You should know what information about you we collect and how we use it.
This issue is very important to us, so we have set out full details in this policy and our cookies policy
Please take the time to read this policy in full and understand it. By using our websites and mobile apps, contacting us by telephone or otherwise providing information to us (for example through our stores or social media), you agree to its terms.
To be helpful, we’ve included some links to other websites in this policy. Please note that these websites are controlled by other people, not us, and we are not responsible for them.
What information do we collect and when?
We only collect information that we will genuinely use for the purposes set out in this policy.
Specifically, we collect:
- All information you choose to submit to us. You can choose to submit information to us through a lot of different ways:
- Through forms, for example in signing up to an offers, news or a competition;
- By sending us emails and text messages (SMS or MMS);
- By adding posts, reviews and other comments to any of our websites, apps or other community forums;
- By interacting with us on social media platforms (such as Facebook or Twitter);
- By speaking to us in our stores or over the telephone, for example in making an enquiry about a purchase you have made or a complaint; or
- By registering accounts on any of our websites or mobile apps including setting up passwords and preferred user names, contact details, account details, details of friends and relatives, your preferences and interests.
(Please note: If you submit details to us of any other person (e.g. a friend) please make sure you have their permission before doing so.)
- ‘Sensitive’ information on you, but far less frequently than the above information. ‘Sensitive’ information includes your racial or ethnic origin, religious beliefs or other beliefs of a similar nature and your physical condition (e.g. if you are pregnant). Most of this information will be submitted by you to us via forms so you have the choice as to whether to provide this information, however we may also obtain it though social media or through our analysis of your preferences and behaviours (see below).
- Full details of the purchases you make on our websites, through our mobile apps or in our stores, including the time and date of purchase, the goods you purchase from us, any relevant delivery address and details of any relevant payment card (such as a credit or debit card) you use.
- Your Morrisons Miles card number and related fuel transaction details such as the amount of fuel you bought, and the time and place you bought it;
- Technical information about the devices you use to access our websites and on which you use our mobile apps. We also collect this information when you use our in-store WIFI networks to access the internet. We collect each device’s unique identifying codes (e.g. its “MAC” address), relevant IP address, operating system and version, web browser and version, and geographic location.
- Your social media content where this is in the public domain, and any messages you send direct to us via social media. This information can include posts and comments, pictures and video footage. You should review the terms and conditions and privacy policies of the social media that you use to ensure you understand what information relating to you may be placed in the public domain and how you can stop or limit it from happening.
- Basic background information on you available from government sources. We use the Driver Vehicle Licensing Agency to trace number plates and owners in the event of drive-offs from our stores or petrol-stations. We also check our customer information against the electoral roll to make sure it remains reasonably accurate and to fill in any basic gaps.
- Information from banking, credit card and credit reference agencies about your financial status and the status of any payment card presented to us (e.g. if it has been reported stolen) to check we are likely to be paid for any transaction, and to reduce the risk of fraud (see below);
- Profile information and insight from companies who already have information on you, such as credit reference agencies (“customer insight companies”). They give us their views on what your household may look like, your status, likely preferences and behaviours.
This information includes the likely makeup of your household (e.g how many children you may have and their likely average age) and what your household affairs may be like, the type of car you may have, your interests (including what magazines and newspapers you may read, your holidays and whether you are environmentally conscious or not) and where you may currently shop. It includes observations about your likely education and employment status, the type of job you may have and your likely financial status (including your mobile phone expenditure, what credit, debit and other cards you may hold, your current account status and the extent of any loans, investments and savings you may have).
It also places you into one or more defined behavioural and socio-economic groups.
How do we use your information?
- Information collected independently by online advertising networks (for example Google) through whom we place advertisements. The information we obtain varies from network to network. It often summaries the actions of lots of people, and so does not enable us to identify you individually. It relates to what you view, click on, and access through websites in their network, including the subject matter of the site you started at and where you subsequently go. It may also include their analysis of your behaviour across the wider internet and a profile of you. If you are unhappy about this happening you should look out for “settings” and Do Not Track options in online advertisements and in the privacy and cookies functionality on your devices and consider changing your settings to block third party cookies in particular. We do not control the information on you that such networks obtain, or the technology they use to do so.
We use the information we collect for many different things:
- To provide you with our websites, mobile apps and in-store WIFI networks, which require a certain amount of technical information to be collected in order to work properly. For example, our local store finder works most effectively when we can tell where you are.
- To power security measures and related services relating to your access to our website and mobile apps for example to enable us to recognise your username and password, but also reset those if you forget them;
- To enable you to buy things from us both in store and over the internet, which again requires a certain amount of information to be collected, for example your payment card details so we can take payment and the things in your basket so we can provide you with a receipt;
- To enable us to run competitions and offers for which you have signed up, about which we need to be able to communicate with you;
- To gather feedback from you about our products, websites, mobile apps, other services and activities from time to time. We may invite you to provide this feedback on occassion, for example by emailing you to ask you if you would like to review a product you have bought or a service you have used. We may use independent research and feedback providers to do so on our behalf.
- To contact you from time to time about things you have told us you want to hear about, for example our products, news, offers, new competitions and sponsored events;
- To respond to any questions, suggestions, issues or complaints you have raised with us;
- To respond to any social media posts or other public comments you make where these are made directly to or about us, our products, websites, mobile apps, services or other activities;
- To perform any contract we have entered into with you but also to enforce a contract against you if you do not honour it, including in seeking to collect any debts that we may be owed;
- To gather statistics about how you and other people use our website and mobile apps, in-store WIFI networks and what you think of our adverts, offers, news, product information, competitions, sponsored events, social media and other digital content. We then analyse these statistics to understand if these things appear interesting and meet most people’s needs, or if they should be improved, and if so, what design or other changes (e.g. around the nature and timing of communications) would be most beneficial both for our customers, and for our business.
- To check that you have or are likely to have the means to pay us for any products you have ordered from us over the internet or one of our mobile apps;
- To monitor use of our websites and mobile apps to see if they are being abused or threatened for example by people posting inappropriate comments in review areas or by potential hackers looking to undermine their security;
- To protect you and our business against any other potential criminal behaviour, including potential identity theft and fraud;
- To understand you better and in particular, your habits, where you are from time to time, your personal circumstances and those of your family or household, and the things you may like, dislike, and be interested in.
Our aim is to excite you as much as possible and provide great service and value to you in everything we do.
By having really good information about you, we can focus on the things we think are most likely to be of real interest to you in everything we do, and especially when we send you offers, news, information on our products and details of new competitions and sponsored events, or present you with adverts and content online.
We can then, for example, provide you with money-off vouchers and rewards for the things you actually buy from us, and for the things we think you might be most interested in buying from us in the future. We can also tailor these to your precise location, for example if there is a promotion at a store local to you we think you may be interested in.
- To maintain administrative and statutory records about our business to enable us to understand what we have sold, how, when, where and at what price and account to the tax authorities for the related taxes that we have to pay;
- To enable us and our third party service providers to plan and manage our day-to-day business and related services as effectively as possible, for example in predicting likely sales volumes of any one product, so we can try and make sure we have enough stock to meet likely demand;
- To enable us to understand what our customer and user base looks like across all our businesses both online and in the “real world” and from our smallest store to our largest supermarket. We do this by combining your information with information about our other customers and users of our websites, mobile apps and in-store WIFI networks, so we can spot trends and common factors amongst everyone. We can then further tailor our business approach and in particular our marketing communications, use of digital media, products and services to the things we think you and other people like you would be most interested in. This process involves analysis of many human traits and is sometime called “market segmentation” or “customer segmentation”. We look at common trends or “segments” based on people’s geographic location, behaviours, shopping experience, financial standing, things they do on special occasions and the benefits they look for from products, amongst other things.
- To enable us to conduct focussed market research based on those trends and factors, which we can then use to further improve our products and services for all of our customers;
- In the process of anonymising your information so that you are no longer identifiable to us;
- To test new systems and processes as we roll them out (but generally only in anonymous form) to make sure they work and will meet the high expectations we set for ourselves;
- To assist us in the development of new products and services over time, for example to gauge whether a new product is likely to be appealing to a large proportion of our customer base or not; and
- To analyse whether the money we spend on marketing advertising, on TV, billboards, online and in search engines represents good value for us or not.
We do so in part by matching information common to the various different sources of information we have about you, to build a bigger, richer picture. So for example, if you sign up to a competition and provide your email address, and then register for an online account with us using the same email address, we link those two pieces of information together. We can achieve the same effect through matching transaction details and technical information about the electronic devices you use as well. By doing so, we can understand you better and provide a better experience to you, as we set out above.
We cannot run our business or provide many of the services and benefits you expect to receive without involving other people and businesses, and sometimes we pass your information to these other people and businesses as set out below.
We only share your information where we can do so in accordance with our legal data protection and privacy obligations.
Who do we share your information with?
We share the information we collect with:
- all of our group companies, brands and business units that have relationships with our customers and users, for example, between Kiddicare and Morrisons, between our online businesses such as MorrisonsCellar, Kiddicare.com and Morrisons.com, and between our online and store-based businesses. We do so because we hope to have a relationship with you across all of these different brands and businesses, if not now, then in the future, and we want to be able to provide you with the same value and high quality of experience wherever you choose to interact with us;
- other people and businesses who help us provide our websites, mobile apps, in-store WIFI networks, stores and related services to you, for example, information technology companies who design and host our websites, and payment services companies who enable you to use credit or payment cards with us;
- our insurers and insurance brokers where required in order for us to be able to obtain insurance against risks we face in running our business;
- banks and finance companies where we have allowed them to offer you the possibility of purchasing products on credit or through a loan arranged through our stores or on online.
- credit reference agencies who provide anti-fraud and credit-insight information to us, central and local government departments, for example the Driver Vehicle Licensing Agency (DVLA) and local authorities who run the UK electoral rolls, banks and finance companies who also provide anti-fraud services, and customer insight companies (as set out above) in each case as necessary in order to benefit from their services;
- Rewards companies which you have signed up to, in order for you to receive the rewards and benefits they offer when you shop with us;
- any new business partners we may have over time, for example a joint venture, reorganisation, business merger or sale affecting us.
- our professional advisors for example our lawyers and technology consultants when they need it to provide advice to us
- the Police, local authorities, Her Majesties Revenue and Customs (HMRC) the Courts and any other central or local government bodies where they request it and we may lawfully disclose it, for example for the prevention and detection of crime.
- other people who make a subject access request to us, where we are allowed to do so by law (see “Managing Your Information” below for what we mean by a “subject access request”).
We also may share the information we collect where we are legally obliged to do so, for example e.g. to comply with a court order.
Social media, blogs, reviews, and similar services
Any social media posts or comments you make to us will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) on which they are made and could be made public by that platform. These platforms are controlled by other people, not us, so we are not responsible for this sharing. You should review the terms and conditions and privacy policies of the social media platforms you use to ensure you understand how they will use your information, what information relating to you they will place in the public domain and how you can stop them from doing so if you are unhappy about it.
Any blog, review or other posts or comments you make about us, our products and services on any of our blog, review or user community services will be shared with all other members of that service and the public at large.
You should ensure any comments you make on these services, and on social media in general are fit to be read by the public, and in particular are not offensive, insulting or defamatory. You are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
Security of your information
Much of the information we receive is provided electronically, originating with your relevant device and then transmitted to us by your relevant telecoms network provider.
Where it is within our control, we put measures in place to ensure this “in flight” data is reasonably secure.
Once your information is received by us, we take its security very seriously.
We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores as much as possible.
In particular, we follow an internationally recognised security standard known as “ISO 27001”, and the Payment Card Industry’s Data Security standards (otherwise known as “PCI-DSS”).
We also use secure means to communicate with you where appropriate, such as ‘‘https’’ and other security and encryption protocols.
If you have any concerns about the security of your own personal computers and mobile devices, we suggest you read the advice of Get Safe Online, which can be accessed here
International transfer of your information
Although we are a business based in the UK, we need to use suppliers who are of an international standing on occasion to help ensure you receive the very best in products and services from us.
To allow us to run our business on this basis, the information we collect may be transferred to, stored and used at premises in countries around the world, including the United States of America.
We ensure all our suppliers take security as seriously as we do though, including by encouraging adoption of the US Department of Commerce’s ‘Safe Harbor’ standards by our American suppliers.
Please note that information protection laws do vary from country to country. In particular, the law of the country in which you are resident or domiciled may offer a higher standard of protection than the laws in the United Kingdom and/or those other countries in which we store and use the information we collect. Our transfer of information to other countries could result in that information being available to government and other authorities in those countries under their laws.
By using our services you agree to this international transfer, storing and processing.
How long do we keep your information for
In accordance with the our legal data protection and privacy obligations, we will only retain your information for as long as we actually need it to achieve the purpose(s) for which we obtained it in the first place.
We will then either securely delete it or anonymise it so that it cannot be linked back to you.
See ‘How do we use your information?’ above for full details of those purposes.
Managing your information
You can contact us to discuss your information at any point in time using the details provided below.
It is very important to us that all the information we hold about you remains accurate and up-to-date at all times to reduce the chances of us having a misunderstanding. We try hard to make sure this is the case at all times regardless of what information we hold about you.
We need your help in doing so though. If you have any online account with us, please ensure that the information you provide to us through that account (e.g. any contact information you provide) remains accurate and up-to-date. Please review and update it regularly.
You have a number of rights which we respect and aim to uphold in all that we do. These rights include:
- Correcting inaccurate information. If you have reason to believe any of the information we collect on you may be inaccurate, and you cannot correct such inaccuracy yourself through your registered accounts with us, please contact us (see below for how to do this).
- Stopping our marketing. We provide the means for you to stop all email and test (SMS or MMS) communications you receive from us – please see the ‘unsubscribe’ link and ‘STOP’ details we include in each email and text respectively. We also check all our post and telephone marketing activity against the UK mail and telephone preference services, so you can register with these services as one way of stopping any such communications from us. You can also contact us at any time using the details below and let us know what you would like us to change.
- Asking us about your information. You have the right to ask us whether we hold information about you and if so, for us to give you certain details about that information and/or the information itself. This right is commonly known as a ‘subject access request’. Certain exemptions and conditions apply to this right, including that it should be in writing and that you give us reasonable details about the information you seek.
- Reviewing our use of automatic computer processing. You can ask us to have one of our staff review a decision about you which has been taken automatically by computer. One common example is if we decline an order you place with us online or through one of our mobile apps for anti-fraud or credit check reasons. Please note that these decisions can come about due to policy decisions taken by banks, card and payment processing companies, and credit reference agencies who separately hold information about you and to resolve them you may have to speak to them directly.
Depending on your country of residence or domicile, you may have other legal rights over the information we collect from you and your devices (e.g. to request a copy of the information we hold that relates to you).
We will honour all such legal rights.
We reserve the right to charge you a small administration fee to meet our costs in honouring your legal rights, where permitted by the relevant law.
We reserve the right not to comply with any requests we receive where we may lawfully do so, for example if we reasonably believe a request to be malicious, technically very onerous, to involve disproportionate effort or harmful to the rights of others.
If you have any complaints about our use of your information, please contact us. We will do our very best to resolve any complaint to your satisfaction. If, for whatever reason, you feel we do not meet the high standards we expect of ourselves, you have a right to complain to the UK Information Commissioner’s Office (or “ICO”). Please see the section “Where to go if you want more information about your privacy rights” for further details.
Please don’t forget that with modern technology you increasingly have personal control over what information we and other organisations collect. For example, you can delete cookies and tracking technologies stored on your own device through your web browser, and change related settings to restrict them going forward, for example by using private browsing modes (although this can affect your browsing experience on some websites). You can also use the settings options in your mobile devices to restrict what information websites and mobile apps can access and use about you. Online advertising networks, social media platforms and search engines (for example Google) also increasingly provide you with tools to manage the data they collect about you, how it is used and shared. We encourage you to proactively look for such functions and tools and use them to manage your privacy in a manner with which you are happy.
We review our use of your information regularly. In doing so, we may change what we collect, how we keep it and what we will do with it.
As a result, we will need to change this policy from time to time to keep it accurate and up to date.
If we change this policy, we will endeavour to tell you about it. That way you can check to see if you are happy with our policy, before proceeding any further. Please look out for notices from us.
If, following any changes, you continue to use our websites and mobile apps, contact us by telephone or otherwise provide information to us (for example through our stores or social media) we will take it that you agree to those changes.
Pharmacy and CCTV information
We have pharmacies in many of our stores, and CCTV in operation at all of our stores and petrol stations.
All information you provide to us in using any of our in-store pharmacies is kept separate from all of the other information we collect about you (as set out above). It is not used or shared in the manner described above either.
The same position is also true for all CCTV footage we capture.
Instead, all in-store, pharmacy-related information we hold about you is held and used strictly in accordance with National Health Service information governance requirements. For further details, including our related in-store, pharmacy-specific privacy notice, please speak to one of our in-store pharmacy assistants, who will be delighted to assist you.
All CCTV footage is captured purely for your security and for the prevention and detection of crime. For further details, please see our in-store signage, or contact us using the details provided below.
Our full legal name is Wm Morrison Supermarkets Plc.
We are a public limited company incorporated in England and Wales. Our registered company number is 358949 and our registered address can be found through the ‘Contact us’ section.
We are what is known as ‘data controller’ of the information you provide to us. This term is a legal phrase used to describe the person or entity who controls the way information is used and processed.
We are registered under the Data Protection Act 1998 with the Information Commissioner’s Office in the UK. Our registration number is Z5225696.
We own Kiddicare. You can find more information about Kiddicare at its website www.kiddicare.com.
Kiddicare’s full legal name is Kiddicare.com Limited. Kiddicare is a private limited company incorporated in England and Wales. Its registered company number is 07500101 and its registered address is the same as ours (see above).
Kiddicare is registered under the Data Protection Act 1998 with the Information Commissioner’s Office in the UK. Its registration number is Z7411179.
Where to go if you need more information about your privacy rights
The Information Commissioner’s Office regulates data protection and privacy matters in the UK.
They make a lot of information available to consumers on their website
They make the registered details of all data controllers such as us and Kiddicare available publicly. You can access them here
You can make a complaint to the ICO about our use of your information at any time. As mentioned above, please consider raising any issue or complaint you have with us first though. Your satisfaction is very important to us, and we strive to solve all problems and complaints wherever possible.
If you want any further information about our use of your information, our websites or mobile apps or have any other privacy questions relating to us, we’d be happy to help you.
Our contact details are set out here
Thank you for taking the time to visit read about how we use your information.
Happy and safe browsing!
Wm Morrison Supermarkets Plc