We understand that the privacy and the security of your personal information is extremely important. This notice sets out what we do with your personal information, what we do to keep it secure, from where and how we collect it, as well as your rights in relation to the personal information we hold about you.
- If you don’t want to read all the detail, here are the things we think you’d really want to know:
- Your personal information is, where appropriate, shared within the Sainsbury’s Group.
- We do use a number of third parties to process your personal information on our behalf and some of them are based outside of the European Economic Area.
- You have a number of rights over your personal information. How you can exercise these rights is set out in this notice.
Who are we?
When we say ‘we’ or ‘us’ in this policy, we’re referring to the separate and distinct legal entities that make up the Sainsbury’s Group from time to time. Which of the Sainsbury’s Group Companies controls your personal information depends on the circumstances in which you are dealing with us.
What sorts of personal information do we hold?
- Information that you provide to us when you apply for a job such as your name, address, date of birth, marital status, referees, NI number, employment history and qualifications;
- Your account login details, including your user name and chosen password;
- Your contact details and details of the emails and other communications you receive from us.
It is your responsibility to ensure that the information you provide is truthful and accurate.
Our legal basis for processing your personal information
Whenever we process your personal information we have to have something called a “legal basis” for what we do. The different legal bases we rely on are:
- Consent: You have told us you are happy for us to process your personal information for a specific purpose;
- Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
- Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services;
- Vital interests: The processing of your personal information is necessary to protect you or someone else’s life;
- Public information: Where we process personal information which you have already made public;
- Legal claims: The processing of your personal information is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; and
- Legal obligation: We are required to process your personal information by law.
How do we use your personal information?
We may use your information in the following ways:
- Your application – we need to use your personal information so we can to process your application for a job.
- Other jobs – we may use your information to consider you for alternative positions which you may be a match for if you’ve agreed to us retaining your record for this purpose.
- Legal obligations – we use your personal information to comply with any legal obligations that we have.
- Analytics and profiling – we use your personal information for statistical analysis and to help us understand more about the people who apply for jobs with us.
- Contacting you – we use your personal information to contact you in connection with your application.
- Personnel record – if your application is successful then we use your personal information to create your personnel record.
- Referees – we use the information you provided to contact your referees to obtain references if you are successful in your application.
- Pre-employment checks – for certain roles we conduct pre-employment but we do not conduct these unless you have been offered a role.
- Equality, diversity & inclusion – this information will be held separately from your application form, this will be used for monitoring purposes and validating the fairness of our tests.
Cookies and similar technologies
Who might we share your personal information with?
The Sainsbury’s Group – where appropriate we will share your personal information in certain circumstances with the other companies within the Sainsbury’s Group
Our service providers – we work with suppliers to help us recruit successfully. These third parties process your personal information on our behalf and are required to meet our standards of security before doing so. These third parties include third party vendors who help us to manage and maintain the Group IT infrastructure.
Other organisations and individuals – we may share your personal information in certain scenarios. For example:
- If we are required to by law, under any code of practice by which we are bound or where we are asked to do so by a public or regulatory authority such as the police or the Department for Work and Pensions;
- If we need to do so in order to exercise or protect our legal rights, users, systems and services; or
- In response to requests from individuals (or their representatives) seeking to protect their rights or the rights of others. We will only share your personal information in response to requests which do not override your privacy interests.
International transfers of personal information
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.
- the right to access a copy of the personal information we hold about you;
- the right to correction of inaccurate personal information we hold about you;
- the right to restrict our use of your personal information;
- the right to be forgotten;
- the right of data portability; and
- the right to object to our use of your personal information.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below. Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect the personal information belonging to our customer against fraudulent requests.
Automated decision making and profiling
We use automated decision making, including profiling, in certain circumstances, such as when it is in our legitimate interests to do so, or where we have a right to do so because it is necessary for us to enter into, and perform, a contract with you. We use profiling to enable us to give you the best service across the Sainsbury’s Group, including specific marketing which we believe you will be interested in.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in any other significant way.
If you are seeking to exercise this right, please contact us using the details in the “Contact Us” section below.
How long will we keep your personal information for?
We take protecting your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:
- We limit physical access to our buildings and user access to our systems to only those that we believe are entitled to be there;
- We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems & data;
- Systems are proactively monitored through a “detect and respond” information security function;
- We utilize industry “good practice” standards to support the maintenance of a robust information security management system; and
- We enforce a “need to know” policy, for access to any data or systems.
- We will never contact our candidates requesting confirmation of account details or passwords and we advise our candidates never to enter these details into an email or after following a link from an email. If you are contacted by our recruitment team they will confirm your name and the role that you have applied for. Contact would be either by telephone, text or email using the contact numbers or email address supplied by you in your application.
If you would like to exercise one of your rights as set out in the “Your rights” or “Automated decision making and profiling” sections above, or you have a question or a complaint about this policy, or the way your personal information is processed, please contact us by one of the following means:
If your enquiry relates to Sainsbury’s Supermarkets, Argos, Habitat or Tu:
By email: firstname.lastname@example.org
By post: Data Protection Officer at Privacy Team, Sainsbury’s Supermarkets Ltd, 16th Floor, Arndale House, Manchester, M4 3AL
Or if your enquiry relates to Sainsbury’s Bank or Argos financial services:
By email: Privacy.Bank@sainsburysbank.co.uk
By post: Data Protection Officer, Sainsbury’s Bank, 3 Lochside Avenue, Edinburgh Park, Edinburgh EH12 9DJ
Or if your enquiry relates to Sainsbury’s Argos Asia Limited:
By post: Data Protection Officer at Sainsbury’s Argos Asia Ltd, 27th floor, Standard Chartered Tower Millenium City 1, 388 Kwun Tong Road, Kwun Tong, Kowloon, Hong Kong
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to ico.org.uk/concerns to find out more.