Privacy Policy

Your privacy is extremely important to us so we want you to know exactly what kind of information we collect about you and how we use it. 

We’ve set out all the details below. 

Please take the time to read and understand this policy. And bear in mind that by using our websites and mobile apps, or contacting us by telephone or providing information to us in our stores or by way of social media, you agree to its terms.

To help you, we've included some links to other websites. It's worth remembering though that other people, not us, control these websites. We’re not responsible for them. 

What information do we collect and when?

We only collect information that we know we will genuinely use.

We may collect:

(Important: If you submit details to us of any other person (e.g. a friend) please make sure you have their permission first.)

This information includes the likely makeup of your household (e.g. how many children you may have and their likely average age) and what your household affairs may be like, the type of car you may drive, your interests (including the kind of magazines and newspapers you may read, where you might go for your holidays and whether you're environmentally conscious or not) and where you're likely to shop. It also includes observations about your likely education and employment status, the type of job you may have and your likely financial status (including your mobile phone expenditure, what credit, debit and other cards you may hold, your current account status and any loans, investments and savings you may have). It also places you into one or more defined behavioural and socio-economic groups.

How do we use your information?

We use the information we collect for the following reasons: 

Our aim, quite simply, is to interest and excite you as much as possible while providing great service and value to you in everything we do. 
By knowing more about you, we’re able to focus on the things we think are most likely to appeal to you, especially when we send you special offers, news, information on our products and details of competitions and sponsored events.

For instance, we can provide you with money-off vouchers and rewards for the things you actually buy from us, and for the things we think you might be interested in buying from us in the future. We can also tailor special offers to the areas where you live or regularly travel to, so when there’s a promotion at a store near you that we think you may be interested in, we can let you know.

By matching information that’s common to the various sources of information we have about you, we’re able to build a bigger, richer picture. So for example, you might enter a competition and provide your email address. You might then register for an online account with us using the same email address. Simply linking those two pieces of information together tells us a lot. And we can achieve the same effect by matching transaction details and technical information about the electronic devices you use. All of which helps us to understand you better and provide a more enjoyable experience for you.

Who do we share your information with?

We can’t run our business or provide many of the services and benefits you receive from us without involving other people and organisations from time to time. When we share your information, we want you to know that we only do so in accordance with our legal data protection and privacy obligations.

Your information may be disclosed to:

We may also share the information we collect where we are legally obliged to do so, e.g. to comply with a court order.

Social media, blogs, reviews, etc.
Any social media posts or comments you send to us (on the Morrisons Facebook page, for instance) will be shared under the terms of the relevant social media platform (e.g. Facebook or Twitter) on which they’re written and could be made public. Other people, not us, control these platforms. We’re not responsible for this kind of sharing. So before you make any remarks or observations about anything, you should review the terms and conditions and privacy policies of the social media platforms you use. That way, you’ll understand how they will use your information, what information relating to you they will place in the public domain, and how you can stop them from doing so if you’re unhappy about it.

It’s worth remembering too, that any blog, review or other posts or comments you make about us, our products and services on any of our blogs, reviews or user community services will be shared with all other members of that service and the public at large. 

You should take extra care to ensure that any comments you make on these services, and on social media in general are fit to be read by the public, and are not offensive, insulting or defamatory. At the end of the day, you are responsible for ensuring that any comments you make comply with any relevant policy on acceptable use of those services.

Mobile app platforms
Our mobile apps run on third party software platforms, for example, Apple’s iOS platform which powers Apple’s iPhone and Google’s Android platform which powers Android-based smartphones.
If you use any of our mobile apps, your usage of those apps is also subject to the relevant mobile app platform provider’s terms and conditions and privacy policy. You should review their terms and conditions and privacy policy to ensure you understand what information (if any) they will gather on you, how they will use that information, and what you may be able to do if you are unhappy about it.

Morrisons Flowerworld and Food to Order Payments
When using the Morrisons Flowerworld and Food to Order services we use a different payment processor to that used for processing orders from the Morrisons Groceries site. Payments for the Morrisons Flowerworld services are processed through a payment processing company called Stripe, and payment for the Food to Order service are processed through Barclays Bank plc trading as Barclaycard. Stripe and Barclaycard will process your credit or debit card data. This data is handled according to Payment Card Industry Data Security Standard (PCI-DSS) compliant rules and processes. We reveal only the last four digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our online store and its service providers.

International transfer of your information

Although we're based in the UK, we use suppliers from many parts of the world to help ensure you receive the very best in products and services from us. 

To allow us to run our business on this basis, the information we collect may on occasion be transferred to, stored and used at premises in other countries including the United States of America. 

Naturally, we aim to ensure all our suppliers take information security as seriously as we do. 

Even so, information protection laws can vary from country to country. 

For instance, the law of the country in which you are resident or domiciled may offer a higher standard of protection than the laws in the UK and/or the other countries in which we store and use the information we collect. Any transfer of information we make to other countries could result in that information being available to their government and other authorities in those countries under their laws. 

Security of your information

A lot of the information we receive reaches us electronically, originating from your device and then transmitted by your relevant telecoms network provider. 

Where it’s within our control, we put measures in place to ensure this ‘in flight’ data is as secure as it possibly can be. 

And once it arrives, you can be sure we take the security of your information very seriously. 

We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, networks, websites, mobile apps, offices and stores. 

In particular, we follow the internationally recognised security standard ISO 27001, as well as the Payment Card Industry’s Data Security standards (PCI-DSS). 

Plus, we use secure means to communicate with you where appropriate, such as ‘https’ and other security and encryption protocols.

If you have any concerns about the security of your own personal computers and mobile devices, we suggest you read the advice of Get Safe Online, which can be accessed here

How long do we keep your information?

To make sure we meet our legal data protection and privacy obligations, we only hold on to your information for as long as we actually need them for the purposes we acquired them in the first place (as set out above). 

In most cases, this means we will keep your information for as long as you continue to shop with us or use our services, and for a period time afterwards if you stop doing so, to see if we can persuade you to come back to us. 

After that we will either delete it or anonymise it so that it cannot be linked back to you. 

Please note that for our Morrisons More mobile app, in order to be able to provide you with the best and most appropriate offers, promotions, product information and content, we need to build up a profile of what you like and dislike and what you may have previously been interested in. As part of this, we retain all data that you choose to delete from the app (such as a previous shopping list) for a limited time. We use it to compare your deleted data with the data you currently store so that we can work out what you are no longer interested in. By doing so we help ensure that the app content and the offers and promotions we show you are as relevant to you as possible.

Managing our marketing communications

We provide ways for you to stop all email and text (SMS or MMS) communications you receive from us – please see the ‘unsubscribe’ link and ‘STOP’ details we include in each email and text message respectively. 

We also check all our telephone marketing activity against the UK telephone preference services, so if you wish you can register with that service to stop any such communications from us. 

You can also contact us at any time using the details below and let us know exactly what you would like us to change.

Managing your information

To reduce the chances of an error or misunderstanding, we need to keep the information we gather about you accurate and up-to-date. 

But whilst we work very hard to make sure mistakes don’t happen, we need your help, too. 

So if you have an online account with us, please ensure that the information you provide (e.g. any contact information) is correct and that you review it and update it regularly.

If you have reason to believe any of the information we collect on you may be inaccurate, and you are unable to put it right yourself through your online accounts with us, please contact us (see below for how to do this).

You are perfectly within your rights to ask us whether we hold information about you and if so, for us to give you certain details about that information and/or the information itself. This right is commonly known as a ‘subject access request’. Certain exemptions and conditions apply to this right, principally that it should be in writing and that you give us reasonable details about the information you want. 

Depending on your country of residence or domicile, you may have additional or different rights to those set out above concerning the information we collect from you and your devices. We will, of course, honour all such legal rights if we are bound by them. 

We reserve the right to charge you a small administration fee to meet our costs in honouring your legal rights, where permitted by the relevant law. 

We also reserve the right not to comply with any enquiries or requests we receive about the information we collect, where we may lawfully do so. For example, if we have reason to believe that a request is malicious, technically impossible, involves disproportionate effort or could be harmful to others.

If you have any worries or complaints about the way we use your information, please don’t hesitate to get in touch with us. We’ll do our very best to set your mind at rest or put things right. And if, for whatever reason, you feel we’re not meeting the exceptionally high standards we expect of ourselves, you’re within your rights to take your grievance to the UK Information Commissioner’s Office (ICO). Please see the section ‘Where to go if you want more information about your privacy rights’ for further details.

And don’t forget that with modern technology, you have more and more personal control over what information we and other organisations collect. For example, you can normally delete cookies and tracking technologies sent to your web browser. You can also change related settings to restrict them going forward, such as by using a private browsing mode (although this may affect your browsing experience on some websites). Plus, you can use the settings options in your mobile devices to restrict what sort of information websites and mobile apps are able to access and use about you. Online advertising networks, social media platforms and search engines (Google etc.) also provide tools to manage the data they collect about you, and how it is used and shared. We urge you to look out for these functions and tools and use them to manage your privacy in a way that suits you best. 

Updates to this privacy policy

We review the ways we use your information regularly. And in doing so, we may change what kind of information we collect, how we store it, who we share it with and how we act on it.

Consequently, we will need to change this privacy policy from time to time to keep it accurate and up-to-date. 

Whenever we change this policy, rest assured we will make every effort to tell you. That way, you can check to see if you’re still happy. And if, following any changes, you continue to use our websites and mobile apps, contact us by telephone or otherwise provide information to us (through our stores or social media, for example) we will assume that you agree to those changes.

Pharmacy & CCTV information

We have pharmacies in many of our stores, and CCTV is in operation at all of our stores and petrol stations. 

Please be aware that all the information you provide us with by way of any of our in-store pharmacies is held separately from all the other information we collect about you (as set out above). It is not used or shared in the ways we’ve described above.

The same is also true for all the CCTV footage we capture. 

Instead, all in-store, pharmacy-related information we hold about you is kept and used in strict accordance with National Health Service information governance requirements. For further details, including our in-store, pharmacy-specific privacy notice, speak to one of our in-store pharmacy assistants, who will be happy to help you. 

Likewise, all CCTV footage is captured purely for your security and for the prevention and detection of crime. If you’d like to know more, please see our in-store signage, or contact us using the details provided below. 

About us

Our full legal name is Wm Morrison Supermarkets Plc. 

We’re a public limited company incorporated in England and Wales. Our registered company number is 358949 and our registered address can be found in the ‘contact us’ section below.

We are the ‘data controller’ of the information you provide us with. This term is a legal phrase used to describe the person or entity that controls the way information is used and processed. 

We are registered under the Data Protection Act 1998 with the Information Commissioner’s Office in the UK. Our registration number is Z5225696. 

Where to go if you want more information about your privacy rights

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website and they ensure that the registered details of all data controllers such as ourselves are available publicly. You can access them here.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

Contact us

You’re welcome to get in touch with us to discuss your information at any time. 

Our contact details are here

Thank you very much for taking the time to read this document.

Wm Morrison Supermarkets Plc