Tesco Personal Finance

We read Tesco Personal Finance's privacy policy so you don't have to.

  • Find out what they do with data about you
  • Contact them if you have a request about that data
Make a data request

Organisation information

Description

Banking and insurance

Registration country

United Kingdom

Registration number

SC173199

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Role

Data Protection Officer

Postal address

The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ

Data categories collected

Organisations must give details about what categories of data are stored and processed.

Tesco Personal Finance's privacy policy says they collect the following categories of data:

  • Bank account details

  • Bank transactions

  • Credit history

  • Device information

Our Observations

Tesco do not provide comprehensive information on the categories of data that they collect, instead choosing to note that they may collect personal data which the user provides.

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This privacy notice does not appear to mention any unusual processing purposes.

Third parties

Organisations must give details about other parties that personal data is shared with.

Tesco Personal Finance's privacy policy says they share data with the following third parties:

List of third parties

  • Anyone you nominate to act on your behalf

  • Claims and Underwriting Exchange (CUE) and other similar organisations

  • Regulatory bodies and authorities

  • Credit reference agencies

  • Fraud and financial crime prevention agencies

  • Tesco Bank's panel of insurers

  • The insurers shown on your policy schedule

  • Service providers (including those who provide funding, debt management, administration, fraud and financial crime detection and professional services)

  • Other lenders or companies (if we are, or are considering, transferring the rights and obligations we have with you)

  • Other pet insurers, if we have invited you to renew your pet insurance with them

  • Tesco Group and Tesco stores in connection with a Clubcard

  • Other Tesco Group companies

  • Market research agencies

How specific is this information?

Third parties are listed as groups

Retention rules

Organisations must give details about how long data is kept.

Summary

Tesco claim to keep personal data for a "reasonable period only".

Once an account is closed, personal data is kept for up to 10 years.

Data about applications which did not result in a customer taking out a product is kept for up to 7 years.

Personal data is also kept for marketing purposes for 3 years after a customer's last activity with Tesco Bank.

Tesco also note that data may be kept longer for the purposes of legal proceedings, legal obligations, or other legitimate business reasons.

How specific is this information?

  • Retention rules are given without mentioning specific categories of data

  • Specific times are given for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

Tesco Personal Finance's privacy policy says they use the following lawful bases to collect and use data:

  • Contract

    "To provide our services to you we will need to use your personal data, and personal data relating to joint applicants, additional cardholders, other insured persons, and anyone else whose personal data is connected with providing a particular product or service."

  • Legal obligation

    "We can only provide our products or services if we can use your personal data in this way. The law says we must ask for certain mandatory information, and make certain checks."

  • Legitimate interests

    These are other uses allowed by law which are necessary to enable us to provide the products and services. These include:
    * detecting and preventing fraud, other forms of financial crime, and other unlawful acts
    * tracing and recovering debt
    * managing and operating our business
    * improving our business

    The law allows us to use your personal data in reasonable ways to help us improve our business. The ways we might use your personal data to improve our business are to:
    * understand customers' needs and requirements
    * develop and test products and services
    * carry out research and analysis on our products and services
    When we use your personal data to improve our business, we always make sure we keep the amount of data we collect and use to an absolute minimum.

Security standards

Organisations must ensure that data is stored and processed securely.

Security standards URL

https://www.tescobank.com/security/how-we-protect-you/

Our Observations

Tesco offers some brief information about how they secure personal data.

How specific is this information?

This organisation provides general details about how they secure data

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

Summary

This organisation uses automated decision making

Our Observations

Tesco note that automated decision making is used for customers with a Tesco Clubcard, to decide what deals and offers to provide customers.

Tesco offer a link to "find out more" about how they monitor their automated decision making, but it appears to only direct users to the "Contact Us" section of the website.

How specific is this information?

The organisation mentions use of automated decision making for specific purposes

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

Summary

This privacy notice contains information about to make a complaint to a data protection regulator

Our Observations

Tesco Bank direct complains about their data handling to their Data Protection Officer in the first instance, and also provide contact details for the ICO.

How specific is this information?

This privacy notice contains specific contact details for a data protection regulator

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Make a data request

You have rights to control data about you. Click on the rights to see why you might want to use each one.

We've also prepared email templates to help you contact Tesco Personal Finance to use the rights.

  • See data they hold about you

    You can ask to see what data Tesco Personal Finance has about you. They usually can’t charge for this, and they must respond to your request within a month.

    Why you might make this request

    You might want a copy of the data about you to understand what data the organisation has collected about you.

    Contact the organisation through their website

    https://www.tescobank.com/assets/sections/help/pdf/Data-Subject-Access-Request-Application-Form.pdf

    You might want to use the template message below to help you know what to say.

    Copy and paste this template into an email and send it to Tesco Personal Finance at

    Copy template to clipboard

  • Change data they hold about you

    You can ask Tesco Personal Finance to change inaccurate or incomplete data about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    If an organisation is using information about you which is incorrect, you can ask them to correct it.

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ

    Use this template message above to help you write a letter to the organisation.

  • Delete data they hold about you

    You can ask that Tesco Personal Finance delete information about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    You might want to delete data about you if, for example, you have stopped using an organisation’s services.

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ

    Use this template message above to help you write a letter to the organisation.

  • Limit how they use data about you

    You can ask that Tesco Personal Finance only store data about you and not use it. They must respond to your request within a month.

    Why you might make this request

    You might want the accuracy of the data to be verified or you might want the organisation to hold on to data so you can make a legal claim against them.

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ

    Use this template message above to help you write a letter to the organisation.

  • Stop their use of data about you

    You can ask Tesco Personal Finance to stop using your data for particular reasons. They must respond to your request within a month.

    Why you might make this request

    You might want to stop the organisation using your data to for direct marketing.

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ

    Use this template message above to help you write a letter to the organisation.

  • Export data they hold about you

    You can ask Tesco Personal Finance to move data about you to another service or provide it in a format that can be used by another service.

    Why you might make this request

    You might want to move your data to another organisation to get a better deal.

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ

    Use this template message above to help you write a letter to the organisation.

  • Challenge an automated decision

    You can ask Tesco Personal Finance to give you information about how they use automated decision making, or ask for a person to review an automated decision.

    Why you might make this request

    You might want to find out about an automated decision if, for example, you were rejected for a bank loan or account.

    Copy template to clipboard

    Contact the organisation by post

    The Data Protection Officer, Tesco Bank, PO BOX 27009, Glasgow, G2 9EZ

    Use this template message above to help you write a letter to the organisation.

Last updated 2019-07-17 at 22:07:09 • Download as JSONAPI documentationView on GitHubView on OpenCorporates