We understand that your privacy and the security of your personal information is extremely important.
This notice sets out what we do with your personal information, what we do to keep it secure, from where and how we collect it, as well as your rights in relation to the personal information we hold about you.
This policy applies if you interact with us through over the phone, online, through our mobile applications or otherwise by using any of our websites or interacting with us on social media (our “Services”).
If you don’t want to read all the details, here are the things we think you’d really want to know:
- Sanggol is owned by ThreeTY Ltd
- Your personal information is, where appropriate, shared within ThreeTY Ltd.
- We do use a number of third parties to process your personal information on our behalf and some of them are based outside of the European Economic Area.
- You have a number of rights over your personal information. How you can exercise these rights is set out in this notice.
- We do send direct marketing, if we’re allowed to. And we do this to encourage you to buy our products and services by sending you offers and ideas that we feel will be of benefit to you.
- We also display online advertising relating to our products and services on websites across ThreeTY Ltd, on other websites and online media channels.
- Who are we?
- What sorts of personal information do we hold?
- Our legal basis for processing your personal information
- How do we use your personal information?
- Cookies and similar technologies
- Who might we share your personal information with?
- Keeping you informed about our products and services
- Your rights
- How long will we keep your personal information for?
Who are we?
When we say ‘we’ or ‘us’ in this policy, we’re referring to the separate and distinct legal entities that make up ThreeTY Ltd
We may add further companies to the ThreeTY Ltd in the future. When we do so, we will update this notice.
What sorts of personal information do we hold?
- Information that you provide to us such as your name, address, date of birth, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
- Information about the services that we provide to you (including for example, the things we have provided to you, when and where, what you paid, the way you use our products and services, and so on);
- Information required to make decisions about delivery of your order, or any other services offered by ThreeTY Ltd
- Your account login details for our services, including your user name and chosen password;
- Information about whether or not you want to receive marketing communications from us
- Information about any device you have used to access our Services (such as your device’s make and model, browser or IP address) and also how you use our Services. For example, we try to identify which of our apps you use and when and how you use them. If you use our websites, we try to identify when and how you use those websites too;
- Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. We want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve our Services; and
- Information from other sources such as specialist companies that provide customer information (like credit reference agencies such as Experian, fraud prevention agencies, claims databases, marketing and research companies), social media providers and the DVLA, as well as information that is publicly available.
Our legal basis for processing your personal information
Whenever we process your personal information, we have to have something called a “legal basis” for what we do. The different legal bases we rely on are:
- Consent: You have told us you are happy for us to process your personal information for a specific purpose;
- Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
- Performance of a contract: We must process your personal information in order to be able to provide you with one of our products or services;
- Prevention of fraud: Where we are required to process your data in order to protect us and our customers from fraud or money laundering;
- Vital interests: The processing of your personal information is necessary to protect you or someone else’s life;
- Public information: Where we process personal information which you have already made public;
- Legal claims: The processing of your personal information is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; and
- Legal obligation: We are required to process your personal information by law.
How do we use your personal information?
There are a number of ways in which we use your personal information, depending on how you interact with us. If you do not provide your information to us, then we will be unable to interact with you in that way – for example, if you do not provide your name, address and account details when purchasing one of our products online, we will not be able to sell you that product as we would be unable to process your payment or deliver the product to you. We may use your information in the following ways:
To provide our products and services - we need to use your personal information to make our products and services available to you. If you then decide to order any of our products or services then we’re delighted, thank you. After that, we need to provide them to you, process your payment and sometimes award you Nectar points. And we need to use your details to do all this.
To personalise your shopping experience - we try to understand our customers so we can provide you with a great shopping experience, relevant marketing, personalised offers, shopping ideas and online advertising. Understanding how you use our Apps, how you interact with H S Ann Ltd, where you shop, the products and services you buy and how you use and browse our websites helps us to do this.
For safety and security - we use your personal information to help provide safe and secure environments for our colleagues to work in, our customers to shop in and for our businesses to be conducted. To enable
we monitor online behavior and carry out checks to help us ensure that our customers are genuine to prevent fraud and to help customers use our services appropriately.
Analytics and profiling - we use your personal information for statistical analysis and to help us understand more about our customers. That includes understanding the products and services you buy, the manner in which you consume them, how you shop across the whole Sainsbury's Group and by creating profiles about you. This helps us to serve you better and to find ways to improve our services, stores, apps and websites. These profiles help us to send you offers that are more relevant to you.
Contacting you - we use your personal information to contact you: either to conduct market research or to contact you about products and services from us and other companies. We may also contact you in relation to any questions you have raised with us or to discuss the status of your account with us.
Cookies and similar technologies
Who might we share your personal information with?
H S Ann Ltd - we will share your personal information in certain circumstances with the other companies within the H S Ann Ltd so that we can provide you with a high quality, personalised and tailored service (including relevant marketing) across our Company. That includes sharing information with the companies which operate our websites.
Our service providers - we work with partners, suppliers, insurers, aggregators and agencies so that they can help us provide the products and services you require from us. These third parties process your personal information on our behalf and are required to meet our high standards of security before doing so. We only share information that allows them to provide their services to us or to facilitate them providing their services to you. These third parties include:
- Advertising companies, who help us place ThreeTY Ltd's adverts online;
- Scheme providers – such as Visa and MasterCard, PayPal, Amazon Pay – to process your payments;
- Our agents, advisers or others involved in running accounts and services for you.
- Market research partners, who help us to analyse customer behavior;
- Social media providers – such as Facebook, Instagram and Twitter – where we interact with you on social media;
- Third party vendors who help us to manage and maintain our IT infrastructure;
- Logistics and delivery providers who enable us to deliver products you order on our websites;
- Providers of temporary staff, who need access to certain personal information to carry out their role within the business;
- Where relevant, our professional advisors, such as lawyers and consultants;
- Companies that deploy our email campaigns for us because they need to know your email address to carry out these services;
- Companies that provide insights and analytics services for us so we can stock the right products, send the right marketing campaigns and understand our business and customers better;
- Security and fraud prevention companies to ensure the safety and security of our customers, colleagues and business;
- Companies which run our contact centres because they need your personal information to identify and contact you;
- Companies who assess faults and repair products on our behalf;
- Companies administer competitions for us so they run smoothly;
- Companies that enable us to collect your reviews and comments, both online and offline;
Keeping you informed about our products and services
We would like to tell you about the great offers, ideas, products and services of the H S Ann Ltd from time to time that we think you might be interested in. Where we have your consent or it is in our legitimate interests to do so, we may do this through the post, by email, text message or by any other electronic means.
We won't send you marketing messages if you tell us not to, but if you receive a service from us we will still need to send you occasional service-related messages.
Please note that it can take up a little while for all marketing to stop once you either withdraw your consent or tell us you’d like to opt out of marketing. This is because some marketing may already be in transit.
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.
- the right to access a copy of the personal information we hold about you;
- the right to correction of inaccurate personal information we hold about you;
- the right to restrict our use of your personal information;
- the right to be forgotten;
- the right of data portability; and
- the right to object to our use of your personal information.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below. Please note that we will need to verify your identity before we can fulfill any of your rights under data protection law. This helps us to protect the personal information belonging to our customer against fraudulent requests.
How long will we keep your personal information for?
We take protecting your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:
- We limit physical access to our buildings and user access to our systems to only those that we believe are entitled to be there;
- We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems & data;
- Systems are proactively monitored through a “detect and respond” information security function;
- We utilize industry “good practice” standards to support the maintenance of a robust information security management system; and
- We enforce a “need to know” policy, for access to any data or systems.