Tesco PLC (Company) is the data controller of the personal data we may collect as part of your use of this site and connected services.
We understand that looking after the personal data you share with us is hugely important. We want you to be confident that your data is safe and secure with us and you understand how we use it, this privacy and cookies policy (Policy) sets out this key information.
Personal data we collect about you
This section tells you what personal data we collect about you.
We may collect and process information about you, including without limitation:
Information that you give us. You may give us information about you by filling in forms on our Website or by corresponding with us by phone, e-mail or otherwise. The information you give us may include your name, address, e-mail address and phone number, personal description and photograph.
Information that we collect about you. With regard to each of your visits to our Website we may automatically collect technical information and information about your visit; and
Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. We are also working closely with third parties and may receive information about you from them.
We may supplement the information we collect about you with information we receive from other public sources (eg public registers such as the electoral roll). This allows us to assess the accuracy of the information we hold about you in order to send you relevant offers and information.
How and why we use your personal data
This section explains in detail how and why we use your personal data.
Collecting your personal information helps us to better understand what you need from us and to improve our services to you. Without limitation, we may use your information to:
- manage and improve our Website, including to ensure that content is presented in the most effective manner for you and for your computer;
- administer our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- personalise our services to you;
- tell you about important changes to the Website and our services;
- manage promotions, competitions, customer surveys and questionnaires, and to allow you to participate in interactive features of our service, when you choose to do so; and
- enhance our efforts to keep our site safe and secure.
You have the right to ask us not to process your personal data for marketing purposes.
If you are a shareholder of the Company, we will process the following personal data:
Your name, postal address, email address, phone number, date of birth and financial information (bank account detail, so we can pay dividends for example) as well as information about your share holdings.
It is a legal requirement that a shareholder’s name, address and number of shares held are included on our share register. If this information is not provided, we will not be able to register your shareholding.
We will also process your personal data where necessary to comply with legal requirements placed upon us, such as the Companies Act, Stock Exchange requirements, financial crime regulations and taxation laws.
Legal basis of processing
In relation to personal data we process to send you any marketing communications that you have agreed to receive, we do so based on your consent. You can withdraw your consent at any time to receiving these communications.
In relation to the other personal data processed, we process this based on what is called our “legitimate interests”, these are:
- to help you understand our business, its performance and changes;
- to keep you informed about news and events, including regulatory news connected with Tesco;
- to administer and keep up to date your account, resolve problems and respond to complaints;
- to prevent and detect fraud;
- to invite you to attend events connected with the above.
Sharing your personal data
We may share personal data with other organisations in the following circumstances:
- With our service providers (such as our website or event hosts) in order to run the service and administer your account;
- If you are a shareholder, with our share registrar service provider;
- If you are a shareholder, with our tracing agents in order to locate “missing” shareholders;
- If the law or a public or regulatory authority says we must share the personal data;
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud);
- Where we restructure, sell or transfer our business (or a part of it). For example in connection with a takeover or merger.
Data protection officer
Our Data Protection Officer can be contacted by email: DPO@uk.tesco.com
How we protect personal data
We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place:
- We apply physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data;
- We protect the security of your information while it is being transmitted by encrypting it;
- We use computer safeguards such as firewalls and data encryption to keep this data safe;
- We only authorise access to employees and trusted partners who need it to carry out their responsibilities;
- We regularly monitor our systems for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security; and
- We will ask for proof of identity before we share your personal data with you.
Whilst we take appropriate technical and organisational measures to safeguard your personal data, it is important that you keep your login details and devices protected from unauthorised access.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. If we do this we ensure that your privacy rights are respected in line with this Policy. The most common way we do this is to put in place a specific type of contract called “Standard Contractual Clauses” or through an approved scheme such as the “Privacy Shield”.
Complaining to the data privacy regulator
We’d like the chance to resolve any complaints you have, however you also have the right to complain to the UK data protection regulator (the ICO) about how we have used your personal data. Their website is https://ico.org.uk.
Subject access right
You have the right to see the personal data we hold about you. This is called a “Subject Access Request”.
If you would like a copy of the personal data we hold about you, please write to:
Data Protection Executive (Group Safety, Security and Resilience), Maldon Building, Falcon Way, Shire Park, Welwyn Garden City, AL7 1GA.
You can also email us at firstname.lastname@example.org
Other privacy rights
If you believe we hold incorrect or inaccurate personal data about you please let us know and we will correct it.
In some circumstances you may also have the right to object to our use of your personal data, restrict our use of it, have us delete it or have us port a copy of it to you or a third party.
You can find out more about these rights by visiting the ICO’s website: ico.org.uk, or alternatively contacting us (per the “Contact Us” section below).
How long we use personal data for
We will not keep your personal data longer than we need to, how long this is depend on several factors, including:
- Why we collected it in the first place;
- How old it is;
- Whether there is a legal/regulatory reason for us to keep it;
- Whether we need it to protect you or us.
In order to comply with new rules, we use a system of classifying the different types of cookies which we use on the Website, or which may be dropped by third parties through our Website. The classification was developed by the International Chamber of Commerce UK and explains more about which cookies we use, why we use them, and the functionality you will lose if you decide you don't want to have them on your device.
What is a cookie?
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
Cookies used on our Website
We use the following cookies on our Website:
Strictly necessary cookies. These cookies enable services you have specifically asked for. For those types of cookies that are strictly necessary, no consent is required. These cookies are essential in order to enable you to move around the Website and use its features, such as accessing secure areas of the Website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.
Performance cookies. These cookies collect anonymous information on the pages visited. By using the Website, you agree that we can place these types of cookies on your device. These cookies collect information about how visitors use the Website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don't collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. It is only used to improve how the Website works.
Functionality cookies. These cookies remember choices you make to improve your experience. By using the Website, you agree that we can place these types of cookies on your device. These cookies allow the Website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|Cookie name||Cookie use||Cookie duration||Host||Definition|
|__ga||Metrics: Google||2 years||.tescoplc.com||Tescoplc.com uses Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics sets a cookie in order to evaluate your use of the website and compile reports on user activity. Google stores the information collected by the cookie on servers in the United States. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. By using tescoplc.com, you consent to the processing of data about you by Google in the manner and for the purposes set out above.|
|__gat||Metrics: Google||10 mins||.tescoplc.com|
|__gat_AG||Metrics: Google||10 mins||.tescoplc.com|
|_gat_UA-42224171-1||Metrics: Google||10 mins||.tescoplc.com|
|aether||Metrics: Gaia Insight||30 mins||.tescoplc.com||We use Gaia Insight to enable us to understand how visitors interact with tescoplc.com particularly the paths visitors take through the site. This data is used to help understand how visitors interact with the site and the way in which they navigate through it. Your IP address and other personally identifiable data is not associated with any other data held by Gaia Insight.|
|is_returning||Metrics: Crazy Egg||5 years||.tescoplc.com||We use Crazy Egg to see how visitors interact with areas of a page. No personally identifiable data is captured during this process.|
|reportpages||Metrics: Tesco||1 year||.tescoplc.com||This cookie is used to identify Annual Review 2013 pages that have been visited by users|
We collect demographic and interests data in our Google Analytics account via the Third-party DoubleClick cookie. This allows us to see the age, gender and interests of visitors that have this cookie present in their browser.
Source of demographics and interest data
|Third-party DoubleClick cookie||Web-browser activity only||Cookie is present||Analytics collects any demographic and interests information available in the cookie|
Google provides the following options for visitors looking to opt out or change their Ads settings:
Visitors can also opt out of having their data collected by Google Analytics
Using browser settings to manage cookies
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Website.
To contact us about this Policy please email email@example.com
Last update: 24 May 2018