Sainsbury’s and ABP respects your privacy and is committed to doing the right thing when it comes to how we collect, use, and protect your data. That is why we have developed this privacy notice which will inform you as to what we do with your personal data and how we look after it, sets out your privacy rights, and explains how the law protects you. The privacy notice will go over the following areas:
- Who we are and how to contact us.
- The personal data we collect.
- How we use this data.
- Our legal basis for processing your data.
- When we share personal data.
- Where we store and process your data.
- How we keep your data secure.
- How long we retain your data.
- Your rights in relation to personal data.
We encourage you to read this privacy notice carefully, and should you have any questions or concerns please contact us using the details provided in the Our Contact Details section below.
Our Contact Details
Sainsbury’s and ABP are the data controllers and are responsible for your personal data (referred to in this notice as “we”, “us” or “our”). Should you have any questions or would like to make a request to exercise your legal rights, please contact us using the following details.
Sainsbury’s Supermarkets Ltd (company number 3261722)
Anglo Beef Processors UK (company number 02925718)
Sainsbury’s Supermarkets Ltd, 33 Holborn
ABP Ltd, 6290 Bishops Court, Solihull Parkway, Birmingham Business Park, Birmingham, B37 7YB
Please mark any envelopes with “FAO: Gamechanger” to make sure they are promptly received by the correct people. You have the right to make a complaint to the ICO (Information Commissioner’s Office) at any time.
The ICO is the UK supervisory authority on data protection, their website can be found here: www.ico.org.uk. However, we would appreciate the chance to deal with any concerns you may have, so we ask that you please contact us in the first instance using the details above.
Personal Data We Collect
Your personal data is any information that could be used to identify you. It does not include any data where the identifying information has been removed; this is known as anonymous data. We may collect, use, store, and transfer various types of personal data which we have grouped into the following categories:
- Identity Data: First name, surname, title, username or other identifier.
- Contact Data: Billing/postal address, email, phone number, social media account.
- Technical Data: Login data, IP address, browser type, mobile device identifiers, device make, device model, device operating system.
- Profile Data: Username and password.
- Usage Data: How websites are used, how you found the website, etc.
- Image Data: CCTV images/video, facial images.
How We Collect Personal Data
We collect your personal data through various methods depending on the circumstances.
- When you fill in a Contact Us form on any of our websites or contact us through social media or other online services, we collect your Identity and Contact data directly from you as requested on the form or other method through which you have contacted us.
- When you browse our websites, we collect your Technical and Usage data via our usage of Cookies and Google Analytics
- Where it is reasonable to do so we may collect Personal Data from publicly available sources such as internet searches, companies house, and broadcast media.
How We Use Personal Data and Our Legal Basis
We must have a lawful basis to collect and use personal data; the lawful bases are set out in the UK GDPR. Here we will explain how your personal data is used and what our lawful basis is for using it in this way.
Identity, Contact & Profile data
Legitimate interest: This helps provide an efficient online experience for our customers, suppliers, and website visitors, improving our current relationships and helping to foster new ones. Discover how you found our websites, what interests you, how you access them, etc.
Technical & Usage data
- Legitimate interest: This helps us to keep our websites relevant and up to date with what our visitors are looking for and allows us to see what improvements we can make
- Consent: Analytical cookies are installed by consent. This can be withdrawn at any time by clearing cookies from the browser. To contact and interact with your Contact data
- Legitimate interest: Responding to any initial contact or keeping in contact will help us to foster a relationship with you that will be beneficial to both parties
- Monitor who enters our sites Identity, Contact & Image data
Sharing Personal Data
We may share your personal data with service providers and other organisations as appropriate. Where a service provider is carrying out a function using personal data on our behalf, we make sure to have appropriate contracts in place detailing that provider’s responsibilities regarding the data being shared with them. We carefully vet all our service providers to make sure they have appropriate technical and organisational measures in place to safeguard personal data.
Personal data may also be shared with other third-party organisations for certain reasons, including:
- The law or a public authority requiring us to share the data
- If we need to share personal data to establish, exercise or defend our legal rights
- To an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of
our businesses or any of our rights or obligations under any agreement we may have with
- To third parties you ask or permit us to share your data with
- To organisations which introduce you to us
We may transfer data outside of the UK, however we will always make sure one of the
following safeguards is in place:
The organisation to which we are sharing data resides in a country deemed to have passed
an adequacy decision by the EU Commission; these decisions remain valid as of 31
December 2020, though the UK intends to review these decisions over time
We have specific contracts in place with the recipient organisation that have been
approved by the ICO, meaning the data is still effectively protected by the GDPR even if the
country in which that organisation resides is not in the European Economic Area or has not
passed an adequacy decision.
How We Secure Personal Data
We use computer safeguards such as firewalls and data encryption, and we enforce physical
access controls to our buildings and files to keep this data safe. We only authorise access to
employees who need it to carry out their job responsibilities. Data entered in any of our
websites is protected using HTTPS while being transmitted. We enforce physical, electronic,
and procedural safeguards in connection with the collection, storage, and disclosure of data.
Physical documentation is stored in locked and secure cabinets, while electronic data is
stored on secure servers to which only the required employees have access. All servers that
store electronic data are backed up and transmitted off-site in an encrypted state.
How Long We Retain Personal Data
We will keep your data the minimum length of time required to comply with the purposes set
out in this policy and relevant legal obligations. In certain cases your data may be kept
longer than what is necessary to comply with the purpose stated if there is a legal
requirement for us to do so. In some circumstances you can request for any personal data
we hold about you deleted, as detailed in the Your Rights section below. In this case we will
remove the data within one month and confirm this with you. We may anonymise your
personal data for research or statistical purposes; in these cases the data can no longer be
traced back to you, so we are allowed to keep it indefinitely.
You have certain rights regarding your data under the UK Data Protection laws and are free
to exercise these at any time. You have the right to:
- Request access to any personal data we hold about you
- Request corrections to any of your personal data
- Request deletion of any of your personal data
- Withdraw your consent for us to process your personal data
- Request the restriction of processing your personal data
- Request the transfer of your personal data
- Object to the processing of your personal data
- Make a complaint to the ICO about our processing of your personal data
Should you wish to exercise any of your rights, please contact us via any of the methods laid
out in the Our Contact Details section. We will not charge you a fee should you request
access to your data or exercise any of your other rights, however we may refuse to comply if
your request is clearly unfounded, repetitive, or excessive. By law we must respond to all
requests within one month and we try to do this in most cases, however we may take longer
if your request is particularly complex or if there are several requests made. We may request
identification documents from you to confirm your identity and ensure someone else is not
trying to access your personal data. If you are making a request through a third-party, we
ask for a letter of authority from you authorising that party to receive your data. We may also
contact you to ask for further details of your request to make sure we are able to respond on
How We Use Personal Data and Our Legal Basis section. Your browser can automatically
refuse some or all website cookies depending on the settings you have applied. If you wish
to remove any cookies that you have accepted, you can do this by clearing them from within
your browser settings. Please note that disabling or refusing cookies may cause some areas
of our websites and online services to stop functioning correctly.
Changes To This Privacy Notice
We may make changes to this privacy notice in line with any law changes or should any of
our purposes for collecting your data change, for example. Please make sure to check this
personal data we hold about you is up-to-date and accurate. We therefore ask that you
please keep us informed of any changes to your personal data during your relationship with
us using the details supplied in the Our Contact Details section.
Please note that any third-party websites that may be linked to this or any of our other
websites are not controlled by us and we are not responsible for their use of your personal
data. We encourage you to read the privacy notices of every website you visit once you
leave our website.