Your personal data: how we collect, use, and protect it. (Our ‘Privacy Notice’)
It is very important to us that all our customers trust us to handle their personal data responsibly. We have written this document to explain clearly how we collect, use and protect your personal data. In particular, it explains things like:
- why we need your personal data for certain things
- how we share your personal data with others
- your rights under data protection laws
What the law says about handling personal data
The personal data protection laws control how we use your personal data, for example, we must be transparent about how we collect and use your personal data. They also grant you rights, such as the right to access the personal data that we hold about you (see section ‘Your Rights’).
Who we are referring to when we say ‘we’, ‘us’, and ‘our’ in this Privacy Notice
In this Privacy Notice, “we” "us" and “our” refers to Tesco Personal Finance plc, trading as Tesco Bank and part of the Tesco Group (www.tescoplc.com/about-us). For the purposes of the personal data protection laws, we are responsible for the personal data about you that we collect and use.
What sort of data do we hold about you?
What the law says about processing
The law requires us to tell you how we process your personal data. “Processing” is a legal term but means anything we do with your personal data, such as collecting, gathering, obtaining, administering, adapting, keeping and deleting your personal data.
We collect and keep data about you
We collect data from you in order for us to provide you with Tesco Gift cards. This includes your contact details including email address, account password, Clubcard number and any other personal data you give via our website or over the phone when you purchase a Tesco Gift Card and throughout your time as a Tesco Gift Card customer. It also includes personal data you give us any time you write to us or contact us electronically.
We, or our service provider, will collect information when you visit our website. This includes your IP address, browser type, domain names, access times and referring website addresses. This information is used by for the operation of the service, to maintain quality of the service, and to carry out analytics about the use of the website.
We may also gather other data about you
We may also obtain and combine data about you from other places, such as the wider Tesco Group, financial crime prevention agencies and publicly available resources, such as the electoral register and the internet.
We do this so we can make sure the personal data we hold about you is accurate, to perform checks, and make you offers.
More information about the times we collect personal data about you
When you call us we monitor and record calls to and from our customer service centres to improve our service and to prevent and detect fraud.
When you contact us electronically (e.g. by email or Internet), we may collect an electronic identifier, such as your internet protocol address.
We will only ask for necessary personal data unless we tell you otherwise
We will ask for personal data that is essential for us to know so that we can provide our products or services to you. If we ask for personal data that is not essential, we will explain why and tell you the consequences if you do not provide us with the personal data.
How does Tesco Bank use your personal data
We use your personal data to provide our services to you
To provide our services to you we will need to use your personal data. We will need to use this personal data at all stages of our relationship with you, including:
- when you open a Tesco Gift Card account
- during the time we have a relationship with you
- and for a period of time afterwards
The way we use the personal data about you includes:
- verifying your identity
- managing your account
We use your personal data for ‘legitimate business interests’
These are uses allowed by law which are necessary to enable us to provide the products and services. These include:
- detecting and preventing fraud, other forms of financial crime, and other unlawful acts
- managing and operating our business
- improving our business
- personalising our services to you
- processing your orders
- telling you about important changes to our services
- understanding your shopping behaviour to develop and improve our products and services
- managing promotions, competitions, customer surveys and questionnaires
We may use your personal data to improve our business
The law allows us to use your personal data in reasonable ways to help us improve our business.
The ways we might use your personal data to improve our business are to:
- understand customers’ needs and requirements
- develop and test products and services
- carry out research and analysis on our products and services
When we use your personal data to improve our business, we always make sure we keep the amount of data we collect and use to an absolute minimum.
Who do we share your personal data with?
Why we share your personal data
In order to provide our products and services to you, it is necessary for us to share information with third parties. For some third parties we need to share your personal data because they provide a service which we do not provide. For other third parties, we are required to share your personal data to prevent fraud when orders are processed.
The www.giftcards.tesco.com website and orders for Tesco Gift cards made through the website are managed by our third party service provider, SVM Global Limited (Action Court, Coleman Street, Parkgate, Rotherham, S62 6EL, registered in England with company number 6748892. and VAT Reg No: 945 0278 19) on our behalf.
We Tesco Bank will only share your personal data
- where we have your permission
- where the law says we must
- where sharing the personal data meets the requirements of the data protection laws
Whenever we share data, we only share the amount necessary to achieve the objective of the sharing.
We Tesco Bank will only share your personal data with these people:
- with regulatory bodies and authorities
- with fraud and other financial crime prevention agencies
- with our service providers (including those who provide funding, administration, fraud and financial crime detection and professional services)
- with companies, (if we are, or are considering, transferring the rights and obligations we have with you)
- with Tesco Group and Tesco stores, in connection with your Clubcard (for example, to allocate points or discounts, or where you have agreed to receive marketing)
- with other Tesco Group companies. www.tescoplc.com/about-us/
- with our market research agency to contact you with relevant surveys.
We may use and share anonymous information about you outside the Tesco Group. However, we would like to reassure you that this never includes your personal data.
Sending your personal data to other countries
We will only send your personal data outside the EEA if we know it will be well protected
Sometimes we might send your personal data to another country if, for example, our service provider has a data centre overseas.
All countries within the EEA have broadly the same data protection laws. Before sending your personal data outside the EEA, we check that the recipient will be able to keep your personal data secure and that:
- the EU Commission confirms that the recipient is established in a country which offers essentially equivalent protection to that provided within the EEA; or
- it is to a private US company that has self-certified with the Privacy Shield
If neither of these apply, then we ask the recipient to sign the EU Commission’s ‘model contract’. This means they must meet EU standards of data protection.
When your personal data is in another country, it may be accessed by law enforcement agencies in those countries. They do this to detect and prevent crime, or because the law says they must.
How we handle sensitive personal data
When we need to use sensitive personal data
Sometimes we will need to ask you for sensitive personal data. If required, to comply with data protection laws, we will ask for your explicit consent to use this data (data protection laws call this ‘special category data’ or 'sensitive personal data').
How we handle data about special circumstances
We handle data about any special circumstances as carefully and confidentially as any other data we hold about you. This includes data about things you tell us so that we are able to provide you with additional assistance (e.g. if you are hard of hearing) and also information that laws or regulations say we must record (for example, if any underlying medical condition has led to you appointing a Power of Attorney).
How long do we keep your personal data for?
We keep your personal data for a reasonable period only
How long we keep your personal data will depend on:
- what type of product or service we are providing for you
- how long laws or regulations say we must
- what we need for fraud and other financial crime prevention
- other legitimate business reasons (for example because we need to respond to a complaint or legal claim)
What happens if we change how we use your personal data?
We will contact you if there are any important changes to how we use your personal data
If we think it’s a change you would not expect, we will let you know.
Some changes might need your consent, or need you to opt out
If this is the case, we will always wait until you have let us know your decision before making any changes to the way that we use your personal data.
How Tesco Bank and Clubcard work together
We try and match you with Clubcards at your address
We use data that you provide, such as your name and address, to find any Clubcard(s) that are linked to your address. That might be your Clubcard, the Clubcard of other family member(s), or the Clubcard of house or flat-mates. We may use data about these Clubcard(s) to help us improve our products and services.
Ongoing use of your Clubcard data
If you take a product or service from us, we will continue to use your Clubcard data to help us maintain our relationship with you.
You have the right to know what data we hold about you
This is called your ‘subject access rights’.
The law says that you are entitled to see what data we hold about you.
If you ask us for this, we will give you access or send you a copy of all the personal data we hold about you. (There are a few exceptions to this, such as access to personal data about third parties).
You have the right to have the personal data you have provided to us supplied to you in an easily transferable digital format.
This is known as the ‘right to data portability’.
This means you can ask us to send your personal data in this format to you, or to another organisation (for example, another bank or insurer).
You have the right to change or amend your personal data
If you think any of the personal data we hold about you is incorrect or incomplete, let us know and we will change it.
You have the right to stop us using, restrict us using, or request that we erase the personal data we hold about you
If you want us to stop using, or restrict our use of, your personal data, or you want us to erase it entirely, please let us know. There are times when we may not be able to do this – for example, if the information is related to an existing or recently expired contract between you and us, or if the law says we need to keep your personal data for a certain amount of time.
You have the right to withdraw your consent at any time
Sometimes we need your consent to process your personal data. If you have given consent, you can change your mind and withdraw it. To do this, get in touch by using the relevant contact details from our website.
However, we do not always need your consent to use your personal data. There is some information this doesn’t apply to. For instance;
- the information we need in order to provide your product or service
- the information that it’s necessary we have in order to run our business or to provide the products or services in a more effective way (known as the "legitimate interests" condition), or
- the information the law says we must collect and use
Contact us for more information about how we handle your personal data
F.A.0 Data Protection Officer
SVM Global Limited
For more data about your rights, visit the Information Commissioner’s Office website
The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights, and promote data privacy for individuals. Their website is www.ico.org.uk.
If you have a complaint or concern about how we have handled your personal data and we have not been able to sort it out to your satisfaction, you have the right to lodge a complaint with the ICO.
WHAT IS A COOKIE?
A cookie is a small text file that is placed onto your device by the website you’re visiting. Cookies do a range of different jobs – please see Different types of cookies table below for details.
Common cookie terminology:
Session cookies – these cookies are placed onto your device and expire following your visit to our website.
Persistent cookies – these cookies are placed onto your device and remain in place for longer than your website visit. Persistent cookies can be used to remember you or specific online preferences on return visits. The expiry date or duration of a persistent cookie is specific to its purpose. Common persistent cookie durations are 1 day, 30 days and permanent.
Please note that any data captured by a cookie may be stored beyond the cookie expiry date – please see the Cookies used on our site tab for details on data retention.
First party cookies are placed onto your device from the web domain (or sub-domain) you’re on. For example, a cookie sent to your device from www.giftcards.tesco.com is a first party cookie (as giftcards.tesco.com is a sub domain of tesco.com).
Third party cookies are sent from a web domain different to the one you’re on. For example, a cookie sent to your device during your visit from doubleclick.net will be from a third party vendor that works for or on behalf of Tesco Gift Cards.
For more information on Cookies please visit - http://www.allaboutcookies.org/
DIFFERENT TYPES OF COOKIES
Cookies used across the Tesco Gift Card website fall into the following categories.
||Cookies that are necessary to carry out or facilitate the web service you are looking for.
||Cookies that collect information about how visitors access & use the Tesco Gift Card website. The data collected is used to inform digital marketing performance & website design / performance improvements.
||Cookies that are used to make display advertising more relevant to browsing preferences.
COOKIES USED ON OUR SITE
|Purpose: These cookies are essential to allow you to navigate and use our website securely.
|1st Party Cookies (unless specified)
|Purpose: Ensighten is the Tag Management software used by the Tesco Gift Card website. It is used to deploy other technologies / generate data that is captured by other technologies. This technology does not retain any data.
|1st party cookies (unless specified)
|Data Retention Period: n/a
Purpose: The Tesco Gift Card website uses Adobe Analytics technology to measure website traffic and performance.
A copy of the Adobe Analytics data is hosted with a UK based 3rd party partner of Tesco Bank called Aquila Insight. They provide a technical environment for Tesco Bank to run additional analysis on the performance of digital marketing. Aquila Insight retain this data for a maximum of 25 months.
|1st Party Cookies (unless specified)
|Data Retention Period: 37 months
dpm (3rd party cookie)
dextp (3rd party cookie)
demdex (3rd party cookie)
|Google / DoubleClick
|Purpose: DoubleClick is an ad serving technology and used by the Tesco Gift Card website to track & optimise its digital marketing activities.
|3rd party cookies
|Data Retention Period: 24 months
|Purpose: Google Analytics allows Tesco Gift Card to measure Google Search usage and to analyse & optimise website landing pages and our visibility on search engines.
|1st Party Cookies (unless specified)
|Data Retention Period: a minimum of 25 months
|Purpose: Mediacom are an agency that supports Tesco Gift Card in the area of display advertising via Facebook. Mediacom use Facebook cookies to trigger display advertsing that's linked your online habits.
|3rd party cookies
|Data Retention Period: 180 days
YOUR COOKIE PREFERENCES
Your Tesco Gift Card cookie consent preferences are device / browser specific.
So, if you visit using a different browser you will need to set your cookie preferences again.
Likewise, if you visit using a different device you will need to set your cookie preferences again.
If you clear your cookies you will need to set your cookie preferences again (as cookie consent preferences are stored in a cookie).
You can amend your Targeting cookie consent preference at any time by visiting this page.
You can also amend your general cookie preferences via your browser settings.