Your privacy is extremely important to us so we want you to know exactly what kind of information we collect about you and how we use it.
We’ve set out all the details below.
Please take the time to read and understand this policy. And bear in mind that by using our websites and mobile apps, or contacting us by telephone or providing information to us in our stores or by way of social media, you agree to its terms.
To help you, we’ve included some links to other websites. It’s worth remembering though that other people, not us, control these websites. We’re not responsible for them.
We only collect information that we know we will genuinely use.
We may collect:
- All information you choose to submit to us. You can do that in a number of different ways:
- By filling in forms, for example when you sign up to offers, news or a competition.
- By sending us emails and text messages (SMS or MMS).
- By adding posts, reviews and other comments to any of our websites, mobile apps or other community forums.
- By liking or disliking our offers and promotions;
- By adding offers, promotions or products to your shopping lists on our Morrisons More mobile app;
- By interacting with us on social media platforms such as Facebook or Twitter etc.
- By talking to us in our stores or over the telephone. For example, when enquiring about a purchase or making a complaint.
- By registering accounts on any of our websites or mobile apps including setting up passwords and preferred user names, contact details, account details, details of friends and relatives, your preferences and interests.
(Important: If you submit details to us of any other person (e.g. a friend) please make sure you have their permission first.)
- ‘Sensitive’ information on you. And by ‘sensitive’ we mean information such as your racial or ethnic origin, religious beliefs or other beliefs of a similar nature and your physical condition (e.g. if you’re pregnant). We ask for a fair amount of this kind of detail in the forms you fill in, and you can choose whether or not you want to provide it. However, we may also acquire it though social media or as a result of our analysis of your preferences and behaviours (see below).
- Full details of the purchases you make on our websites, through our mobile apps and in our stores or petrol stations. These include the time, date and location of purchase; the products and fuel you buy from us; any relevant delivery address; the resulting points and other benefits you accumulate through our Morrisons More card; any vouchers, coupons or other alternative means of payment you may use, as well as relevant payment cards such as a credit or debit card.
- Any card or other unique identification numbers we may issue to you from time to time, such as your Morrisons More card number.
- Technical information about the devices you use to access our websites and mobile apps. We also collect this detail when you use our in-store WIFI networks to access the internet. We specifically save each device’s unique identifying codes (MAC address or IMEI number) device model, device name, relevant IP address, operating system and version, web browser and version, and geographic location.
- Your social media content where this is in the public domain, and any messages you send direct to us via social media. This information can include posts and comments, pictures and video footage on sites such as YouTube, Facebook and Twitter. You should always review the terms and conditions and privacy policies of the social media that you use to make sure you understand what kind of information relating to you may be out there in the public domain and how you can stop or limit it from happening.
- Basic background information on you from government and other external sources. We use the Driver Vehicle Licensing Agency to trace car number plates and owners in the event of drive-offs from our stores or petrol stations. We also check the electoral roll to make sure any information we have remains reasonably accurate and, if necessary, to fill in any gaps.
- Information from banking, credit card and credit reference agencies about your financial status. We also verify any payment card you use when shopping with us to see if it’s been reported stolen, to check that we’ll be paid for any transaction, and to reduce the risk of fraud (see below).
- Profile information and insight from organisations that already hold information on you, such as credit reference agencies and ‘customer insight companies’. They give us their views on your household, your status, as well as your possible preferences and behaviours.
This information includes the likely makeup of your household (e.g. how many children you may have and their likely average age) and what your household affairs may be like, the type of car you may drive, your interests (including the kind of magazines and newspapers you may read, where you might go for your holidays and whether you’re environmentally conscious or not) and where you’re likely to shop. It also includes observations about your likely education and employment status, the type of job you may have and your likely financial status (including your mobile phone expenditure, what credit, debit and other cards you may hold, your current account status and any loans, investments and savings you may have). It also places you into one or more defined behavioural and socio-economic groups.
- Information collected independently by online advertising networks (Google for example) through which we place advertisements. The information we get from them varies from network to network. It often summarises the actions of lots of people, and so does not allow us to identify you individually. It relates to what you view, click on and access through websites in their network, including the subject matter of the site you started at and which sites you go to after that. It may also include their analysis of your online behaviour across the wider internet and a profile of you. If you’re not happy about this, you should look for ‘settings’ and Do Not Track options in online advertisements and in the privacy and cookies functions on your devices. You should also consider changing your settings to block third-party cookies in particular. Morrisons does not control these cookies and we suggest you check these third-party websites for more information about the cookies they use and how you can manage them.
We use the information we collect for the following reasons:
- To provide you with our websites, mobile apps and in-store WIFI networks, which all require a certain amount of technical information to work properly. For example, our local store finder is most effective when we can tell where you are first.
- To power our security measures and services so you can safely access our website and mobile apps. It also lets us do things such as recognise your username and password, as well as reset them if you happen to forget what they are.
- To help you shop with us in store and online. For example, we need to know your credit or debit card details so that we can take payment for the things in your shopping basket and provide you with a receipt.
- To help us run competitions and special offers and make sure you get all the benefits you’re promised for example, if you have one of our Morrisons More Cards.
- To get feedback from you about our products, websites, mobile apps, and other services and activities. For example, occasionally we may invite you to review a product or service you’ve bought or used from us. If we do, it’s possible that we’ll use independent research and feedback providers to act on our behalf.
- To contact you from time to time regarding things you’ve told us you want to hear about; new products, for example, or special offers, exciting competitions and sponsored events. If you use our Morrisons More mobile app, we may use push notifications to highlight when we’ve added new offers and promotions you may be of interest to you. If you stop shopping with us or using our services, we may try and tempt you back to us.
- To reply to any questions, suggestions, issues or complaints you have contacted us about.
- To respond to any social media posts or other public comments you might make, whether they are directly to us or about us, our products, websites, mobile apps, services or other activities.
- To advertise products or services to you for example on your favourite social media sites (e.g. Facebook and Twitter) or on our mobile apps. Please note that these may be in the form of a link to someone else’s website.
- To make a contract with you. But also to enforce a contract if you don’t honour it, including the collection of any debts that we may be owed by you.
- To gather statistics about how you and other people use our website and mobile apps, in-store WIFI networks and what you think of our advertisements, special offers, news, products and product information, competitions, sponsored events, social media and other content and services. We then analyse all this data to see if what we do is interesting to people and meets their needs, or if they should be improved, and if so, what changes would be most beneficial both for our customers and for us.
- To check that you have (or are likely to have) the means to pay us for any products you order from us over the internet or via one of our mobile apps.
- To monitor how people use our websites and mobile apps to see if they are being abused or threatened, for example, by internet trolls posting inappropriate comments in review areas or by would-be hackers looking to undermine our security.
- To protect you and our business from any other potentially criminal behaviour, including identity theft and fraud.
- To understand you better and in particular, the way you shop, how and where you travel, your personal circumstances and those of your family or household, and the things you may like, dislike, or are especially interested in.
Our aim, quite simply, is to interest and excite you as much as possible while providing great service and value to you in everything we do.
By knowing more about you, we’re able to focus on the things we think are most likely to appeal to you, especially when we send you special offers, news, information on our products and details of competitions and sponsored events.
For instance, we can provide you with money-off vouchers and rewards for the things you actually buy from us, and for the things we think you might be interested in buying from us in the future. We can also tailor special offers to the areas where you live or regularly travel to, so when there’s a promotion at a store near you that we think you may be interested in, we can let you know.
- To help us maintain administrative and statutory records about our business so we can better understand what we’ve sold, and how, when, where and at what price, and pay our taxes.
- To enable us (and our third-party service providers) to plan and manage our day-to-day business as effectively as possible, for example, to predict the possible sales volumes of a particular product so we can make doubly sure that we have sufficient stocks to meet the likely demand.
- To allow us to understand our customer base across all our businesses, both online and in the ‘real world’, from our smallest store to our biggest supermarket. We do this by merging your details with information from our other customers and users of our websites, mobile apps and in-store WIFI network. We can then spot trends and common factors among shoppers, plus we can tailor our business approach, our marketing communications, our digital and social media, our products and our services to the things we believe you and other people like you would be most interested in. This process involves the analysis of many human traits and is sometimes called ‘market segmentation’ or ‘customer segmentation’. Among other things, we look at common trends or ‘segments’ based on people’s geographic location, behaviours, shopping experience, financial standing, the stuff they do on special occasions and the benefits they look for from products or services.
- To help us conduct focused market research based on trends and common factors, so we can further improve the products and services we offer to all our customers.
- To test new systems and processes as we roll them out (but generally only in anonymous form) to make sure they work correctly and meet the exceptionally high standards we set for ourselves.
- To assist us in the development of new products and services over a period of time. For example, we may need to gauge whether a new product is likely to appeal to a large proportion of our customer base. And if not, we’ll want to know why.
- To see if the money we spend on marketing and advertising across all media represents good value for us or not.
By matching information that’s common to the various sources of information we have about you, we’re able to build a bigger, richer picture. So for example, you might enter a competition and provide your email address. You might then register for an online account with us using the same email address. Simply linking those two pieces of information together tells us a lot. And we can achieve the same effect by matching transaction details and technical information about the electronic devices you use. All of which helps us to understand you better and provide a more enjoyable experience for you.
We can’t run our business or provide many of the services and benefits you receive from us without involving other people and organisations from time to time. When we share your information, we want you to know that we only do so in accordance with our legal data protection and privacy obligations.
Your information may be disclosed to:
Social media, blogs, reviews, etc.
- Companies, brands and businesses within our group. For example, we’ll share information from our online food business with Morrisons.com and there are similar arrangements between our other online and store-based businesses. This is because we hope to have a relationship with you across all our different brands and businesses, if not now, then sometime in the future. And we want to be able to provide you with the same value-for-money, high quality experience whenever and however you shop with us. It’s also the only way we can provide you with the full benefits of our Morrisons More card.
- Other people who help us provide our websites, mobile apps, in-store WIFI networks, stores, Morrisons More card and related services to you. They include information technology experts who design and host our websites, and payment services companies that make it easy for you to use your credit or payment cards with us. Other examples include market research companies, marketing, design and PR organisations and general service companies such as printers, mailing houses and form-scanning service providers.
- Our insurers and insurance brokers who provide us with comprehensive cover against the risks of running a business as big as ours. (They may keep this information for the purpose of ongoing risk assessment and insurance broking and underwriting services.)
- Banks and finance companies where we have allowed them to offer you the possibility of buying our products on credit or with a loan arranged through our stores or online. (They may keep this information for their related banking and finance purposes)
- Credit reference agencies, who supply anti-fraud and credit-insight information to us, central and local government departments such as the Driver Vehicle Licence Agency (DVLA) and local authorities who run the UK electoral rolls, banks and finance companies that also provide anti-fraud services, and customer insight companies (see above). Where anti-fraud is concerned, the organisations concerned may hold your information on file for future anti-fraud-prevention purposes.
- Third-party companies whose products and services we sell, so they can better understand the profile of our customers who buy from or are interested in them. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.
- With social media companies such as Facebook and Twitter, to enable us to run targeted promotions for you on their platforms;
- Rewards companies which you have signed up to, in order for you to receive the rewards and benefits they offer when you shop with us. (They may keep this information)
- Any new business partners we may have over time, for example, in the event of a joint venture, reorganisation, business merger or sale that affects us.
- Our professional advisors including our lawyers and technology consultants when they need it to give us their professional advice.
- The Police, local authorities, Her Majesty’s Revenue and Customs (HMRC), the courts and any other government authority if they ask us to do so (but only if us doing so is lawful).
- Other people who make a ‘subject access request’, where we are allowed to do so by law. (See ‘Managing Your Information’ below for what we mean by a ‘subject access request’.)
We may also share the information we collect where we are legally obliged to do so, e.g. to comply with a court order.
Any social media posts or comments you send to us (on the Morrisons Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) on which they’re written and could be made public. Other people, not us, control these platforms. We’re not responsible for this kind of sharing. So before you make any remarks or observations about anything, you should review the terms and conditions and privacy policies of the social media platforms you use. That way, you’ll understand how they will use your information, what information relating to you they will place in the public domain, and how you can stop them from doing so if you’re unhappy about it.
It’s worth remembering too, that any blog, review or other posts or comments you make about us, our products and services on any of our blogs, reviews or user community services will be shared with all other members of that service and the public at large.
You should take extra care to ensure that any comments you make on these services, and on social media in general are fit to be read by the public, and are not offensive, insulting or defamatory. At the end of the day, you are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.
Mobile app platforms
Our mobile apps run on third party software platforms, for example, Apple’s iOS platform which powers Apple’s iPhone and Google’s Android platform which powers Android-based smartphones.
Morrisons Flowerworld and Food to Order Payments
When using the Morrisons Flowerworld and Food to Order services we use a different payment processor to that used for processing orders from the Morrisons Groceries site. Payments for the Morrisons Flowerworld services are processed through a payment processing company called Stripe, and payment for the Food to Order service are processed through Barclays Bank plc trading as Barclaycard. Stripe and Barclaycard will process your credit or debit card data. This data is handled according to Payment Card Industry Data Security Standard (PCI-DSS) compliant rules and processes. We reveal only the last four digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our online store and its service providers.
International transfer of your information
Although we're based in the UK, we use suppliers from many parts of the world to help ensure you receive the very best in products and services from us.
To allow us to run our business on this basis, the information we collect may on occasion be transferred to, stored and used at premises in other countries including the United States of America.
Naturally, we aim to ensure all our suppliers take information security as seriously as we do.
Even so, information protection laws can vary from country to country.
For instance, the law of the country in which you are resident or domiciled may offer a higher standard of protection than the laws in the UK and/or the other countries in which we store and use the information we collect. Any transfer of information we make to other countries could result in that information being available to their government and other authorities in those countries under their laws.
A lot of the information we receive reaches us electronically, originating from your device and then transmitted by your relevant telecoms network provider.
Where it’s within our control, we put measures in place to ensure this ‘in flight’ data is as secure as it possibly can be.
And once it arrives, you can be sure we take the security of your information very seriously.
We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores.
In particular, we follow the internationally recognised security standard ISO 27001, as well as the Payment Card Industry’s Data Security standards (PCI-DSS).
Plus, we use secure means to communicate with you where appropriate, such as ‘https’ and other security and encryption protocols.
If you have any concerns about the security of your own personal computers and mobile devices, we suggest you read the advice of Get Safe Online, which can be accessed here
How long do we keep your information?
To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need them for the purposes we acquired them in the first place (as set out above).
In most cases, this means we will keep your information for as long as you continue to shop with us or use our services, and for a period time afterwards if you stop doing so, to see if we can persuade you to come back to us.
After that we will either delete it or anonymise it so that it cannot be linked back to you.
Please note that for our Morrisons More mobile app, in order to be able to provide you with the best and most appropriate offers, promotions, product information and content, we need to build up a profile of what you like and dislike and what you may have previously been interested in. As part of this, we retain all data that you choose to delete from the app (such as a previous shopping list) for a limited time. We use it to compare your deleted data with the data you currently store so that we can work out what you are no longer interested in. By doing so we help ensure that the app content and the offers and promotions we show you are as relevant to you as possible.
We provide ways for you to stop all email and text (SMS or MMS) communications you receive from us – please see the ‘unsubscribe’ link and ‘STOP’ details we include in each email and text message respectively.
We also check all our telephone marketing activity against the UK telephone preference services, so if you wish you can register with that service to stop any such communications from us.
You can also contact us at any time using the details below and let us know exactly what you would like us to change.
To reduce the chances of an error or misunderstanding, we need to keep the information we gather about you accurate and up-to-date.
But whilst we work very hard to make sure mistakes don’t happen, we need your help, too.
So if you have an online account with us, please ensure that the information you provide (e.g. any contact information) is correct and that you review it and update it regularly.
If you have reason to believe any of the information we collect on you may be inaccurate, and you are unable to put it right yourself through your online accounts with us, please contact us (see below for how to do this).
You are perfectly within your rights to ask us whether we hold information about you and if so, for us to give you certain details about that information and/or the information itself. This right is commonly known as a ‘subject access request’. Certain exemptions and conditions apply to this right, principally that it should be in writing and that you give us reasonable details about the information you want.
Depending on your country of residence or domicile, you may have additional or different rights to those set out above concerning the information we collect from you and your devices. We will, of course, honour all such legal rights if we are bound by them.
We reserve the right to charge you a small administration fee to meet our costs in honouring your legal rights, where permitted by the relevant law.
We also reserve the right not to comply with any enquiries or requests we receive about the information we collect, where we may lawfully do so. For example, if we have reason to believe that a request is malicious, technically impossible, involves disproportionate effort or could be harmful to others.
If you have any worries or complaints about the way we use your information, please don’t hesitate to get in touch with us. We’ll do our very best to set your mind at rest or put things right. And if, for whatever reason, you feel we’re not meeting the exceptionally high standards we expect of ourselves, you’re within your rights to take your grievance to the UK Information Commissioner’s Office (ICO). Please see the section ‘Where to go if you want more information about your privacy rights’ for further details.
And don’t forget that with modern technology, you have more and more personal control over what information we and other organisations collect. For example, you can normally delete cookies and tracking technologies sent to your web browser. You can also change related settings to restrict them going forward, such as by using a private browsing mode (although this may affect your browsing experience on some websites). Plus, you can use the settings options in your mobile devices to restrict what sort of information websites and mobile apps are able to access and use about you. Online advertising networks, social media platforms and search engines (Google etc.) also provide tools to manage the data they collect about you, and how it is used and shared. We urge you to look out for these functions and tools and use them to manage your privacy in a way that suits you best.
We review the ways we use your information regularly. And in doing so, we may change what kind of information we collect, how we store it, who we share it with and how we act on it.
Whenever we change this policy, rest assured we will make every effort to tell you. That way, you can check to see if you’re still happy. And if, following any changes, you continue to use our websites and mobile apps, contact us by telephone or otherwise provide information to us (through our stores or social media, for example) we will assume that you agree to those changes.
Pharmacy & CCTV information
We have pharmacies in many of our stores, and CCTV is in operation at all of our stores and petrol stations.
Please be aware that all the information you provide us with by way of any of our in-store pharmacies is held separately
from all the other information we collect about you (as set out above). It is not
used or shared in the ways we’ve described above.
The same is also true for all the CCTV footage we capture.
Instead, all in-store, pharmacy-related information we hold about you is kept and used in strict accordance with National Health Service information governance requirements. For further details, including our in-store, pharmacy-specific privacy notice, speak to one of our in-store pharmacy assistants, who will be happy to help you.
Likewise, all CCTV footage is captured purely for your security and for the prevention and detection of crime. If you’d like to know more, please see our in-store signage, or contact us using the details provided below.
Our full legal name is Wm Morrison Supermarkets Plc.
We’re a public limited company incorporated in England and Wales. Our registered company number is 358949 and our registered address can be found in the ‘contact us’ section below.
We are the ‘data controller’ of the information you provide us with. This term is a legal phrase used to describe the person or entity that controls the way information is used and processed.
We are registered under the Data Protection Act 1998 with the Information Commissioner’s Office in the UK. Our registration number is Z5225696.
Where to go if you want more information about your privacy rights
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.
You’re welcome to get in touch with us to discuss your information at any time.
Our contact details are here
Thank you very much for taking the time to read this document.
Wm Morrison Supermarkets Plc