The information we collect about you, how we may use it, how we ensure it’s kept secure, and your rights.
- We mainly use your personal information to provide our services to you, to meet our legal obligations, and to help improve our interests.
- We only want to hold as much personal information as we need to do the above.
- We want our personal information relationship to be reciprocal where we both benefit, not an exploitative one.
- Where we share your data, we only do so with organisations who have a right to see it and who will use it fairly.
- We take security seriously.
- You can contact us at anytime about anything relating to this notice or the information we hold about you.
Who we are
This Privacy Notice applies to all the entities within the Co-operative Group Limited (“we”, “us” and “The Co-op”) and we’re committed to respecting the information you trust us with and making sure that we keep it safe. The Co-op has a family of businesses including Food, Electrical, Insurance, Legal Services and Funeralcare business.
We are registered with the Information Commissioner’s Office (ICO, who regulate the use of personal information in the UK).
Why we ask for your personal information
Where we need your information to do what we’ve promised
Our main use of your information is where it’s necessary to supply you with our products and services.
For example, we’d need your name, address and payment details when you join as a Member so we can:
- register your share in the Co-op
- send your Membership card
- take your £1
Where we need your personal information to help us get better at everything we do
These are things we consider to be our legitimate interests.
- Developing an understanding of the activities, preferences, and requirements of our Members and Customers. For example, we’ll track activity on our website using cookies to understand the pages people visit so we can offer the best layout of our site. Sometimes we’ll contact you to seek feedback on a product or service you’ve requested.
- For statistical analysis to improve existing products and services and develop new products and services.
- To better understand the common and more general needs of our customers and members. This helps us make sure we offer the right products and services and generally meet the needs of our Members. For example, it’s really useful for us to look at large sets of data to understand whether we’re better stocking skimmed or semi-skimmed milk.
- To give you a better and more personalised experience (this is sometimes referred to as ‘profiling’). For example when you sign in to your Co-op Membership account, we might show you different content depending on what we know about you. So our Members in Northern Ireland wouldn’t see adverts about our Co-op Electrical business, because we can’t deliver to Northern Ireland. Similarly, if we’d like to give you a money off voucher at the till, we’d prefer to use your personal details to try and give you a coupon that we think you’re more likely to use. So if you buy a lot of apples, we might give you vouchers for apples (and not oranges). Sometimes, we’ll probably make some wrong assumptions about you and we’re really sorry about that. For example, maybe you’d prefer us to give vouchers for things you haven’t tried rather than the things we think you want them for.
- Communicating with you about the products and services we’re providing to you. We may use your personal details to send you things we think you need to know about and things we are obliged to send you legally. We broadly term these “service” emails. For example we send Members details about things like the AGM or changes to the benefits they get from membership.
- Promoting, marketing and advertising our products and services. For example, we might look at a combination of your personal information to try and determine where we might be best placing a television or press advert. Although we’d never send you marketing emails unless you’d asked us to.
- Preventing and detecting crime or anti-social behaviour. For example, we’ll use CCTV in our buildings.
- Dealing with any legal claims.
If we’re using your personal information in the above ways, we really understand that your data has a value and therefore we try to use it for everyone’s benefit. We also try really hard to ensure there will be little or no negative impact on you. This is part of our commitment to ensure that we consider all privacy concerns at the earliest possible opportunity.
To a lesser extent we may also rely on the following other reasons to process your personal data.
Where we have your consent
In general, we only rely on your consent to send you direct marketing communications, and you can withdraw your consent at any time.
To protect your vital interests
For example if we needed to share your information with a health professional because you’d fallen ill.
The types of information we hold about you
Almost all of the information we have is the information you’ve given to us. That might be when you request a product, service, offers or news from us via our website, emails, telephone conversations, and written and verbal communication.
Obviously the types of information you give us will vary dependent on the service you’ve requested but typically could include:
- name, address, and contact details
- details of products and services you’ve bought from us
- details of your interactions with us through our stores, contact centres, online or by using one of our apps
- payment details
- call recordings
- information about how you interact with our communications
- visual images, personal appearance and behaviour (usually obtained from CCTV images)
It’s also possible we might process other types of information that might be considered even more private, such as offences and alleged offences. For example, if you wanted a quote for a Motor Insurance product we might need to ask about any criminal offences or health conditions. These are considered “special categories” and we’re obliged to handle this information even more thoughtfully.
See a full list of special category information on the ICO’s website.
Sometimes we may supplement the information you give us with information from other organisations, such as external partners.
For example, if we send you something in the post and it’s returned to us as the addressee is not known, we might ask a credit reference agency for an updated address.
Sharing your personal information
When we share your information, we only do so in accordance with our legal, data protection and privacy obligations.
Your information may be disclosed to the following:
- Data processors. We use a number of other organisations who carry out work on our behalf to help us provide our products and services. We ensure any third parties we may share your data with have at least the same privacy and security standards as ourselves and will only use your information for the specific reasons we ask them to.
- Companies, brands and businesses within the Co-operative Group. We may also share information throughout the Co-op for the reasons outlined such as core administration and activities that have been identified as being within our legitimate interests. For example, we’ll share information from our Co-op Food stores and other businesses with our Membership department to ensure you receive your Membership rewards and there are similar arrangements between our other businesses.
- Credit reference agencies. For example they may supply anti-fraud and credit-insight information to us.
- Social media companies and our advertising partners. For example we might match your email address with Facebook and Twitter to enable us to run promotions on their platforms
- Our regulator. For example, we may need to share your information with the Solicitors Regulation Authority or the Legal Ombudsman if we are providing legal services to you.
- Our professional advisors. For example we may need to share information with our lawyers or auditors when they need it to give us their professional advice.
- Government bodies. For example we might need to provide your information to DVLA if there’s been an incident on our premises
- Other organisations. Only if they have a compelling reason, and where it’s lawful to do so. For example, if another organisation needed your information to help them investigate a crime.
How long we keep personal information
We only keep your information for as long as it’s needed for each of the activities we’ve identified.
As you might expect, that will vary but we’re happy to share more specific retention schedules if you wish to contact us.
Transferring your information outside the European Economic Area (EEA)
We may need to transfer your personal information outside of the EEA in order to provide you with the services and products you require. This will most likely occur when our third-party providers are based outside the EEA.
Some of these countries may not have laws that protect privacy rights as extensively as in the European Union.
If we do transfer your personal information to other territories, we will take proper steps to ensure that your information is as equally protected as in the UK.
Usually this would involving using “standard data protection clauses”, which have been approved by the European Commission for such transfers.
Your rights about how your personal information is handled
To find out what the personal information we hold about you, print a subject access request form, fill it in and send it to:
Data Protection Team, 5th Floor, 1 Angel Square, Manchester M60 0AG
You can also get a Subject Access Request form by post by ringing 0800 0686 727.
The information we hold about you will depend on how you shop and interact with us, so the more information you can give about what it is you might want you see, the quicker and more specific our response can be.
You also have the right to request we correct any inaccurate information we hold, as well as the right to object to profiling and the right to ask us to delete your information.
If you have any questions, concerns or objections about how we use your personal information please contact us using the details above.
You also have the right to complain to the ICO although we’d really like the chance to try and help with any issues first. Find the ICO’s contact details.
Changes to this Privacy Notice
If we make significant changes to the notice we’ll contact you directly to let you know.
We encourage you to check back regularly.