also includes any other businesses we add to this group in the future. If you’d like more information about which Sainsbury’s Group Company you’re dealing with, check the terms and conditions of the product or service you’re using.
- Information that you provide to us such as your name, address, date of birth, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
- Information about the Services that we provide to you (including for example, the things we have provided to you, when and where, what you paid, the way you use our products and Services, and so on);
- When reviewing your application for products and Services offered by Sainsbury’s Bank or Argos financial services (for example, insurance, loans or credit cards) we will take into account other information about you such as your employment details, financial position, information taken from identification documents such as your passport or driving licence, your insurance, criminal and medical history, and details about additional insured parties and cardholders or joint policyholders;
- Your account login details, including your user name and chosen password;
- Information about any device you have used to access our Services (such as your device’s make and model, browser or IP address) and also how you use our Services. For example, we try to identify which of our apps you use and when and how you use them. If you use our websites, we try to identify when and how you use those websites too;
- Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. We want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve our Services; and
- Information from other sources such as our retail partners (like Nectar), specialist companies that provide customer information (like credit reference agencies, fraud prevention agencies, claims databases marketing and research companies) social media providers and the DVLA as well as information that is publicly available.
The information we collect may be used to:
- Make available our Services to you;
- Process your orders;
- Take payment from you or give you a refund;
- Personalise your shopping experience, for example by understanding your location or how you use our apps and websites to provide you with personalised offers or shopping ideas;
- Give you Nectar points if appropriate;
- Help us ensure that our customers are genuine and to prevent fraud;
- Conduct market research, either ourselves or with reputable agencies;
- For statistical analysis;
- Help us understand more about you as a customer, the products and services you consume, the manner in which you consume them and how you shop across the Sainsbury’s Group, so we can serve you better;
- Find ways to improve our Services, stores apps and websites;
- Contact you about products and services from us and other companies;
- Provide you with online advertising;
- For Sainsbury’s Bank’s credit and capital management purposes;
- Provide for the safety and security of our colleagues and customers; and
- Help answer your questions and solve any issues you have.
i. When you apply to us to open an account, we will:
- Check our own records for information on:
- Your personal accounts;
- And, if you have one, your spouse/(personal) partner’s personal accounts (A personal partner will be someone with whom you have a relationship that creates a joint financial unit in a similar way to a married couple. You will normally, but not necessarily, be living at the same address. It is not intended to include temporary arrangements such as students or flat sharers); and
- If you are a director or partner in a small business we may also check on your business accounts (A small business is defined as an organisation, which might be sole trader, partnership or a limited company that has three or less partners or directors).
- Search at credit reference agencies for information on:
- Your personal accounts;
- And, if you have ever done the following we will check your financial associate’s personal accounts as well:
- Made a joint application now;
- Previously made joint applications;
- Have joint account(s);
- Are financially linked (Credit reference agencies may link together the records of people that are part of a financial unit. They may do this when people are known to be linked, such as being married or have jointly applied for credit or have joint accounts. They may also link people together if they, themselves, state that they are financially linked.);
- If there is insufficient information to enable us to assist you, we may also check other members of your family;
- If you are a director or partner in a small business we may also check on your business accounts; and
- Search at fraud prevention agencies for information on you and other members of your household and your business (if you have one).
ii. What we do with the information you supply to us as part of the application:
- Information that is supplied to us will be sent to the credit reference agencies;
- If you tell us that you have a spouse or (personal) partner, we will:
- Search, link and/or record information at credit reference agencies about you both;
- Link joint applicants and/or any individual identified as your spouse or partner, in our own records;
- Take both your and their information into account in future applications by either or both of you; and
- Continue this linking until the account closes, or is changed to a sole account and one of you notifies us that you are no longer linked, so you must be sure that you have their agreement to disclose information about them.
- If you give us false or inaccurate information and we suspect fraud, we will record this and may also pass this information to financial and other organisations involved in fraud prevention to protect us, them and our respective customers from theft and fraud.
iii. With the information that we obtain we will:
- Assess this application for credit and/or;
- Verify your identity and the identity of your spouse/partner and/or;
- Undertake checks for the prevention and detection of fraud and/or money laundering;
- We may use scoring methods to assess this application and to verify your identity;
- If you are applying for one of our insurance products, share your details with our chosen group of insurers for them to process your application and, if appropriate, offer you an insurance product. The insurers may hold your information for a reasonable period for record keeping purposes, and may be required to share your information either where required by law, with regulators or statutory bodies or with third parties where you have been notified or it is obvious that they will do so;
- Manage your personal account with us; and
- Undertake periodic statistical analysis or testing to ensure the accuracy of existing and future Services, any or all of these processes may be automated.
iv. What we do when you have an account:
- Where you borrow or may borrow from us, we will give details of your personal account including names and parties to the account and how you manage it/them to credit reference agencies;
- If you borrow and do not repay in full and on time, we will tell credit reference agencies;
- We may make periodic searches of our records, credit reference and fraud prevention agencies to manage your account with us, to take decisions regarding your identity and also credit, including whether to make credit available or to continue or extend existing credit, or to close your account if it is dormant or you are no longer resident in the UK;
- If you have borrowed from us and do not make payments that you owe us, we will trace your whereabouts and recover payment (where appropriate, this may be carried out by third party debt collection and recovery agencies on behalf of the Sainsbury’s Group, or by a third party debt purchaser); and
- If you hold one of our insurance products and wish to make an insurance claim, we may pass your information to our agents who will process your claim. Such information may also be put on a register of claims and shared with other insurers to prevent fraudulent claims.
In order to meet the requirements of our regulator, the Financial Conduct Authority (FCA), we will contact you shortly before the maturity of any fixed term or fixed rate products. This ensures that you are aware of the options available and helps you make an informed decision about your maturity instructions.
In order to comply with money laundering regulations, there are times when we need to confirm (or reconfirm) the name and address of our customers.Credit Referencing
If you apply for any of our credit-based products (e.g. insurance, loan or credit card) we will perform searches with credit reference agencies. We may give details of your account and how you conduct it to credit reference agencies. If you borrow and do not repay in full and on time, we may inform credit reference agencies who will record the outstanding debt.
The information below provides further details about how credit reference agencies, us and other lenders use your information.
- Q: What is a credit reference agency?
- A: Credit reference agencies (CRAs) collect and maintain information on consumers’ and businesses’ credit behaviour, on behalf of lenders in the UK.
- Q: What is a fraud prevention agency?
- A: Fraud Prevention Agencies (FPAs) collect, maintain and share information on known and suspected fraudulent activity. Some CRAs also act as FPAs.
- Q: Why do you use them when I have applied to your organisation?
- A: Although you have applied to us and we will check our own records, we will also contact CRAs to get information on your credit behaviour with other organisations. This will help us make the best possible assessment of your overall situation before we make a decision.
- Q: Where do they get the information?
- A: Publicly available information:
- The Electoral Register at Local Authorities;
- County Court Judgments from Registry Trust;
- Bankruptcy information from the Insolvency Service;
- Fraud information from fraud prevention agencies; and
- Credit information comes from information on applications to banks, building societies, credit card companies etc and also from the conduct of those accounts.
- Q: How will I know if my information is to be sent to a CRA or FPA?
- A: When you apply for a product, where relevant, we will notify you if your information may be sent to a CRA or FPA.
- Q: Why is my personal information used in this way?
- A: We and other organisations want to make the best possible decisions we can, in order to make sure that you will be able to repay us. Some organisations may also use the information to check your identity. In this way we can ensure that we all make responsible decisions. At the same time we also want to make decisions quickly and easily and, by using up to date information, provided electronically, we are able to make the most reliable and fair decisions possible.
- Q: Who controls what credit reference agencies are allowed to do with my personal information?
- A: All organisations that collect and process personal information are regulated by the Data Protection Act 1998, overseen by the Information Commissioner’s Office. All credit reference agencies are in regular dialogue with the Commissioner. Use of the Electoral Register is controlled under the Representation of the People Act 2000.
- Q: Can just anyone look at my personal information held at credit reference agencies?
- A: No, access to your information is very strictly controlled and only those that are entitled to do so may see it. Usually that will only be with your consent or (very occasionally) if there is a legal requirement.
i. When credit reference agencies receive a search from us they will:
- Place a search “footprint” on your credit file whether or not this application proceeds. If the search was for a credit application the record of that search (but not the name of the organisation that carried it out) may be seen by other organisations when you apply for credit in the future. This may affect your ability to obtain credit elsewhere in the near future; and
- Link together the records of you and anyone that you have advised is your financial associate including previous and subsequent names of parties to the account. Links between financial associates will remain on your and their files until such time as you or your partner successfully files for a disassociation with the credit reference agencies.
ii. Supply to us:
- Credit information such as previous applications and the conduct of the accounts in your name and of your associate(s) (if there is a link between you);
- Public information such as County Court Judgments (CCJs) and bankruptcies;
- Electoral Register information; and
- Fraud prevention information.
iii. When information is supplied by us, to them, on your account(s):
- Credit reference agencies will record the details that are supplied on your personal account including previous and subsequent names of parties to the account and how you manage it/them;
- If you borrow and do not repay in full and on time, credit reference agencies will record the outstanding debt; and
- Records shared with credit reference agencies remain on file for 6 years after they are closed whether settled by you or defaulted.
iv. How your personal information will NOT be used by credit reference agencies:
- It will not be used to create a blacklist; and
- It will not be used by the credit reference agency to make a decision.
v. How your personal information WILL be used by credit reference agencies:
- The information which we, other organisations and fraud prevention agencies provide to the credit reference agencies about you and your financial associates may be supplied by credit reference agencies to other organisations and used by them to:
- Verify your identity if you or your financial associate applies for other facilities including all types of insurance applications and claims;
- Make decisions on credit, credit related services and on motor, household, life and other insurance proposals and insurance claims, about you, your partner, other members of your household or your business;
- Trace your whereabouts and recover payment if you do not make payments that you owe;
- Conduct checks for the prevention and detection of crime including fraud and/or money laundering;
- Manage your personal, your partner’s and/or business account (if you have one);
- Manage your personal, your partner’s and/or business insurance policies (if you have one/any); and
- Undertake statistical analysis and system testing.
- Your personal information may also be used for other purposes for which you give your specific permission or, in very limited circumstances, when required by law or where permitted under the terms of the Data Protection Act 1998 and any other relevant or replacement legislation, such as the General Data Protection Regulation.
- Your personal information may also be used to offer you other Services, but only if you have given your permission. That will be on the front of any form that you have completed.
If you would like to find out more, you can contact the 3 agencies currently operating in the UK; the information they hold may not be the same so it is worth contacting them all. They will charge you a small statutory fee.
- CallCredit, Consumer Services Team, PO Box 491, Leeds, LS3 1WZ or call 0870 0601414 or log on to www.callcredit.co.uk
- Equifax Ltd., Customer Service Centre, PO Box 10036, Leicester, LE3 4FS or call 0800 014 2955 or log on to www.equifax.co.uk
- Experian Ltd., Consumer Help Service, PO Box 8000, Nottingham NG80 7WF or call 0344 481 8000 or log on to www.experian.co.uk.
If you have been refused credit you can get advice from your local Trading Standards Department, Citizens Advice Bureau or Consumer Advice Centre and the agencies’ web sites. The Information Commissioner also produces a useful leaflet entitled ‘Credit Explained’. You can obtain a free copy on the Information Commissioner’s website or by telephoning 0870 600 8100.Fraud Prevention Agencies
We have systems that protect our customers and ourselves against fraud and other crime. Personal information can be used to prevent crime and trace those responsible. If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement agencies may access and use this information. We and other organisations may also access and use this information to prevent fraud and money laundering, for example, when:
- Checking details on applications for credit and credit related or other facilities
- Managing credit and credit related accounts or facilities;
- Recovering debt;
- Checking details on proposals and claims for all types of insurance; and
- Checking details of job applicants and employees.
Please contact us on Privacy.Bank@sainsburysbank.co.uk if you want to receive details of the relevant fraud prevention agencies. We and other organisations may access and use from other countries the information recorded by fraud prevention agencies.
We may share your personal information with other Sainsbury’s Group Companies from time to time so we can provide you with a high quality service across our group. That includes sharing information with the companies that operate Sainsbury’s stores and online shopping, Sainsbury’s Bank, Argos, Argos financial services, Habitat and our clothing brand Tu.Our service providers
We work with partners, suppliers, insurers and agencies so they can process your personal information on our behalf…but only where they meet our standards on the processing of data and security! We only share information that allows them to provide their services to us or to facilitate them providing their services to you. For example, some of our service providers place advertising for us online, about our products and services and those of our retail partners, suppliers and third parties. As a result, where you have indicated you are happy to receive marketing from us, you might see online advertising that we have placed on the web sites you visit, or the interactive services you use. Or if you hold a credit card or travel money card with us, we will share transaction details with our scheme providers (e.g. Visa or MasterCard).Our retail partners
We might share your personal information with retail partners we do business with. This is so they can give you their services. For example, as part of the Nectar programme we pass on relevant information to whoever’s operating it (at the moment that’s Aimia Coalition Loyalty Limited) – if we didn’t do that we couldn’t give our customers Nectar points.Other organisations and individuals:
We may transfer your personal information to other organisations in certain scenarios. For example:
- If we're discussing selling or transferring part or all of a business, we may share information about you to prospective purchasers - but only so they can evaluate that business;
- If we are reorganised or sold to another organisation, we may transfer information we hold about you to them so they can continue to provide the Services to you;
- If required to by law, under any code of practice by which we are bound or we are asked to do so by a public or regulatory authority such as the Police or the Department for Work and Pensions;
- If we need to do so in order to exercise or protect our legal rights, users, systems and Services; or
- In response to requests from individuals (or their representatives) seeking to protect their legal rights or the rights of others.
We would like to tell you about the great offers, ideas, products and services of the Sainsbury’s Group from time to time that we think you might be interested in. Where you have consented to us doing so, we may do this through the post, by email, text message, online, using social media, push notifications via apps, or by any other electronic means.
We won't send you marketing messages if you tell us not to but we will still need to send you occasional service-related messages. If you wish to amend your marketing preferences, you can do so either logging into any of your Sainsbury’s Group accounts and following the directions or by calling our Customer Care Team on 0800 636262.
We are a partner in the Nectar loyalty card scheme. That means that if you use your Nectar card when shopping with us you will be awarded points for most things that you buy. The points can be spent with us or with any other Nectar partner. If you use your Nectar card we can also see what products and services you have bought from us. That allows us to personalise the offers we send to you and understand a bit more about the kind of shopper you are.
You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge.
Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
If you would like to exercise these rights, please contact us as set out below.Right to stop or limit our processing of your data
You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
If you would like to exercise this right, please contact us as set out below.
We will retain a record of your personal information. This is done in order to provide you with a high quality and consistent service across our group. We will always retain your personal information in accordance with law and regulation and never retain your information for longer than is necessary.
When using one of our websites or mobile applications, you may be able to share information through social networks like Facebook and Twitter. For example when you ‘like’, ‘share’ or review our Services. When doing this your personal information may be visible to the providers of those social networks, their other users and/or Sainsbury’s Group Companies. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts so you are comfortable with how your information is used and shared on them.
We take security measures to protect your information including:
- limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
- implementing access controls to our information technology, such as firewalls, ID verification and logical segmentation and/ or physical separation of our systems and information;
- never asking you for your passwords;
- advising you never to enter your account number or password into an email or after following a link from an email.
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, the way your personal information is processed, please contact us by one of the following means:
By email: Privacy@sainsburys.co.uk
By post: Data Protection Officer, 33 Holborn, London, EC1N 2HT
Or if your enquiry relates to Sainsbury’s Bank:
By email: Privacy.Bank@sainsburysbank.co.uk
By post: Data Protection Officer, Sainsbury’s Bank, 3 Lochside Avenue, Edinburgh Park, Edinburgh EH12 9DJ
Or for Argos financial services:
By post: Data Protection Officer, Home Retail Group Card Services Limited, Thynne Street, Bolton, BL11 1AS
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to ico.org.uk/concerns to find out more.