Privacy Policy
toyou – Privacy Notice
Our Promise
Asda is all about you – our customers and colleagues, our suppliers and our business partners – so we truly value our relationship with you and the trust you place in us. Respect for the Individual is at the heart of all we do, so we do take our responsibilities to each one of you, regarding your Privacy and Personal Information, very seriously.
This notice outlines how Asda handles your Personal Information depending on the way in which you may be using the toyou (Connect) services. This can be in one of two ways:
-
We are providing a collection service to you on behalf of a third party from whom you have ordered goods (“Third Party Goods Collection Service”). or
-
We are delivering goods to you, or providing a collection service for goods, which you have purchased from one of the ASDA websites ("Asda toyou”)
Read this notice in conjunction with Asda’s Privacy Notice.
Third Party Goods Collection Service
What is Personal Information?
Personal Information (also known as personal data) is any information that identifies someone and any information that relates to that identified person. For example, if you have an Asda online account, your name and email address are information that identifies you, and your orders are information that relate to you.
Who is the Controller of your Personal Information?
If you are using the toyou service to collect goods you have bought from a third party, that third party is responsible for how your Personal Information is handled. We would strongly recommend that you visit that third party’s website and read their privacy policy to understand how they use your Personal Information. In these instances, Asda is acting as a processor for these third parties and will only handle information in line with their instructions.
Where you engage with Asda directly, for example if you contact the Asda Contact Centre regarding your toyou experience then in those limited instances the Controller of any Personal Information shared is Asda Stores Limited (with registered address at Asda House, Great Wilson Street, Leeds, LS11 5AD). Contact Us for details on how to contact our Data Protection Officer if you have any questions or concerns about our handling of your Personal Information, or if you wish to make a complaint
Processing Purpose | Categories of data | Legal Basis for Processing |
---|---|---|
To process your order, inform you of the order status and manage the collection of your order. | * Name * Contact Information – such as telephone number, address or email. * Order information & collection location | * Necessary for performance of the contract between you and the third party you have ordered from. |
To manage the collection of your parcel through mobile check in | * You may choose to use our mobile check in service, where we use the location services from your mobile phone to confirm you are at the store ready to collect. | If you choose to use this service we do so on the basis of your consent. |
To provide customer service and listen to your feedback on the service you’ve received | * Responses to customer satisfaction surveys * Name * Contact Information – such as telephone number, address or email. * Order information & collection location | * To meet our legitimate interests to run our business effectively by understanding how you are using our services and how to better apply the feedback provided to us |
Where you have specifically given us your permission, the law calls it consent. Where we need your consent to use your Personal Information for a particular purpose, we must be able to show that the consent is:
-
Specific – we have to tell you exactly what activity your consent covers.
-
Informed – we have to provide you with clear details of what you are consenting to.
-
Freely-given – you must have a genuine choice; for example, we couldn’t say “by registering for Asda Free Wi-Fi, you consent to us sending you marketing emails” because that would prevent you from using the Wi-Fi service if you chose not to consent to marketing emails.
-
Unambiguous – this means that you must have clearly indicated your wishes by confirming your agreement to a statement (e.g. by ticking a box) or taking some positive action to show that you intended to give your consent.
Where we rely on legitimate interests, we have carefully assessed our legitimate business interests and the potential impact on you to ensure that your Privacy and rights are protected. If you would like to understand more about how we have assessed our legitimate business interests, please get in touch via the Contact Us page.
Where do we collect your Personal Information from?
We collect most Personal Information about you from the Third Party who you have ordered from, or directly from you if you give us feedback. If you choose to use location services, we collect this information from your mobile device.
We do not buy or sell your Personal Information.
Who do we share it with?
We have controls to limit access to your Personal Information to:
-
Individual colleagues who need it to do their job, such as processing your online orders or dealing with enquiries and complaints;
-
Select business partners and third parties, including our parent company Walmart Inc., who need it to provide services to us, such as delivering your orders, maintaining our computer systems or running marketing campaigns. For example vendors such as:
-
Mobile App platforms, such as IOS and Android who host our toyou applications and websites
-
Technology providers, such as those who host some of our technology platforms or provide software to allow us to manage your accounts;
-
If requested, and where it is required or permitted by law, we may provide Personal Information to:
-
Official bodies, such as government agencies, local authorities, regulators and the police, who are authorised to request Personal Information where it is necessary for their lawful purposes;
-
Asda’s advisers, including lawyers, insurers, accountants and auditors;
-
Other organisations such as law firms or insurance companies acting on behalf of individuals, who may request CCTV or other evidence containing Personal Information, to support a claim in relation to an incident or accident involving their client at an Asda site.
If you would like to understand more detail about which trusted third parties we may share your Personal Information with, please get in touch with us using the Contact Us page
Where is your Personal Information kept, processed and accessed from?
Some of our computer systems, including our websites, are operated by our parent company Walmart Inc. in the United States or by other companies contracted to provide services to Asda that operate in countries outside the UK or EU. So some of your Personal Information is stored and processed overseas, in the following countries: United States of America (USA).
Because the law in some of these countries does not provide the same level of protection as UK and EU law, we put in place data transfer agreements (which are considered appropriate safeguards) with Walmart and each company that processes Personal Information outside of the UK.
These agreements require that, wherever your Personal Information is held, it is protected to the same high standard as required by law in the UK. If you’d like to know more about our Data Transfer Agreements, Contact Us
How long will we keep your Personal Information for?
Unless otherwise stated, we will keep your Personal Information for three years then we will securely delete it. We do need to keep some anonymous information for longer than this, such as customers’ shopping habits and buying patterns, so we can analyse it to identify trends and changes in activity and buying habits. We remove all names, contact details and any other information that identify individual customers, so it’s all just anonymous numbers and data.
How do we protect and secure your Personal Information?
We use security measures, including physical, administrative, and technical safeguards to protect the confidentiality of your Personal Information. These measures include encryption, security certificates, access controls, information security technologies, policies, procedures and other information security measures to help protect your Information.
When designing or implementing new computer systems and processes we look at ways to identify and mitigate potential security risks and then monitor and test our security systems to help protect your Personal Information. Where possible, we also try to anonymise information so that individuals can’t be identified from it. An example of this is what we call Customer Insight. We analyse data about our customers’ shopping patterns & habits and use this to help us improve our product lines, how we display them, how we lay out our stores and so on. However, we don’t need to know who these customers are, we just need to know information such as how many bought certain products at certain times, or how much the average customer spends each week. So, instead of just putting all of our customers’ information together and analysing it, we first remove the pieces of information that could identify them, such as names, contact details, addresses and so on.
How can I exercise my Privacy Rights?
If you are using the toyou service to collect goods you have bought from a third party, that third party is responsible for how your personal data is used. We would strongly recommend that you visit that third party’s website and read their privacy policy to understand how to exercise your Privacy Rights.
If you want to know more about your Privacy Rights and how to make a Rights Request to Asda, simply contact us by emailing us at [email protected] or in writing at Data Protection, Asda House, Great Wilson Street, Leeds, LS11 5AD. Or find out more about your rights here
toyou Order Fulfilment – Privacy Notice
Our Promise
Asda is all about you – our customers and colleagues, our suppliers and our business partners – so we truly value our relationship with you and the trust you place in us. Respect for the Individual is at the heart of all we do, so we do take our responsibilities to each one of you, regarding your Privacy and Personal Information, very seriously.
This notice applies to shopping online with Asda on our Asda Groceries, George.com & Asda Food Boxes websites or by downloading and using the Asda and George Apps. Read this notice in conjunction with Asda’s Privacy Notice at https://www.asda.com/privacy
What is Personal Information?
Personal Information (also known as personal data) is any information that identifies someone and any information that relates to that identified person. For example, if you have an Asda online account, your name and email address are information that identifies you, and your orders are information that relate to you.
Who is the Controller of your Personal Information?
The Controller of your Personal Information is Asda Stores Limited (with registered address at Asda House, Great Wilson Street, Leeds, LS11 5AD) unless we tell you otherwise. Contact Us for details on how to contact our Data Protection Officer if you have any questions or concerns about our handling of your Personal Information, or if you wish to make a complaint
What Personal Information do we collect about you and how do we use it?
Processing Purpose | Categories of data | Legal Basis for Processing |
---|---|---|
To manage your account and enable you to make orders | * Name * Contact Information * Delivery pass information | * Necessary for performance of the contract between you and us. * Necessary for compliance with our legal obligations. |
To process payment for your orders | * Payment card information | Necessary for performance of the contract between you and us. |
To confirm you are eligible to purchase some age restricted items | * Date of Birth | * Necessary for compliance with our legal obligations |
To process and deliver your order and provide you with information relating to your order, including updates and customer service | * Name * Contact Information * Order History & Favourites | Necessary for performance of the contract between you and us. |
Monitor for fraudulent or suspicious activity on your account to keep your account safe | * Name * Contact Information * Order History * Payment card information | To meet our legitimate interests to run our business effectively by identifying and preventing fraudulent activity. |
To provide you with information about click and collect points, and to present you with availability information relevant to your local store. availability information | * Location information provided by your mobile device | Your consent |
Understand and publish customer reviews of products, submitted to help other customers make considered purchases | * Your opinions – where you have chosen to share these through a survey invitation | To meet our legitimate business interests by using customer feedback to improve our product range and allowing customers to make considered purchases by reviewing the opinions of other customers. |
To understand your shopping experience | * Transaction and order information | To meet our legitimate business interests by giving us a better understanding of our customers, how to best meet your expectations and where we can improve |
Where you have specifically given us your permission, the law calls it consent. Where we need your consent to use your Personal Information for a particular purpose, we must be able to show that the consent is:
-
Specific –we have to tell you exactly what activity your consent covers.
-
Informed –we have to provide you with clear details of what you are consenting to.
-
Freely-given –you must have a genuine choice; for example, we couldn’t say “by registering for Asda Free Wi-Fi, you consent to us sending you marketing emails” because that would prevent you from using the Wi-Fi service if you chose not to consent to marketing emails.
-
Unambiguous –this means that you must have clearly indicated your wishes by confirming your agreement to a statement (e.g. by ticking a box) or taking some positive action to show that you intended to give your consent.
Where we rely on legitimate interests, we have carefully assessed our legitimate business interests and the potential impact on you to ensure that your Privacy and rights are protected. If you would like to understand more about how we have assessed our legitimate business interests, please get in touch via the Contact Us page.
Where do we collect your Personal Information from?
We collect most Personal Information directly from you, for example when you register with us online, purchase products from us, or get in touch with us, We collect some Personal Information through observation, for example how you have used our websites or Apps.We do not buy or sell your Personal Information.
Who do we share it with?
We have controls to limit access to your Personal Information to:
-
Individual colleagues who need it to do their job, such as processing your online orders or dealing with enquiries and complaints;
-
Select business partners and third parties, including our parent company Walmart Inc., who need it to provide services to us, such as delivering your orders, maintaining our computer systems or running marketing campaigns. For example vendors such as:
-
Mobile App platforms, such as IOS and Android who host our toyou applications and websites
-
Technology providers, such as those who host some of our technology platforms or provide software to allow us to manage your accounts;
-
Delivery or courier services, such as those who deliver some of our products to you
-
If requested, and where it is required or permitted by law, we may provide Personal Information to:
-
Official bodies, such as government agencies, local authorities, regulators and the police, who are authorised to request Personal Information where it is necessary for their lawful purposes;
-
Asda’s advisers, including lawyers, insurers, accountants and auditors;
-
Other organisations such as law firms or insurance companies acting on behalf of individuals, who may request CCTV or other evidence containing Personal Information, to support a claim in relation to an incident or accident involving their client at an Asda site.
If you would like to understand more detail about which trusted third parties we may share your Personal Information with, please get in touch with us using the Contact Us page
Where is your Personal Information kept, processed and accessed from?
Some of our computer systems, including our websites, are operated by our parent company Walmart Inc. in the United States or by other companies contracted to provide services to Asda that operate in countries outside the UK or EU. So some of your Personal Information is stored and processed overseas, in the following countries: United States of America (USA).
Because the law in some of these countries does not provide the same level of protection as UK and EU law, we put in place data transfer agreements (which are considered appropriate safeguards) with Walmart and each company that processes Personal Information outside of the UK.
These agreements require that, wherever your Personal Information is held, it is protected to the same high standard as required by law in the UK. If you’d like to know more about our Data Transfer Agreements, Contact Us
How long will we keep your Personal Information for?
Unless otherwise stated, we will keep your Personal Information for three years then we will securely delete it. We do need to keep some anonymous information for longer than this, such as customers’ shopping habits and buying patterns, so we can analyse it to identify trends and changes in activity and buying habits. We remove all names, contact details and any other information that identify individual customers, so it’s all just anonymous numbers and data.
How do we protect and secure your Personal Information?
We use security measures, including physical, administrative, and technical safeguards to protect the confidentiality of your Personal Information. These measures include encryption, security certificates, access controls, information security technologies, policies, procedures and other information security measures to help protect your Information.
When designing or implementing new computer systems and processes we look at ways to identify and mitigate potential security risks and then monitor and test our security systems to help protect your Personal Information. Where possible, we also try to anonymise information so that individuals can’t be identified from it. An example of this is what we call Customer Insight. We analyse data about our customers’ shopping patterns & habits and use this to help us improve our product lines, how we display them, how we lay out our stores and so on. However, we don’t need to know who these customers are, we just need to know information such as how many bought certain products at certain times, or how much the average customer spends each week. So, instead of just putting all of our customers’ information together and analysing it, we first remove the pieces of information that could identify them, such as names, contact details, addresses and so on.
How can I exercise my Privacy Rights?
If you are using the toyou service to collect goods you have bought from a third party, that third party is responsible for how your personal data is used. We would strongly recommend that you visit that third party’s website and read their privacy policy to understand how to exercise your Privacy Rights.
If you want to know more about your Privacy Rights and how to make a Rights Request to Asda, simply contact us by emailing us at [email protected] or in writing at Data Protection, Asda House, Great Wilson Street, Leeds, LS11 5AD. Or find out more about your rights here
Cookies
Just like other websites, our sites use cookies and similar technologies such as web beacons, pixel tags, and flash objects. These allow our websites to work correctly, and help us understand web traffic and how our sites are used so we can improve visitors experience, personalise services and tailor ads.
What is a cookie?
A cookie is a small text file that may be placed on your device when you visit our sites. When you next visit our websites, the cookie allows us to distinguish your device from other users’ devices.
Why do we use cookies?
-
To allow our websites to work and help keep them safe and secure e.g. to load images and to allow you to log in securely.
-
To improve the performance of our websites by helping us analyse how they are used and understand which parts work well, and which don't.
-
To improve visitors experience on our websites, for example we use cookies to remember the products you’ve put in your basket, make personalised recommendations and to personalise your experience.
-
To deliver relevant online advertising to visitors on our websites and third party websites. These cookies are placed by us and selected third parties and enable advertisements to be presented on our and third party websites.
-
To understand how effective our online advertising communications are.
What cookies do we use?
Depending on who owns the cookie, they are classified as:
-
First-party cookies: These are created by the website (domain) you are visiting.
-
Third-party cookies: These are created by domains other than the one you are visiting. They allow tracking across different sites to help deliver services, and also to retarget and show ads to you.
Depending on the lifespan of the cookie, they are classified as:
-
Persistent cookies: Persistent cookies remain on your device over a longer period of time defined by the owner of the cookie and are deleted manually or automatically afterwards.
-
Session cookies: Session cookies remain on your device only until you close your browser, then they are automatically deleted.
Depending on the purpose of the cookie, they are classified as:
-
Essential cookies: Essential cookies are technical cookies that are required for the operation of our websites. Without these our sites can’t operate properly. Examples include, cookies that enable you to log into secure areas, allow images to load, and orders to be processed.
-
Experience cookies: Experience cookies allow our websites to:
-
Recognize and count the number of visitors, and to see how they move through the website. This helps us to better understand and improve the way our sites work.
-
Remember the choices you make, providing you with better and more personalized features. For example, to compare the choices you make to those of our other visitors so that we can learn from those choices and provide enhanced, more personalized features to you, such as product recommendations.
Experience cookies cannot track your browsing activity when you leave our websites to browse other websites.
-
-
Advertising cookies: Advertising cookies record your visits to our websites, the pages you have visited and the links you have followed. We use this information to:
-
Help make the advertising displayed on our websites and certain third party websites more relevant to your interests.
-
Limit the number of times that you see an ad.
-
Help measure the effectiveness of an advertising campaign.
-
If you would like to find out more about the specific cookies we use, please use the Contact Us tab above to let us know.
Your right to refuse cookies and what happens if you refuse them
When visiting the toyou website for the first time on a device you will see a cookies banner explaining that we use cookies, why we use them and providing a link to this document.
You can also control cookies by activating relevant settings on your browser. Please see below for more information on browser controls.
Please be aware that if you turn cookies off you may not be able to access all or parts of our sites.
Browser controls
You can use your web browser to:
-
delete all cookies;
-
block all cookies;
-
allow all cookies;
-
block ‘third-party’ cookies;
-
clear all cookies when you close the browser;
-
open a ‘private browsing’ / ‘incognito’ session, which allows you to browse the web without recording your browsing history or storing local data such as cookies (you should however be aware of the limitations of this feature in a privacy context); and
-
install add-ons and plugins that extend browser functionality.
You can use the links below to find out how to use your browser to control cookies:
-
Safari cookies information – mobile devices and desktops
Your choice to refuse cookies is specific to both the browser and the device that you are using. So, if you make a choice to opt out from one device and you want your opt-out to apply to a different device as well, you will have to opt out from that device too.
Other controls
In relation to third party advertising cookies, third parties can participate in one of the following self-regulatory programs for online behavioural advertising, which gives users opt-outs:
If you don’t want your personal information to be used to allow third parties (e.g. Google, Facebook) to display ads or to personalise ads displayed to you, you can change your settings by using the tools provided by their sites or through one of the above self-regulatory programmes, if they participate in them.
You can also find more detailed about how you can manage cookies at the All About Cookies and Your Online Choices websites.
If you have any questions about our use of cookies, please contact us via the Contact Us page.