Privacy Policy


About this Policy

This Privacy Policy regulates the use by Tesco Stores Limited (the data controller) of the personal data we process about you when using this website. If you are applying for a job with One Stop, then One Stop Stores Limited will be the data controller.


We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this Policy which:


  • Sets out the types of personal data we collect;
  • Explains how we use your personal data;
  • Explains when and why we will share your personal data within the Tesco group and other third party organisations: and
  • Explains the rights and choices you have when it comes to your personal data.



What data we collect


During our recruitment process we will process the following:

  • Your name
  • Your address
  • Your telephone number
  • Your email address
  • Your occupation
  • Communications between you and us about this website or job application
  • Information regarding your “right to work” in the UK
  • For certain roles, information connected to criminal background (DBS) checks,
  • Information you submit as part of any job application (for example your career history, education, salary and CV)
  • Information you may voluntarily submit as part of any equal opportunities questionnaire, including any self-declared disabilities that we would need to make a reasonable adjustment for to support your application and any possible future employment

When using this website in some cases, we may collect information about you that is not personally identifiable. Examples of this type of information are:

  • Type of Internet Browser you are using
  • Type of computer operating system you are using
  • The domain name of the website from which you linked to our site or advertisement


How we use your personal data

We use your personal data to:

  • Review and process your application
  • To keep you up-to-date on its progress
  • For data analytical, assurance and review purposes (for example by analysing your application to improve our recruitment process)
  • To resolve grievances and complaints that involve you
  • In relation to self-declared disabilities in order for us to make a reasonable adjustments to support your application and any possible future employment.
  • In relation to any equality questionnaire data, to monitor our equality and diversity composition.
  • In relation to any right to work information we collect, in order to ensure we comply with the law in employing you.
  • In relation to any criminal record checks we complete, in order to ensure we comply with company policy in the event that your application is successful, we may use your data to enable you to have the correct access to equipment and systems. For example, we may use your details to prepare work schedules, to create an email address for you or to authenticate your identity when you log into our systems for the first time.


Legal basis of processing

In relation to:

  • personal data we process as part of our “right to work” checks, we process this because we are legally required to. If you do not provide us with this information we will not be able to progress your application.
  • sensitive personal data we process as part of any equality questionnaire, to make reasonable adjustments to support your application or as part of any criminal background (DBS) checks, we process this as permitted by employment laws.
  • all other uses of your personal data set out in this Policy, we process this because it is in our “legitimate interests” to do so. Our legitimate interests are:
    • operating a fair and transparent recruitment process 
    • recruiting and retaining the right candidates
    • ensuring candidates have the right skills and experience for any given role
    • Resolving any complaints in a fair and transparent manner

Sharing your personal data

We may share your personal data with:               

  • Suppliers, service providers and partners who work with us and provide administration and support services. For example, but not restricted to, conducting right to work checks, candidate screening/assessment and, if applicable criminal background checks.
  • Other group companies, who provide us with administration and support services
  • Government agencies, regulatory bodies and law enforcement agencies where we are obliged to by law
  • Any third party who may acquire our business.


Data Protection Officer


Tesco has appointed a data protection officer, who can be contacted by email at


Transfer outside of the European Economic Area (EEA)


The personal data that we collect from you may be transferred to, and stored at, a destination outside of the EEA.  It may also be processed by companies operating outside the EEA who work for us or for one of our service providers.  If we do this we ensure that your privacy rights are respected in line with this Policy. The most common way we do this is to put in place a specific type of contract, a copy of this type of contract can be found here [] or through an approved scheme such as the Privacy Shield [].

How we protect your personal data

We know how important it is to protect and manage your personal data and have the following measures in place to do this:

  • We use computer safeguards such as firewalls and data encryption
  • we enforce physical access controls to our buildings and files to keep this data safe, such as access cards and key control.
  • We only authorise access to colleagues who need it to carry out their job responsibilities
  • We protect the security of your information while it is being transmitted by encrypting it using appropriate data transfer solutions such as Secure Sockets Layer (SSL)
  • We may ask for proof of identity before we share your personal data with you.


How long we keep your personal data  

We will not keep your personal data longer than we need to, how long this is depends on several factors, including:

  1. Why we collected it in the first place;
  2. How old it is;
  3. Whether there is a legal/regulatory reason for us to keep it;
  4. Whether we need it to protect you or us.

In general, we keep information about unsuccessful candidates for 7 months after the conclusion of the recruitment process, although we may delete criminal records and right to work information earlier.

We keep information about our colleagues for 7 years after the end of their employment with us.

Account Deactivation

If you do not use your careers centre account in any way, including reviewing or updating your information, or making a further job application, we will contact you to ask if you want to keep the account.  We will contact you 3 times to ask, after this time, your account will be automatically deleted.  This does not prevent you creating a new account or making any future job applications using the same email address.

Subject Access Rights

You have the right to see the personal data we hold about you. This is called a Subject Access Request. If you would like a copy of the personal data we hold, please write to:

Data Protection Executive (Group Safety, Security and Resilience), Maldon Building, Falcon Way, Shire Park, Welwyn Garden City, AL7 1GA

You can also email

Other Data Protection Rights

In relation to your personal data, you also have the right to:

  1. Have inaccurate information corrected:

Summary of the right:

It is really important that the personal data we hold on you is accurate and that you notify us of any changes to your Personal Data so it can be updated as soon as it changes.


  1. Object to our use of it:

Summary of the right:

If you object we will then consider you objection to our use of your personal data. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it (see section c below) or delete it (see section d below).

  1. Restrict our use of it:

Summary of the right:

There are several situations when you can restrict our use of your personal data, this includes (but is not limited to):

- You have successfully made an objection (listed in section b above).

- You are challenging the accuracy of the Personal Data we hold.

- We have used your Personal Data unlawfully, but you do not want us to delete it.


  1. Have us delete it:

Summary of the right:

There are several situations when you can have us delete your personal data, this includes (but is not limited to):

- We no longer need to keep your personal data;

- You have successfully made an objection (listed in section b above).

- We have unlawfully processed your personal data.


The Data Protection Regulator

We would like the chance to resolve any complaints you may have, however you also have the right to complain to the UK data protection regulator (the ICO) about how we have used your personal data. Their website is [].

The ICO website also contains more information about your data subject rights that have been summarised above

Other websites

The Website may contain links to other sites which are outside our control and not covered by this policy. The operators of these sites may collect information from you that will be used by them in accordance with their policy, which may differ from ours.


Contact Us

To contact us about this policy please email


Changes to our policy

This policy replaces all previous versions and is correct as of March 2020.. We reserve the right to change the policy at any time.