Skip to main content Skip to main content

Privacy Policy

back

Terms & Conditions | Privacy & Cookies Policy

Your personal data: how we collect, use, and protect it (our 'Privacy Notice')

It is very important to us that all our customers trust us to handle their personal data responsibly. We have written this document to explain clearly how we collect, use and protect your personal data. In particular, it explains things like:

  • why we need your personal data for certain things
  • how we share your personal data with others
  • your rights under data protection laws

What the law says about handling personal data

The personal data protection laws control how we use your personal data, for example, we must be transparent about how we collect and use your personal data. They also grant you rights, such as the right to access the personal data that we hold about you (see section 'Your Rights').

Who we are referring to when we say 'we', 'us', and 'our' in this Privacy Notice

In this Privacy Notice, "we" "us" and "our" refers to Tesco Personal Finance plc, trading as Tesco Bank and part of the Tesco Group (www.tescoplc.com/about-us). For the purposes of the personal data protection laws, we are responsible for the personal data about you that we collect and use. This Privacy Notice relates only to Tesco Pay+, operated by Tesco Bank. You should read the Tesco privacy policy on its website for information on how Tesco Stores uses Clubcard and other information.

Who this document applies to when we talk about 'you'

This Privacy Notice applies to you, anyone you nominate to act on your behalf and anyone whose device you use to login into to use your Tesco Pay+ account. Please make sure that they have seen this notice, and that you have their permission before giving us any personal data about them.

What the law says about processing

The law requires us to tell you how we process your personal data. "Processing" is a legal term but means anything we do with your personal data, such as collecting, gathering, obtaining, administering, adapting, keeping and deleting your personal data.

We collect and keep data about you

We collect information about you, such as name, Clubcard number, credit or debit card details and contact details, when you:

  • visit the Tesco Pay+ website, or use the Tesco Pay+ app
  • register for and buy products or services using Tesco Pay+
  • take part in promotions, competitions, customer surveys and questionnaires
  • contact us, for example by calling, emailing or writing to customer services.

We might also collect your IP address and other unique information to identify the device you are accessing Tesco Pay+ from. This will be used for analysis purposes to help us understand how you use our website and app and to help us improve our service. We might also collect information from your device and Wi-Fi connection to assist us in making sure the app is safe to use on your device and in detecting and preventing fraud.

We may collect location data for analysis purposes, fraud prevention and to help us to improve our service. If you do not wish us to collect and use your geolocation data in these ways, you should turn off location services for the Tesco Pay+ on your device. If you choose not to allow the Tesco Pay+ app to access location services, we won't capture your location data. You'll be able to use the Tesco Pay+ app as normal. You can control access to location services at any time through your phone settings.

More information about the times we collect personal data about you

When you call us

we monitor and record calls to and from our customer service centres to improve our service and to prevent and detect fraud.

When you contact us electronically

(e.g. by email or Internet), we may collect an electronic identifier, such as your internet protocol address.

When you visit our website

when you browse our website, we collect data about your browsing habits using cookies. For more information about how we use cookies, please see our cookies policy at https://www.tescobank.com/help/privacy-and-cookies/.

We may also gather other data about you

We may supplement the information we collect about you through Tesco Pay+ with information we receive through other Tesco Bank products and the wider Tesco Group, fraud and crime prevention agencies and from other sources, e.g. public registers such as the electoral roll, industry reports and publicly available information (including social media pages). This allows us to assess the accuracy of the information we hold about you, to perform checks and in order to send you relevant offers and information.

We monitor and record calls to and from our customer service centres to improve our service and to prevent and detect fraud.

We will keep and use personal data about other people connected to your products

This includes any personal data you give us about anyone nominated to act on your behalf.

We will only ask for necessary personal data unless we tell you otherwise

We will ask for personal data that is essential for us to know so that we can provide our products or services to you. If we ask for personal data that is not essential, we will explain why and tell you the consequences if you do not provide us with the personal data.

How does Tesco Pay+ use my personal data?

Necessary uses - providing our products and services

We use your personal data to provide Tesco Pay+ service to you

To provide Tesco Pay+ to you we will need to use your personal data and anyone else whose personal data is connected with providing a particular product or service.

We will need to use this personal data at all stages of our relationship with you, including:

  • when you sign up for Tesco Pay+
  • when you use Tesco Pay+
  • during the time we have a relationship with you
  • and for a period of time afterwards.

The way we use the personal data about you and others includes:

  • verifying your identity and whether you are eligible for our products
  • managing your account
  • awarding Clubcard points
  • contacting you regarding your Tesco Pay+ account and the Tesco Pay+ service.

It is necessary that we are able use your personal data in this way

We need to process your personal data in this way in order to provide you with Tesco Pay+.

We also use your personal data for other 'legitimate business interests'

These are other uses allowed by law which are necessary to enable us to provide the products and services. These include:

  • detecting and preventing fraud, other forms of financial crime and other unlawful acts
  • managing and operating our business
  • improving our business and service to you
  • sending you offers or promotional messages that may be of interest to you.

We may use your personal data to improve our business

The law allows us to use your personal data in reasonable ways to help us improve our business.

The ways we might use your personal data to improve our business are to:

  • understand customers' needs and requirements
  • develop and test products and services
  • carry out research and analysis on our products and services.

When we use your personal data to improve our business, we always make sure we keep the amount of data we collect and use to an absolute minimum.

We use push notifications to send promotional and servicing messages relating to the Tesco Pay+ app. To opt-out of receiving push notifications, you can disable push notifications on your mobile device system settings.

We use Tesco Bank and Clubcard data together to bring you better offers

Clubcard data includes your shopping habits and the types of purchases you or your household make.

We use Tesco Bank and Clubcard data together in different ways to tailor our communications and to try to bring you better terms, deals or offers than you would get if we didn't use the information.

We try and match you with Clubcards at your address

We use data that you provide, such as your name and address, to find any Clubcard(s) that are linked to your address. That might be your Clubcard, the Clubcard of other family member(s), or the Clubcard of house or flat-mates.

We may use data about these Clubcard(s) to help us work out what offers we think you might like. When we do this, we will only ever use the Clubcard linked to your address which gives you the best terms, deals or offers.

We may use your Clubcard data to help us work out whether we can offer you certain products, and what discounts, deals or offers we can make you

We do this by looking at your Clubcard data in different ways to help us understand more about you (we call this 'profiling'). Profiling includes things such as how likely we think you are to pay back money we lend you, how often you use other Tesco products and services, and how you prefer to shop. Profiling helps us to create a number of 'Clubcard scores', which we can then use as one of the factors in our automated decision-making process.

Because Clubcard profiling allows us to tailor offers specifically for you, this means that different Clubcard customers may get different offers. As a Tesco Pay+ customer to may receive additional Clubcard benefits and this includes additional Clubcard points and offers with selected third parties.

How to get more details about how we monitor our automated decision-making

You have rights relating to automated decision-making.

Information can be found at https://www.tescobank.com/help/contact-us/

Ongoing use of your Clubcard data

If you take a product or service from us, we will continue to use your Clubcard data to help us maintain our relationship with you.

Who do we share my personal data with?

Why we share your personal data

In order to provide Tesco Pay+ to you, it is necessary for us to share information with third parties, to manage the communications which we send to you and your marketing preferences and to best maintain the security of your account. We work with specialist fraud prevention and security providers to safeguard your Tesco Pay+ account.

We will only share your personal data:

  • where we have your permission
  • where we have to do so or where we're allowed to do so by law
  • where sharing the personal data meets the requirements of the data protection laws
  • Whenever we share data, we only share the amount necessary to achieve the objective of the sharing.

We will only share your personal data:

  • with regulatory bodies and authorities
  • with anyone you nominate to act on your behalf
  • with fraud and other financial crime prevention agencies
  • our trusted providers that support us to make Tesco Pay+ and your data, secure
  • with other Tesco Group companies. www.tescoplc.com/about-us/
  • with companies that help us to provide our services; and
  • with companies to whom we transfer or may transfer our rights and obligations under our agreement with you.

We may also share your data for aggregated market research purposes where you will not be identifiable.

We may also share your information with Tesco in connection with the operations of your Clubcard account, for example to allocate points or discounts, or where you have agreed to receive marketing, but we don't share more information than we need to.

How we use your personal data to contact you

We will contact you in a variety of different ways

We may contact you by telephone regarding your Tesco Pay+ account. We will primarily contact you via email and where you provide us with a mobile phone number, we may send text messages or push notifications with operational messages about Tesco Pay+.

We keep confidential data to a minimum via email and text

As texts and emails can be intercepted, we will keep confidential information to a minimum and you should never send us any confidential information via text or email.

Will you send me marketing information?

We may send you tailored marketing information by post, text, push notifications and email about Tesco Pay+, but only if you have agreed to receive marketing information via these channels. You can opt out of Tesco Pay+ marketing at any time by emailing pay-plus@tesco.co.uk, by calling us (0330 123 0250) or by unsubscribing at the bottom of each marketing email that we send you. You can turn off push notification through the settings menu on your device. We may provide you with tailored marketing information through other channels such as at tills when you shop in Tesco, but only where you are opted into receive marketing communications. We may also display tailored online advertising on third party websites, such as social media sites, sites operated by internet service providers and sites which sell advertising space. We may use the information that we hold about you to personalise the advertisements to you. Where we display personalised advertisements on third party sites, we display the Ad Choices logo which you can click on for further information about online behavioural advertising. For sites you have subscribed to, such as social media sites and email providers the terms and conditions and privacy policy for that site will explain how advertisements are displayed.

We might allow law enforcement agencies to access your personal data

We may provide copies of the personal information which we hold about you to the police and other law enforcement agencies where requested to do so to assist with an investigation and law enforcement and where required to do so by law.

How we handle sensitive personal data

When we need to use sensitive personal data

Sometimes we may need to ask you for sensitive personal data. If required, to comply with data protection laws, we will ask for your explicit consent to use this data (data protection laws call this 'special category data' or 'sensitive personal data').

How we handle data about special circumstances

We handle data about any special circumstances as carefully and confidentially as any other data we hold about you. This includes data about things you tell us so that we are able to provide you with additional assistance (e.g. if you are hard of hearing) and also information that laws or regulations say we must record (for example, if any underlying medical condition has led to you appointing a Power of Attorney).

Sending your personal data to other countries

We will only send your personal data outside the EEA if we know it will be well protected

Sometimes we might send your personal data to another country if, for example, our service provider has a data centre overseas.

All countries within the EEA have broadly the same data protection laws. Before sending your personal data outside the EEA, we check that the recipient will be able to keep your personal data secure and that:

  • the EU Commission confirms that the recipient is established in a country which offers essentially equivalent protection to that provided within the EEA; or
  • it is to a private US company that has self-certified with the Privacy Shield

If neither of these apply, then we ask the recipient to sign the EU Commission's 'model contract'. This means they must meet EU standards of data protection.

When your personal data is in another country, it may be accessed by law enforcement agencies in those countries. They do this to detect and prevent crime, or because the law says they must.

For more information about sending your personal data overseas, you can write to: The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ

How long do we keep your personal data?

We keep your personal data for a reasonable period only

How long we keep your personal data will depend on:

  • what type of service we are providing for you
  • how long laws or regulations say we must
  • what we need for fraud and other financial crime prevention
  • other legitimate business reasons (for example because we need to respond to a complaint or legal claim)

How long do we keep data when you no longer use our services?

We keep your personal data once your Tesco Pay+ account has been closed for up to 10 years.

In all cases, we will retain the personal data for so long as that personal data is needed for an ongoing investigation, legal proceedings, or an outstanding audit.

What happens if we change how we use your personal data?

We will contact you if there are any important changes to how we use your personal data

If we think it's a change you would not expect, we will let you know.

Some changes might need your consent, or need you to opt out

If this is the case, we will always wait until you have let us know your decision before making any changes to the way that we use your personal data.

Your Rights

You have the right to know what data we hold about you

This is called your 'subject access rights'.

The law says that you are entitled to see what data we hold about you.

If you ask us for this, we will give you access or send you a copy of all the personal data we hold about you (there are a few exceptions to this, such as access to personal data about third parties).

If you want a copy of your personal data please contact us.

You can telephone 0330 123 0250 or email us on pay-plus@tesco.co.uk

You have the right to have the personal data you have provided to us supplied to you in an easily transferable digital format.

This is known as the 'right to data portability'.

This means you can ask us to send your personal data in this format to you, or to another organisation.

You have the right to change or amend your personal data

If you think any of the personal data we hold about you is incorrect or incomplete, let us know and we will change it.

You have the right to stop us using, restrict us using, or request that we erase the personal data we hold about you

If you want us to stop using, or restrict our use of, your personal data, or you want us to erase it entirely, please let us know. There are times when we may not be able to do this - for example, if the information is related to an existing or recently expired contract between you and us, or if the law says we need to keep your personal data for a certain amount of time.

If you want to delete your Tesco Pay+ account, you can do so by visiting the Tesco Pay+ website, however we may retain certain information in accordance with this Privacy Notice, in which case you should also remove the Tesco Pay+ app from your device.

You have the right to withdraw your consent at any time

Sometimes we need your consent to process your personal data. If you have given consent, you can change your mind and withdraw it. To do this, get in touch by using the relevant contact details in the Tesco Pay+ app or on our website. You can telephone 0330 123 0250 or email us on pay-plus@tesco.co.uk. An unsubscribe link is also included in each of our marketing emails.

We do not always need your consent to use your personal data. There is some information this doesn't apply to. For instance;

  • the information we need in order to provide your product or service
  • the information is necessary in order to run our business or to provide the products or services in a more effective way (known as the "legitimate interests" condition), or
  • the information the law says we must collect and use.

Contact us for more information about how we handle your personal data

If you have concerns about how we handle your personal data, or just want more details, please call us on 0330 123 0250, email us on pay-plus@tesco.co.uk or write to the address below. We will try and sort things out as quickly as we can. Our address is: The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ.

For more data about your rights, visit the Information Commissioner's Office website

The Information Commissioner's Office is the UK's independent authority set up to uphold information rights, and promote data privacy for individuals. Their website is www.ico.org.uk.

If you have a complaint or concern about how we have handled your personal data and we have not been able to sort it out to your satisfaction, you have the right to lodge a complaint with the ICO.

Cookies and similar technologies

We use cookies and similar technologies to improve your customer experience as you interact with our website and app. This section provides more information about cookies and similar technologies, including how we use them and how you can exercise your choices regarding our use of cookies and similar technologies.

How we use cookies and similar technologies

Cookies and similar technologies, such as tags and pixels ("Cookies"), are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device.

Cookies help us to provide important features and functionality on our website and app, and we use them to improve your customer experience. For example, we use Cookies to -

  • Enhance our Website and App functionality

    Cookies allow us to enhance the functionality of our website and app so that we can personalise your experience and allow you to use many of the useful features of our website and app.

  • Enhance our Website and App performance

    Cookies can help us to understand how our website and app is being used, for example, by telling us if you encounter an error messages as you browse.

    These Cookies collect data that is mostly aggregated and anonymous.

Your choices when it comes to Cookies

You can use your browser settings to accept or reject the placement of new Cookies and you can delete existing Cookies. You can also configure your browser settings so you will be notified each time a new Cookie is placed. You can find more detailed information about how you can manage Cookies at the All About Cookies and YourOnlineChoices websites.

If you choose to disable some or all Cookies, you may not be able to make full use of the functionalities of our website.