You have the right to know what information we hold about you, and to tell us what information we can and cannot use. This is a short summary of your rights.
1. Accurate information
If you think we have got something wrong about you, let us know so we can correct it.
2. See what information we hold about you
To request a copy of the information we hold, please use the Subject Access Request Application Form located on our website by going to this page: https://www.tescobank.com/assets/sections/security/pdf/tesco-subject-access-request-form.pdf
3. Have your information in an easily-transferable digital format
You can ask us to send the personal data that you have given to us to you or to transfer it to an organisation.
4. Request that we restrict, stop using or erase your personal data
When you make a request we have to consider whether your personal data is still needed to provide our services, to comply with our legal and regulatory requirements, or if we have a legitimate interest in continuing to use the data.
5. Opt out of marketing, including profiling for marketing purposes
By using the ‘unsubscribe’ option in emails, by changing your online account settings, or by contacting us.
6. Automated Decisions
You have rights related to automated decision making. For more information about how we monitor automated decision-making, please contact us using the details set out below.
7. Withdraw your consent
Sometimes we need your consent to process your data. If you have given consent, you can change your mind and withdraw it. (Except for information the law says we can or must process).
8. The Information Commissioner’s Office
If you have a complaint or concern about how we have handled your information and we have not been able to resolve it to your satisfaction, you have the right to raise a complaint with the ICO. Go to www.ico.org.uk.
See section ‘Your Rights’ of our Privacy Notice for more details.
We use systems to run automatic checks. This helps us make lending decisions, work out what products and services we can offer you, and helps to prevent fraud. This process is known as ‘automated decision-making’.
Automated decision-making helps us to decide things like how likely it is that someone will pay back the money they owe us. It takes into account factors such as the amount of debt someone has, and how they have paid off debts in the past.
See section 'How Tesco Bank and Clubcard work together' of our Privacy Notice for more details.
Automated decision-making helps us identify information which is inconsistent with what we already know about you, and can indicate that someone might be hiding their identity. This helps us to detect potential criminal activity.
See section 'How is information used to make decisions and prevent fraud and other forms of financial crime' of our Privacy Notice for more details.
When we make automated decisions about what products and services we can provide you, and what deals or offers we can make you, we will also take into account information from your Clubcard. This includes information about the types of purchases and the shopping habits you or your household make. We do this by looking at your Clubcard information to create a Clubcard score which we factor into the automated decision we use. Clubcard profiling allows us to tailor offers specifically for you, which means that different Clubcard customers may get different offers. Individual offers may be affected by your credit rating.
See section ‘How Tesco Bank and Clubcard work together’ of our Privacy Notice for more details.
Credit Reference Agencies
The identities of the credit reference agencies (CRAs), the data they hold, the ways in which they use and share personal data, retention periods and your data protection rights with the CRAs are explained in more detail in CRAs ‘Credit Reference Agency Information Notice’.
Fraud Prevention Agencies
We and the fraud prevention agencies use your personal data to prevent fraud and money laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance or employment.
See section ‘How is information used to make decisions and prevent fraud and other forms of financial crime’ of our Privacy Notice for more details.
We will only ever send your personal data outside the EEA if we know it will be protected.
Sometimes we might send your personal data to another country if, for example, our service provider has a data centre overseas. All countries within the EEA have broadly the same data protection laws. Before sending your personal data outside the EEA, we check that the recipient will be able to keep your personal data secure.
See section ‘Sending your personal data to other countries’ of our Privacy Notice for more details.
We use your personal data to provide our products and services to you, and for other purposes which are necessary to run and to protect our business (known as ‘legitimate business interests). E.g. preventing criminal activity, and developing our products and services. Sometimes, we process your personal data so we can understand more about you and offer products and services that we think will be of interest to you.
See Section ‘How do Tesco Bank use your personal data’ of our Privacy Notice for more details.
From time to time, we might change how we use your personal data. If we think it is a change you would not expect, we will let you know.
See section ‘What happens if we change how we use your personal data’ of our Privacy Notice for more details.
When we talk about personal data we mean any data that we collect or hold about you. It also includes data about anyone else, such as if you nominate someone to act on your behalf, joint account holders, insured persons or anyone else who may benefit from our services. That includes the data you give us when you apply for a product or service, the data we collected when you visit our websites (including electronic identifiers, such as IP address) and use your Tesco Clubcard and external sources.
We keep your personal data for as long as we need to provide our services to you and for other legitimate business purposes, and for as long as we need to in order to comply with legal and regulatory requirements . This includes a period after you close an account or a policy lapses.
See section ‘How long do we keep your personal data for’ of our Privacy Notice for more details.