You should know what ‘personal data’ (i.e. information that relates to you and enables you to be identified) we collect from you and how we use it. This issue is very important to us, so we have set out full details in this policy. When we refer to ‘your information’ below, we are referring to this concept of ‘personal data’.
Please take the time to read this policy in full and understand it. By using our website, contacting us by telephone or providing information to us through our stores, you agree to its terms (providing we have told you about it first).
To be helpful, we’ve included some links to other websites in this policy, but please note that they are controlled by other people, not us, so we are not responsible for the sites to which they take you.
What do we collect and when?
We only collect information that we will genuinely use for the purposes set out in this policy.
Specifically, we may collect:
- All information you submit to us. You may do so through a wide variety of means. These means include submitting forms on our website (for example in signing up to our latest offers and news), through emails and other electronic communications we send to you with your consent, through posts and comments you make to our corporate presence on social media platforms (such as Facebook or Twitter), through any customer or other discussion forums we host on our website and any comments you make to us in our stores. This information includes your passwords and preferred user names, contact details, account details, details of friends and relatives, your preferences, interests and details of any complaints you may have. If you submit details to us of any other person (e.g. a friend) please make sure you have their permission before doing so.
- Full details of the purchases you make on our website or in our stores, including the time and date of purchase, the goods you purchase from us and details of any relevant payment card (such as a credit or debit card) you use.
- Information lawfully available from social media sources which is placed in the public domain by social media networks such as Facebook and Twitter. You should review the terms and conditions and privacy policies of the social media networks you use to ensure you understand what information relating to you they will place in the public domain and how you can stop them from doing so if you are unhappy about it.
- Your Morrisons Miles card number and related fuel transaction details.
- Any information you provide to other people, where you give them permission to share that information with us, or otherwise where they can lawfully do so.
- ‘Sensitive’ information from you, but far less frequently than the above. ‘Sensitive’ information includes your racial or ethnic origin, religious beliefs or other beliefs of a similar nature and your physical condition (e.g. if you are pregnant). You will have to provide some types of information in order to benefit from a relevant offer, competition or other activity we are running or are proposing to run, but some information is voluntary. We will make it clear which information you have to give at the point of collection. If you do not provide the minimum information we ask for, you will not be able to benefit from our related activities.
How do we use it?
We use the information we collect:
- To provide you with our website, products and related services and personalise them to you and particular things you may like, dislike or be interested in.
- To contact you from time to time about things you have told us you want to hear about, for example about changes to our website, our policies, our products, news, offers, competitions and other services. We will use the information you provide to us to personalise these communications to you and particular things you may like, dislike or be interested in.
- To allow other people to contact you (but only where you have told us this is acceptable) about things you have told us you want to hear about. These things may include their products, news, offers, competitions and other services. We may use the information you provide to us to allow other people to personalise these communications to you and particular things you may like, dislike or be interested in.
- To respond to any questions, suggestions or complaints you have raised with us.
- To respond to any social media posts or comments you make where these are made directly to us or in the public domain.
- To perform our contractual obligations to you and do anything else we have agreed to do for you.
- To monitor the use of our website and help us improve it.
- To understand and improve your relationship with the Morrisons family as a whole (please see ‘Contact us’ below to understand what we mean by the ‘Morrisons family’) and personalise this wider relationship to things you may like, dislike or be interested in.
- For administrative, historic research and statistical analysis purposes relating to our business, including the maintenance of appropriate records.
- Where otherwise permitted by law, for example in the prevention and detection of crime affecting us or our industry.
Who do we share it with?
We cannot run our business without involving other people and businesses and sometimes we pass the information to these other people and businesses as set out below.
We may share the information we collect:
- For processing purposes within the Morrisons family (please see ‘Contact us’ below to understand what we mean by the ‘Morrisons family’).
- For marketing purposes within the Morrisons family (please see ‘Contact us’ below to understand what we mean by the ‘Morrisons family’) but only where you have told us this is acceptable.
- With other people and businesses who help us provide our website, stores and related services to you.
- With other people to enable them to contact you (but only where have you have told us this is acceptable) about things you have told us you want to hear about (see ‘How do we use it?’ above).
- With any new business partners we may have over time (e.g. for a joint venture, reorganisation, business merger or sale affecting us).
- With our professional advisors (e.g. lawyers and technology consultants).
We also may share the information we collect:
- Where we are legally obliged to do so (e.g. to comply with a lawful government request).
- Where we may lawfully do so.
Any social media posts or comments will be shared under the terms of the relevant social media network (e.g. Facebook or Twitter) on which they are made and could be made public by that network. These networks are controlled by other people, not us, so we are not responsible for this sharing. You should review the terms and conditions and privacy policies of the social media networks you use to ensure you understand how they will use your information, what information relating to you they will place in the public domain and how you can stop them from doing so if you are unhappy about it.
We may add information we collect from you and your device to that from our other users and customers to give an overview of all of their activities and relationships you and they have with us. Where we do so, we shall ensure that all information used in that overview is anonymous. We may share these anonymous overviews with any other person or business at our discretion.
Please note that your telecoms network providers (including mobile phone network provider) may also be able to access some or all of the information we collect in the course of providing their services to you. You should read their privacy policies for full details.
How do we receive and store it?
Much of the information we receive is provided electronically, originating with your relevant device and then transmitted to us by your relevant telecoms network provider.
Once received by us, we take security very seriously. We use appropriate procedures and technical security measures (including strict encryption, archiving and anonymisation techniques as relevant) to safeguard your information across all our computer systems, offices and stores. In particular, we follow an internationally recognised security standard known as ‘ISO 27001’, and the Payment Card Industry’s Data Security standards (otherwise known as ‘PCI-DSS’). We also use secure means to communicate with you where appropriate, such as ‘‘https’’ and other security and encryption protocols.
Although we are a business based in the UK, we need to use suppliers who are of an international standing on occasion to help ensure you receive the very best in products and services from us. To allow us to run our business on this basis, the information we collect may be transferred to, stored and used at premises in countries around the world, including the United States of America.
We ensure all our suppliers take security as seriously as we do though, including by encouraging adoption of the US Department of Commerce’s ‘Safe Harbor’ standards by our American suppliers.
Please note that information protection laws do vary from country to country. In particular, the law of the country in which you are resident or domiciled may offer a higher standard of protection than the laws in the United Kingdom and/or those other countries in which we store and use the information we collect.
By using our website and services you agree to this international transfer, storing and processing.
If you have any concerns about the security of your own domestic computers and mobile devices, we suggest you read the advice of Get Safe Online, which can be accessed here.
How long do we keep it for?
We may retain your information for historic research and statistical purposes for as long as we choose (which could be indefinitely).
We may retain anonymous overview information (as described above) for as long as we choose (which could be indefinitely).
Otherwise, we will only retain the original information we collect from you for as long as is necessary for the purposes for which it was obtained. See ‘How do we use it?’ above for these purposes.
You and your information
If you have a registered online account with us, please ensure that the information you provide to us through that account (e.g. any contact information you provide) remains accurate and up-to-date. Please review and update it regularly.
If you have reason to believe any of the information we collect may be inaccurate, and you cannot correct such inaccuracy yourself through your registered account with us, please contact us (see below for how to do this). We will, in good faith, attempt to correct any such information, save in exceptional circumstances (discussed further below).
We provide the means for you to stop all email and SMS communications you receive from us – please see the ‘unsubscribe’ link and ‘STOP’ details we include in each email and SMS respectively. We also check all our mail and telephone marketing activity against the UK mail and telephone preference services, so you can register with these services as one way of stopping any such communications from us. You can also contact us at any time using the details below and let us know what you would like us to change.
You also have the right to ask us whether we hold information about you and if so, for us to give you certain details about that information and/or the information itself. This right is commonly known as a ‘subject access request’. Certain exemptions and conditions apply to this right, including that it should be in writing and that you give us reasonable details about the information you seek.
Depending on your country of residence or domicile, you may have other legal rights over the information we collect from you and your device (e.g. to request a copy of the information we hold that relates to you). We will honour all such legal rights.
We reserve the right to charge you a small administration fee to meet our costs in honouring your legal rights, where permitted by the relevant law.
We reserve the right not to comply with any requests we receive where we may lawfully do so, for example if we reasonably believe a request to be malicious, technically very onerous, to involve disproportionate effort or harmful to the rights of others.
If you are resident or domiciled in the UK, the UK Information Commissioner’s Office has a useful website and related materials if you want to read more about privacy issues and your related rights. You can access these materials here.
If you have any complaints about our use of your information, please contact us. We will do our very best to resolve any complaint to your satisfaction. If, for whatever reason, you feel we do not meet the high standards we expect of ourselves, you have a right to complain to the UK Information Commissioner’s Office. Please see the link above for full details of how you could go about doing so.
We review our use of your information regularly.
In doing so, we may change what we collect, how we keep it and what we will do with it.
As a result, we will need to change this policy from time to time to keep it accurate and up to date.
If we change this policy, we will tell you about it here. That way you can check to see if you are happy with our policy, before proceeding any further. Entering the website will constitute your acceptance, whether or not you choose to review these changes.
Please look out for these notices in future when you are using our website.
Our full legal name is Wm Morrison Supermarkets Plc. We are a public limited company incorporated in England and Wales. Our registered company number is 358949 and our registered address can be found in the ‘Contact us’ section.
We are what is known as the ‘data controller’ of the information you provide to us. This term means we control the way it is used and processed.
We are registered with the UK Information Commissioner’s Office under the Data Protection Act 1998. Our registration number is Z5225696. The Information Commissioner’s Office make the registered details of all data controllers available publicly. You can access them here.
If you want any further information about our use of your information, our websites in general or have any other privacy questions relating to us, we’d be happy to help you. Our contact details are set out here.
Thank you for taking the time to visit our website and reading about how we use your information.
Happy and safe browsing!
Wm Morrison Supermarkets Plc