At Tesco, we’re working hard to serve shoppers a little better every day. Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that your data is safe and secure with us, and understand how we use it to offer you a better and more personalised shopping experience.
The data controller is Tesco Stores Limited (referred to in this policy as “we” or “us”).
We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this privacy and cookies policy (“Policy”), which:
- sets out the types of personal data that we collect
- explains how and why we collect and use your personal data
- explains when and why we will share personal data within the Tesco Group and with other organisations; and
- explains the rights and choices you have when it comes to your personal data
We offer a wide range of products and services, so we want you to be clear about what this Policy covers. This Policy applies to you if you use our services (referred to in this Policy as “our Services”). Using our Services means:
- shopping with us over the phone, or online or otherwise using any of the websites (“our Websites”) or mobile applications (“our Mobile Apps”) where this Policy is posted; or
- being a member of the Clubcard loyalty scheme (“Clubcard”)
This Policy also applies if you contact us or we contact you about our Services.
Some other parts of our business and other Tesco Group companies may need to collect and use personal data to provide you with their products and services and for certain other purposes. They have their own privacy policies that explain how they use your personal data.
This section tells you what personal data we may collect from you when you use our Services and what other personal data we may receive from other sources.
When you register for our Services, you may provide us with:
- Your personal details, including your postal and billing addresses, email addresses, phone numbers and date of birth and title
- Information relating to your membership of any of our clubs, such as Christmas Savers
- Your account login details, such as your username and the password that you have chosen
When you shop with us online or browse our Websites or use our Mobile Apps, we may collect:
- Information about your online purchases (for example, what you have bought, when and where you bought it and how you paid for it)
- Information about your online browsing behaviour on our Websites and Mobile Apps and information about when you click on one of our adverts (including those shown on other organisations’ websites)
- Information about any devices you have used to access our Services (including the make, model and operating system, IP address, browser type and mobile device identifiers)
When you use Clubcard to shop with us, or use Clubcard vouchers or coupons, we may collect:
- Transaction information, including the in-store and online purchases you earn Clubcard points for and how you use your Clubcard coupons and vouchers within the Tesco Group or with Clubcard Partners
When you contact us or we contact you or you take part in promotions, competitions, surveys or questionnaires about our Services, we may collect:
- Personal data you provide about yourself anytime you contact us about our Services (for example, your name, username and contact details), including by phone, email or post or when you speak with us through social media
- Details of the emails and other digital communications we send to you that you open, including any links in them that you click on
- Your feedback and contributions to customer surveys and questionnaires
Other sources of personal data
We may also use personal data from other sources, such as specialist companies that supply information, online media channels, our Retail Partners and public registers. For example, this other personal data helps us to:
- manage your Clubcard account (including the allocation of Clubcard points);
- review and improve the accuracy of the data we hold; and
- improve and measure the effectiveness of our marketing communications, including online advertising.
This section explains in detail how and why we use personal data.
Make our Services available to you
- Manage the accounts you hold with us, including your Clubcard account
- Process your orders and refunds
Why do we process your personal data in this way? We need to process your personal data so that we can manage your customer accounts, provide you with the goods and services you want to buy and help you with any orders and refunds you may ask for.
Manage and improve our day-to-day operations
- Manage and improve our Websites and Mobile Apps
- Help to develop and improve our product range, services, stores, information technology systems, know-how and the way we communicate with you
Why do we process your personal data in this way? We rely on the use of personal data to carry out market research and internal research and development, and to improve our information technology systems (including security) and our product range, services and stores. This allows us to serve you better as a customer.
- Detect and prevent fraud or other crime
Why do we process your personal data in this way? It is important for us to monitor how our Services are used to detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our Services.
Personalise your Tesco experience
- Use your online browsing behaviour as well as your in-store and online purchases (including Clubcard transactions) to help us better understand you as a customer and provide you with personalised offers and services.
Why do we process your personal data in this way? Looking at your browsing behaviour and purchases allows us to personalise our offers and services for you. This helps us meet your needs as a customer.
- Provide you with relevant marketing communications (including by email, post or online advertising), relating to our products and services, and those of our suppliers, Retail Partners and the Tesco Group. As part of this, online advertising may be displayed on websites across the Tesco Group and on other organisations’ websites and online media channels. We may also measure the effectiveness of our marketing communications and those of our suppliers and Retail Partners.
Why do we process your personal data in this way? We want to ensure that we provide you with marketing communications, including online advertising, that are relevant to your interests. To achieve this we also measure your responses to marketing communications relating to products and services we offer, which also means we can offer you products and services that better meet your needs as a customer. You can change your marketing choices, both when you register with us, and at any time after that. You also have choices when it comes to online advertising. We set out below your choices when it comes to cookies, and how you can control your online behavioural advertising preferences.
Contact and interact with you
- Contact you about our Services, for example by phone, email or post or by responding to social media posts that you have directed at us.
Why do we process your personal data in this way? We want to serve you better as a customer so we use personal data to provide clarification or assistance in response to your communications
- Manage promotions and competitions you take part in, including those we run with our suppliers and Retail Partners.
Why do we process your personal data in this way? We need to process your personal data so that we can manage the promotions and competitions you choose to enter.
- Invite you to take part in and manage customer surveys, questionnaires and other market research activities carried out by the Tesco Group and by other organisations on our behalf.
Why do we process your personal data in this way? We carry out market research to improve our Services. However, if we contact you about this, you do not have to take part in the activities. If you tell us that you do not want us to contact you for market research, we will respect this choice. This will not affect your ability to use our Services or your Clubcard.
To help us to better understand you as a customer and to be able to provide you with services and marketing communications, including online advertising, that are relevant to your interests we also combine personal data we collect when you make purchases in-store using Clubcard with personal data collected from our Websites, Mobile Apps and other sources.
This section explains how and why we share personal data with other companies within the Tesco Group.
We may share the personal data we collect with other companies in the Tesco Group. For example, we share personal data with the following Tesco Group companies.
Clubcard information is one of a number of factors that Tesco Bank take into account when assessing your credit risk. For example, Tesco Bank will take into account Clubcard information linked to your household (including information about purchases when you or a household member use a Clubcard) when considering your application.
For some banking products, Tesco Bank use Clubcard information to evaluate your eligibility for credit products as part of the assessment they are required to do.
Tesco Bank also use Clubcard information to decide the level of discounts to offer on premiums for some insurance products. For these banking and insurance products, the Clubcard information linked to your household is always used to have a positive effect on your application.
We make Clubcard information (including information about purchases when you use your Clubcard) and information about your online behaviour we have collected through cookies available to Tesco Bank. This helps them to improve their service and make their marketing communications more relevant to you.
You can find more information about the way in which Tesco Bank use your data in their privacy and cookies policy.
We make Clubcard information (including information about purchases when you use your Clubcard) and information about your online behaviour we have collected through cookies available to Tesco Mobile. This helps them to improve their service and make their marketing communications more relevant to you.
You can find more information about the way in which Tesco Mobile use your data in their privacy and cookies policy.
dunnhumby, part of the Tesco Group, is also one of our main service providers. dunnhumby help us to use personal data to help improve our understanding of customers and personalise your customer experience. You can find out more about what dunnhumby do here.
This section explains how and why we share personal data with Retail Partners and Service Providers.
When we share personal data with these companies we require them to keep it safe, and they must not use your personal data for their own marketing purposes.
We work with a number of Retail Partners who –
- sell products through our Services, for example on the Tesco Marketplace; or
- offer products, services and/or the ability to earn points through Clubcard.
We only share personal data that enable our Retail Partners to provide their services. For example, when you shop on the Tesco Marketplace we will give the relevant Retail Partner your name and contact details so that they can deliver your items.
We work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, storing and combining data, processing payments and delivering orders. We only share personal data that enable our Service Providers to provide their services.
Some of the Service Providers we work with operate online media channels, and they place relevant online advertising for our products and services, as well as those of our suppliers and our Retail Partners, on those online media channels on our behalf. For example, you may see an advert for our products and services as you use a particular social media site or watch television through your pay TV account.
This section explains how and why we share personal data with other organisations.
We may share personal data with other organisations in the following circumstances:
- if the law or a public authority says we must share the personal data;
- if we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
- to an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you to. If the transfer or sale goes ahead, the organisation receiving your personal data can use your personal data in the same way as us; or
- to any other successors in title to our business.
We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.
We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.
- We protect the security of your information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL).
- We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you.
- We will reveal only the last four digits of your credit card number when confirming an order.
However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. We will put in place appropriate protection to make sure your personal data remains adequately protected and is treated in line with this Policy.
This section explains the choices you have when it comes to receiving marketing communications and taking part in market research.
We will send you relevant offers and news about our products and services in a number of ways including by email, but only if you have previously agreed to receive these marketing communications. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices online, over the phone or in writing at any time.
We also like to hear your views to help us to improve our Services, so we may contact you for market research purposes. You always have the choice about whether to take part in our market research.
Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device.
Improve the way our Websites and Mobile Apps work
Cookies allow us to improve the way our Websites and Mobile Apps work so that we can personalise your experience and allow you to use many of their useful features.
Improve the performance of our Websites and Mobile Apps
Cookies can help us to understand how our Websites and Mobile Apps are being used, for example, by telling us if you get an error messages as you browse.
These Cookies collect data that is mostly aggregated and anonymous.
Deliver relevant online advertising
Cookies used for this purpose are often placed on our Websites by other organisations, and always with our permission. These Cookies may collect information about your online behaviour, such as your IP address, the website you arrived from and information about your purchase history or the content of your shopping basket. This means that you may see our adverts on our Websites and on other organisations’ websites. You may also see adverts for other organisations on our Websites.
To help us to deliver online advertising that is relevant to you, we may also combine data we collect through Cookies in the browser of your desktop computer or other devices with other data that we have collected, for example your use of Clubcard and in-store purchases.
Measuring the effectiveness of our marketing communications, including online advertising
Cookies can tell us if you have seen a specific advert, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advert.
Your choices when it comes to Cookies
You can use your browser settings to accept or reject new Cookies and to delete existing Cookies. You can also set your browser to notify you each time new Cookies are placed on your computer or other device. You can find more detailed information about how you can manage Cookies at the All About Cookies and Your Online Choices websites.
If you choose to disable some or all Cookies, you may not be able to make full use of our Websites. For example, you may not be able to add items to your shopping basket, proceed to checkout, or use any of our products and services that require you to sign in.
Where we display personalised adverts on other organisations’ websites, the AdChoices icon will usually be displayed. Clicking on this icon will provide you with specific guidance on how to control your online advertising preferences. More information is available on the YourAdChoices website.
Under the Data Protection Act 1998, you have the right to see the personal data we hold about you. This is called a Subject Access Request.
If you would like a copy of the personal data we hold about you, please write to:
You can also email us at firstname.lastname@example.org.
The law allows us to charge an administration fee of £10. If you write to us by post, please enclose a cheque or postal order for £10 made payable to "Tesco Stores Limited".
We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details are incorrect, please let us know and we will amend them.