Privacy Policy

About this Policy

This Privacy Policy applies to Tesco Stores Limited and One Stop Stores Limited . Where we refer to “us”, “we” or “our” in this Privacy Policy, we mean the Tesco Group company you are applying for a job with and that Tesco Group company will be the data controller.

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this Privacy Policy which:

Sets out the types of personal data we collect;
Explains how we use your personal data;
Explains when and why we will share your personal data (within the Tesco Group and other third party organisations): and
Explains the rights and choices you have when it comes to your personal data.

What personal data we collect

When you apply for a job with us, we may collect and process the following:

Your name
Your address
Your telephone number
Your email address
Your occupation
Communications between you and us about this website or job application
Information regarding your “right to work” in the UK
Your account login details, including your user name, email, password and your communication preferences
For certain roles, information connected to, or as a result of, criminal background (DBS) checks
Information you submit as part of any job application (for example your career history, education, salary and CV)
Information you may voluntarily submit as part of any diversity or equal opportunities questionnaire such as gender, health, disabilities, sexual orientation and race and ethnicity

When using this website in some cases, we may collect analytics or user information to help us improve the user experience of the website. Examples of this type of information are:

Type of Internet Browser you are using
Type of computer operating system you are using
The domain name of the website from which you linked to our site or advertisement

How we use your personal data

We use your personal data to:

Review and process your application
To keep you up-to-date on its progress
For data analytical, assurance and review purposes (for example by analysing your application to improve our recruitment process)
To resolve grievances and complaints that involve you
In relation to self-declared disabilities in order for us to make a reasonable adjustments to support your application and any possible future employment.
In relation to any diversity or equal opportunities monitoring questionnaire data, to monitor and report on our equality and diversity composition and ensure fairness in the recruitment process.
In relation to any right to work information we collect, in order to ensure we comply with the law in employing you.
If we need to carry out criminal record checks because of the nature of your role, we process this information in accordance with our rights and obligations in the area of employment law.
in the event that your application is successful, we may use your data to enable you to have the correct access to equipment and systems. For example, we may use your details to prepare work schedules, to create an email address for you or to authenticate your identity.
to keep you updated on any other suitable vacancies.

Legal bases for processing

In relation to:

personal data we process as part of our “right to work” checks, we process this because we are legally required to. If you do not provide us with this information, we will not be able to progress your application.
special category personal data (such as health, ethnicity, race, sexual orientation) we process as part of any equality questionnaire, to make reasonable adjustments to support your application, or as part of any criminal background (DBS) checks, we process this as permitted or required by employment laws.
all other uses of your personal data set out in this Policy, we process this because it is in our “legitimate interests” to do so. Our legitimate interests are:
- operating a fair and transparent recruitment process
- recruiting and retaining the right candidates
- ensuring candidates have the right skills and experience for any given role
- resolving any complaints in a fair and transparent manner
- for general research and statistical purposes including producing core business statistics on recruitment to inform and improve our processes

Sharing your personal data

We may share your personal data with:

Suppliers, service providers and partners who work with us and provide administration and support services. For example, but not restricted to, conducting right to work checks, candidate screening/assessment and, if applicable criminal background checks.
Tesco Group companies, including those who provide us with administration and support services or for reporting purposes
Government agencies, regulatory bodies and law enforcement agencies where we are obliged to by law.
Any third party who may acquire our business.

Data Protection Officer

Tesco has appointed a data protection officer, who can be contacted by email at DPO@tesco.com

Transfer outside of the United Kingdom

Your personal data may be transferred outside the UK. It may also be processed by companies outside the UK who work for us (or for one of our service providers). When we do this, your personal data will be subject to appropriate protections. If we do transfer personal data to outside of the UK, it'll be protected in the same way as if it was being used in the UK. To do this, we use one of the following safeguards:

We transfer to a non-UK country whose privacy laws ensure an appropriate level of protection for personal data.
We put in place a contract with a third party that means they must protect personal data to the same standards as the UK.
We transfer personal data to organisations that are part of specific agreements on cross-border data transfers with the UK.

How we protect your personal data

We know how important it is to protect and manage your personal data and have the following measures in place to do this:

We use computer safeguards such as firewalls and data encryption
we enforce physical access controls to our buildings and files to keep this data safe, such as access cards and key control.
We only authorise access to colleagues who need it to carry out their job responsibilities
We protect the security of your information while it is being transmitted by encrypting it using appropriate data transfer solutions such as Secure Sockets Layer (SSL)
We may ask for proof of identity before we share your personal data with you.

How long we keep your personal data

We will not keep your personal data longer than we need to, how long this is depends on several factors, including:

Why we collected it in the first place;
How old it is;
Whether there is a legal/regulatory reason for us to keep it;
Whether we need it to protect you or us.

In general, we keep information about unsuccessful candidates for up to 12 months after the conclusion of the recruitment process, although we may delete criminal records and right to work information earlier.

We keep information about our colleagues for 7 years after the end of their employment with us.

Account Deactivation

If you do not use your careers centre account in any way, including reviewing or updating your information, or making a further job application, we will contact you to ask if you want to keep the account. We will contact you 3 times to ask, after this time, your account will be automatically deleted. This does not prevent you creating a new account or making any future job applications using the same email address.

Subject Access Rights

You have the right to see the personal data we hold about you. This is called a subject access request or SAR.

If you'd like a copy of the personal data we hold about you, please email us at subjectaccess.request@tesco.com or SARrequests@onestop.co.uk

Other Data Protection Rights

In relation to your personal data, you also have the right to:

1. Have inaccurate information corrected:

Summary of the right:

It is really important that the personal data we hold on you is accurate and that you notify us of any changes to your Personal Data so it can be updated as soon as it changes.

2. Object to our use of it:

Summary of the right:

If you object we will then consider you objection to our use of your personal data. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it (see section c below) or delete it (see section d below).

3. Restrict our use of it:

Summary of the right:

There are several situations when you can restrict our use of your personal data, this includes (but is not limited to):

- You have successfully made an objection (listed in section b above).

- You are challenging the accuracy of the personal data we hold.

- We have used your personal data unlawfully, but you do not want us to delete it.

4. Have us delete it:

Summary of the right:

There are several situations when you can have us delete your personal data, this includes (but is not limited to):

- We no longer need to keep your personal data;

- You have successfully made an objection (listed in section b above).

- We have unlawfully processed your personal data.

Complain to the data protection regulator

We would like the chance to resolve any complaints you may have, however you also have the right to complain to the UK data protection regulator (the ICO) about how we have used your personal data. Their website is: https://ico.org.uk/.

The ICO website also contains more information about your data subject rights that have been summarised above

Contact Us

If you have any questions or complaints about how we use your personal data, please contact our DPO by email: DPO@Tesco.com or PrivacyOfficer@onestop.co.uk

These email addresses are only for data protection queries. We're unable to answer any other queries at this email address. If you'd like to get in touch about recruitment please email resourcing.team@tesco.com

Changes to our policy

This policy replaces all previous versions and is correct as of March 2024. We reserve the right to change the policy at any time.

Terms & Conditions

Cookie policy