Musgrave Group is committed to respecting your privacy and complying with data protection legislation. We would like our customers to read the following notice which explains your privacy rights and sets out how we, as a Data Controller, collect, use, process and disclose Personal Data relating to you and your interactions with us.
This notice should be read in conjunction with our Terms & Conditions and our Cookie Policy.
Terms defined in the Terms & Conditions have the same meaning unless expressly stated otherwise.
Additional conditions may apply to specific services or offers which we offer from time to time.
By accessing, browsing or otherwise using our websites and services, you confirm that you have read, understood and agree to this privacy notice in its entirety.
When we talk about “Musgrave”, or “we,” “us,” or “our,” in this privacy notice, we are talking about Musgrave Limited of Musgrave House, Ballycurreen, Airport Road, Cork, T12 TN99 in the Republic of Ireland trading as Musgrave Retail Partners Ireland, Musgrave Wholesale Partners, Musgrave MarketPlace and/or Musgrave Foodservices; in Northern Ireland we are talking about Musgrave SuperValu Centra NI Ltd trading as Musgrave Northern Ireland and/or Musgrave Distribution Ltd trading as Musgrave Marketplace and/or Musgrave Foodservices of Belfast Harbour Estate,1-19 Dargan Drive, Belfast BT3 9JG, in each case this includes a reference to the relevant subsidiaries, affiliates and their respective parent and subsidiary companies of those companies (“Musgrave Group”). We share your information within the Musgrave Group and with certain third parties as set out below to help us provide our services, comply with regulatory and legal requirements, and improve our products. Our main businesses include:
* MACE is part of the Musgrave group in Northern Ireland only
For the purpose of data protection legislation, we are the Data Controller of your Personal Data. In addition, where you provided Personal Data to a local store owner, the owner of the local store to which you supplied that data is also a data controller of your Information.
Our data protection officer may be contacted by emailing dpo@musgrave.ie
Personal Data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect and process any type of Personal Data you provide to us in the course of your interactions with us. You may have provided some of your Personal Data directly to us such as when you visited our website by volunteering Personal Data when subscribing to email alerts or by using our online feedback or other forms. We may also receive Personal Data about you from various third parties and public sources such as Social Media. This data may be collected by, or shared with, our trusted 3rd parties who manage some of these services on our behalf.
Personal Data we collect varies based on the services you use and includes, but is not limited to:
If you do not provide us with your Personal Data, we may not be able to provide you with certain services or respond to any questions or requests you submit to us via our website.
We collect Personal Data from you, when you:
Personal Data that we collect from Third Parties:
We may collect personal data from third party databases (for example for our fraud checks) or from other companies. This personal data helps us to manage our relationship with you as a customer for instance it helps us to manage your loyalty account and the loyalty programme benefits and related administrative requirements; review and improve the accuracy of the personal data we hold; and to ensure the effectiveness of marketing communications.
If you link your Google, Facebook or Twitter accounts or any accounts from other third party services (like shopping research panels or public forums such as blogging sites) to us, then we may also receive information from those accounts in accordance with applicable law and the terms of use of the third party’s services.
We work with third parties in relation to the provision of services to you (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Personal Data of Children:
Although visitors of all ages may navigate through our websites and services, we do not intentionally collect Personal Data from those under the age of 16, unless we are making it clear that this is what we are doing. We will always seek permission from relevant guardian. We store any data received for the specific purpose and will not further process or include for communications or marketing.
All Personal Data will be processed fairly and in keeping with the purposes for which it was obtained.
We will only process your Personal Data where we have a lawful purpose to do so, for example:
The below table includes the main purposes for which we process your personal data as well as the appropriate lawful basis. We may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Purpose(s) for Processing | Legal Basis for Processing |
To register you as a new user, maintain your account, verify your identity, and process renewals or amendments to terms; To provide you with products and services; To notify you about changes to our Privacy Notice; To process job applications. | The processing is necessary to perform a contract or enter into a contract with you |
To carry out any activities or disclosures to comply with any regulatory, government or legal obligations; To prevent, detect and investigate potential fraud, money laundering or other offences; To investigate improper use of the Services; To carry out activities necessary to the running of our business, including testing, network monitoring, staff training, quality control and any legal proceedings; To exercise our right to defend, respond or conduct legal proceedings; To achieve any other lawful purpose, including the sharing with third parties where you have given any consent required by law to such use. | The processing is necessary for us to comply with legal and regulatory obligations |
To inform you of our promotions; To contact you regarding the services provided by us; To keep you informed about new services, developments, special offers, and discounts or awards which we believe may be of interest to you, or which you may be entitled to To ask you to complete a Survey or market research; To carry out direct marketing; To send you alerts or newsletters that you have opted-in to receive; To provide you, or permit selected third parties to provide you, with details about events hosted or co-sponsored by us or about events we feel may interest you To contact clients regarding business opportunities. | Where you have given consent to the processing of your Personal Data – which you may withdraw at any time Where your consent is not required, and you have not objected, the use of the data is necessary for our legitimate interest in managing our business including legal, personnel, administrative and management purposes provided our interests are not overridden by your interests. |
To keep our sites and records updated; To customise your experience on our services, or to serve you specific content that is relevant to you; To carry out analysis of your details, in order develop our relationship with you and/or to develop and personalise the Services; To develop our business and inform our marketing strategy; To request customer feedback To provide customer care services; To ensure the safety and security of colleagues and customers and prevention or detection of unlawful acts | The processing is necessary to support our legitimate interests in managing our business, provided such interests are not overridden by your interests and rights |
We will store your Personal Data only for as long as necessary for the purpose(s) for which it was obtained. The criteria used to determine our retention periods include:
Please see the Contact Us section below if you wish to obtain further information concerning our retention periods.
From time to time, we may share information relating to you with third parties in order to provide the Services. This may include the disclosure of information to any company in the Musgrave group or to third party social media companies, in the following manner:
We may associate any category of information with any other category of information and will treat the combined information as Personal Data (and/or Your Information, as appropriate) in accordance with this Policy for as long as it is combined.
We will not sell your personal data to any third party.
We may transfer and/or store Personal Data related to you to a destination outside the European Economic Area (“EEA”) from time to time. In this context, this Personal Data may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.
Any transfer of Personal Data relating to you to a location outside the EEA is made in accordance with data protection law. Specifically, such transfers to locations that are not in receipt of an adequacy decision are only ever made lawfully by way of the European Commission’s Model Contractual Clauses. More information and a copy of the Model Contractual Clauses are available on the European Commission’s website.
We work with certain third parties to provide goods and services, such as eShops, Digital Advertising. These companies may, from time to time, collect Personal Data directly from you to use their services, or for their own marketing and tracking purposes and they may collect this from Personal Data you provided on our websites.
Our websites may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any Personal Data to those websites.
If these third parties collect your Personal Data from you, these companies will be acting as Data Controllers in their own right, separately from us. Any use of your Personal Data will therefore be subject to that third party’s own privacy policy which should be made available to you before they collect your Personal Data.
You have several rights in relation to your Personal Data under the General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018 and the UK Data Protection Act 2018 which may be subject to certain limitations and restrictions.
You have the right to request access to and rectification or erasure of your Personal Data, data portability, restriction of processing of your Personal Data, the right to object to processing of your Personal Data where processing is based on consent or our legitimate interests, and the right to lodge a complaint with a supervisory authority. For more information about these rights, please visit the European Commission’s “My Rights” page relating to GDPR, which can be displayed in a number of languages. If you reside outside of the European Union, you may have similar rights under your local laws.
We will respond to any valid requests within one month, unless it is particularly complicated or you have made repeated requests in which case we will inform you of any such extension, together with the reasons for the delay. You will not be charged a fee to exercise any of your rights unless your request is clearly unfounded, repetitive or excessive, in which case we will charge a reasonable fee in the circumstances or refuse to act on the request.
Please be aware that we may need to verify your identity before providing any Personal Data to you. We may need to do this to protect your data. We may also ask you to provide us some additional voluntary information to help us process your request more efficiently.
If you wish to exercise any of these rights, please contact us (see Contact Us below).
We are committed to protecting the security of your Personal Data. We use a variety of security technologies and procedures to help protect your Personal Data from unauthorised access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available. Where we have given you a password which enables you to access certain parts of our systems or sites, you are responsible for keeping that password confidential. We’ll never ask for your secure personal or account data by an unsolicited means of communication. You are responsible for keeping your personal and account data secure and not sharing it with others.
Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our website. Any transmission of Personal Data is at your own risk. Once we receive your Personal Data, we use appropriate security measures to seek to prevent unauthorised access or disclosure.
We reserve the right to change this Privacy Notice from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Notice. However, if we make material changes to this Privacy Notice we will bring this to the attention of the users of the services and sites.
Questions, comments and requests regarding this Policy are welcomed and should be addressed to our Data Protection Team at Musgrave Group , Musgrave House, Ballycurreen, Airport Road, Cork, T12 TN99 or by email to: dpo@musgrave.ie
Last updated: July 2020