Privacy and cookies policy

Last Updated: 23 May 2018

Version 1.1

At Tesco, we’re working hard to serve shoppers a little better every day. Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that your data is safe and secure with us, and understand how we use it to offer you a better and more personalised shopping experience.

The data controller is Tesco Ireland Limited (referred to in this policy as “we” or “us”).

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this privacy and cookies policy (“Policy”), which:

  • sets out the types of personal data that we collect
  • explains how and why we collect and use your personal data
  • explains when and why we will share personal data within the Tesco Group and with other organisations; and
  • explains the rights and choices you have when it comes to your personal data

We offer a wide range of products and services, so we want you to be clear about what this Policy covers. This Policy applies to you if you use our services (referred to in this Policy as “our Services”). Using our Services means:

  • shopping with us over the phone, or online or otherwise using any of the websites (“our Websites”) or mobile applications (“our Mobile Apps”) where this Policy is posted; or
  • being a member of the Clubcard loyalty scheme (“Clubcard”)
  • This Policy also applies if you contact us or we contact you about our Services.
  • Parts of this Policy also apply if you use our store pharmacy services.
  • Parts of this Policy also apply to our store CCTV systems where they capture footage of you (see CCTV Notice)

Some other parts of our business and other Tesco Group companies may need to collect and use personal data to provide you with their products and services and for certain other purposes. They have their own privacy policies that explain how they use your personal data.

Our Websites or Mobile Apps may contain links to other websites operated by other organisations that have their own privacy policies. Please make sure you read the terms and conditions and privacy policy carefully before providing any personal data on a website as we do not accept any responsibility or liability for websites of other organisations.

This section tells you what personal data we may collect from you when you use our Services and what other personal data we may receive from other sources.

When you register for our Services, you may provide us with:

  • Your personal details, including your postal and billing addresses, email addresses, phone numbers and date of birth and title
  • Information relating to your membership of any of our clubs, such as Christmas Savers
  • Your account login details, such as your username and the password that you have chosen

When you shop with us online or browse our Websites or use our Mobile Apps, we may collect:

  • Information about your online purchases (for example, what you have bought, when and where you bought it and how you paid for it)
  • Information about your online browsing behaviour on our Websites and Mobile Apps and information about when you click on one of our adverts (including those shown on other organisations’ websites)
  • Information about any devices you have used to access our Services (including the make, model and operating system, IP address, browser type and mobile device identifiers)

When you use Clubcard to shop with us, or use Clubcard vouchers or coupons, we may collect:

  • Transaction information, including the in-store and online purchases you earn Clubcard points for and how you use your Clubcard coupons and vouchers within the Tesco Group or with Clubcard Partners

When you contact us or we contact you or you take part in promotions, competitions, surveys or reviews about our Services, we may collect:

  • Personal data you provide about yourself anytime you contact us about our Services (for example, your name, username and contact details), including by phone, email or post or when you speak with us through social media
  • Details of the emails and other digital communications we send to you that you open, including any links in them that you click on
  • Your feedback and contributions to customer surveys and reviews.

When you visit our stores:

  • footage of you may be reocrder on our CCTV systems

When you use our pharmacies:

  • personal data including your prescription details, medical history, payment details and contact/address information

Other sources of personal data

We may also use personal data from other sources, such as specialist companies that supply information, online media channels, our Retail Partners and public registers. For example, this other personal data helps us to:

  • manage your Clubcard account (including the allocation of Clubcard points);
  • review and improve the accuracy of the data we hold; and
  • improve and measure the effectiveness of our marketing communications, including online advertising.

This section explains in detail how and why we use personal data. We use personal data to:

Make our Services available to you

  • Manage the accounts you hold with us, including your Clubcard account
  • Process your orders and refunds

    Why do we process your personal data in this way? We need to process your personal data so that we can manage your customer accounts, provide you with the goods and services you want to buy and help you with any orders and refunds you may ask for.

    Legal Basis Contractual necessity:
    At the time we collect the data:

    • purchase & transactions data
    • contact details
    • profile details
    • delivery/collection details
    We will not be able to provide you with your products or services if you do not provide us with this information. Legitimate Interests: following fulfilment of your order and for the other personal data set out in this section

Manage and improve our day-to-day operations

  • Manage and improve our Websites and Mobile Apps

    Why do we process your personal data in this way? We use cookies and similar technologies on our Websites and Mobile Apps to improve your customer experience. Some cookies are necessary so you should not disable these if you want to be able to use all the features of our Websites and Mobile Apps. You can disable other cookies but this may affect your customer experience. For more information about cookies and how you can disable them, see the cookies and similar technologies section.

  • Help to develop and improve our product range, services, stores, information technology systems, know-how and the way we communicate with you

    Why do we process your personal data in this way? We rely on the use of personal data to carry out market research and internal research and development, and to improve our information technology systems (including security) and our product range, services and stores. This allows us to serve you better as a customer.

  • Detect and prevent fraud or other crime

    Why do we process your personal data in this way? It is important for us to monitor how our Services are used to detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our Services.

Personalise your Tesco experience

  • Use your online browsing behaviour as well as your in-store and online purchases (including Clubcard transactions) to help us better understand you as a customer and provide you with personalised offers and services.

    Why do we process your personal data in this way? Looking at your browsing behaviour and purchases allows us to personalise our offers and services for you. This helps us meet your needs as a customer.

  • Provide you with relevant marketing communications (including by email, post or online advertising), relating to our products and services, and those of our suppliers, Retail Partners and the Tesco Group. As part of this, online advertising may be displayed on websites across the Tesco Group and on other organisations’ websites and online media channels. We may also measure the effectiveness of our marketing communications and those of our suppliers and Retail Partners.

    Why do we process your personal data in this way? We want to ensure that we provide you with marketing communications, including online advertising, that are relevant to your interests. To achieve this we also measure your responses to marketing communications relating to products and services we offer, which also means we can offer you products and services that better meet your needs as a customer. You can change your marketing choices, both when you register with us, and at any time after that. You also have choices when it comes to online advertising. We set out below your choices when it comes to cookies, and how you can control your online behavioural advertising preferences.

    Legal Basis Legitimate Interests: [For most marketing communications we rely on your consent (which you can withdraw at any time), however there are situations in which it is in our legitimate interests to use your personal data in that way.]

Contact and interact with you

  • Contact you about our Services, for example by phone, email or post or by responding to social media posts that you have directed at us.

    Why do we process your personal data in this way? We want to serve you better as a customer so we use personal data to provide clarification or assistance in response to your communications

  • Manage promotions and competitions you take part in, including those we run with our suppliers and Retail Partners.

    Why do we process your personal data in this way? We need to process your personal data so that we can manage the promotions and competitions you choose to enter.

  • Invite you to take part in and manage customer surveys, reviews and other market research activities carried out by the Tesco Group and by other organisations on our behalf.

    Why do we process your personal data in this way? We carry out market research to improve our Services. However, if we contact you about this, you do not have to take part in the activities. If you tell us that you do not want us to contact you for market research, we will respect this choice. This will not affect your ability to use our Services or your Clubcard.

Claims

  • In order to resolve legal claims or disputes involving you or us.

    Why do we process your personal data in this way? For example if you have any accident or there is an incident at our stores. This could include medical reports.

    Legal Basis Bringing or Defending Legal Claims

CCTV

  • To monitor the safety of our stores in order to prevent and detect crime and anti-social behaviour.

    Why do we process your personal data in this way? In order to protect our business, the local community, customers and colleagues.

    Legal Basis Legitimate Interests

Tesco Pharmacy

  • To ensure the safe delivery of healthcare services.

    Why do we process your personal data in this way? We need to process your personal data, including your medical information, to ensure we provide you with the highest standard of care or as required by the HSE. Your prescription information will not be used for any other purpose.

    Legal Basis Medical Necessity

To help us to better understand you as a customer and to be able to provide you with services and marketing communications, including online advertising, that are relevant to your interests we also combine personal data we collect when you make purchases in-store using Clubcard with personal data collected from our Websites, Mobile Apps and other sources.

Our Legitimate Interests in using your personal data

Where we have mentioned above our use of your personal data is based on our “legitimate interests”, these are:
  • to service our customers’ needs, including delivering our products and services.
  • to promote and market our products and services.
  • to service your account (such as your Clubcard account), manage complaints and resolve any disputes.
  • to understand our customers including their patterns, behaviours as well as their likes and dislikes
  • to protect and support our business, colleagues, customers and shareholders.
  • to prevent and detect anti-social, fraud and other crime
  • to test and develop new products and services as well as improve existing ones.

This section explains how and why we share personal data with other companies within the Tesco Group.

We may share the personal data we collect with other companies in the Tesco Group. For example, we share personal data with the following Tesco Group companies.

Tesco Mobile

We make Clubcard information (including information about purchases when you use your Clubcard) and information about your online behaviour we have collected through cookies available to Tesco Mobile. This helps them to improve their service and make their marketing communications more relevant to you.

You can find more information about the way in which Tesco Mobile use your data in their privacy and cookies policy.

dunnhumby

dunnhumby, part of the Tesco Group, is also one of our main service providers. dunnhumby help us to use personal data to help improve our understanding of customers and personalise your customer experience.You can find out more about what dunnhumby do here.

This section explains how and why we share personal data with Retail Partners and Service Providers.

When we share personal data with these companies we require them to keep it safe, and they must not use your personal data for their own marketing purposes.

Retail partners

We work with a number of Retail Partners who –

  • sell products through our Services; or
  • offer products, services and/or the ability to earn points through Clubcard.

We only share personal data that enable our Retail Partners to provide their services. For example, when you redeem points we will give the relevant Retail Partner your name and contact details so that they can deliver your items.

Service Providers

We work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, storing and combining and analysing data, processing payments, provide us with legal or other professional services as well as delivering orders. We only share personal data that enable our Service Providers to provide their services.

Some of the Service Providers we work with operate online media channels, and they place relevant online advertising for our products and services, as well as those of our suppliers and our Retail Partners, on those online media channels on our behalf. For example, you may see an advert for our products and services as you use a particular social media site or watch television through your pay TV account. Examples of our Service Providers include Facebook, Adobe, Dunnhumby and Worldpay.

This section explains how and why we share personal data with other organisations.

We may share personal data with other organisations in the following circumstances:

  • if the law or a public authority says we must share the personal data or for the administration of justice;
  • if we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud);
  • where we restructure, sell or transfer our business (or a part of it). For example in connection with a takeover or merger.

We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.

  • We apply physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data.
  • We protect the security of your information while it is being transmitted by encrypting it;
  • We use computer safeguards such as firewalls and data encryption to keep this data safe;
  • We only authorise access to employees and trusted partners who need it to carry out their responsibilities;
  • We regularly monitor our systems for possible vulnerabilities and attacks and we carry out penetrations testing to identify ways to further strengthen security;
  • We will ask for proof of identity before we share your personal date with you; and
  • We will reveal only the last four digits of your payment card number when confirming an order.

Whilst we take appropriate technical and organisational measures to safeguard your personal data, it is important that you keep your login details and devices protected from unauthorised access.

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. If we do this we ensure that your privacy rights are respected in line with this Policy. The most common way we do this is to put in place a specific type of contract, a copy of this type of contract can be found here or through an approved scheme such as the Privacy Shield.

How long we use personal data for

We will not keep your personal data longer than we need to, how long this is depend on several factors, including:
  • Why we collected it in the first place;
  • How old it is;
  • Whether there is a legal/regulatory reason for us to keep it;
  • Whether we need it to protect you or us.

This section explains the choices you have when it comes to receiving marketing communications and taking part in market research.

We will send you relevant offers and news about our products and services in a number of ways including by email, but only if you have previously agreed to receive these marketing communications. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices online, over the phone or in writing at any time.

We also like to hear your views to help us to improve our Services, so we may contact you for market research purposes. You always have the choice about whether to take part in our market research.

What is a cookie?

We and our partners use cookies and similar technologies, such as tags and pixels (“Cookies”), to personalise and improve your customer experience as you use our Websites and Mobile Apps and to provide you with relevant online advertising. This section provides more information about Cookies, including how we use them and how you can exercise your choices about our use of Cookies.

A Cookie is a small text file, often encrypted, that is placed in your web browser on your receiving terminal (your PC, telephone, tablet, or any other device) when you visit a website. During the course of your visit to that website, and on subsequent visits, it sends information from your browser which contains information about your visit(s). They do not damage your computer. They can be used only for the duration of your visit or they can be used to measure how you interact with services and content over time. Cookies help to provide important features and functionality on our Websites and Mobile Apps, and to improve your customer experience.

How do we use Cookies?

We use cookies to distinguish you from other users of the Site, to provide a seamless experience and to monitor where we need to make improvements. We also use cookies for advertising purposes. Some of the cookies we use are necessary for the Site to function; other cookies are in place to make the Site more user-friendly, and for analytic purposes.

When you consent to Cookies on our Services, these may be used to do the following:

Improve the way our Websites and Mobile Apps work

Cookies allow us to improve the way our Websites and Mobile Apps work so that we can personalise your experience and allow you to use many of their useful features.

For example, we use Cookies so we can remember your preferences and the contents of your shopping basket when you return to our Websites and Mobile Apps.

Improve the performance of our Websites and Mobile Apps

Cookies can help us to understand how our Websites and Mobile Apps are being used, for example, by telling us if you get an error messages as you browse.

These Cookies collect data that is mostly aggregated and anonymous.

Deliver relevant online advertising including via social media

We use Cookies to help us deliver online advertising that we believe is most relevant to you on our Websites, on other organisations’ websites and using social media. Cookies used for this purpose are often placed on our Websites by specialist organisations.

Cookies used for this purpose are often placed on our Websites by organisations providing specialist services to us. These Cookies may collect information about your online behaviour, such as your IP address, the website you arrived from and information about your purchase history or the content of your shopping basket. This means that you may see our adverts on our Websites and on other organisations’ websites. You may also see adverts for other organisations on our Websites.

To help us to deliver online advertising that is relevant to you, we may also combine data we collect through Cookies in the browser of your desktop computer or other devices with other data that we have collected, for example your use of Clubcard and in-store purchases.

Measuring the effectiveness of our marketing communications, including online advertising

Cookies can tell us if you have seen a specific advert, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advert.

We also use Cookies to measure the effectiveness of our marketing communications, for example by telling us if you have opened a marketing email that we have sent you.

What types of cookies do we use?

We use the following categories of cookies:

  • Session cookies - These enable your web browser to remember which pages on our Site have already been visited and what actions have been taken in a session. Session cookies allow users to be recognized within a website so any page changes or item or data selection you do is remembered from page to page. The most common example of this functionality is the shopping cart feature of any e-commerce site. When you visit one page of a catalogue and select some items, the session cookie remembers your selection so your shopping cart will have the items you selected when you are ready to check out. Without session cookies, if you click CHECKOUT, the new page does not recognize your past activities on prior pages and your shopping cart will always be empty. Session cookies do not collect information from the user's computer.

  • Performance cookies - 'Performance' cookies collect information about how you use our website e.g. which pages you visit, and if you experience any errors. These cookies don't collect any information that could identify you – all the information collected is anonymous and is only used to help us improve how our website works, understand what interests our users and measure how effective our advertising is.

  • Functional cookies - These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

  • Advertising cookies/Targeting Cookies - These include targeting cookies, which record your visit to our Site, the pages you have visited and the links you have followed. We use this information to make our Site and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. We also use re-targeting cookies, which remember information about your use of our Site so that we can serve promotional and other targeted information to you on other websites. These cookies are used in combination to recognise a user who is returning to our Site or who is visiting another website. Using these cookies, publishers and advertisers can draw up a profile and personalise the content you see.

    If you do not consent to the use of any of these cookies, please disable them following the instructions in this Cookie Policy so that cookies from this Site cannot be placed on your device.

    You can find more information about the specific, individual cookies we use and the purposes for which we use them in the table below:

Third Parties operating through our Websites and Mobile Apps

You will also note that third parties (particularly advertising companies, social networks and service providers such as retargeting or even behavioural analysis services) can also use cookies on our Site. We have no control over these cookies. These cookies can have the purpose of analysing performance or allowing customised targeting of advertising displayed on your web browser.

Our key partners are listed below with information about the services they provide to us. This list is not exhaustive but it does include those partners with whom we have an established relationship and whose cookie technologies are most frequently deployed through our Services.


You can find more information about the third party cookies in use on our Site in the table below:

Your choices when it comes to Cookies

To benefit from all the functionalities of the Site, it is preferable that you accepts all cookies. However if you so wish, you can usually change your web browser’s settings to refuse new cookies, disable existing ones or simply let you know when new ones are sent to your device.

Web browser cookies

You can use your browser settings to accept or reject new Cookies and to delete existing Cookies. You can also set your browser to notify you each time new Cookies are placed on your computer or other device. You can find more detailed information about how you can manage Cookies through your browser’s help function.

If you choose to disable some or all Cookies, you may not be able to make full use of our Websites. For example, you may not be able to add items to your shopping basket, proceed to checkout, or use any of our products and services that require you to sign in.

You can also manage advertising related Cookies used on our Services by opting out through the Service Providers listed in the table above or by visiting the YourOnlineChoices website. Where we display personalised adverts on other organisations’ websites, the AdChoices icon will usually be displayed. Clicking on this icon will provide you with specific guidance on how to control your online advertising preferences. More information is available on the YourAdChoices website.

Mobile Apps

Cookies work differently on Mobile Apps as they are coded into the App itself and will use a unique identifier created by your mobile device for use for advertising activities. You can turn off or reset this advertising identifier through your mobile device’s privacy settings.

However, please be aware that, if you refuse or disable cookies, some of the Site’s functionality may be lost.

Third party Cookies

With respect to cookies issued by third parties, only the third-party cookie issuer concerned is likely to read or change the items contained inside this cookie. Tesco has no control over the cookies third parties are likely to install. These third-party cookies are subject to the privacy statements of these third parties. To see their policy on personal data processing or to change the installation and storage settings of third-party cookies, the user is asked to contact these third parties:

Settings for audience measurement and statistics cookies:

  • Google Analytics
  • Adobe Analytics

Settings for advertising cookies and behavioural targeting:

  • AdRoll
  • TradeDoubler

Settings for social network cookies:

  • Facebook
  • Google +

In addition, disabling a cookie or category of cookie does not delete the cookie from your browser, you will need to do this yourself from within your browser.

How do I disable cookies?

If you want to disable cookies you need to change your website browser settings to reject cookies. How to do this will depend on the browser you use and we provide further detail below on how to disable cookies for the most popular browsers:

For Microsoft Internet Explorer:

  • Choose the menu "tools" then "Internet Options"
  • Click on the "privacy" tab
  • Select the setting the appropriate setting

For Mozilla Firefox:

  • Choose the menu "tools" then "Options"
  • Click on the icon "privacy"
  • Find the menu "cookie" and select the relevant options

For Safari:

  • Choose Safari > Preferences, click Privacy, then do any of the following: Change which cookies and website data are accepted
  • Select a "Cookies and website data" option: Always block: Safari doesn't let any websites, third parties, or advertisers store cookies and other data on your Mac

At Tesco, we’re working hard to serve shoppers a little better every day. Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that your data is safe and secure with us, and understand how we use it to offer you a better and more personalised shopping experience.

You have the right to see the personal data we hold about you. This is called a Subject Access Request.

If you would like a copy of the personal data we hold about you, please write to:

Data Protection Officer Tesco Ireland Limited Gresham House Marine Road Dún Laoghaire Co. Dublin

You can also email us at subjectaccess.requestroi@tesco.com.

Other data protection rights

In relation to your personal data, you also have the right to:

  1. have inaccurate information corrected:

    Summary of the right:

    if you believe we hold inaccurate or missing information, please let us know and we will correct it.

  2. object to our use of it:

    Summary of the right:

    • general objection - We will then consider your objection to our use of your personal data. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it (see section 3 below) or delete it (see section 4 below).
    • objection in relation to direct marketing - If you make such an objection, we will stop using your personal data for direct marketing purposes.
  3. restrict our use of it:

    Summary of the right:

    There are several situations when you can restrict our use of your personal data, this includes (but is not limited to):

    • you have successfully made a general objection (listed in section 2 above).
    • you are challenging the accuracy of the personal data we hold.
    • we have used your personal data unlawfully, but you do not want us to delete it.
  4. have us delete it:

    Summary of the right:

    There are several situations when you can have us delete your personal data, this includes (but is not limited to):

    • we no longer need to keep your personal data;
    • you have successfully made a general objection (listed in section 2 above);
    • you have withdrawn your consent to us using your personal data (and we do not have any other grounds to use it);
    • we have unlawfully processed your personal data.
  5. have us transfer or "port" a copy of it:

    Summary of the right:

    For more information on this right of data portability, click here

  6. complain to the Data Protection Regulator:

    We’d like the chance to resolve any complaints you have, however you also have the right to complain to the ROI data protection regulator (the ODPC) about how we have used your personal data. Their website is https://www.dataprotection.ie/docs/Contact-us/b/11.html

More Information on your Data Protection Rights

The ODPC website https://www.dataprotection.ie/docs/Guidance-Material-Menu-Page/m/219.htm contains more detail on the data protection rights mentioned above. If you would like to speak to us about these rights in more detail, see the “how to contact us” section below.

If you have any questions about how we collect, store and use personal data please contact us.

E-Mail: DataProtectionROI@tesco.com

Phone: 01-2152000

Mail:
Tesco Customer Service Centre
Gresham House
Marine Road
Dún Laoghaire
County Dublin

Our Data Protection Officer can also be contacted by email: dataprotectionroi@tesco.com

We reserve the right to change the policy at any time, so please check back regularly to keep informed of updates to this Policy.