Musgrave Group is committed to respecting your privacy and complying with data protection legislation. We would like our customers to read the following notice which explains your privacy rights and sets out how we, as a Data Controller, collect, use, process and disclose Personal Data relating to you and your interactions with us.
This notice should be read in conjunction with our Terms & Conditions and our Cookie Policy.
Terms defined in the Terms & Conditions have the same meaning unless expressly stated otherwise.
Additional conditions may apply to specific services or offers which we offer from time to time.
By accessing, browsing or otherwise using our websites and services, you confirm that you have read, understood and agree to this privacy notice in its entirety.
WHO ARE WE?
When we talk about “Musgrave”, or “we,” “us,” or “our,” in this privacy notice, we are talking about Musgrave Limited of Musgrave House, Ballycurreen, Airport Road, Cork, T12 TN99 in the Republic of Ireland trading as Musgrave Retail Partners Ireland, Musgrave Wholesale Partners, Musgrave MarketPlace and/or Musgrave Foodservices; in Northern Ireland we are talking about Musgrave SuperValu Centra NI Ltd trading as Musgrave Northern Ireland and/or Musgrave Distribution Ltd trading as Musgrave Marketplace and/or Musgrave Foodservices of Belfast Harbour Estate,1-19 Dargan Drive, Belfast BT3 9JG, in each case this includes a reference to the relevant subsidiaries, affiliates and their respective parent and subsidiary companies of those companies (“Musgrave Group”). We share your information within the Musgrave Group and with certain third parties as set out below to help us provide our services, comply with regulatory and legal requirements, and improve our products. Our main businesses include:
* MACE is part of the Musgrave group in Northern Ireland only
For the purpose of data protection legislation, we are the Data Controller of your Personal Data. In addition, where you provided Personal Data to a local store owner, the owner of the local store to which you supplied that data is also a data controller of your Information.
Our data protection officer may be contacted by emailing dpo@musgrave.ie
- Personal Data we may collect about you
Personal Data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect and process any type of Personal Data you provide to us in the course of your interactions with us. You may have provided some of your Personal Data directly to us such as when you visited our website by volunteering Personal Data when subscribing to email alerts or by using our online feedback or other forms. We may also receive Personal Data about you from various third parties and public sources such as Social Media. This data may be collected by, or shared with, our trusted 3rd parties who manage some of these services on our behalf.
Personal Data we collect varies based on the services you use and includes, but is not limited to:
- Personal Details: Name, Title, Gender, Date of Birth/Age,
- Contact Details: Billing and Delivery Address, Email Address, Phone Number
- Identification Details: Passport, Drivers Licence (where provided by you)
- Contact Preferences: Mail, SMS, Email
- Account Details: Account/Loyalty Number, Username, Password, Local Store
- Transaction Details: online or instore
- Financial and credit card information
- Interactions with our Customer Contact Centres: Calls/Queries/complaint Records
- Your survey & competition responses
- Cookie information – as per our Cookie Policy
- Device information – Technical information, including but not limited to the type of mobile device you use, a unique device identifier (for example, IP address, your Device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device), our Application data, mobile network information, your mobile operating system, the type of mobile browser you use or time zone settings;
- Details of your use of any of our Services or Sites including, but not limited to, traffic data, location data, weblogs and other communication data.
- We may also use GPS technology or other similar positioning technology to determine your current location. Some of our location-enabled Services require your Personal Data for the feature to work. You can withdraw your consent to providing your location data at any time by turning off location services for the app in the settings of your device.
- Your images or your car number plate on CCTV where you visit our premises or the premises of a store owner
and other Personal Data provided by you that is relevant to the provision of our services including our analysis of the data referred to above.
If you do not provide us with your Personal Data, we may not be able to provide you with certain services or respond to any questions or requests you submit to us via our website.
We collect Personal Data from you, when you:
- Purchase products, services or vouchers through our websites (including when these are accessed from mobile devices) over the phone, store kiosks and/or in-store till points
- Register an account with us
- Interact with our Loyalty Program and associated services
- Subscribe to newsletters, advertising, alerts or other services from us
- Submit reviews or choose to complete surveys we have sent you
- Engage with us via social media
- Register or use our in-store WIFI (in any of our stores)
- Enter our competitions, prize draws, surveys, questionnaires or promotions
- Use our customer services team or contact us for any reason, e.g. order queries, complaints, website issues via our web-chat facility, phone, email and postal correspondence
- Complete a form, such as for a transaction or employment purpose or for accident or incidents in stores or for other health and safety or security purposes, or to attend an event we’ve organised
- Visit our locations or car parks which usually have CCTV systems operated for the safety and security of both customers and colleagues
- Browse our websites
Personal Data that we collect from Third Parties:
If you link your Google, Facebook or Twitter accounts or any accounts from other third party services (like shopping research panels or public forums such as blogging sites) to us, then we may also receive information from those accounts in accordance with applicable law and the terms of use of the third party’s services.
We work with third parties in relation to the provision of services to you (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Personal Data of Children:
Although visitors of all ages may navigate through our websites and services, we do not intentionally collect Personal Data from those under the age of 16, unless we are making it clear that this is what we are doing. We will always seek permission from relevant guardian. We store any data received for the specific purpose and will not further process or include for communications or marketing.
- How we use Personal Data we collect
All Personal Data will be processed fairly and in keeping with the purposes for which it was obtained.
We will only process your Personal Data where we have a lawful purpose to do so, for example:
- To enter into or perform our contract with you in relation to your use of our websites, provision of goods and services, to provide you with an account and for the benefits of our Loyalty scheme or shopping online;
- In line with our legitimate interests to provide services and products to you, to provide our websites to you, to personalise services, to improve and monitor business efficiency, to communicate with you and to respond to any queries or requests you may submit to us;
- Where you have given us your consent to do so, such as sending you rewards, exclusives and promotional material that you consent to receiving;
- Where it is necessary to comply with our legal obligations; and
- Where necessary for us to establish, investigate, exercise or defend a legal claim to which you are a party.
The below table includes the main purposes for which we process your personal data as well as the appropriate lawful basis. We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Purpose(s) for Processing | Legal Basis for Processing |
To register you as a new user, maintain your account, verify your identity, and process renewals or amendments to terms;To provide you with products and services;To notify you about changes to our Privacy Notice;To process job applications. | The processing is necessary to perform a contract or enter into a contract with you |
To carry out any activities or disclosures to comply withany regulatory, government or legal obligations;To prevent, detect and investigate potential fraud, money laundering or other offences;To investigate improper use of the Services;To carry out activities necessary to the running of our business, including testing, network monitoring, staff training, quality control and any legal proceedings;To exercise our right to defend, respond or conduct legal proceedings;To achieve any other lawful purpose, including the sharing with third parties where you have given any consent required by law to such use. | The processing is necessary for us to comply with legal and regulatory obligations |
To inform you of our promotions; To contact you regarding the services provided by us;To keep you informed about new services, developments, special offers, and discounts or awards which we believe may be of interest to you, or which you may be entitled toTo ask you to complete a Survey or market research;To carry out direct marketing;To send you alerts or newsletters that you have opted-in to receive;To provide you, or permit selected third parties to provide you, with details about events hosted or co-sponsored by us or about events we feel may interest youTo contact clients regarding business opportunities. | Where you have given consent to the processing of your Personal Data – which you may withdraw at any time Where your consent is not required, and you have not objected, the use of the data is necessary for our legitimate interest in managing our business including legal, personnel, administrative and management purposes provided our interests are not overridden by your interests. |
To keep our sites and records updated;To customise your experience on our services, or to serve you specific content that is relevant to you;To carry out analysis of your details, in order develop our relationship with you and/or to develop and personalise the Services;To develop our business and inform our marketing strategy;To request customer feedbackTo provide customer care services;To ensure the safety and security of colleagues and customers and prevention or detection of unlawful acts | The processing is necessary to support our legitimate interests in managing our business, provided such interests are not overridden by your interests and rights |
Banner messages and personalised adverts on other websites
We, and/or 3rd parties we engage on our behalf, may also target banners and ads to you when you are on other websites, apps and social media. We do this using a range of advertising technologies such as ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook, Twitter and Pinterest.
These will be based on information we hold, or your previous use of our services (for example, your search history, and the content you read on our sites) or on banners or ads you have previously clicked on. We do this to serve you ads that we believe you will be most interested in and prevent you from seeing ads that are unlikely to be of interest to you, or for products that aren’t available in your area.
If you don’t want to see these ads, then you can either disable cookies in your browser, or reject cookies from the site you’re visiting. Please see our Cookies Policy for further details.
Automated decision-making
We, and/or 3rd parties we engage on our behalf, may make some decisions about you using your Personal Data which is based on profiling without our staff intervention (known as automated decision making).
You have the right not to be subject to a decision based solely on automated decision making which produces a legal or other similarly significant effect. However, this will not apply if the decision is necessary for a contract, authorised by law, or has your express consent.
In most cases, we use automated decision making in order for you to enter into a contract with us (such as automatic fraud screening), or in ways which won’t have a significant effect on you as an individual (such as our general analysis of data to gain insights into behaviours and characteristics of our customers).
You can request a manual review of the accuracy of an automated decision if you are unhappy with it. Please see the Contact Us section below for details.
- Retention of your Personal Data
We will store your Personal Data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include:
- the length of time we have an ongoing relationship and/or provide our services;
- whether there is a legal requirement to which we are subject; and
- whether the retention is advisable considering our legal position (such as regarding applicable statutes of limitations, litigation or regulatory investigations).
Please see the Contact Us section below if you wish to obtain further information concerning our retention periods.
- Disclosure of your Personal Data
From time to time, we may share information relating to you with third parties in order to provide the Services. This may include the disclosure of information to any company in the Musgrave group or to third party social media companies, in the following manner:
- We may share Personal Data relating to you with third parties engaged by us to provide or administer the Services and/or the Sites and/or the production of any promotional material which is permitted by law to be sent to you
- In the event that we sell or buy any business or assets, in which case we may disclose this information to the seller or buyer of such business or assets;
- If we or substantially all our assets are acquired by a third party, in which case Personal Data (as well as that of other customers) may be one of the transferred assets;
- If we are under a duty to disclose or share information relating to you in order to comply with any legal or regulatory obligation or request;
- Credit reference, fraud-prevention or business-scoring agencies, or other credit scoring agencies; Debt collection agencies or other debt-recovery organisations;
- Third parties for joint promotions with that third party. Third parties shall be responsible for their own compliance with applicable privacy laws;
- We may also disclose Personal Data relating to you to our advertisers in order to provide you with targeted advertisements, including social media and digital advertisers
- We may use and share data relating to groups of customers, to enhance our understanding of customer behaviour and enable us to improve our service or the Services in general.
- Unless you indicate otherwise, to advise you of promotions and other goods and services offered by us and/or our suppliers or programme partners or other trusted partners which may be of use or interest to you or your household; and
- In order to:
- enforce, apply or investigate potential breaches of this Policy and/or any applicable terms relating to the Services; or
- where necessary for our legitimate interest to protect the rights, property or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction, where we are satisfied that it complies with applicable privacy laws.
We may associate any category of information with any other category of information and will treat the combined information as Personal Data (and/or Your Information, as appropriate) in accordance with this Policy for as long as it is combined.
We will not sell your personal data to any third party.
- International Data Transfers
We may transfer and/or store Personal Data related to you to a destination outside the European Economic Area (“EEA”) from time to time. In this context, this Personal Data may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.
Any transfer of Personal Data relating to you to a location outside the EEA is made in accordance with data protection law. Specifically, such transfers to locations that are not in receipt of an adequacy decision are only ever made lawfully by way of the European Commission’s Model Contractual Clauses. More information and a copy of the Model Contractual Clauses are available on the European Commission’s website.
- Personal Data collected by other third parties and links to other sites
We work with certain third parties to provide goods and services, such as eShops, Digital Advertising. These companies may, from time to time, collect Personal Data directly from you to use their services, or for their own marketing and tracking purposes and they may collect this from Personal Data you provided on our websites.
Our websites may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Personal Data to those websites.
If these third parties collect your Personal Data from you, these companies will be acting as Data Controllers in their own right, separately from us. Any use of your Personal Data will therefore be subject to that third party’s own privacy policy which should be made available to you before they collect your Personal Data.
- Your rights
You have several rights in relation to your Personal Data under the General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018 and the UK Data Protection Act 2018 which may be subject to certain limitations and restrictions.
You have the right to request access to and rectification or erasure of your Personal Data, data portability, restriction of processing of your Personal Data, the right to object to processing of your Personal Data where processing is based on consent or our legitimate interests, and the right to lodge a complaint with a supervisory authority. For more information about these rights, please visit the European Commission’s “My Rights” page relating to GDPR, which can be displayed in a number of languages. If you reside outside of the European Union, you may have similar rights under your local laws.
We will respond to any valid requests within one month, unless it is particularly complicated or you have made repeated requests in which case we will inform you of any such extension, together with the reasons for the delay. You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request.
Please be aware that we may need to verify your identity before providing any Personal Data to you. We may need to do this to protect your data. We may also ask you to provide us some additional voluntary information to help us process your request more efficiently.
If you wish to exercise any of these rights, please contact us (see Contact Us below).
- Keeping your Personal Data secure
We are committed to protecting the security of your Personal Data. We use a variety of security technologies and procedures to help protect your Personal Data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available. Where we have given you a password which enables you to access certain parts of our systems or sites, you are responsible for keeping that password confidential. We’ll never ask for your secure personal or account data by an unsolicited means of communication. You are responsible for keeping your personal and account data secure and not sharing it with others.
Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our website. Any transmission of Personal Data is at your own risk. Once we receive your Personal Data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.
- Changes to our Privacy Notice
We reserve the right to change this Privacy Notice from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Notice. However, if we make material changes to this Privacy Notice we will bring this to the attention of the users of the services and sites.
- Contact Us
Questions, comments and requests regarding this Policy are welcomed and should be addressed to our Data Protection Team at Musgrave Group , Musgrave House, Ballycurreen, Airport Road, Cork, T12 TN99 or by email to: dpo@musgrave.ie
Last updated: July 2020