Privacy Policy

Wm Morrison Supermarkets Plc Privacy Policy

Your privacy is extremely important to us so we want you to know exactly what kind of information we collect about you and how we use it.

We’ve set out all the details below.

Please take the time to read and understand this policy. And bear in mind that by using our websites and mobile apps, or contacting us by telephone or providing information to us in our stores or by way of social media, you agree to its terms.

To help you, we’ve included some links to other websites. It’s worth remembering though that other people, not us, control these websites. We’re not responsible for them.

What information do we collect and when?

We only collect information that we know we will genuinely use.

We collect all the information you submit to us and we may collect the following:

How do we use your information?

We use the information we collect in order to carry out the services Morrisons Foundation provides and for the following reasons:

Who do we share your information with?

Some of the services and benefits you receive from us involve other people and organisations from time to time. When we share your information, we want you to know that we only do so in accordance with our legal data protection and privacy obligations and includes

Companies, brands and businesses within our group.

We may also share the information we collect where we are legally obliged to do so, e.g. to comply with a court order.

International transfer of your information

Although we’re based in the UK, we use suppliers from many parts of the world to help ensure you receive the very best in products and services from us.

To allow us to run our business on this basis, the information we collect may on occasion be transferred to, stored and used at premises in other countries including the United States of America.

Naturally, we aim to ensure all our suppliers take information security as seriously as we do.

Even so, information protection laws can vary from country to country.

For instance, the law of the country in which you are resident or domiciled may offer a higher standard of protection than the laws in the UK and/or the other countries in which we store and use the information we collect. Any transfer of information we make to other countries could result in that information being available to their government and other authorities in those countries under their laws.

Security of your information

A lot of the information we receive reaches us electronically, originating from your device and then transmitted by your relevant telecoms network provider.

Where it’s within our control, we put measures in place to ensure this ‘in flight’ data is as secure as it possibly can be.

And once it arrives, you can be sure we take the security of your information very seriously.

We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores.

In particular, we follow the internationally recognised security standard ISO 27001, as well as the Payment Card Industry’s Data Security standards (PCI-DSS).

Plus, we use secure means to communicate with you where appropriate, such as ‘https’ and other security and encryption protocols.

How long do we keep your information?

To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need them for the purposes we acquired them in the first place (as set out above).

In most cases, this means we will keep your information for as long as you continue to shop with us or use our services, and for a period time afterwards if you stop doing so, to see if we can persuade you to come back to us.

After that we will either delete it or anonymise it so that it cannot be linked back to you.

Managing your information

To reduce the chances of an error or misunderstanding, we need to keep the information we gather about you accurate and up-to-date.

But whilst we work very hard to make sure mistakes don’t happen, we need your help, too.

If you have reason to believe any of the information we collect on you may be inaccurate, and you are unable to put it right yourself through your online accounts with us, please contact us (see below for how to do this).

You are perfectly within your rights to ask us whether we hold information about you and if so, for us to give you certain details about that information and/or the information itself. This right is commonly known as a ‘subject access request’. Certain exemptions and conditions apply to this right, principally that it should be in writing and that you give us reasonable details about the information you want.

Depending on your country of residence or domicile, you may have additional or different rights to those set out above concerning the information we collect from you and your devices. We will, of course, honour all such legal rights if we are bound by them.

We reserve the right to charge you a small administration fee to meet our costs in honouring your legal rights, where permitted by the relevant law.

We also reserve the right not to comply with any enquiries or requests we receive about the information we collect, where we may lawfully do so. For example, if we have reason to believe that a request is malicious, technically impossible, involves disproportionate effort or could be harmful to others.

If you have any worries or complaints about the way we use your information, please don’t hesitate to get in touch with us. We’ll do our very best to set your mind at rest or put things right. And if, for whatever reason, you feel we’re not meeting the exceptionally high standards we expect of ourselves, you’re within your rights to take your grievance to the UK Information Commissioner’s Office (ICO). Please see the section ‘Where to go if you want more information about your privacy rights’ for further details.

Updates to this privacy policy

We review the ways we use your information regularly. And in doing so, we may change what kind of information we collect, how we store it, who we share it with and how we act on it.

Consequently, we will need to change this privacy policy from time to time to keep it accurate and up-to-date.

Whenever we change this policy, rest assured we will make every effort to tell you. That way, you can check to see if you’re still happy. And if, following any changes, you continue to use our websites and mobile apps, contact us by telephone or otherwise provide information to us (through our stores or social media, for example) we will assume that you agree to those changes.

About us

The Morrisons Foundation is a registered charity No 1160224. Its website if operated on its behalf by Wm Morrison Supermarkets Plc a public limited company incorporated in England and Wales, registered company number is 358949 and the ‘data controller’ of the information you provide us with. This term is a legal phrase used to describe the person or entity that controls the way information is used and processed.

We are registered under the Data Protection Act 1998 with the Information Commissioner’s Office in the UK. Our registration number is Z5225696.

Where to go if you want more information about your privacy rights

You can make a complaint to the Information Commissioner’s Office (ICO) at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

Contact us

You’re welcome to get in touch with us to discuss your information at any time.

You can contact us via the contact us section of the website.