Privacy & Cookie Policy

Find out about our Privacy Notice which summarises how we, Tesco Personal Finance plc, trading as Tesco Bank and part of the Tesco Group (www.tescoplc.com/about-us), use your personal data. Please note that product specific Privacy Notices are included within our product documentation.

This page also outlines our Cookies Policy which explains how we use cookies to enhance your experience on our website.

The information on this page was last updated on 27 June 2018.

Introduction

Using, collecting and protecting your personal data

Your personal data: how we collect, use, and protect it

It is very important to us that all our customers trust us to handle their personal data responsibly. We have written this document to explain clearly how we collect, use and protect your personal data. In particular, it explains things like:

  • why we need your personal data for certain things
  • how we share your personal data with others
  • your rights under data protection laws

The law about personal data

What the law says about handling personal data

The personal data protection laws control how we use your personal data, for example, we must be transparent about how we collect and use your personal data. They also grant you rights, such as the right to access the personal data that we hold about you (see section ‘Your Rights’).

What sort of data do we hold about you?

Laws about processing

What the law says about processing

The law requires us to tell you how we process your personal data. “Processing” is a legal term but means anything we do with your personal data, such as collecting, gathering, obtaining, administering, adapting, keeping and deleting your personal data.

Collecting and keeping data about you

We collect and keep data about you

This includes the personal data you give via our website or over the phone when you apply for a product, request a quotation and throughout your time as a Tesco Bank customer (this includes personal data you may store in the ‘save and retrieve’ function before you submit a quote or an application, and information you submit indirectly via price comparison websites). It also includes personal data you give us any time you write to us or contact us electronically.

Data about your accounts and policies

We keep data about your accounts and policies

This includes transactions and payments you make and receive.

Gathering other data about you

We may also gather other data about you

We may also obtain and combine data about you from other places, such as the wider Tesco Group, credit reference agencies, financial crime prevention agencies, the Claims and Underwriting Exchange, and publicly available resources, such as the electoral register and the internet.

We do this so we can make sure the personal data we hold about you is accurate, to perform checks, and make you offers.

Other people connected to your products

We will keep and use personal data about other people connected to your products

This includes anybody insured under your policy, paying your premiums or occupying your home. We will also keep any personal data you give us about anyone nominated to act on your behalf (this is for the security questions they need to answer before they can change anything on your account/policy).

When we collect data about you

More information about the times when we collect personal data about you

  • When you call us - we monitor and record calls to and from our customer service centres to improve our service and to prevent and detect fraud.
  • When you contact us electronically (e.g. by email or internet) - we may collect an electronic identifier, such as your internet protocol address.
  • When you visit our website - when your browse our website, we collect data about your browsing habits using cookies.

Only asking for necessary personal data

We will only ask for necessary personal data unless we tell you otherwise

We will ask for personal data that is essential for us to know so that we can provide our products or services to you. If we ask for personal data that is not essential, we will explain why and tell you the consequences if you do not provide us with the personal data.

What about joint applications, additional cardholders and insured persons?

Joint applicants and additional cardholders

We keep data that you give to us about joint applicants and additional cardholders

We will keep and use personal data you provide to us about joint applicants and additional cardholders or people that are covered by our insurance policies.

Sharing someone else's data with us

You must have permission to share someone else's data with us

If there is a joint applicant or additional cardholder, or if you want to give us details about other people who are covered by insurance, you must make sure you have shared the relevant information from this notice with them. You must also make sure you have their permission before you:

  • give us any personal data about them
  • make decisions on their behalf about how we keep and use their personal data
  • authorise us to use credit reference agencies to search, link to, or record information about them

How does Tesco Bank use your personal data?

Providing our services to you

We use your personal data to provide our services to you

To provide our services to you we will need to use your personal data, and personal data relating to joint applicants, additional cardholders, other insured persons, and anyone else whose personal data is connected with providing a particular product or service.

We will need to use this personal data at all stages of our relationship with you, including:

  • when you apply for a product or service or request a quotation
  • when you take out a product or service or require to use a service
  • during the time we have a relationship with you
  • and for a period of time afterwards

The way we use the personal data about you and others includes:

  • working out financial and insurance risks by credit scoring
  • verifying your identity and eligibility for products, and the identities of joint applicants, and the identities of other insured persons
  • assessing your creditworthiness or financial insurance risk (including by credit/insurance risk scoring)
  • providing you with quotations and any additional terms of cover
  • managing your accounts
  • maintaining and updating your policy
  • recording and processing claims
  • awarding Clubcard points

Necessity of using your data

It is necessary that we are able to use your personal data in this way

We can only provide our products or services if we can use your personal data in this way. The law says we must ask for certain mandatory information, and make certain checks.

Also, if you want to apply for our products or services, you must provide us with mandatory information.

Usage for 'legitimate business interests'

We also use your personal data for other 'legitimate business interests'

These are other uses allowed by law which are necessary to enable us to provide the products and services. These include:

  • detecting and preventing fraud, other forms of financial crime, and other unlawful acts
  • tracing and recovering debt
  • managing and operating our business
  • improving our business

Using your data to improve our business

We may use your personal data to improve our business

The law allows us to use your personal data in reasonable ways to help us improve our business. The ways we might use your personal data to improve our business are to:

  • understand customers' needs and requirements
  • develop and test products and services
  • carry out research and analysis on our products and services

When we use your personal data to improve our business, we always make sure we keep the amount of data we collect and use to an absolute minimum.

Recovering money paid by mistake

Using your personal data to recover money paid to you by mistake

If a person or organisation pays you money by mistake then we will contact you to ask you to return the money. If you do not return the money, then the law says we must give your name and address to the account providers of the person or organisation who sent you the money so they can recover the money from you.

Will Tesco Bank send me marketing information?

Tailoring marketing to you

We may use your personal data to tailor marketing to you

We do this so we can tell you about things we think you would like to know about.

We may send marketing by post, telephone, text, email and other electronic means.

We may also provide tailored marketing to you in other places, such as at the tills when you shop at Tesco.

We will only ever send you information about things we think are relevant to you.

Some tailored marketing needs your agreement before we can send it to you; we will ensure we have this agreement.

Helping us understand more about you

Using your personal data to help us understand more about you

We may look at your Clubcard data in different ways; to help us understand more about you and people like you. We call this ‘profiling’. See the ‘How Tesco Bank and Clubcard work together’ section for more information.

When you take part in competitions, surveys or promotions we will collect and keep information such as your answers, feedback and contributions to questionnaires.

Combining different sources of data

We may combine different sources of data we know about you

We may have data about you from several different sources – for example, from your Tesco Bank account, your Tesco Clubcard, and your visits to Tesco Group websites.

The personal data we get from your account can include data about your transactions and how you manage your account.

The personal data we get from your Tesco Clubcard can include data about your shopping habits and the types of things you buy.

The personal data we get from your visits to Tesco Group websites may include data you have given us when requesting a quote, even if you didn’t go on to take out a product with us.

Data from external sources

We may sometimes get data from other external sources

For example, we may get personal data about you from third parties about when policies are due for renewal. This will only occur where third parties have ensured that passing your personal data to us is permitted by the data protection laws.

Combining data from sources to tailor marketing

We may combine data from different sources together to tailor marketing information for you

We will only send you information about things we think are relevant to you.

Using your data to tailor online adverts to you

We may also use your personal data to tailor online adverts to you

We will sometimes use your personal data to tailor the adverts you see when you are online. These might be on Tesco Group websites, social media sites, or other sites that sell advertising space.

Personalised adverts show the AdChoices logo: Click the logo to learn more about how online ads are made relevant to you.

Websites where you have an ‘account’ – such as Gmail or Facebook – will also have their own pages which explain their own information policies.

Offering tailored products

We may use personal data we know about you to offer you tailored products

We may use personal data we know about you to offer you products we think you might like.

When we do this, we might use data about how you manage your account or policy, including your credit history. We might also combine this with data we know about you from your Tesco Clubcard. Pre-approved offers are based on information we already know about you. When we make you a pre-approved offer, we do not do external credit checks.

We will only ever use your personal data in this way so that we can offer you better deals than you would get if we didn’t use that information.

Opting out of marketing

You can opt out of us using your personal data for marketing at any time

We consider that our marketing and profiling activities can be to our mutual benefit as it helps us to ensure that we only tell you about products and services that we believe will be of interest to you.

It is in our legitimate interests to ensure we carry out marketing in the most effective way, although we will always ensure that we carry out any direct marketing in line with your marketing preferences. Plus, there will always be an option for you to opt out or say no to us using your personal data for marketing during any application process for our products or services.

To opt out, just let us know in one of these ways

On emails - by clicking ‘opt out’ or ‘unsubscribe’ (usually at the bottom of the email).

Online - by logging in to your Tesco Bank accounts and going to ‘Account Overview > Your marketing preferences’.

By phone - by calling us (all our numbers are listed at www.tescobank.com/help/contact-us).

How Tesco Bank and Clubcard work together

Using data to bring you better offers

We use Tesco Bank and Clubcard data together to bring you better offers

Clubcard data includes your shopping habits and the types of purchases you or your household make.

We use Tesco Bank and Clubcard data together in different ways to tailor our communications and to try to bring you better terms, deals or offers than you would get if we didn’t use the information.

Matching clubcards at your address

We try and match you with Clubcards at your address

We use data that you provide, such as your name and address, to find any Clubcard(s) that are linked to your address. That might be your Clubcard, the Clubcard of other family member(s), or the Clubcard of house or flatmates.

We may use data about these Clubcard(s) to help us work out what offers we think you might like. When we do this, we will only ever use the Clubcard linked to your address which gives you the best terms, deals or offers.

Using Clubcard data for offers

We use your Clubcard data to help us work out offers

We do this by looking at your Clubcard data in different ways to help us understand more about you (we call this ‘profiling’). Profiling includes things such as how likely we think you are to pay back money we lend you, how often you use other Tesco products and services, and how you prefer to shop. Profiling helps us to create a number of ‘Clubcard scores’, which we can then use as one of the factors in our automated decision-making process.

Where applicable, at the point of applying, individual offers you receive may be affected by your credit rating. We may also take into account whether or not you are a Clubcard customer.

Profiling allows us to tailor offers specifically for you. This means that different Clubcard customers may get different offers. Where we do use profiling, those customers will receive better offers and/ or be more likely to be accepted for the product requested than non-Clubcard customers who have a broadly equivalent credit rating.

Calculating your 'Clubcard score'

We may calculate a new ‘Clubcard score’ for you when your policy changes

We may calculate a new ‘Clubcard score’ when we give you a quote, or offer you a renewal. We do this so we can make you, as a Clubcard customer, better and/or more tailored offers.

More details on our automated decision-making

How to get more details about how we monitor our automated decision-making

You have rights relating to automated decision-making.

Ongoing use of your Clubcard data

Ongoing use of your Clubcard data

If you take a product or service from us, we will continue to use your Clubcard data to help us maintain our relationship with you.

Your Tesco Bank card is also a Clubcard

Your Tesco Bank card is also a Clubcard

Your Tesco Bank credit/debit card is also a Clubcard. This means we will need to share information with Tesco which is to do with operating your Clubcard (for example, for allocating points, working out discounts, or where you have agreed to receive marketing). When we do this we do not share any more information than we need to.

Clubcards are managed separately.

Who do we share your personal data with?

Why we share your personal data

Why we share your personal data

In order to provide our products and services to you, it is necessary for us to share information with third parties. For some third parties we need to share your personal data because they provide a service which we do not provide (such as the Insurers or the Add-on Providers). For other third parties, we are required to share your personal data to prevent fraud and other forms of financial crime, to ensure that we are lending responsibly or to ensure that we are meeting our regulatory requirements.

When we will share your data

When we will share your data

  • where we have your permission
  • where the law says we must
  • where sharing the personal data meets the requirements of the data protection laws

Whenever we share data, we only share the amount necessary to achieve the objective of the sharing.

Who we share your data with

Who we share your data with

  • with anyone you nominate to act on your behalf
  • with the Tesco Bank Providers
  • with regulatory bodies and authorities
  • with credit reference agencies
  • with fraud and other financial crime prevention agencies
  • with our panel of insurers (at the quotation stage)
  • with the insurers shown on your policy schedule
  • with our service providers (including those who provide funding, debt management, administration, fraud and financial crime detection and professional services)
  • with other lenders or companies, (if we are, or are considering, transferring the rights and obligations we have with you)
  • with another pet insurer, if we have invited you to renew your pet insurance with them
  • with Tesco Group and Tesco stores, in connection with your Clubcard (for example, to allocate points or discounts, or where you have agreed to receive marketing)
  • with other Tesco Group companies
  • with our market research agency to contact you with relevant surveys

Tesco Bank providers and data sharing

Tesco Bank providers and data sharing

  • with the Claims and Underwriting Exchange (CUE) and other similar organisations
  • with Tesco Bank so that they can make sure that they can make sure that the personal data they hold about you is accurate, to update your claims history and make you offers with other companies that help us to provide our services
  • with other insurers or reinsurers for claim administration purposes

Banking products. How is information used to make decisions and prevent fraud and other forms of financial crime?

Credit decisioning

What credit decisioning is, and how it works

When someone borrows money from a bank, there is always a risk that they may not be able to pay it back. Credit decisioning, which involves credit scoring and checking if you are able to afford the lending, is a way of working out how likely we think it is that you will pay back the money we lend you. Your credit score, which is part of your assessment, is worked out automatically by a computer. It takes into account different factors, such as the amount of debt you currently have, how you have paid off debts in the past and, where relevant, information from your Clubcard.

Credit decisioning and credit scoring are important steps in making sure we are lending responsibly.

The sources of data we use for your credit score

We use four main sources of data when working out your credit score:

  • the personal data you give us in your application
  • data we get from third parties, such as credit reference agencies
  • information we already know about you in connection with other Tesco Bank products, and
  • sometimes, information from the wider Tesco Group, including Clubcard transactions

Credit reference agencies

How we use credit reference agencies

When we are processing your application for a product or service, we will perform credit and identity checks with one or more credit reference agency.

To do this, we will supply your personal data to the credit reference agencies and they will give us data about you. This will include information from your application about your financial situation and financial history.

Credit reference agencies will give us information that is public, such as information from the electoral register, as well as specific information they know, such as shared credit, financial situation and financial history information, and fraud prevention information.

When we use credit reference agencies

Sharing your personal data with credit reference agencies

We run checks when you apply. If you are with Tesco Bank, we will also do periodic checks while you are using our products or services (the number and frequency of these checks will depend on which products or services you have).

Sharing your personal data with credit reference agencies

We will also regularly share data about how you manage your account with credit reference agencies so they can keep their records accurate and up-to-date.

What we do with information from credit reference agencies

We use data from credit reference agencies to:

  • assess your creditworthiness and whether we think you can afford to take the product
  • check the personal data you have given us is accurate
  • prevent criminal activity, fraud and money laundering
  • help to manage and make decisions about your account(s)
  • trace and recover debts
  • make sure any offers we make to you are appropriate to your circumstances

Ongoing exchange of information with credit reference agencies

We will continue to exchange data about you with credit reference agencies while you have a relationship with us. This includes telling the credit reference agencies how you manage your debts; for example, how you repay your loans, credit card, mortgages or manage your overdraft.

If you do not pay back in full or on time, we will tell the credit reference agencies and they will record the outstanding debt.

Other organisations will be able to see this information.

Credit reference agencies keep a record of search requests we make

When we make a search request, the credit reference agencies may make a note on your file that Tesco Bank has done a search. Other organisations will be able to see that Tesco Bank made a search of your data.

Joint applications, additional cards holders, financial associates and credit reference agencies

If you are making a joint application, or tell us that you have a spouse or partner or anyone else that you are financially associated with (for example, if you have a joint mortgage with a friend or family member), we will also search their information with the credit reference agencies and link your records together.

Credit reference agencies will also link your records together. Your records will stay linked until either you or the other person requests that the files are no longer linked (this is known as issuing a ‘notice of disassociation’). It is important that anybody you are making a joint application with, or any financial associate you tell us about, understands this before you make an application.

For more information about credit reference agencies

The three main credit reference agencies are Callcredit, Equifax and Experian.

To learn more about what they do, what information they hold, and what your rights are, go to their websites below:

Fraud and financial crime prevention agencies

Fraud and financial crime prevention agencies

Before we provide you with goods, services, or financing, we provide data to and make checks with fraud and financial crime prevention agencies. To do this, we need to use and collect personal data about you.

We will also continue to share information with fraud and financial crime prevention agencies while you have a relationship with us.

We provide this information because it is essential for us to verify your identity, prevent fraud, money laundering, terrorist financing, bribery and corruption, and not transact with individuals subject to UK and international sanctions. The law and regulations say we must do this to protect our business, consumers and the industry.

These checks are a contractual requirement of our products and services. That means if you want to take out one of our products or services you must agree to them.

To make these checks, we will use both data you have given us and data we get from third parties. Types of data we typically use for fraud and financial crime prevention, as well as other mandatory compliance purposes, are:

  • name, address, date of birth
  • contact details
  • nationality
  • financial information
  • employment details
  • data we know about your digital devices (for example, your IP address)

We might allow law enforcement agencies to access your personal data

We, and fraud and financial crime prevention agencies, may also allow the police and other law enforcement agencies to access and use the personal data we know about you. They do this to detect, investigate and prevent crime.

How long do fraud and financial crime prevention agencies hold your personal data?

Fraud and financial crime prevention agencies hold personal data for different periods of time.

If they think that someone poses a fraud or other financial crime risk, they can hold that personal data for up to six years.

What happens if we think you are a fraud or financial crime risk, or do not have a right to UK residency

If we, or a fraud or financial crime prevention agency, think that you pose a fraud or financial crime risk, or do not have a right to UK residency, then we may refuse to provide the services you have applied for, or we may stop providing existing services to you.

Fraud and financial crime prevention agencies will keep a record of the fact that we think you pose a risk.

In some cases, these records can be seen by others, and might result in other organisations refusing to provide services, financing or employment.

If you have any questions about this, contact us.

Fraud and financial crime prevention and automated decision-making

We may use computers to automatically run fraud and money-laundering checks without involving a person in running those checks. This is known as ‘automated decision-making’. These automated checks look for unusual activity, which helps us to decide:

  • whether someone might pose a fraud or financial crime risk
  • whether someone has the right to UK residency
  • whether their behaviour is compatible with known fraud or other types of financial crime is inconsistent with information we already have about them
  • if we think they are hiding their true identity

For more information about automated decision-making

You have rights relating to automated decision-making.

Sending your personal data outside of the European Economic Area

If fraud or financial crime prevention agencies need to send your personal data outside of the European Economic Area (“EEA”), then the organisations they send it to are contractually obliged to protect your personal data to the same standards as in the EEA.

Fraud and financial crime prevention agencies may alternatively need to agree to other international frameworks for secure data sharing.

Insurance products. How is information used to make decisions and prevent fraud and other forms of financial crime?

Our Panel Insurers

Our Panel Insurers

Our insurance products are offered in conjunction with our panel insurers. References to “we” in this section of the privacy policy refer to us and our panel insurers.

Credit reference agencies

Ongoing exchange of information with credit reference agencies

We will continue to exchange data about you with credit reference agencies while you have a relationship with us.

This includes telling the credit reference agencies about any debts you do not pay back on time. Credit reference agencies will share your personal data with other organisations.

For more information about credit reference agencies

The three main credit reference agencies are Callcredit, Equifax and Experian.

Find out more about what they do, what information they hold, and what your rights are at the websites below.

Fraud prevention and industry data sharing

Fraud and financial crime prevention, credit reference agencies and industry data sharing

Before we can provide you with insurance, we may need to get data about you, all drivers named on the policy, and anyone who is paying your premiums.

We may get this information from third parties such as credit reference agencies, fraud and financial crime prevention agencies, and other agencies that have been set up for that purpose. The information they give us can include publicly available information, information from the electoral register, and other information they have derived from previous searches.

When we contact these agencies, they may make a record that we have asked for information. This will not affect your credit rating.

Times when we may need to get information include:

  • to verify your identity
  • to establish your right to UK residency
  • to assess if a product is suitable for you
  • to check what terms of cover we should offer
  • to assess your creditworthiness
  • to process claims
  • to manage and maintain your policy
  • when you renew
  • to trace and recover debts
  • to prevent criminal activity, such as fraud and other forms of financial crime

We may also check your personal data with other organisations

We may also check you, all named drivers and anyone who is paying your premiums with other organisations such as:

  • the DVLA
  • the Claims and Underwriting Exchange (CUE), run by MIB Management Services Limited (MSL)
  • the Motor Insurance Anti-Fraud and Theft Register, run by the Association of British Insurers (ABI)
  • we may also check with other similar organisations

We may share information we hold about you with others

We may share information you have given to us so we can check it is correct, and to help detect and prevent crime, including fraud and money laundering. The times when we may do this are:

  • when you apply for insurance (or a subsequent variation to cover)
  • while maintaining your policy
  • when renewing your policy
  • when you make a claim

Agencies will keep a record of our enquiries

A record of our search will be left on your file at the credit reference agency. This record may be visible to other lenders when they carry out checks in the future.

This will not affect your credit rating.

How to get more information about the Claims and Underwriting Exchange

Fraud and financial crime prevention agencies

We might collect information from other publicly available sources, such as social media

We and our panel insurers may research, collect and use data from publicly available sources. We do this to help detect and prevent fraud and other forms of financial crime. If you are not sure what information you have made available to the public on social media, we recommend that you visit the privacy settings on each of your social media accounts.

What happens if we suspect fraud or other forms of financial crime?

If you give inaccurate details, we suspect fraud or other financial crime, or we suspect that you do not have the right to UK residency, we will share this information with other organisations.

They may use this information when making decisions about you and others in your household. This may include decisions about whether to lend you money, offer you insurance, as well as other decisions about tracing debt and detecting crime.

You must tell us about any incident, whether or not you think it is likely to give rise to a claim

It is a condition of your policy that you tell us about any incidents.

When you tell us about an incident, we will pass this information on to the registers mentioned above.

Fraud and financial crime prevention agencies

We provide this information because it is essential for us to verify your identity and to prevent fraud and other forms of financial crime. The law and regulations say we must do this to protect our business, consumers and the industry.

These checks are a contractual requirement of our products and services. That means if you want to take out one of our products or services, you must agree to them.

To make these checks, we will use both data you have given us, and data we get from third parties. Types of information we typically use for fraud prevention are:

  • name, address, date of birth
  • nationality
  • contact details
  • financial information
  • employment details
  • data we know about your digital devices (for example, your IP address)
  • vehicle details
  • claims history

We might allow law enforcement agencies to access your personal data

We, and fraud and financial crime prevention agencies, may also allow law enforcement agencies to access and use the personal data we know about you. They do this where they believe that it is absolutely necessary to detect, investigate and prevent crime.

How long do fraud and financial crime prevention agencies hold your personal data?

Fraud and financial crime prevention agencies hold personal data for different periods of time.

If they think that someone poses a fraud or other financial crime risk, they can hold that personal data for up to six years.

What happens if we suspect fraud other forms of financial crime, you give inaccurate information or do not have the right to UK residency?

If we, or a fraud or financial crime prevention agency, think that you pose a fraud or other financial crime risk, or if we think you have given inaccurate information, or do not have the right to UK residency, we may:

  • refuse to provide the services you have applied for
  • stop providing existing services to you

We will keep a record of any fraud or other financial crime risk

Both we and fraud and financial crime prevention agencies will keep a record of any fraud or other financial crime risk.

This may result in others refusing to provide services, financing or employment to you. If you have any questions about this, contact us.

Fraud and financial crime prevention and automated decision-making

We may use computers to automatically run fraud and other financial crime checks without involving a person in running those checks. This is known as ‘automated decision-making’. These automated checks look for unusual activity, which helps us to decide:

  • whether someone might pose a fraud or money-laundering risk
  • whether someone has the right to UK residency
  • whether their behaviour is consistent with or similar to known fraud or other financial crime methodologies
  • is inconsistent with information we already have about them
  • if we think they are hiding their true identity

For more information about automated decision-making

You have rights relating to automated decision-making.

Sending your personal data outside of the European Economic Area (“EEA”)

If fraud prevention agencies need to send your personal data outside of the European Economic Area (“EEA”), then the organisations they send it to are contractually obliged to protect your personal data to the same standards as in the EEA.

Fraud prevention agencies may alternatively need to agree to other international frameworks for secure data sharing.

How we handle sensitive personal data

Sensitive personal data

When we need to use sensitive personal data

Sometimes we will need to ask you for sensitive personal data. For example, when dealing with an insurance policy, you might need to tell us about a medical condition. If required, to comply with data protection laws, we will ask for your explicit consent to use this data (data protection laws call this ‘special category data’ or ‘sensitive personal data’).

Special circumstances

How we handle data about special circumstances

We handle data about any special circumstances as carefully and confidentially as any other data we hold about you. This includes data about things you tell us so that we are able to provide you with additional assistance (e.g. if you are hard of hearing) and also information that laws or regulations say we must record (for example, if any underlying medical condition has led to you appointing a Power of Attorney).

How we use your personal data to contact you

Contacting you

How we will contact you

We may contact you by phone/post/email and SMS. If you have given us an email address or mobile number, we might also use these to contact you with servicing messages about your application or account (for example, to keep you updated about how your application is going) and for ongoing account management.

Confidential Data

We keep confidential data to a minimum via email and text

This is because emails and texts are less secure (you should never send us any confidential data via email or text).

Sending your personal data to other countries

Sending personal data outside the EEA

We will only send your personal data outside the EEA if we know it will be well protected

Sometimes we might send your personal data to another country if, for example, our service provider has a data centre overseas.

All countries within the EEA have broadly the same data protection laws. Before sending your personal data outside the EEA, we check that the recipient will be able to keep your personal data secure and that:

  • the EU Commission confirms that the recipient is established in a country which offers essentially equivalent protection to that provided within the EEA; or
  • it is to a private US company that has self-certified with the Privacy Shield
  • If neither of these apply, then we ask the recipient to sign the EU Commission’s ‘model contract’. This means they must meet EU standards of data protection.

When your personal data is in another country, it may be accessed by law enforcement agencies in those countries. They do this to detect and prevent crime, or because the law says they must. For more information about sending your personal data overseas, you can write to: The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ.

How long do we keep your personal data for?

Keeping your personal data

We keep your personal data for a reasonable period only

How long we keep your personal data will depend on:

  • what type of product or service we are providing for you
  • how long laws or regulations say we must
  • what we need for fraud and other financial crime prevention
  • what we need to lend responsibly
  • other legitimate business reasons (for example because we need to respond to a complaint or legal claim)

How long do we keep data?

How long do we keep data when you no longer use our service?

We keep your personal data once your account is closed, your insurance policies have lapsed for up to 10 years.

No completed applications

When you have applied but not taken out a product

We keep insurance quote data and banking application data for up to 7 years. We do this to help us understand more about you, to help develop our products and services, and to protect you and us against fraud and other forms of financial crime. We may also use this information if you apply for a product again in the future.

For marketing purposes

Retention for Marketing Purposes

We keep your personal data for 3 years after your last activity with us.

In all cases, we will retain the personal data for so long as that personal data is needed for an ongoing investigation, legal proceedings, insurance claim or an outstanding audit.

What happens if we change how we use your personal data?

Important changes

We will contact you if there are any important changes to how we use your personal data

If we think it’s a change you would not expect, we will let you know.

Changes needing consent

Some changes might need your consent, or need you to opt out

If this is the case, we will always wait until you have let us know your decision before making any changes to the way that we use your personal data.

Your Rights

Your Rights

You have the right to know what data we hold about you

This is called your ‘subject access rights’.

The law says that you are entitled to see what data we hold about you

If you ask us for this, we will give you access or send you a copy of all the personal data we hold about you (there are a few exceptions to this, such as access to personal data about third parties). If you want a copy of your personal data, please use the subject access form.

We will respond to your request within one month.

We may get in touch sooner if we need extra information to help us find your personal data, or to verify your identity.

Information about insurance claims is held by the Tesco Bank Providers

If you want to see what data the Tesco Bank Providers hold, you need to contact them directly. The Tesco Bank Providers for your policy will be confirmed on your policy schedule.

You have the right to have the personal data you have provided to us supplied to you in an easily transferable digital format

This is known as the ‘right to data portability’.

This means you can ask us to send your personal data in this format to you, or to another organisation (for example, another bank or insurer).

You have the right to change or amend your personal data

If you think any of the personal data we hold about you is incorrect or incomplete, let us know and we will change it.

You have the right to stop us using, restrict us using, or request that we erase the personal data we hold about you

If you want us to stop using, or restrict our use of, your personal data, or you want us to erase it entirely, please let us know. There are times when we may not be able to do this – for example, if the information is related to an existing or recently expired contract between you and us, or if the law says we need to keep your personal data for a certain amount of time.

You have the right to withdraw your consent at any time

Sometimes we need your consent to process your personal data. If you have given consent, you can change your mind and withdraw it. To do this, get in touch by using the relevant contact details from our website.

However, we do not always need your consent to use your personal data. There is some information this doesn’t apply to. For instance;

  • the information we need in order to provide your product or service
  • the information that it’s necessary we have in order to run our business or to provide the products or services in a more effective way (known as the “legitimate interests” condition), or
  • the information the law says we must collect and use

Contact us

Contact us for more information about how we handle your personal data

If you have concerns about how we handle your personal data, or just want more details, please call us (see contact us section on our website) or write to the address below. We will try and sort things out as quickly as we can.

Our address is:

The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ.

Find out more

For more data about your rights, visit the Information Commissioner’s Office website

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights, and promote data privacy for individuals.

If you have a complaint or concern about how we have handled your personal data and we have not been able to sort it out to your satisfaction, you have the right to lodge a complaint with the ICO.

Cookie Policy

What is a cookie?

A cookie is a small text file that is placed onto your computer, tablet or mobile device by websites that you visit. Cookies do a range of things to personalise and improve your browsing experience - please see 'Different types of cookies' tab for details on how they work.

Common cookie terminology

Here are some common terms to help you understand how cookies work, and to identify the different types you might expect to find on certain sites:

  • Session cookies – these cookies are placed onto your device for the duration of your visit to a website, and expire after you leave.
  • Persistent cookies - these are placed onto your device and remain in place for a while after you leave a website. These can make your visit to a site more convenient, such as remembering your saved passwords for next time. These can last for 1 day, 30 days or permanently, depending on the site.

Please note that a site may store data captured by a cookie beyond the cookie’s expiry date – please see the 'Cookies used on our site' tab for details on how we retain user data and why.

  • First-party cookies are placed onto your device from a site's web domain/sub-domain when you visit. An example of a first-party cookie would be one sent from www.tescobank.com. Cookies sent from www.metrics.tescobank.com are also regarded as first-party, as it is a sub-domain of www.tescobank.com.
  • Third party cookies are sent from a website that's different to the one you're visiting. For example, a cookie sent to your device from doubleclick.net will be from a third party vendor that works on behalf of Tesco Bank.

Different types of cookies

Different types of cookies

Cookies used across the Tesco Bank website fall into the following categories:

  • Essential - Cookies that are necessary for a web service to work properly. Such as, accessing online banking or other secure environments.
  • Measurement - Cookies that collect information about how visitors access and use the Tesco Bank website. This data is used to help us make improvements to your site experience, as well as our site's performance, design and marketing.
  • Experience - Cookies that are used to support our website design tests and to give you a more personalised experience.
  • Targeting - Cookies that are used to make display advertising more relevant to your needs, and to your browsing preferences.
  • Cookies not controlled by Tesco Bank - Across the website you will find links that lead to external websites and services provided by our trusted third parties, providers and partners. Please see the respective websites for details on their own cookie policies. See 'Cookies used on our site' tab.

Cookies used on our site

Tesco Bank (Essential)

Purpose: These cookies are essential to allow you to navigate our website and to securely use features such as logging in to online banking.

First party cookies (unless specified)

SESSION COOKIES

  • __RequestVerificationToken_L1NlcnZpY2luZw__
  • AuthenticationTicket
  • BCSI-CS-da3e3d973ec99a39
  • JSESSIONID
  • LBSESSIONID
  • Microsession
  • secure-application-session
  • SessionTimeout
  • sticky
  • TESCO_RESPONSE_ID
  • TS011af20e
  • TS01356f29
  • TS01557b85
  • TS0187689b
  • TS019e2f2e
  • TS01bde74e

PERSISTENT COOKIES

  • portal-token
  • RF_DID
  • sb-closed
  • tesco_cookie_accepted
  • tesco_pcao_device_id
  • username_banking
  • ArcotAuthDid
  • TBANKVISITOR

Ensighten (Essential)

Purpose: Ensighten is the Tag Management software used by Tesco Bank. It is used to deploy other technologies/generate data that is captured by other technologies. This technology does not retain any data.

First party cookies

Data Retention Period: N/A

SESSION COOKIES

  • customer_type
  • ens_gpv_pn
  • ens_internal_link
  • ens_sc_event1
  • ens_sc_event2
  • ens_sc_event3
  • ensCoverPolicy
  • ensRef
  • event4
  • event6
  • event7
  • event8
  • event9
  • loanAmount
  • tms_journey
  • tms_retrieve_type
  • tms_trav_journey
  • tms_aggregator
  • ensTargetingCheck
  • ensPageNameCat

PERSISTENT COOKIES

  • s_ev20
  • ensloggedin
  • tms_document_referrer
  • uuid
  • TESCOBANK_ENSIGHTEN_PRIVACY_BANNER_VIEWED
  • TESCOBANK_ENSIGHTEN_PRIVACY_Targeting

Adobe Analytics (Measurement)

Purpose: Tesco Bank uses Adobe Analytics technology to measure website traffic and performance.

A copy of the Adobe Analytics data is hosted with a UK based 3rd party partner of Tesco Bank called Aquila Insight. They provide a technical environment for Tesco Bank to run additional analysis on the performance of digital marketing. Aquila Insight retain this data for a maximum of 25 months.

First party cookies (unless specified)

Data Retention Period: 37 months

SESSION COOKIES

  • s_sq
  • s_cc
  • gpv_pn
  • AMCVS

PERSISTENT COOKIES

  • s_vi
  • s_sq
  • s_fid
  • s_ev21
  • s_dfa
  • s_cc
  • gpv_pn
  • dpm (third party cookie)
  • dextp (third party cookie)
  • demdex (third party cookie)
  • AMCVS

Decibel (Measurement)

Purpose: Tesco Bank uses Decibel technology to better understand how users interact with different aspects of our website. The purpose of the data collected is to inform website design & technical improvements.

Third party cookies

Data Retention Period: 12 months

SESSION COOKIES

  • da_sid

PERSISTENT COOKIES

  • da_lid

KPMG Nunwood (Measurement)

Purpose: Tesco Bank partners with KPMG Nunwood to collect website user & customer experience feedback. The data collected is used to inform improvements in the Tesco Bank digital & customer experience.

First party cookies (unless specified)

Data Retention Period: 1 month

SESSION COOKIES

  • _f_popunder_min_nwd
  • _f_popunder_page_visits_nwd
  • ASPSESSIONIDCUTDSRTS (third party)
  • _f_heartbeat_nwd (third party)

Optimise (Measurement)

Purpose: At Tesco Bank we use Optimise to measure all affiliate marketing activity.

Third party cookies

Data Retention Period: 24 months

PERSISTENT COOKIES

  • OMG-796101
  • OMGID
  • OMGSession

SiteImprove (Measurement)

Purpose: SiteImprove is a website content quality measurement technology

Third party cookies

Data Retention Period: For the duration of the contract between Tesco Bank & SiteImprove.

SESSION COOKIES

  • siteimproveses
  • ARRAffinity
  • ASP.NET_SessionId
  • _hssrc

PERSISTENT COOKIES

  • _hssc
  • _hstc
  • nmstat
  • hubspotutk

DoubleClick (Measurement)

Purpose: DoubleClick is an ad serving technology and used by Tesco Bank to track & optimise its digital marketing activities.

Third party cookies

Data Retention Period: 24 months

PERSISTENT COOKIES

  • _sonar
  • IDE

Google Analytics (Measurement)

Purpose: Google Analytics allows Tesco Bank to measure Google Search usage and to analyse & optimise website landing pages and our visibility on search engines.

First party cookies

Data Retention Period: a minimum of 25 months

SESSION COOKIES

  • __utmb
  • __utmc
  • __utmt

PERSISTENT COOKIES

  • __utma
  • __utmv
  • __utmz
  • _ga
  • _gid
  • _gat
  • _gac_UA-XXXXXXXX-X

Maxymiser (Experience)

Purpose: At Tesco Bank the Maxymiser technology is used for two distinct purposes. To test web page/component design iterations & to serve personalised experiences.

First party cookies

Data Retention Period: 12 months

PERSISTENT COOKIES

  • mmapi.store.p.0
  • Txx_generated

Sociomantic (Targeting)

Purpose: Sociomantic are an agency that support Tesco Bank in the area of display advertising. Sociomantic use DoubleClick cookies to trigger display advertising that’s linked to your online browsing habits.

Third party cookies

Data Retention Period: Indefinitely

PERSISTENT COOKIES

  • sonar
  • sonar_matching
  • sonar_matching_eu
  • _sonar
  • sonar-expires

Mediacom/Facebook (Targeting)

Purpose: Mediacom are an agency that support Tesco Bank in the area of display advertising via Facebook. Mediacom use Facebook cookies to trigger display advertising that’s linked to your online browsing habits.

Third party cookies

Data Retention Period: 180 days

PERSISTENT COOKIES

  • dpr
  • datr
  • c_user
  • fr
  • sb
  • xs
  • pl

Facebook (Cookies not controlled by Tesco Bank)

Purpose – certain pages on the Tesco Bank website link to the Tesco Bank page on Facebook. The link is to promote our Social Media presence. Please visit the Facebook website for details of their cookie policy.

YouTube (Cookies not controlled by Tesco Bank)

Purpose – certain pages on the Tesco Bank website link to the Tesco Bank page on YouTube. The link is to promote our Social Media presence. Please visit the YouTube website for details of their cookie policy.

Twitter (Cookies not controlled by Tesco Bank)

Purpose – certain pages on the Tesco Bank website link to the Tesco Bank page on Twitter. The link is to promote our Social Media presence. Please visit the Twitter website for details of their cookie policy.

LivePerson (Cookies not controlled by Tesco Bank)

Purpose – LivePerson provide the Chat service on the Tesco Bank Pet Insurance application pages. Please visit the LivePerson website for details of their cookie policy.

SESSION COOKIES

  • LPSessionID

PERSISTENT COOKIES

  • LPVisitorID

Reevoo (Cookies not controlled by Tesco Bank)

Purpose – Reevoo is an independent customer recommendations platform used by Tesco Bank Insurance products. Please visit the Reevoo website for details of their cookie policy.

PERSISTENT COOKIES

  • reevoo_sp_id.92d3
  • reevoo_sp_ses.92d3
  • reevoomark_marker
  • reevoomark_viewed_products
  • sp

Lithium (Cookies not controlled by Tesco Bank)

Purpose – Lithium host the Tesco Bank Your Community pages. Please visit the Lithium website for details of their cookie policy.

SESSION COOKIES

  • LiSESSIONID
  • LithiumUserSecure

PERSISTENT COOKIES

  • LithiumVisitor
  • VISITOR_BEACON
  • LithiumUserInfo

Manage your cookie preferences

Manage your cookie preferences

Please note:

  • Your Tesco Bank website cookie consent preferences are specific to the device and browser you are using at the time of consent.
  • So, if you visit using a different browser you will need to set your cookie consent preferences again.
  • Likewise, if you visit using a different device you will need to set your cookie consent preferences again.
  • If you clear your cookies you will need to set your cookie consent preferences again (as cookie consent preferences are stored in a cookie).
  • You can amend your Targeting cookie consent preference at any time by visiting this page.
  • You can also amend your general cookie preferences via your browser settings.