Musgrave Group is committed to respecting your privacy and complying with data protection legislation. We would like our customers to read the following notice which explains your privacy rights and sets out how we, as a Data Controller, collect, use, process and disclose Personal Data relating to you and your interactions with us.
This notice should be read in conjunction with our Terms & Conditions and our Cookie Policy.
Terms defined in the Terms & Conditions have the same meaning unless expressly stated otherwise.
Additional conditions may apply to specific services or offers which we offer from time to time.
By accessing, browsing or otherwise using our websites and services, you confirm that you have read, understood and agree to this privacy notice in its entirety.
When we talk about “Musgrave”, or “we,” “us,” or “our,” in this privacy notice, we are talking about Musgrave Limited of Musgrave House, Ballycurreen, Airport Road, Cork, T12 TN99 in the Republic of Ireland trading as Musgrave Retail Partners Ireland, Musgrave Wholesale Partners, Musgrave MarketPlace and/or Musgrave Foodservices; in Northern Ireland we are talking about Musgrave SuperValu Centra NI Ltd trading as Musgrave Northern Ireland and/or Musgrave Distribution Ltd trading as Musgrave Marketplace and/or Musgrave Foodservices of Belfast Harbour Estate,1-19 Dargan Drive, Belfast BT3 9JG, in each case this includes a reference to the relevant subsidiaries, affiliates and their respective parent and subsidiary companies of those companies (“Musgrave Group”). We share your information within the Musgrave Group and with certain third parties as set out below to help us provide our services, comply with regulatory and legal requirements, and improve our products. Our main businesses include:
* MACE is part of the Musgrave group in Northern Ireland only
For the purpose of data protection legislation, we are the Data Controller of your Personal Data. In addition, where you provided Personal Data to a local store owner, the owner of the local store to which you supplied that data is also a data controller of your Information.
Our data protection officer may be contacted by emailing dpo@musgrave.ie
Personal Data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect and process any type of Personal Data you provide to us in the course of your interactions with us. You may have provided some of your Personal Data directly to us such as when you visited our website by volunteering Personal Data when subscribing to email alerts or by using our online feedback or other forms. We may also receive Personal Data about you from various third parties and public sources such as Social Media. This data may be collected by, or shared with, our trusted 3rd parties who manage some of these services on our behalf.
Personal Data we collect varies based on the services you use and includes, but is not limited to:
and other Personal Data provided by you that is relevant to the provision of our services including our analysis of the data referred to above.
If you do not provide us with your Personal Data, we may not be able to provide you with certain services or respond to any questions or requests you submit to us via our website.
We collect Personal Data from you, when you:
Personal Data that we collect from Third Parties:
We may collect personal data from third party databases (for example for our fraud checks) or from other companies. This personal data helps us to manage our relationship with you as a customer for instance it helps us to manage your loyalty account and the loyalty programme benefits and related administrative requirements; review and improve the accuracy of the personal data we hold; and to ensure the effectiveness of marketing communications.
If you link your Google, Facebook or Twitter accounts or any accounts from other third party services (like shopping research panels or public forums such as blogging sites) to us, then we may also receive information from those accounts in accordance with applicable law and the terms of use of the third party’s services.
We work with third parties in relation to the provision of services to you (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Personal Data of Children:
Although visitors of all ages may navigate through our websites and services, we do not intentionally collect Personal Data from those under the age of 16, unless we are making it clear that this is what we are doing. We will always seek permission from relevant guardian. We store any data received for the specific purpose and will not further process or include for communications or marketing.
All Personal Data will be processed fairly and in keeping with the purposes for which it was obtained.
We will only process your Personal Data where we have a lawful purpose to do so, for example:
The below table includes the main purposes for which we process your personal data as well as the appropriate lawful basis. We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Purpose(s) for Processing | Legal Basis for Processing |
|
|
|
|
|
Where you have given consent to the processing of your Personal Data – which you may withdraw at any time
Where your consent is not required, and you have not objected, the use of the data is necessary for our legitimate interest in managing our business including legal, personnel, administrative and management purposes provided our interests are not overridden by your interests. |
|
|
Banner messages and personalised adverts on other websites
We, and/or 3rd parties we engage on our behalf, may also target banners and ads to you when you are on other websites, apps and social media. We do this using a range of advertising technologies such as ad tags, cookies, and mobile identifiers, as well as specific services offered by some sites and social networks, such as Facebook, Twitter and Pinterest.
These will be based on information we hold, or your previous use of our services (for example, your search history, and the content you read on our sites) or on banners or ads you have previously clicked on. We do this to serve you ads that we believe you will be most interested in and prevent you from seeing ads that are unlikely to be of interest to you, or for products that aren’t available in your area.
If you don’t want to see these ads, then you can either disable cookies in your browser, or reject cookies from the site you’re visiting. Please see our Cookies Policy for further details.
Automated decision-making
We, and/or 3rd parties we engage on our behalf, may make some decisions about you using your Personal Data which is based on profiling without our staff intervention (known as automated decision making).
You have the right not to be subject to a decision based solely on automated decision making which produces a legal or other similarly significant effect. However, this will not apply if the decision is necessary for a contract, authorised by law, or has your express consent.
In most cases, we use automated decision making in order for you to enter into a contract with us (such as automatic fraud screening), or in ways which won’t have a significant effect on you as an individual (such as our general analysis of data to gain insights into behaviours and characteristics of our customers).
You can request a manual review of the accuracy of an automated decision if you are unhappy with it. Please see the Contact Us section below for details.
We will store your Personal Data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include:
Please see the Contact Us section below if you wish to obtain further information concerning our retention periods.
From time to time, we may share information relating to you with third parties in order to provide the Services. This may include the disclosure of information to any company in the Musgrave group or to third party social media companies, in the following manner:
We may associate any category of information with any other category of information and will treat the combined information as Personal Data (and/or Your Information, as appropriate) in accordance with this Policy for as long as it is combined.
We will not sell your personal data to any third party.
We may transfer and/or store Personal Data related to you to a destination outside the European Economic Area (“EEA”) from time to time. In this context, this Personal Data may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.
Any transfer of Personal Data relating to you to a location outside the EEA is made in accordance with data protection law. Specifically, such transfers to locations that are not in receipt of an adequacy decision are only ever made lawfully by way of the European Commission’s Model Contractual Clauses. More information and a copy of the Model Contractual Clauses are available on the European Commission’s website.
We work with certain third parties to provide goods and services, such as eShops, Digital Advertising. These companies may, from time to time, collect Personal Data directly from you to use their services, or for their own marketing and tracking purposes and they may collect this from Personal Data you provided on our websites.
Our websites may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Personal Data to those websites.
If these third parties collect your Personal Data from you, these companies will be acting as Data Controllers in their own right, separately from us. Any use of your Personal Data will therefore be subject to that third party’s own privacy policy which should be made available to you before they collect your Personal Data.
You have several rights in relation to your Personal Data under the General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018 and the UK Data Protection Act 2018 which may be subject to certain limitations and restrictions.
You have the right to request access to and rectification or erasure of your Personal Data, data portability, restriction of processing of your Personal Data, the right to object to processing of your Personal Data where processing is based on consent or our legitimate interests, and the right to lodge a complaint with a supervisory authority. For more information about these rights, please visit the European Commission’s “My Rights” page relating to GDPR, which can be displayed in a number of languages. If you reside outside of the European Union, you may have similar rights under your local laws.
We will respond to any valid requests within one month, unless it is particularly complicated or you have made repeated requests in which case we will inform you of any such extension, together with the reasons for the delay. You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request.
Please be aware that we may need to verify your identity before providing any Personal Data to you. We may need to do this to protect your data. We may also ask you to provide us some additional voluntary information to help us process your request more efficiently.
If you wish to exercise any of these rights, please contact us (see Contact Us below).
We are committed to protecting the security of your Personal Data. We use a variety of security technologies and procedures to help protect your Personal Data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available. Where we have given you a password which enables you to access certain parts of our systems or sites, you are responsible for keeping that password confidential. We’ll never ask for your secure personal or account data by an unsolicited means of communication. You are responsible for keeping your personal and account data secure and not sharing it with others.
Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our website. Any transmission of Personal Data is at your own risk. Once we receive your Personal Data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.
We reserve the right to change this Privacy Notice from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Notice. However, if we make material changes to this Privacy Notice we will bring this to the attention of the users of the services and sites.
Questions, comments and requests regarding this Policy are welcomed and should be addressed to our Data Protection Team at Musgrave Group , Musgrave House, Ballycurreen, Airport Road, Cork, T12 TN99 or by email to: dpo@musgrave.ie
Last updated: July 2020