Privacy Policy
Introduction
By participating in the Nectar programme in the United Kingdom (the “Programme”), we will collect and use personal data about you and any additional collectors within your account. Companies participate in the Programme by offering Nectar points (“Points”) or a place to redeem them (we call these companies “Nectar Partners”). Through participating in the Programme we will learn about what you buy, and you may receive offers and marketing from Nectar Partners, the companies whose products they sell or advertise (“Brands”) and other third parties through various Marketing Channels (by this we mean ways of receiving advertising or offers, including email, post, SMS, our Nectar app and Nectar Connect, and may include other digital channels such as websites, apps, social media and advanced TV).
This privacy policy explains what personal data we collect, the way we use it and why, the circumstances when we may share it, and your choices and rights with respect to your personal data.
What personal data do we use?
Personal data you share with us
Account Information
This is personal data such as your name, home address, email, and telephone number that you share with us when you create your Nectar account.
Transaction Information
When you shop with our Nectar Partners and use your Nectar card, e.g. when you swipe your card or buy something on an account you’ve linked with Nectar, we receive personal data about that transaction. This can include details about the transaction such as what you purchased and where you purchased it. If you use Nectar Connect, you also share transactions and transaction history related to the payment card you signed up with, you can find out more about Nectar Connect by visiting https://www.nectar.com/about/privacy-and-legal/nectar-connect.
Programme Analytics
This is personal data regarding how you interact with the Programme. This includes:
-
which offers you engage with and use
-
the Points redemptions you make
-
how you interact with and experience our websites and apps
-
predictions about your interests, shopping habits and characteristics – we call these “profiled characteristics”
Surveys and Market Research
This is personal data that you share with us when you take part in surveys, questionnaires or market research run by us, our Nectar Partners, or research partners.
Contact Centre Information
This is the contents of chats, calls and correspondence with our Contact Centre or with our chatbot on the Nectar website, and any associated data.
Competitions Data
When you enter competitions operated by Nectar or our Nectar Partners, you may share personal data with us, such as your entry, contact and delivery details.
Device information, cookies & similar technologies
This is personal data from devices you use to access the internet, including our services such as our websites and apps, received via e.g. cookies and other similar technologies such as pixels. This could be information such as IP addresses, MAC addresses, unique IDs such as advertising IDs, location data, information about your browser, or details contained in URLs used in our communications with you (e.g. offer links in emails).
Cookies are small data files that websites or apps place on your device. To find out more about cookies and similar technologies, please visit our Cookie Policy.
Additional personal data we receive about you
Data from Nectar Partners and Brands
Nectar Partners and Brands may share personal data with us (e.g. when you link your account) which they have collected during their relationship with you. This may be information such as how you use their website and apps, your transactions with them, competitions, surveys and marketing you’ve responded to, other loyalty schemes you’ve engaged in, or profiled characteristics attributed to you from your interactions with that company.
Data from third party data companies
This is personal data that we receive or use provided by companies that provide customer information or that is publicly available. These might be companies that help us verify or update your address, or companies that provide us with information on your modelled household profile. This could be received at an individual or an anonymous level such as information based on your post code (e.g. Experian, CACI, Royal Mail).
Social Media and Digital Advertising – If we market to you using social media or digital advertising platforms (e.g. Google or Facebook), we may use segmentations available on those platforms to help make our marketing more relevant to you.
Anonymous data
When personal data has identifying details removed, that information can become anonymous. This can happen if we remove details such as names and addresses, or aggregate personal data into groups and keep only the information about the groups (e.g. information about people at a post code level or a report of shopping behaviour broken down by age), or when we create models from personal data that identify certain characteristics associated with certain traits (e.g. customers likelihood to buy a particular product or category).
Because we can’t identify people within anonymous data, it is treated differently from personal data and is not covered by this policy.
Pseudonymised data
Pseudonymised data is similar but slightly different from anonymous data. Although identifying details such as names and addresses are removed, it is possible to identify them by reference to a ‘key’ held separately. Pseudonymised data may be used to enhance security and privacy by enabling data to be processed at an individual level without requiring identifying details to do so. Pseudonymised data remains personal data and is covered by this policy.
How we will use your personal data, and our basis for doing so
This section explains when we process your personal data, and why we do it. In these use cases, we may use an automated decision-making process which takes into account the types of data listed in each section. For example, when using automated decision-making processes to market to you based on your Nectar profile, we might take into account Transaction Information, Account Information and Programme Analytics.
In some cases, you have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in a similarly significant way.
If you are seeking to exercise this right, please contact us using the details in the “Contact Us” section below.
To operate the Programme
We will use your personal data to operate the Programme, including to:
|
Use |
Category of personal data |
Legal basis |
|---|---|---|
|
Manage your Nectar account, and operate our apps and websites and tailor these to you |
|
|
|
Allow you to link your Nectar account with your accounts at our Nectar Partners |
|
|
|
Enable you to collect and redeem points at Nectar Partners |
|
|
|
Interact with offers in our app and at Nectar Partners |
|
|
|
Match data with Nectar Partners to aid coordination of marketing of the Programme across Nectar and Nectar Partner channels |
|
|
|
Match data with prospective Nectar Partners to assess suitability for the Programme |
|
|
|
Personalise your Nectar experience based on your location |
|
|
|
Provide other Programme-related services |
|
|
|
Ensure that applicable terms and conditions are observed |
|
|
|
Understand how you interact with Nectar and use that information to help create new Nectar features and services |
|
|
|
Create and apply anonymous data models from and to your personal data for the uses listed above |
|
|
Analyse your use of the Programme
We will use information about your use of the Programme, our websites and apps to analyse your behaviour for various purposes, including to:
|
Use |
Category of Personal Data |
Legal basis |
|---|---|---|
|
Provide information about you to our Nectar Partners and Brands |
|
|
|
Improve the Programme, websites and apps |
|
|
|
Understand how you use the Programme |
|
|
|
Build a profile about you and your profiled characteristics, based on the personal data we have about you from your use of your Nectar account, our websites and apps, as well as personal data we receive from Partners, Brands and third parties |
|
|
|
Create and apply anonymous data models from and to your personal data for the uses listed above |
|
|
Market to you based on your Nectar profile
We will use the information available to us to build a profile of you for marketing purposes, including to:
|
Use |
Category of Personal Data |
Legal basis |
|---|---|---|
|
Personalise the marketing and offers you receive from Nectar, our Nectar Partners and Brands through various marketing channels, including email, post, SMS, our app and Nectar Connect, as well as digital channels such as websites, apps, social media and advanced TV |
|
|
|
Assess the effectiveness of the marketing activities of Nectar, our Nectar Partners, Brands and third parties |
|
|
|
Personalise marketing and offers based on your location |
|
|
|
Create and apply anonymous data models from and to your personal data for the uses listed above
|
|
|
|
Use data matches to identify relevant audiences of Nectar collectors and find them on digital channels for the purposes of marketing |
|
|
Competitions
We may use your personal data when we run competitions of our own or for our Nectar Partners and Brands. As an example, this could be your Transaction Information if you needed to make a qualifying purchase to enter, or your Account Information if we needed to contact you to give you your prize.
|
Use |
Category of Personal Data |
Legal basis |
|---|---|---|
|
Competitions |
|
|
Conduct Surveys and Market Research
Your personal data may be used to conduct surveys and market research. For example, Transaction Information may be used to identify relevant shoppers for a survey on e.g. frozen foods.
|
Use |
Category of Personal Data |
Legal basis |
|---|---|---|
|
Conduct Surveys and Market Research |
|
|
Create data models
We combine the personal data we have and analyse it to look for patterns, trends and characteristics that align with a particular outcome – for example, items that are often purchased together, or popular times to redeem points. We use this analysis to create a framework that maps out these patterns, trends and characteristics on an anonymous basis - we call these frameworks “data models” and the process of making them “data modelling”.
Data modelling helps us to analyse the way that groups of people are shopping. For instance, we might look at Transaction Information at Sainsbury’s and see that buyers of ground coffee are starting to buy coffee beans or pods instead - which could be useful information for Nectar Partners who sell coffee machines.
We can then apply data models to a personalised data set, to help us tailor the offers that we show Nectar collectors. For example, sending coffee machine offers to buyers of instant coffee.
In some circumstances we also share personal data with Nectar Partners to enable them to create their own models. Please see the “Who will we share your personal data with?” section for further details.
|
Use |
Category of Personal Data |
Legal basis |
|---|---|---|
|
Create data models |
|
|
Provide customer service support
We use your personal data when you use our customer service support, e.g. when you call our contact centre or use our chatbot.
|
Use |
Category of Personal Data |
Legal basis |
|---|---|---|
|
Provide customer service support, including verifying your identity, and for the purposes of training and process improvement |
|
|
Security and fraud
To protect your Nectar account, to combat fraud and protect our business, we will use your personal data to implement security measures such as Multi-Factor-Authentication, and to investigate and prevent any suspected fraudulent activity across Nectar.
|
Use |
Category of Personal Data |
Legal basis |
|---|---|---|
|
Security and fraud |
|
|
Who will we share your personal data with?
We may share your personal data within the Sainsbury’s Group (see ‘Who are we?’ section of https://privacy-hub.sainsburys.co.uk/privacy-policy), with Nectar Partners and Brands, Service Providers and other organisations (as defined later in this policy).
Sainsbury’s Group
Nectar is part of the Sainsbury’s Group. We share your personal data within the Group for purposes such as:
- To operate the Programme
- Analyse your use of the Programme
- Market to you based on your Nectar Profile
- Competitions
- Conduct Surveys and Market Research
- Create and apply data models
- Provide customer service support
- Security and fraud
For more information on how Sainsbury’s Group use your personal data, please visit the Sainsbury’s Group Privacy Policy.
Nectar Partners
We may share your personal data with Nectar Partners, for purposes such as:
- To operate the Programme
- Analyse your use of the Programme
- Market to you based on your Nectar Profile
- Competitions
- Conduct Surveys and Market Research
- Security and fraud
- Create data models
The types of personal data we share with Nectar Partners include:
- Account Information
- Transaction Information
- Programme Analytics
- Surveys and Market Research
- Contact Centre Information
- Competitions Data
- Device information, cookies & similar technologies
A list of the current Nectar Partners can be found at: https://www.nectar.com/about/privacy-and-legal/participating-companies
Nectar Partners – Sainsbury’s Bank
We also share personal data with Sainsbury’s Bank and Argos financial services (see Who are we? section of https://privacy-hub.sainsburys.co.uk/privacy-policy)
(referred to collectively in this policy as ‘Sainsbury’s Bank’) to enable them to create data models designed to indicate a shopper’s credit worthiness and insurance risk. Sainsbury’s Bank creates those models by combining datasets of Transaction Information at Sainsbury’s, Argos, Habitat and Tu with datasets such as credit worthiness and credit performance data or insurance performance data. They apply the data models they create to personal data we share with them to offer Nectar collectors a more convenient product (such as pre-approval for credit) or, with your consent, to give you a better deal on a financial product such as credit or insurance.
From time to time we may also enter partnerships which mean that we share more data than is set out above. In those circumstances you will be presented with clear additional information at the point that you choose to link your account. You can find that information by visiting the relevant Nectar Partner’s page within the Nectar app or website.
Brands
We may share your personal data with Brands for the following purposes:
- Analyse your use of the Programme
- Market to you based on your Nectar Profile
- Competitions
- Surveys and Market Research
The types of personal data we share with Brands include:
- Account Information, with your consent
- Pseudonymised Account Information
- Device information, cookies & similar technologies
- Programme Analytics
- Transaction Information
- Surveys and Market Research
- Competitions Data
Suppliers and Service Providers
We work with different companies so that they can help us run the Programme, as well as deliver other services you require from us or we think you might be interested in. We share the personal data we have with those suppliers and service providers for the following purposes:
- To operate the Programme, e.g.:
- Mailing houses to send you information or offers by post
- Affiliate marketing networks to bring you some of our offers
- Companies that provide IT and Cloud infrastructure services and support
- Market to you based on your Nectar profile, e.g.:
- Online and social platforms such as Google or Facebook
- Advanced TV platforms such as Sky AdSmart
- Advertising and marketing agencies
- Companies which help us deploy our emails, such as Salesforce
- Companies which help us deploy SMS and other campaigns through electronic means
- Coupons you receive at till
- Analyse your use of the Programme, e.g.:
- Companies that provide analytics support
- Companies that provide data matching support
- Competitions, e.g.:
- Companies who administer competitions for us so they run smoothly and fairly
- Surveys and Market Research, e.g.:
- Companies who conduct market research on our behalf or in conjunction with us
- Provide Customer Service Support, e.g.:
- Companies who run our contact centres, which need your personal data to identify or contact you as well as deal with your query
- Create Data Models and anonymise data, e.g.:
- Companies which offer anonymisation and data modelling services
Other organisations
We may also share your personal data with other organisations including:
- If we're discussing selling or transferring part or all of Nectar, we may share your personal data to prospective purchasers and their advisers - but only so they can evaluate the relevant business
- If we are reorganised or sold to another organisation, we may transfer personal data we hold to them so they can continue to provide the Programme to you
- If we are required to by law, under any code of practice by which we are bound or where we are asked to do so by a public or regulatory authority
- If we need to do so in order to exercise or protect our legal rights, users, systems and services
- In response to requests from individuals (or their representatives) seeking to protect their rights or the rights of others. We will only share your personal data in response to requests which do not override your privacy interests. For example, we will not share your personal data with individuals who are merely curious about you, but we will share your personal data to e.g. insurers, solicitors, employers etc. which have a demonstrable legitimate interest in your personal data
International Transfers
From time to time we transfer your personal data outside of the United Kingdom for the purposes described in this privacy policy. When we do this, your personal data will continue to be subject to one or more appropriate safeguards set out in the law. These might be the use of model contracts in a form approved by the Information Commissioner’s Office (“ICO”), having the recipient sign up to an independent privacy scheme approved by regulators, or transferring to a jurisdiction that is subject to a relevant adequacy decision.
Where we put in place appropriate safeguards to protect personal data we transfer, the safeguards may include securing additional legal agreements to protect your information. You can obtain a copy of these agreements by contacting us using the details in the ‘Contact Us’ section below.
How long will you keep my personal data?
We will keep your information for as long as is necessary for us to fulfil the purposes that we describe in this policy. As a general rule, however, we will keep the personal data we process for the duration of your membership with the Programme.
If you do not earn or redeem Points for a period of 12 months we may, in accordance with the Collector Rules, deem you to be inactive and suspend or close your account. Your personal data will be kept and securely stored for a further period of 12 months after you are deemed to be inactive, following which we will ensure that your personal data is no longer retained.
If you would like to request deletion of your personal data, please see the ‘Your choices and rights’ section below.
Your choices and rights
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal data we process.
Note that some of the choices or changes you make may impact our ability to maintain your account or provide you with Points or Rewards (for which you can exchange Points collected), and your account may need to be closed. We will notify you if such action is necessary.
Accessing or rectifying your personal data
You can use the Account section of our website or app to:
- access and update the contact and personal details we hold about you
- view your Points statement and Programme account transaction history
To request a copy of the personal data we hold about you, or to correct inaccurate personal data that you cannot change using our website or app, please contact the Privacy Team using the details in the Contact Us section.
Deletion
To request that we delete the personal data we hold about you, please contact the Privacy Team using the details in the Contact Us section.
Object, Restrict, Withdraw Consent and Port
You can use the Account section of our website or app to:
- Opt-out of receiving marketing communications to your device and/or by telephone including calls to your mobile or other number, SMS, and email from us
- Opt-out of receiving postal marketing communications from us, Nectar Partners and Brands
- Opt-out of your personal data being used to tailor the Digital Advertising you receive on our Digital Advertising page (https://www.nectar.com/digital-advertising)
- Change your cookie preferences
- In most cases, manage the Nectar Partners your Nectar account is linked to
To ask that we restrict, or to object to, the processing of your personal data in ways not listed above or to exercise your right to Data Portability, please contact the Privacy Team using the details in the Contact Us section.
Where we rely on consent as the legal basis on which we process your personal data, you may withdraw that consent at any time. To do so, please contact the Privacy Team. Please note that withdrawing your consent does not impact the lawfulness of our prior processing of your personal data based on that consent.
Contact Us
We are Nectar 360 Limited, a company registered in England under number 4224736. Our registered office is at 33 Holborn, London, EC1N 2HT. We are the Data Controller. We are owned by the Sainsbury’s Group.
If you would like to exercise one of your rights as set out in the “Your choices and rights” section above, or you have a question or a complaint about this policy, or the way your personal data is processed, please contact us by one of the following means:
By email: privacy@sainsburys.co.uk
By post: Nectar Data Protection Officer at Privacy Team, Sainsbury's Supermarkets Ltd, 17th Floor, Arndale House, Manchester, M4 3AL
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to ico.org.uk to find out more.
Last updated: 8 March 2022