Privacy and Cookies policy

Version 1.6. effective from December 17, 2024

We would like to inform you below, as a company TESCO STORES SR, a.s. processes your personal data, for what purpose and for how long and what are your rights.  This Privacy and Cookies Policy (“policy”) includes information mainly about the processing of personal data when:

  • shopping in our shops,
  • online shopping,
  • using of the Clubcard loyalty program,
  • using our mobile applications,
  • sending news and marketing communications,
  • participating in satisfaction surveys, competitions, or events that we organize.

(collectively „our services").

 

At the same time, we offer services in cooperation with partners who have their own Privacy Policy, with which we recommend that you familiarize yourself in advance.

 

We process your personal data in accordance with the General Data Protection Regulation (2016/679), ("GDPR"), Act No. 18/2018 Coll. on the Protection of Personal Data and on Amendments to Certain Acts and Act No. 452/2021 Coll. on Electronic Communications.

Data controller

Data controller is the company TESCO STORES SR, a.s., Cesta na Senec 2, 821 04 Bratislava, IČO: 31 321 828 (referred to in this Policy as "Tesco").

Back to top  icon_contract

How we protect personal data

To keep your personal data safe, we use computer security such as firewalls and data encryption, and enforce physical controls on access to our buildings and files. We only grant access to employees who absolutely need it to perform their job duties. We regularly train employees on how to process personal data.

  • During transmission, we protect the security of your information by encoding it using a Secure Sockets Layer ("SSL").
  • In connection with the collection, storage and disclosure of personal data, we apply physical, electronic and procedural security. We do not disclose any personal data without identity verification.
  • When confirming your order, we will only reveal the last four numerals of your credit card number.
  • All payment data is encrypted and stored in a safe environment.
  • We follow a strict access management policy, and we further strengthen this by controlling access to sensitive data (such as payment data) through advanced technology.
  • We follow strict security and safety measures to protect personal data and prevent data leak or loss, or any security incident or data breach.
  • We regularly monitor and test our security framework.

 

While we take appropriate technical and organizational measures to secure your personal data, please note that we cannot guarantee the security of the personal data which you voluntarily send us over the Internet.

Back to top  icon_contract

Rights of the data subject

You have the right to:

You have the right to:

 

Right to information and access to personal data 

You shall be entitled to receive confirmation from us as to whether personal data concerning you are being processed, and, if so, to access the personal data and information you require or you find relevant. Under the applicable laws, we provide the information on the processing of your personal data free of charge. We respond to your request in writing within 1 (one) month.

 

Right to rectification 

If the data we process are not correct, we will rectify them at your request without undue delay. You are also entitled to have incomplete data completed, including by means of providing a supplementary statement. 

 

Right to object

You have the right to object to processing of your personal data in certain circumstances and have the right to object to the use of your personal data being used for direct marketing. You can also object if the processing is for our legitimate interests (or those of a third party), however, please be aware that Tesco would be able to continue processing your personal data if we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual.

 

Right to restriction of processing 

Data processing may be restricted if: 

  • you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • Tesco no longer needs your personal data for the purpose of the processing, but you require them for the establishment, exercise or defence of legal claims;
  • you have objected to processing, pending the verification whether the legitimate grounds of Tesco override yours.

 

Right to erasure (“right to be forgotten”)

You have the right that we, as the data controller of your personal data, delete your personal data without undue delay if any of the following reasons exist:

  • processed personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • you withdraw your consent, on the basis of which your personal data were collected according to Article 6(1)(a) GDPR processed, and there is no other legal reason for their processing;
  • you object to the processing of your personal data in accordance with Article 21 (1) or (2) GDPR, while in case of an objection according to Article 21 (1) GDPR, there are no reasons that would authorize Tesco to continue processing your personal data;
  • personal data were processed illegally;
  • personal data must be deleted by Tesco in order to comply with the relevant legal obligation;
  • personal data were collected in connection with the offer of information society services pursuant to Article 8 (1) GDPR.

If we have disclosed your personal data and are now required to delete the personal data, we will take reasonable measures, taking into account the available technology and the costs of implementation, to ensure that third parties who process this personal data are informed that you wish them to delete all references to this personal data, their copies or replicas.

 

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format (e.g. .doc or .pdf) except requested otherwise.

 

What happens and what can you do if we reject your request?

If Tesco rejects your request for correction, restriction, erasure or portability of your personal data, we will inform you in writing within one month of receiving your request, why we could not comply with your request, and we will to inform you about your options for procedural defence, including the possibility of filing a complaint with the supervisory authority.​

You can exercise your rights via the contact details provided below in the “How to contact us” section.

 

What remedies are available to you?

If you find that Tesco is in breach of the provisions of the GDPR when processing your data, you, as the data subject, have the right to lodge a complaint with any supervisory authority for the protection of personal data set up by any EU Member State. In the Slovak Republic, the supervisory authority established in accordance with Article 51 of the GDPR is the Office for Personal Data Protection of the Slovak Republic (hereinafter referred to as the "Office").  Further information can be found on the Office's website: https://dataprotection.gov.sk/uoou/en or you can contact the office at:

 

The Office for Personal Data Protection of the Slovak Republic, Hraničná 12, 820 07 Bratislava 27, Slovak Republic

Tel.: +421/2 32 31 32 14

e-mail: statny.dozor@pdp.gov.sk

 

The Office's website also contains further details on the above-mentioned rights to the protection of personal data.

Back to top  icon_contract

How to contact us

If you have questions about how we process personal data or would like to exercise your rights, please contact us at:

Phone: 0800 222 333

Address:

Legal Department

TESCO STORES SR, a.s.

Cesta na Senec 2, 821 04 Bratislava

Our Data Protection Officer

Our Data Protection Officer can be contacted by e-mail: CE.DPO@tesco.com

Back to top  icon_contract

Tesco Online shopping

SCOPE OF PROCESSED PERSONAL DATA

If you shop online, we process the following data about you:

  • Information about you: name and surname, billing and delivery address,, telephone and e-mail, date of birth;
  • Registration information: login and password, date of registration, Clubcard number;
  • Purchase information: shopping cart, order number, time of purchase, payment method, favourite items based on purchase history and Clubcard number, order history, redeemed coupons and vouchers, Clubcard points earned for the purchase if you are a member, payment card information if you paid by card;
  • Delivery information: information about your satisfaction with the services and products provided, selected time period, selected delivery location when using the Click+Pick up service, assigned operation;
  • Device information: identification of the device from which you ordered the goods, model, operating system, IP address, browser type, or other information obtained through cookies of your choice (more below);
  • Payment information: card data such as PAN number, card type, expiration date, customer name and billing address. As well as customer ‘intent’ to pay now or save for later
  • If you are a member of the Tesco Online Club, we also process the following data about you: application of exclusive discount coupons, transaction data when paying for membership, reserved delivery dates.

We do not process any special category personal data about you , i.e.  sensitive data, e.g. on health status.

 

If you create a Clubcard account, it will be automatically linked to your account for Tesco Online shopping. If you shop online through our Tesco Online shopping mobile application, we process the personal data listed in the section of these rules entitled „Mobile Applications“ in addition to the above-mentioned data, for the purpose specified there. The processing of personal data in connection with claims and complaints about your online purchase is described in more detail in the section „Handling claims and complaints through Customer Support and contact form“.

 

PURPOSE AND LEGAL BASIS

We process the above data for the purpose of:

  • The provision of services and delivery of the goods that you have ordered and the legal title for the processing is Article 6(1)(b) GDPR;
  • We process technical information on the basis of a legitimate interest, i.e. Article 6(1)(f) GDPR, consisting in ensuring technical support for online purchases (ensuring the correct display of the website).  
  • We also process your personal data on the basis of legitimate interest (Article 6(1)(f) GDPR) for the purpose of creating analyses, statistics and market surveys, internal research and development that help us improve your shopping experience (especially by offering your favourite products or services) and also our information technology systems, our range, services and products. Furthermore, we use your pseudonymized data to improve our services and delivery of goods (ensuring sufficient supply, time-consuming hours for delivery of goods, etc.).
  • In order to evaluate your satisfaction with the services and products provided and to regularly evaluate the fulfillment of the contractual obligations of our partners, we may also send you questionnaires regarding your satisfaction with Tesco Online shopping based on our legitimate interest (Article 6(1)(f) GDPR). These questionnaires do not contain marketing communications. Through the designated link in the questionnaire, you have the option to prohibit the sending of further questionnaires for all your future online purchases.
  • If you have given us your consent, we will store and use your payment details for future orders and future payment, in which case the legal basis for the processing is Article 6 (1) a) of the GDPR (i. e. the operation is based on your consent).

 

RETENTION PERIOD

We process your personal data for as long as the account is used, but for a maximum period of 24 months from your last activity. If we process your personal data based on your consent, we keep this data until you withdraw your consent, but no longer than 24 months after your last activity within your account. If you ask us to delete your personal data, your account registration will be cancelled and your personal data will be permanently deleted or anonymized. If your account is not used for at least 2 years, it will be automatically cancelled and personal data will be deleted.

 

DATA PROCESSORS

Tesco shares your personal data primarily with the following processors:

  • TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság , H-2040 Budaörs , Kinizsi út 1-3., adószám , IČO: 10307078-2-44 a
  • Tesco Stores ČR a. s. , Vršovická 1527/68b, 100 00 Praha 10, IČO: 45308314,

which help us with the provision of our services to our customers: e.g. they take care of the support of the IT systems used to operate Tesco Online shopping, and Clubcard. These companies process only data that are necessary for the provision of the service, e.g. to resolve a complaint;

  • TESCO-BST Üzleti es Technology Szolgáltatások Zartkörűen Működő Részvénytársaság , 1138 Budapest , Váci út 187, Hungary, ID: 01 10 140160, which provides Customer Support services to Tesco;
  • dunnhumby Ireland ltd. Floor 3, Building 2, Harbour Square Crofton Road , Dun Laoghaire Co Dublin, Ireland, which processes your purchase information for the purpose of allocating coupons and vouchers, and participates in analyses to improve your shopping experience; DoDo Services Slovakia, s.r.o., IČO:, with registered office at Bancíková 1/A, 821 03 Bratislava, registered incommercial register maintained by the Bratislava III Municipal Court, insert number: 131121/B, which ensures the delivery of Tesco Online purchases for Tesco and for this purpose, it processes your personal data in to the necessary extent.

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not send personal data outside the EU, except for information obtained through third-party cookies located outside the EU to which you have given your consent.

 

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not carry out automated decision-making. Tesco in keeping with market practice does place customers into segments of similar customer types based on their preferences and product interests.

In this context we can, based on analysing customers’ interactions with our products and services, group our customers into broad segments or categories (grouping them with similar customers). Driven by transaction data, these customer groupings are based around lifestyle patterns. Tesco does not process health data or special category data. As a result of these grouping, we can better tailor our offering (Clubcard vouchers and coupons) as well as our range of marketing campaigns (where we hold a marketing permission) likely to be of interest to you. We are also able to measure the effectiveness of this tailoring.

This, in practical terms, means that customers are placed into groups of similar customers who have either purchased the same products or spend similar values in their weekly shop, which is known as a “segment”. These segments are then “hashed” so that personal data is removed, and only pseudonymised identifiers remain. Tesco does not share identifiable personal data and the data that is matched can only be used for contractually agreed purposes.

Purpose and Legal Basis: Tesco uses your personal data, including data related to your previous transactions, to create and deliver tailored offers tailored to your interests and preferences. Further, we measure the effectiveness of this tailoring. This processing of personal data is based on our legitimate interest in enhancing customer satisfaction and optimizing our marketing efforts (Article 6(1)(f) GDPR). We ensure that this legitimate interest does not override your fundamental rights and freedoms. For clarity, this does not produce legal effects or similar concerning you, as the customer.

Scope and Nature of Data: We collect and analyse transaction data as follows:

  • purchase history;
  • spend;
  • frequency and loyalty;
  • location, and;
  • date.

We take your privacy seriously and implement robust measures to protect your data. Alongside the general technical and organizational measures relevant for each type of processing activity, we are taking special considerations to the following in the context of personalised content:

  • Data minimization: We only collect data that is necessary for the purposes outlined above.
  • Anonymization and pseudonymization: Where possible, we anonymize or pseudonymize data to enhance privacy protection.
  • Security measures: We employ advanced security measures, including encryption and access controls, to safeguard your data against unauthorized access and breaches.

You have the right to object to the processing of your personal data for our legitimate interest as referred to above, including tailored offers and coupons. You can exercise this right at any time by contacting us at CE.DPO@tesco.com. Additionally, you have the right to access, rectify, or erase your data, and to restrict or object to processing, as per Articles 15-21 GDPR. For detailed description of your rights as a data subject, please refer to the section “Rights of the data subject”.

Back to top  icon_contract

Clubcard

SCOPE OF PROCESSED PERSONAL DATA

If you have registered in the Clubcard loyalty program, we may process the  following data about you:

  • Information about you: name and surname, billing and delivery address, telephone and e-mail, date of birth, gender, title, international ID number for discount application (e.g. ISIC);
  • Information about registration: login and password, registration date, Clubcard number;
  • Purchase history: whether you bought in-store or online, or information in which store, shopping cart, time of purchase, payment method, redeemed coupons and vouchers (including date of issue, date of use, place of application, value, validity, billing), Clubcard points earned for the purchases, payment card information, if you paid by card;

We do not process any special category personal data about you, i.e.  j.  sensitive data, e.g. on health status.

 

If you open a Tesco Online shopping account, it will be automatically linked to your Clubcard account. In addition to the above data about we may also process your personal data listed in the section entitled „Mobile applications“ if you use the Clubcard application. Processing of personal data in connection with claims and complaints with your Clubcard account is described in more detail in the section Handling claims and complaints through Customer Support and contact form.

 

PURPOSE AND LEGAL BASIS

We process the above data  for the purpose of:

  • Provision of the services of benefits within the Clubcard loyalty system, for which the legal title is processing pursuant to Article 6 (1) (b) GDPR;
  • Monitoring of the use of Clubcard in order to prevent misuse of the card on the basis of our legitimate interest, according to Article 6(1)(f) GDPR
  • We also process your personal data on the basis of legitimate interest (Article 6(1)(f) GDPR) for the purpose of creating analyses, statistics and market surveys, internal research and development that help us improve your shopping experience (especially by offering your favourite products or services) and also our information technology systems, our range, services and products. Furthermore, we use your pseudonymized data to improve our services and delivery of goods (ensuring sufficient supply, time-consuming hours for delivery of goods, etc.).

 

RETENTION PERIOD

We process your personal data for as long as the account is used, but for a maximum period of 24 months from your last activity. If we process your personal data based on your consent, we keep this data until you withdraw your consent, but no longer than 24 months after your last activity within your account. If you ask us to delete your personal data, your account registration will be cancelled and your personal data will be permanently deleted or anonymized. If your account is not used for at least 2 years, it will be automatically cancelled and personal data will be deleted.

 

DATA PROCESSORS

Tesco shares your personal data primarily with the following processors:

  • TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság , H-2040 Budaörs , Kinizsi út 1-3., adószám , IČO: 10307078-2-44, and
  • Tesco Stores ČR a. s., Vršovická 1527/68b, 100 00 Praha 10, IČO: 45308314,

which help us with the provision of our services to our customers: e.g. they take care of the support of the IT systems used to operate Tesco Online shopping and Clubcard. These companies process only data that is necessary for the provision of the service, e.g. to resolve a complaint;

  • dunnhumby Ireland ltd. Floor 3, Building 2, Harbour Square Crofton Road , Dun Laoghaire Co Dublin, Ireland which processes purchase information for the purpose of allocating coupons and vouchers, and participates in analyses to improve your shopping experience;
  • TESCO-BST Üzleti es Technology Szolgáltatások Zartkörűen Működő Részvénytársaság , 1138 Budapest , Váci út 187, Hungary, ID: 01 10 140160, which provides Customer Support services to Tesco.

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not send personal data outside the EU, except for information obtained through third-party cookies located outside the EU to which you have given your consent.

 

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not carry out automated decision-making. Tesco in keeping with market practice does place customers into segments of similar customer types based on their preferences and product interests.

In this context we can, based on analysing customers’ interactions with our products and services, group our customers into broad segments or categories (grouping them with similar customers). Driven by transaction data, these customer groupings are based around lifestyle patterns. Tesco does not process health data or special category data. As a result of these grouping, we can better tailor our offering (Clubcard vouchers and coupons) as well as our range of marketing campaigns (where we hold a marketing permission) likely to be of interest to you. We are also able to measure the effectiveness of this tailoring.

This, in practical terms, means that customers are placed into groups of similar customers who have either purchased the same products or spend similar values in their weekly shop, which is known as a “segment”. These segments are then “hashed” so that personal data is removed, and only pseudonymised identifiers remain. Tesco does not share identifiable personal data and the data that is matched can only be used for contractually agreed purposes.

Purpose and Legal Basis: Tesco uses your personal data, including data related to your previous transactions, to create and deliver tailored offers tailored to your interests and preferences. Further, we measure the effectiveness of this tailoring. This processing of personal data is based on our legitimate interest in enhancing customer satisfaction and optimizing our marketing efforts (Article 6(1)(f) GDPR). We ensure that this legitimate interest does not override your fundamental rights and freedoms. For clarity, this does not produce legal effects or similar concerning you, as the customer.

Scope and Nature of Data: We collect and analyse transaction data as follows:

  • purchase history;
  • spend;
  • frequency and loyalty;
  • location, and;
  • date.

We take your privacy seriously and implement robust measures to protect your data. Alongside the general technical and organizational measures relevant for each type of processing activity, we are taking special considerations to the following in the context of personalised content:

  • Data minimization: We only collect data that is necessary for the purposes outlined above.
  • Anonymization and pseudonymization: Where possible, we anonymize or pseudonymize data to enhance privacy protection.
  • Security measures: We employ advanced security measures, including encryption and access controls, to safeguard your data against unauthorized access and breaches.

You have the right to object to the processing of your personal data for our legitimate interest as referred to above, including tailored offers and coupons. You can exercise this right at any time by contacting us at CE.DPO@tesco.com. Additionally, you have the right to access, rectify, or erase your data, and to restrict or object to processing, as per Articles 15-21 GDPR. For detailed description of your rights as a data subject, please refer to the section “Rights of the data subject”.

Back to top  icon_contract

Mobile applications Tesco Online purchases SK, Clubcard , Scan&Shop mobile

SCOPE OF PROCESSED PERSONAL DATA

If you use Tesco applications, we can process about you:

  • Information about you: first and last name, billing and delivery address, telephone and e-mail, date of birth, gender, number of the international card for applying the discount (e.g. ISIC);
  • Registration information: login and password, registration date, Clubcard number;
  • Purchase information: whether you purchased in a store or online, or information in which store, shopping cart, order number, time of purchase, payment method, used coupons and vouchers (including date of issue, date of use, place of use, value, validity, billing), earned Clubcard points for purchases (including history), payment card information, if you paid by card, your opinion expressed through the application;
  • Payment information: payment card data such as PAN number, card type and card expiration date, customer name and billing address, as well as the customer's "intention" to pay now or save payment data for later;
  • Device information: IP address of your mobile device, date and time of access, application user request, http response code, amount of transferred data, application version used, or other information obtained through cookies of your choice (more below);
  • Your current location, if you have given us your consent;
  • The camera of your mobile device can be used to scan QR-codes to identify the store in which you shop and to scan product barcodes.
  • Anonymized analytical information about how you use the application;
  • Information about consent to push notifications.

Face ID authentication in mobile apps. Applications are only informed if the verification is successful. Tesco does not gain access to the Face ID data associated with the registered face through the applications. Thus, Tesco does not process any personal data associated with authentication.

In the case of the Scan&Shop application, we process some of the above personal data about you only if you link your Clubcard account to the application.

 

PURPOSE AND LEGAL BASIS

We process the above data for the purpose of:

  • We process information about you, about your registration and about your purchase for the purpose of providing the services that the application offers, based on Article 6 (1) (b) GDPR;
  • We process information about the device to protect our systems, analyse the error rate of applications and prevent illegal actions, all based on our legitimate interest according to Article 6 (1) (f) GDPR;
  • If you have given your consent to geolocation when using our application, we use this function so that we can show you the nearest store based on your current location;
  • If you have given us your consent, we will store and use your payment data for future orders and future payment, in which case the legal title for the processing of personal data is Article 6 (1) (a) GDPR (i.e. the processing is based on your consent);
  • Access to your camera is necessary for scanning QR codes in order to provide the service offered by the application (Article 6 (1) (b) GDPR);
  • Based on your consent (Article 6 (1) (a) GDPR) we can process analytical information about the way you use the application in order to improve your user experience with the application;
  • If you give us your consent, you will be sent push notifications that will inform you about current offers, products and promotions;
  • We also process your personal data on the basis of legitimate interest (Article 6(1)(f) GDPR) for the purpose of creating analyses, statistics and market surveys, internal research and development that help us improve your shopping experience (especially the offer of your favourite products or services ) and also our information technology systems, our assortment, services and products;
  • On the basis of our legitimate interest (Article 6(1)(f) GDPR), we also process your answers and opinions regarding the services and products provided, which you voluntarily provide us by filling in the relevant forms where they are available in the applications, for the purpose of improvement our products and services.

 

RETENTION PERIOD

We process your personal data during the use of the mobile application, but no longer than 24 months after your last activity in the mobile application. Subsequently, the data is deleted. If we process your personal data on the basis of consent, we store this data until the consent is revoked, but no longer than 24 months from the last activity.

 

DATA PROCESSORS

Tesco shares your personal data with the following data processors in particular:

  • TESCO-GLOBAL Áruházak Zartkörűen Működő Részvénytársaság, H-2040 Budaörs , Kinizsi Tue 1-3., adószám , ID: 10307078-2-44, and
  • Tesco Stores ČR as, Vršovická 1527/68b, 100 00 Prague 10, ID: 45308314, which help us provide our services to our customers: e.g. they take care of the support of the IT systems used to operate Tesco Online shopping and Clubcard. These companies only process data that is necessary for the provision of the service, e.g. complaint resolution;
  • Verint Systems Inc., 175 Broadhollow Rd , Ste 100, Melville , NY 11747, which processes your responses and opinions regarding the products and services provided;
  • dunnhumby Ireland ltd . Floor 3, Building 2, Harbor Square Crofton Road, Dun Laoghaire Co Dublin, Ireland which processes purchase information for the purpose of allocating coupons and vouchers, and participates in analyses to improve your shopping experience.

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not send personal data outside the EU.

 

AUTOMATED DECISION MAKING AND PROFILING

Tesco does not make automated decisions.

Back to top  icon_contract

Handling claims and complaints through Customer Support and contact form

SCOPE OF PROCESSED PERSONAL DATA

In the case of resolving complaints, we work with you:

  • Information about you: name and surname, telephone and e-mail, Clubcard number;
  • Details of the subject matter of the complaint, time of the received complaint and time of resolution, method of resolution, electronic communication conducted in connection with your complaint or claims, other records or protocols related to the complaint or claim;
  • Record of telephone communications: if you have given consent for your call with the Customer Support employee to be recorded.

We do not process any special category personal data about you, i.e.  sensitive data, e.g. on health status.

 

PURPOSE AND LEGAL BASIS

We process the above data  for the purpose of:

  • We process personal data associated with a claim or complaint because we are required to do so by law in the case of claims, or on the basis of a legitimate interest in the case of other complaints (Article 6(1)(c) and (f) GDPR);
  • If you have given your consent to the recording of the call, the legal basis is your consent pursuant to Art. 6 (1) (a) GDPR. You can withdraw your consent at any time at the above contacts for the exercise of the rights of data subjects. The record shall be deleted immediately upon withdrawal of consent; ,
  • Improving the quality of complaint handling, where the legal basis is a legitimate interest pursuant to Art. 6 (1) (f) GDPR.

 

RETENTION PERIOD

We process your personal data for the time necessary to resolve a specific complaint or claim, or for the duration of limitation period, while in the event of the initiation of judicial, administrative or other proceedings, we process your personal data to the extent necessary for the entire duration of such proceedings. Subsequently, the data are anonymized for statistical purposes. In the case of consent to the recording of a telephone conversation with Customer support, the retention period is 3 months, provided that you do not withdraw your consent earlier. Subsequently, the record is deleted.

 

DATA PROCESSORS

Tesco shares your personal data with the following processors:

  • TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság , H-2040 Budaörs, Kinizsi út 1-3., adószám , IČO: 10307078-2-44, and
  • TESCO-BST Üzleti és Technológiai Szolgáltatások Zártkörűen Működő Részvénytársaság, 1138 Budapest, Váci út 187, Hungary, IČO: 01 10 140160
  • Tesco Stores ČR a. s., Vršovická 1527/68b, 100 00 Praha 10, IČO: 45308314,

which help us with the provision of our services to our customers: e.g. they take care the support of IT systems used to operate Clubcard and operate the call centre. These companies process only data that is necessary for the provision of the service, e.g. to resolve a complaint or claims.

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not send personal data outside the EU.

 

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not carry out automated decision-making or profiling.

Back to top  icon_contract

Participation in competitions, market research, events organised by Tesco

SCOPE OF PROCESSED PERSONAL DATA

In case that you participate in the competition, market research or other event organized by Tesco ("Event"), we will process about you:

  • Information about you: name and surname, telephone and e-mail, etc. other identification data under the terms of that specific Event;
  • Other information provided by you during or in connection with the Event.

We do not process any special category personal data about you, i.e.  sensitive data, e.g. on health status.

 

PURPOSE AND LEGAL BASIS

We process the above data according to Article 6 (1) (b) GDPR, for the purpose of organizing Actions.

 

RETENTION PERIOD

We process your personal data for the strictly necessary period of time, which is specified for each individual Event and we recommend that you familiarize yourself with the terms and conditions of the Event.

 

DATA PROCESSORS

Tesco shares your personal data with the following processors:

  • TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság , H-2040 Budaörs, Kinizsi út 1-3., adószám , IČO: 10307078-2-44 a
  • Tesco Stores ČR a. s., Vršovická 1527/68b, 100 00 Praha 10, IČO: 45308314, which help us with the organization and evaluation of Events.
  • Tesco Foundation, Cesta na Senec 2, 821 04 Bratislava: we share your data to the extent of your name, surname, contact details or other personal data that you have provided in order to participate in the event with other non-government organization participating in the organisation of these events.

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not send personal data outside the EU.

 

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not carry out automated decision-making or profiling.

Back to top  icon_contract

Sending news and marketing communication

SCOPE OF PROCESSED PERSONAL DATA

You can sign up to receive news and marketing communications through your Tesco Online shopping account or Clubcard account. If you sign up to receive news and marketing communications, we will process about you:

  • Information about you: name and surname, telephone and e-mail;
  • Information on the consent given to marketing activities;
  • Information about the store where you regularly shop;
  • Preferences regarding communication, especially via e-mail.

We do not process any special category personal data about you, i.e. sensitive data, e.g. about health status.

 

PURPOSE AND LEGAL BASIS

We process the above data based on your consent according to Article (6) (1) a) GDPR with the aim of:

  • sending news and relevant marketing communications or contacting you for marketing surveys;

Both news and marketing communications relate to our products and services, including Clubcard or Tesco Online shopping, and the products and services of partners that are part of the Tesco group.

More detailed information on the content and method of sending news and marketing communications is provided in the form for granting consent to the sending of news and marketing communication. You can withdraw the consent given at any time via a link in the email, or in the settings of your marketing preferences within the relevant application or at the aforementioned contacts for the application of the affected persons. If you withdraw your consent, you will unsubscribe from all news and marketing communications. If you subsequently decide to unsubscribe from marketing communications, it is necessary to change the setting of marketing preferences, or sign up again to receive news and marketing communications.

 

RETENTION PERIOD

We process your personal data until you withdraw your consent, but no later than 24 months after your last interaction with Tesco products or services.

 

DATA PROCESSORS

Tesco shares your personal data with the following processors:

  • TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság , H-2040 Budaörs, Kinizsi út 1-3., adószám , IČO: 10307078-2-44 a
  • Tesco Stores ČR a. s., Vršovická 1527/68b, 100 00 Praha 10, IČO: 45308314,

to help us prepare and distribute of news and marketing communication or marketing surveys ;

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not send personal data outside the EU.

 

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not carry out automated decision-making or profiling.

Back to top  icon_contract

Visit a Tesco store

SCOPE OF PROCESSED PERSONAL DATA

In the event that you visit one of our stores, we will process about you:

  • Video recording of your person.

 

PURPOSE AND LEGAL BASIS

We process the above data  for the purpose of:

  • Legitimate interest according to Article 6 (1) (f) GDPR consisting in the protection of the health of employees and customers and the protection of the company's property as well as visitors.

 

RETENTION PERIOD

We will not retain your personal data longer than necessary for a maximum of 14 days from the date of your visit to our stores, unless we are obliged to keep it longer, for example for the establishment, exercise or defence of legal claims, but no more than during the statute of limitations period for those claims.

 

DATA PROCESSORS

Tesco shares your personal data with the following processors:

  • Technology companies ensuring the operation and maintenance of camera systems,
  • Security service providers,
  • Public authority, if the sharing of personal data is required by law or a public authority, or if the sharing of personal data is necessary for the identification, exercise or defence of our legal claims (this includes the disclosure of personal data to others for the purpose of fraud prevention).

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not send personal data outside the EU.

 

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not carry out automated decision-making or profiling.

Back to top  icon_contract

Other Tesco services offered in cooperation with partners (Tesco mobile)

SCOPE OF PROCESSED PERSONAL DATA

If you use any of the services that Tesco offers together with its partners, the following may be processed about you:

  • Your identification data: name and surname, address, date of birth, and more depending on the service used.
  • Information about the scope of the service: we also process information within the scope of the requested service.

They are not processed any special category personal data about you , i.e. sensitive data, e.g. on health status.

 

You can find more detailed information about the processing of your personal data in connection with the Tesco mobile service here.

 

PURPOSE AND LEGAL BASIS

The above-mentioned data are processed for the purpose of providing performance according to the contract (Article 6 (1) (b) GDPR).

 

RETENTION PERIOD

Your personal data will be processed for the period specified in the concluded contract.

 

DATA PROCESSORS

We recommend that you familiarize yourself with information about the processing of personal data of partners who can use data processors.

Back to top  icon_contract

Job seekers

SCOPE OF PROCESSED PERSONAL DATA

If you are applying for a job at Tesco through our career portal (www. kariera.tesco.sk) or third-party websites, we may process the following personal data in connection with the selection procedure:

  • Information about you: name and surname, permanent address, telephone and e-mail, date of birth, photo (if you decide to include a photo in your CV);
  • Information about your education and professional qualifications: the educational institutions you attended, completed fields of study, degrees obtained, certificates, professional memberships, language and other skills/experience;
  • Information about your preferences (e.g. short- and long-term goals, willingness to move, date on which it is possible to move and location preferences);
  • Information obtained during the selection procedure: information obtained during the selection interviews (feedback from the persons who conducted the selection interviews and notes recorded during them) or from the e-mails we exchange with Vami in connection with the selection process;
  • Information about you from publicly available sources (public registers, LinkedIn, Twitter, Google, etc.) ;
  • Copy of documents submitted before starting to work at Tesco (necessary for the preparation of the employment contract and/or deductions from wages);
  • Certificate from a medical examination of medical capacity or restrictions on the performance of employment.
  • Any other personal data you voluntarily choose to provide to us.

We do not process any special category personal data about you, i.e. sensitive data, e.g. on health status.

 

PURPOSE AND LEGAL BASIS

We process the above data  for the purpose of:

  • In the selection of a suitable candidate for the post to be filled to the extent strictly necessary to fulfil the foregoing. The legal title for this purpose of processing is "pre-contractual measures" pursuant to Article 6 (1) (b) GDPR and compliance with legal obligations imposed on the employer by the law of the Slovak Republic  pursuant to Article 6 (1) (c) GDPR;
  • From the assignment of the candidate to the database of candidates maintained by Tesco in order to fill the vacancy created in the future, the legal basis for this purpose of processing being the "consent" of the data subject pursuant to Article 6 (1() (a) GDPR. The provision of personal data and your consent for this purpose of processing is voluntary. You can withdraw your consent at any time at the above contacts for the exercise of the rights of data subjects.

 

RETENTION PERIOD

Tesco keeps personal data for the duration of the selection process; if you are not successful in the selection process, your personal data will be deleted within 12 months of their provision. In the case of concluding an employment contract, personal data will be the subject of your personal employee file and after the termination of the employment relationship will be archived and shredded in accordance with applicable legal regulations.

If you have given your consent to be included in the applicant database and to contact you with future job offers that match your professional profile, we will process your personal data until you withdraw your consent, but no later than 2 years after it was given.

 

DATA PROCESSORS

Tesco shares your personal data primarily with the following processors:

  • TESCO-GLOBAL Áruházak Zártkörűen Működő Részvénytársaság, H-2040 Budaörs , Kinizsi út 1-3., adószám, Hungary, IČO: 10307078-2-44;
  • Tesco Stores ČR a. s., Vršovická 1527/68b, 100 00 Praha 10, Czech Republic, IČO: 45308314;
  • TESCO-BST Üzleti és Technológiai Szolgáltatások Zártkörűen Működő Részvénytársaság, 1138 Budapest, Váci út 187, Hungary, IČO: 01 10 140160;
  • HRlink Sp. z o. o., al. Wojska Polskiego 8,70-471 Szczecin, Poland, IČO: 0000431372 that operates our career portal (www.kariera.tesco.sk);
  • Employment agencies - if you have sent us your CV through an agency/job broker, please check how they process your personal data. In some cases, it is not a personal data processor, but a data controller to whom you give specific consent and may use personal data differently from Tesco.

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

We do not send personal data outside the EU.

 

AUTOMATED DECISION-MAKING AND PROFILING

Tesco does not carry out automated decision-making.

Back to top  icon_contract

Cookies and similar technologies

How we use cookies

Cookies are small text files containing a unique identifier that are stored on your computer or mobile device so that your device can be recognized when you use a certain website or mobile application. They can only be used for the duration of your visit or can be used to measure how you respond to services and content over time. Cookies help to ensure important features and functionality on our websites and mobile applications, and help to improve your customer experience.

 

Types of cookies

Cookies can be divided based on several criteria. Depending on who creates and processes cookies, cookies can be divided into two categories:

First-party cookies directly creates websites or scripts on the same domain. Most often, it serves to ensure the basic functionality of the website.

Third-party cookies are created by other websites. These websites own some content on the website you visit, e.g. ads, images or videos.

Cookies can also be divided according to their durability into:

Session cookies are temporary. They are stored on your device only until you have finished working with the internet browser and they are deleted when you close it. These cookies are necessary for the proper functioning of the website or associated applications.

Persistent cookies which we may use for your easier and more convenient orientation on our website (for example, easier and faster navigation). These cookies remain in your browser for a longer period of time or unless you manually delete them. The length of this period depends on the selected internet browser settings. Permanent cookies allow you to move information to an Internet server every time you visit a website.

 

According to the purpose of use, cookies can be divided into:

Essential (necessary) cookies that are necessary for the operation of the website. They include, for example, cookies that allow you to log in to secure parts of our website. These cookies do not collect information about users that could be used for marketing purposes or to remember what pages users have visited on the Internet.

Experience (performance, analytical) cookies which we use to improve the functioning of the website. These cookies collect information about how visitors use this website, e.g. which pages visitors go to most often and whether they receive error messages from the website. They also allow us to record and count the number of visitors to the website, which allows us to track how visitors use this website. These cookies do not collect information that would allow the user to be personally identified. The information collected by these cookies is aggregated and anonymous. They are used to activate specific website features (e.g. playing videos) and set them according to your choices (e.g. language) in order to improve your website experience. At the same time, functional cookies are used to remember your preferences the next time you visit the website. They do not collect information that could identify.

Advertising (marketing) cookies are used to track the preferences you reveal through your use of the website and to send advertising messages in accordance with these preferences.

We use these cookies

www.tesco.sk

Cookie names

Categories of cookies

Purpose

Duration

ARRAffinity

Necessary

Cookie ensuring that a page running on Windows Azzure always redirects the same visitor to the same server

Session

_ ga *

Performance

Google's analytics cookies, assigns a unique ID to the visitor through which it tracks the total number of visitors, the length of stay on the page, the overall overview of all visited pages

729 days

_ gid *

Performance

Google's analytics cookies, assigns a unique ID to the visitor through which it tracks the total number of visitors, the length of stay on the page, the overall overview of all visited pages

Session

CONSENT

Marketing

Cookie provides information about how the visitor uses the website and about any advertising that the end-user may have seen before visiting that website.

6027 days

VISITOR_INFO1_LIVE

Marketing

Cookie is set by the Google-owned Youtube platform to track user preferences for YouTube videos embedded in  the website; it can also determine whether a website visitor is using a new or old version of the YouTube interface.

180 days

_gat_gtag_xxxxxxxxxxxxxxxxxxxxxxxxxxx

Marketing

Cookie from Google Analytics

Session

YSC

Marketing

Cookie is set by Google-owned Youtube platform to track user preferences for YouTube videos embedded in  websites in order to show site visitors targeted advertising on a wide range of their own and other websites.

Session

 

www.potravinydomov.itesco.sk/groceries/

Name of cookies

Categories of cookies

Purpose

Duration

PHPSESSID

Necessary

Cookie ensuring banner features

Session

dc_gtm_UA-xxxxxxx

Necessary

 Google Tag Manager cookie which helps to implement additional functions on the website, without it the site works incorrectly

Session

bm_sz / bm_sv

Necessary

These are cache cookies from Akamai ensuring the best communication of the site and the visitor

Session

mobilsize _

Necessary

Cookie to optimize viewing on mobile devices

295 days

* gcl_au *

Necessary

Conversion cookies ensuring that information settings are saved even when leaving the main page

90 days

Ak_bmsc

Necessary

Cookie from Akamai to ensure the security of the site settings

Session

Ighs-sess.sig

Necessary

Cookie assigning a unique ID to the site visitor

Session

csrf

Necessary

 Cross-Site Request Forgery cookie   prevents external attacks and the ability to store malicious code in  cookies

Session

_ ga *

Performance

 Google's analytics cookies, assigns a unique ID to the visitor through which it tracks the total number of visitors, the length of stay on the page, the overall overview of all visited pages

729 days

_ gid *

Performance

 Google's analytics cookies, assigns a unique ID to the visitor through which it tracks the total number of visitors, the length of stay on the page, the overall overview of all visited pages

Session

optimizelyEndUserId

Performance

Optimization cookies for websites, assigns the visitor his own unique ID

179 days

Akavpau_czech_vp

Performance

Akamai cookie  setting  real-time visitor prioritization

Session

Atrc

Performance

Cookies tracking the use of services on the website and suggesting optimization

364 days

Trkid

Performance

 IBM cookie tracking the display of individual services

364 days

abck

Functional

 Akamai Bot Manager cookie verifying whether it is a computer or a human visitor

365 days

fbp

Marketing

A cookie linking websites to Facebook pages, if the visitor is logged in to his Facebook account, he/she associates the pages with his/her profile

364 days

If you are logged into your account, we also collect information through the following cookies:

he

Necessary

Cookie allowing you to enter login data and save it for the period of validity or change settings

1 year

OAuth.TokensExpiryTime

Necessary

Cookie remembering login for the period of validity or changes to settings

2 hours

OAuth.RefreshToken

Necessary

Cookie remembering login for the period of validity or changes to settings

2 hours

OAuth.AccessToken

Necessary

Cookie remembering login for a given period of time

30 minutes

sm_au_d

Marketing

AdWords ad serving cookie

Session

ssm_au_d

Marketing

Cookie tracking the effectiveness of the advertising displayed

Session

 

www. corporate.tesco.sk

Cookie names

Categories of cookies

Purpose

Duration

ARRAffinity

Necessary

Cookie ensuring that a page running on Windows Azzure always redirects the same visitor to the same server

Session

_ ga *

Performance

Google's analytics cookies, assigns a unique ID to the visitor through which it tracks the total number of visitors, the length of stay on the page, the overall overview of all visited pages

729 days

_ gid *

Performance

Google's analytics cookies, assigns a unique ID to the visitor through which it tracks the total number of visitors, the length of stay on the page, the overall overview of all visited pages

Relačná

CONSENT

Marketing

Cookie provides information about how the visitor uses the website and about any advertising that the end-user may have seen before visiting that website.

6027 days

VISITOR_INFO1_LIVE*

Marketing

Cookie is set by the Google-owned Youtube platform to track user preferences for YouTube videos embedded in the website; it can also determine whether a website visitor is using a new or old version of the YouTube interface.

180 days

_gat_gtag_xxxxxxxxxxxxxxxxxxxxxxxxxxx*

Marketing

Cookie from Google Analytics

Relačná

YSC*

Marketing

Cookie is set by Google-owned Youtube platform to track user preferences for YouTube videos embedded in  websites in order to show site visitors targeted advertising on a wide range of their own and other websites.

Relačná

 

www.pasaze.sk

Name of cookies

Categories of cookies

Purpose

Duration

_gat

Performance

Google's analytics cookies, assigns a unique ID to the visitor through which it tracks the total number of visitors, the length of stay on the page, the overall overview of all visited pages

Session

_ga

Performance

Google's analytics cookies, assigns a unique ID to the visitor through which it tracks the total number of visitors, the length of stay on the page, the overall overview of all visited pages

24 months

_gid

Performance

Google's analytics cookies, assigns a unique ID to the visitor through which it tracks the total number of visitors, the length of stay on the page, the overall overview of all visited pages

24 hours

 

* Google's cookies may process personal data.  The controller of the personal data in question is Google Inc. based in the USA, which may share the collected data with other companies. Before accepting these cookies, we recommend that you familiarize yourself with the information about the processing of personal data by Google Inc.  https://policies.google.com/privacy.

 

Your choices regarding cookies

Web browser cookies

We use cookies to make it easier for you to use our website and to show you personalized content. It only depends on you which of them you allow us to apply. You can return to your preferences at any time and change them through the Cookie Preferences.

You can use your browser settings to accept or reject new cookies and delete existing cookies. You can also set your browser to notify you of any new placement of cookies on your computer or other device. More detailed information on how you can manage cookies can be found through the help function of your browser.

You can also manage cookies related to advertising for our services by unsubscribing through the service providers listed in the table above or by visiting the YourOnlineChoices website  . Where personalized ads for other organizations' websites are displayed, you'll typically see the AdChoices icon. Click on this icon for specific help on how to control your online advertising preferences. Further information is available on the YourAdChoices website  .

 

Mobile apps

Cookies work differently on mobile applications because they are encoded in the apps themselves and use a unique identifier created by your mobile device to use advertising activities. You can turn off or reset this advertising identifier through the privacy settings of your mobile device.

Back to top  icon_contract

Google Ads

As part of our marketing activities, we use the “Google Ads” service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereafter “Google”), which enables us to display ads to users on various Google platforms, such as Google Search, YouTube, and other partner websites. User data lists are sent to Google's servers using tracking technologies that we employ. Google then compares whether the sent user data matches Google's customer data and creates target groups that can be used for ad targeting.  

We have entered into a data processing agreement with Google for the use of Google Ads in accordance with Article 28(3) GDPR. Through this agreement, Google commits to processing personal data in accordance with our instructions and ensures the protection of the data subject's rights.  

Regarding this Google Ads service, the processing of personal data may involve the following:  

1. SCOPE OF DATA PROCESSED 

  • We may process personal data such as IP address, device data (e.g., unique identifiers), location data (e.g., GPS and other sensor data from the device), activity data (e.g., interactions with ads, user interests, and behavior such as ad clicks or visited pages), and demographic data (e.g., age, gender).  

2. PURPOSE OF DATA PROCESSING 

We process data for the following purposes:  

  • Ad Personalization: to display relevant ads based on user preferences,  
  • Campaign Performance Measurement: to analyze how users interact with our ads and websites,  
  • Service Improvement: to improve our advertising campaigns and optimize our marketing strategies.  

3. LEGAL BASIS FOR DATA PROCESSING 

  • The processing of personal data via Google Ads is based on your consent in accordance with Article 6(1)(a) GDPR.  

4. SHARING DATA WITH GOOGLE 

  • Google processes personal data in accordance with its own privacy policy. Information on how Google uses personal data sent to them through the integration of their services, as well as options for customizing ads and collecting data, can be found here and here. For general information about how Google processes your data, we recommend reviewing Google's Privacy Policy. In addition to Google, personal data may be shared with third parties, such as advertising networks and Google partners, who assist in analyzing ad effectiveness and optimizing marketing campaigns. 

5. DATA RETENTION  

  • Data is retained for the duration of our marketing campaigns and processed based on our contractual relationships with Google and other data processors. Data retention may be in compliance with applicable legal requirements until the processing purpose is fulfilled.  

6. RIGHTS OF DATA SUBJECTS 

  • Data subjects may withdraw their consent to the use of cookies and personalized ads at any time through privacy settings in their Google accounts or through browser cookie settings. Additionally, data subjects have the right to access, correct, delete, or restrict the processing of their personal data, as well as to file a complaint with the relevant supervisory authority.  

7. TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES 

  • In the case of Google services, the transfer of data to Google Inc. located in the USA cannot be excluded. For more information on the legal frameworks related to data transfer in this case, you can find details here
Back to top  icon_contract
We reserve the right to change these terms and conditions at any time. Please check this site regularly for the latest informations.