We understand that the privacy and the security of your personal information is extremely important. This notice sets out what we do with your personal information, what we do to keep it secure, from where and how we collect it, as well as your rights in relation to the personal information we hold about you.
If you don’t want to read all the detail, here are the things we think you’d really want to know:
• Your personal information is, where appropriate, shared within the Sainsbury’s Group.
• We do use a number of third parties to process your personal information on our behalf and some of them are based outside of the United Kingdom.
• You have a number of rights over your personal information. How you can exercise these rights is set out in this notice.
Who are we?
When we say 'we' or 'us' in this policy, we're referring to the separate and distinct legal entities that make up the Sainsbury's Group from time to time.
What sorts of personal information do we hold?
Information that you provide to us when you apply for a job such as your name, address, phone number, date of birth, identity card number, marital status, referees, NI number, health, sexual orientation and diversity information, employment history and qualifications;
Information from other sources such as fraud checks, Disclosure Barring Service (DBS) checks, Drugs and alcohol testing for Logistics
Your account login details, including your user name and chosen password;
Your contact details and details of the emails and other communications you receive from us.
It is your responsibility to ensure that the information you provide is truthful and accurate.
Our legal basis for processing your personal information
Whenever we process your personal information we have to have something called a “legal basis” for what we do. The different legal bases we rely on are:
• Consent: You have told us you are happy for us to process your personal information for a specific purpose;
• Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
• Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services;
• Vital interests: The processing of your personal information is necessary to protect you or someone else’s life;
• Legal obligation: We are required to process your personal information by law.
When we process special categories of personal data (such as data revealing ethnic origin or sexual orientation) we also do so on the basis of:
• Your explicit consent;
• It being necessary for the purposes of carrying out or exercising our rights or your rights in the field of employment law;
• A reason of substantial public interest.
For more information please see the Special Category Data section of this policy.
How do we use your personal information?
We may use your information in the following ways:
• Your application – we need to use your personal information so we can to process your application for a job.
• Other jobs – we may use your information to consider you for alternative positions which you may be a match for if you’ve agreed to us retaining your record for this purpose.
• Legal obligations – we use your personal information to comply with any legal obligations that we have.
• Analytics and profiling – we use your personal information for statistical analysis and to help us understand more about the people who apply for jobs with us.
• Contacting you – we use your personal information to contact you in connection with your application.
• Personnel record – if your application is successful then we use your personal information to create your personnel record.
• Referees – we use the information you provided to contact your referees to obtain references if you are successful in your application.
• Pre-employment checks – for certain roles we conduct pre-employment but we do not conduct these unless you have been offered a role.
• Equality, diversity & inclusion – please see the Special Category Data section below.
Special Category Data
Special category personal data is personal data that is likely to be more sensitive and needs extra protection. It includes personal data revealing race or ethnic origin and data concerning a person’s sexual orientation. We collect this data initially so we are able to report on the diversity of our applicants and for validating the fairness of our recruitment process. You always have the choice not to provide this information and it will be held separately from your application form.
If you are successful in joining Sainsbury’s, then any special category data you provide us with during recruitment will be transferred into your colleague record but will remain segregated. You will be able to log-in on your first day, or at any time, and check this information and change any of your answers. We will use this data to ensure equality of opportunity and treatment during your employment with us and for the purposes of promoting or maintaining racial and ethnic diversity at senior levels in our business.
Cookies and similar technologies
Who might we share your personal information with?
The Sainsbury’s Group – where appropriate we will share your personal information in certain circumstances with the other companies within the Sainsbury’s Group
Our service providers – we work with suppliers to help us recruit successfully. These third parties process your personal information on our behalf and are required to meet our standards of security before doing so. These third parties include third party vendors who help us to manage and maintain the Group IT infrastructure.
Other organisations and individuals – we may share your personal information in certain scenarios. For example:
• If we are required to by law, under any code of practice by which we are bound or where we are asked to do so by a public or regulatory authority
• If we need to do so in order to exercise or protect our legal rights, users, systems and services; or
• In response to requests from individuals (or their representatives) seeking to protect their rights or the rights of others. We will only share your personal information in response to requests which do not override your privacy interests.
International transfers of personal information
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.
• the right to access a copy of the personal information we hold about you;
• the right to correction of inaccurate personal information we hold about you;
• the right to restrict our use of your personal information;
• the right to be forgotten;
• the right of data portability; and
• the right to object to our use of your personal information.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below. Please note that we will need to verify your identity before we can fulfil any of your rights under data protection law. This helps us to protect the personal information belonging to our customer against fraudulent requests.
Automated decision making and profiling
We use automated decision making, in certain circumstances, such as when it is in our legitimate interests to do so, or where we have a right to do so because it is necessary for us to enter into, and perform, a contract with you.
You have the right not to be subject to a decision based solely on automated processing, which has legal effects for you or affects you in any other significant way.
If you are seeking to exercise this right, please contact us using the details in the “Contact Us” section below.
How long will we keep your personal information for?
We take protecting your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:
• We limit physical access to our buildings and user access to our systems to only those that we believe are entitled to be there;
• We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems & data;
• Systems are proactively monitored through a “detect and respond” information security function;
• We utilize industry “good practice” standards to support the maintenance of a robust information security management system; and
• We enforce a “need to know” policy, for access to any data or systems.
• We will never contact our candidates requesting confirmation of account details or passwords and we advise our candidates never to enter these details into an email or after following a link from an email. If you are contacted by our recruitment team they will confirm your name and the role that you have applied for. Contact would be either by telephone, text or email using the contact numbers or email address supplied by you in your application.
If you would like to exercise one of your rights as set out in the “Your rights” or “Automated decision making and profiling” sections above, or you have a question or a complaint about this policy, or the way your personal information is processed, please contact us by one of the following means:
If your enquiry relates to Sainsbury’s Supermarkets, Argos, Habitat or Tu:
By email: firstname.lastname@example.org
By post: Data Protection Officer at Privacy Team, Sainsbury’s Supermarkets Ltd, 17th Floor, Arndale House, Manchester, M4 3AL
Or if your enquiry relates to Sainsbury’s Bank or Argos financial services:
By email: Privacy.Bank@sainsburysbank.co.uk
By post: Data Protection Officer, Sainsbury’s Bank, 3 Lochside Avenue, Edinburgh Park, Edinburgh EH12 9DJ
Or if your enquiry relates to Sainsbury’s Argos Asia Limited:
By post: Data Protection Officer at Sainsbury’s Argos Asia Ltd, Unit 904, 9/F, Tower 2, The Quayside, 77 Hoi Bun Road, Kowloon, Hong Kong
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to ico.org.uk/concerns to find out more.
By clicking 'CONTINUE', you are confirming you have read and understood this privacy statement.