At One Stop, we’re working hard to serve local shoppers a little better every day. Looking after the personal data you share with us is a hugely important part of this. We want you to be confident that your data is safe and secure with us and understand how we use it to offer you a better and more personalised shopping experience.

What this policy covers

The data controller is One Stop Stores Limited, part of the Tesco Group (referred to in this policy as “we” or “us”).

We are committed to doing the right thing when it comes to how we collect, use and protect your personal data. That’s why we’ve developed this privacy and cookies policy (“Policy”), which:

  • sets out the types of personal data that we collect;
  • explains how and why we collect and use your personal data;
  • explains when and why we will share personal data within the Tesco Group and with other organisations; and
  • explains the rights and choices you have when it comes to your personal data.

We offer a wide range of products and services, so we want you to be clear about what this Policy covers. This Policy applies to you if you use our services (referred to in this Policy as “our Services”). Using our Services means:

  • Using our Websites (“our Websites”) or mobile applications (“our Mobile Apps”) where this Policy is posted; or
  • This Policy also applies if you contact us or we contact you about our Services.

Parts of this Policy also apply to our store CCTV systems where they capture footage of you.

Our Websites may contain links to other websites operated by other organisations that have their own privacy policies. Please make sure you read the terms and conditions and privacy policy carefully before providing any personal data on a website as we do not accept any responsibility or liability for websites of other organisations.

Some other parts of our business and other Tesco Group companies may need to collect and use personal data to provide you with their products and services and for certain other purposes. They have their own privacy policies that explain how they use your personal data.

Our Websites or Mobile Apps may contain links to other websites operated by other organisations that have their own privacy policies. Please make sure you read the terms and conditions and privacy policy carefully before providing any personal data on a website as we do not accept any responsibility or liability for websites of other organisations.

Aggregated Data – We try and remove personal data we do not need. If we remove enough personal data is becomes anonymous. This means that you cannot be identified. We might also take data we hold and remove certain information and replace it with other non-identifying information such as ID number or reference number. This is an extra technique we use to protect data. We may use these techniques to look at statistical or demographic data.

Location Data – In some cases our apps might ask for your location information to help better serve you information about your local store, you will be made aware at the time if we would collect this data.

Personal data we collect when we interact with you

This section tells you what personal data we may collect from you when you use our Services and what other personal data we may receive from other sources.

When you register for our Services, you may provide us with:

  • Your personal details, including your postal addresses, email addresses, phone numbers and date of birth and title.
  • Your account login details, such as your username and the password that you have chosen

What type of data might be collected:

  • Identity Data
  • Contact Data
  • Technical Data
  • User Data
  • Marketing and Communications Data

When you browse our Websites or use our Mobile Apps, we may collect:

  • Information about your online browsing behaviour on our Websites and information about when you click on one of our adverts (including those shown on other organisations’ websites)
  • Information about any devices you have used to access our Services (including the make, model and operating system, IP address, browser type and mobile device identifiers)

What type of data might be collected:

  • Identity Data
  • Contact Data
  • Technical Data
  • User Data
  • Interaction Data
  • Marketing and Communications Data

When you contact us or we contact you or you take part in promotions, competitions, surveys or questionnaires about our Services, we may collect:

  • Personal data you provide about yourself anytime you contact us about our Services (for example, your name, username and contact details), including by phone, email or post or when you speak with us through social media
  • Details of the emails and other digital communications we send to you that you open, including any links in them that you click on
  • Your feedback and contributions to customer surveys and questionnaires
  • Recordings of calls made to our Customer Service Centre

What type of data might be collected:

  • Identity Data
  • Contact Data
  • User Data

When you visit our stores

  • footage of you may be recorded on our CCTV systems

What type of data might be collected:

  • Identity Data
  • Contact Data
  • User Data

Other sources of personal data

We may also use personal data from other sources, such as specialist companies that supply information, online media channels, our Retail Partners and public registers. For example, this other personal data helps us to:

  • Review and improve the accuracy of the data we hold; and improve and measure the effectiveness of our marketing communications, including online advertising
  • • improve and measure the effectiveness of our marketing communications, including online advertising.
We use personal data to This means that processing your personal data allows us to Why do we process your personal data in this way? Legal Basis
Manage and improve our day-to-day operations Manage and improve our Websites We use cookies and similar technologies on our Websites to improve your customer experience Legitimate Interests
Some cookies are necessary so you should not disable these if you want to be able to use all the features of our Websites. You can disable other cookies but this may affect your customer experience. For more information about cookies and how you can disable them, see the cookies and similar technologies section
Help to develop and improve our product range, services, stores, information technology systems, know-how and the way we communicate with you. Detect and prevent fraud or other crime We rely on the use of personal data to carry out market research and internal research and development, and to improve our information technology systems (including security) and our product range, services and stores. This allows us to serve you better as a customer. It is important for us to monitor how our Services are used to detect and prevent fraud, other crimes and the misuse of services. This helps us to make sure that you can safely use our Services.
Provide you with relevant marketing communications (including by email, post or online advertising), relating to our products and services, and those of our suppliers, Retail Partners and the Tesco Group. We want to ensure that we provide you with marketing communications, including online advertising, that are relevant to your interests. To achieve this we also measure your responses to marketing communications relating to products and services we offer, which also means we can offer you products and services that better meet your needs as a customer. [For most marketing communications we rely on your consent, however there are situations in which it is in our legitimate interests to do so.]
As part of this, online advertising may be displayed on websites across the Tesco Group and on other organisations’ websites and online media channels. We may also measure the effectiveness of our marketing communications and those of our suppliers and Retail Partners. You can change your marketing choices, both when you register with us, and at any time after that.
You also have choices when it comes to online advertising. We set out below your choices when it comes to cookies, and how you can control your online behavioural advertising preferences.
Contact and interact with you Contact you about our Services, for example by phone, email or post or by responding to social media posts that you have directed at us. We want to serve you better as a customer so we use personal data to provide clarification or assistance in response to your communications. Legitimate Interests
Manage promotions and competitions you take part in, including those we run with our suppliers and Retail Partners. We need to process your personal data so that we can manage the promotions and competitions you choose to enter.
Invite you to take part in and manage customer surveys, questionnaires and other market research activities carried out by One Stop, the Tesco Group and by other organisations on our behalf. We carry out market research to improve our Services. However, if we contact you about this, you do not have to take part in the activities. If you tell us that you do not want us to contact you for market research, we will respect this choice. This will not affect your ability to use our Services.
Claims In order to resolve legal claims or disputes involving you or us. For example, if you have any accident or there is an incident at our stores. This could include medical reports. Brining or Defending Legal Claims.
CCTV To monitor the safety of our stores in order to prevent and detect crime and anti-social behaviour. In order to protect our business, the local community, customers and colleagues Legitimate Interests

Our Legitimate interests in using your personal data

This section explains in detail how and why we use personal data

Our Legitimate Interests in using your personal data

Where we have mentioned above our use of your personal data is based on our “legitimate interests”, these are:

  • to service our customers’ needs, including delivering our products and services.
  • to promote and market our products and services.
  • to understand our customers including their patterns, behaviours as well as their likes and dislikes
  • to protect and support our business, colleagues, customers and shareholders.
  • to test and develop new products and services as well as improve existing ones.
  • for legal/regulatory purposes.

Sharing personal data with Service Providers

This section explains how and why we share personal data with Service Providers.
When we share personal data with these companies, we require them to keep it safe, and they must not use your personal data for their own marketing purposes.

Service Providers

We work with carefully selected Service Providers that carry out certain functions on our behalf. These include, for example, companies that help us with technology services, storing and combining data, processing payments and delivering orders. We only share personal data that enable our Service Providers to provide their services.

Some of the Service Providers we work with operate online and offline media channels, and they place relevant advertising for our products and services, as well as those of our suppliers on those online media channels on our behalf.

Sharing personal data with other organisations

This section explains how and why we share personal data with other organisations.

We may share personal data with other organisations in the following circumstances:

  • if the law or a public authority says we must share the personal data;
  • if we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
  • to an organisation we sell or transfer (or enter into negotiations to sell or transfer) any of our businesses or any of our rights or obligations under any agreement we may have with you to. If the transfer or sale goes ahead, the organisation receiving your personal data can use your personal data in the same way as us; or
  • to any other successors in title to our business.

How we protect personal data

We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.

  • We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.
  • We protect the security of your information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL).
  • We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you.

However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us.

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. If we do this we ensure that your privacy rights are respected in line with this Policy. The most common way we do this is to put in place a specific type of contract, a copy of this type of contract can be found here or through an approved scheme such as the Privacy Shield.

How long we use personal data for

We will not keep your personal data longer than we need to and will only use your personal data for the purposes set out in this Policy. We will always keep your personal data in accordance with applicable legal and regulatory requirements.

In most circumstances this means we will not keep your personal data for more than 7 years after the end of your relationship with us. However, for certain data sets we have the following retention periods:

  • Customer complaints and feedback will be deleted 4 years after the date of last communication.
  • Information you submit when participating in research panels/market surveys will be deleted 3 years after its creation.
  • CCTV data will be deleted 1 month after its creation.
  • Health and safety records (example: incident reports) will be deleted 7 years after their creation.
  • Where your personal data is needed because we are in serious dispute with you (such as litigation), your personal data will be deleted 7 years after closure of the matter.

Marketing and market research

This section explains the choices you have when it comes to receiving marketing communications and taking part in market research.

We will send you relevant offers and news about our products and services in several ways including by email, but only if you have previously agreed to receive these marketing communications. When you register with us, we will ask if you would like to receive marketing communications, and you can change your marketing choices at any time online, over the phone or in writing at any time.

We also like to hear your views to help us to improve our Services, so we may contact you for market research purposes. You always have the choice about whether to take part in our market research.

Cookies and similar technologies

We use cookies and similar technologies, such as tags and pixels (“Cookies”), to personalise and improve your customer experience as you use our Websites and Mobile Apps and to provide you with relevant online advertising. This section provides more information about Cookies, including how we use them and how you can exercise your choices about our use of Cookies.

How we use Cookies

Cookies are small data files that allow a website to collect and store a range of data on your desktop computer, laptop or mobile device.

Cookies help us to provide important features and functionality on our Websites and we use them to improve your customer experience. For example, we use Cookies to do the following:

Improve the way our Websites work Cookies allow us to improve the way our Websites work so that we can personalise your experience and allow you to use many of their useful features.
For example, we use Cookies so we can remember your preferences when you return to our Websites.
Improve the performance of our Websites Cookies can help us to understand how our Websites are being used, for example, by telling us if you get an error messages as you browse.
These Cookies collect data that is mostly aggregated and anonymous.
Deliver relevant online advertising We use Cookies to help us deliver online advertising that we believe is most relevant to you on our Websites and other organisations’ websites.
Cookies used for this purpose are often placed on our Websites by other organisations, and always with our permission. These Cookies may collect information about your online behaviour, such as your IP address and the website you arrived from. This means that you may see our adverts on our Websites and on other organisations’ websites. You may also see adverts for other organisations on our Websites.
To help us to deliver online advertising that is relevant to you, we may also combine data we collect through Cookies in the browser of your desktop computer or other devices with other data that we have collected.
Measuring the effectiveness of our marketing communications, including online advertising Cookies can tell us if you have seen a specific advert, and how long it has been since you have seen it. This information allows us to measure the effectiveness of our online advertising campaigns and control the number of times you are shown an advert.
We also use Cookies to measure the effectiveness of our marketing communications, for example by telling us if you have opened a marketing email that we have sent you.

Cookies that measure how our website is used

We use analytics tools to better understand how visitors use our website so that we can improve it based on user needs. Without any data it is difficult to make improvements.

These cookies enable us to understand how visitors arrive on our site, what pages they view and what visitors click on the site. All the data is anonymised and we cannot identify any individuals from these cookies.

Hotjar Tracking
_hjid Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
(expires 365 days)
Google Analytics
_ga Used to distinguish users.
(expires 2 years)
_gid Used to distinguish users.
(expires 24 hours)
_gat Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.
(expires 1 minute)

Cookies that help with our communications and marketing

These cookies may be set by third party websites and do things like measure which of our ads and external content you interact with and help us to match our services to likely customers with relevant and legitimate interest. We do not advertise on this website.

Facebook Pixel Code
_fbp Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers.
(Expires 3 Months)

Your choices when it comes to Cookies

Web browser cookies

You can use your browser settings to accept or reject new Cookies and to delete existing Cookies. You can also set your browser to notify you each time new Cookies are placed on your computer or other device. You can find more detailed information about how you can manage Cookies through your browser’s help function.

If you choose to disable some or all Cookies, you may not be able to make full use of our Websites. For example, you may not be able to add items to your shopping basket, proceed to checkout, or use any of our products and services that require you to sign in.

You can also manage advertising related Cookies used on our Services by opting-out through the Service Providers listed in the table above or by visiting the YourOnlineChoices website. Where we display personalised adverts on other organisations’ websites, the AdChoices icon will usually be displayed. Clicking on this icon will provide you with specific guidance on how to control your online advertising preferences. More information is available on the YourAdChoices website.

Mobile Apps
Cookies work differently on Mobile Apps as they are coded into the App itself and will use a unique identifier created by your mobile device for use for advertising activities. You can turn off or reset this advertising identifier through your mobile device’s privacy settings.

Subject Access Rights

You have the right to see the personal data we hold about you. This is called a Subject Access Request.

To comply with government guidance and enable our office colleagues to work from home, if you would like a copy of the personal data we hold about you, please email us at

Other Data Protection Rights

In relation to your personal data, you also have right to:

1. Have inaccurate information corrected

Summary of the right:

if you believe we hold inaccurate or missing information, please let us know and we will correct it.

2. Object to our use of it:

Summary of the right:

  • general objection – We will then consider you objection to our use of your personal data. If on balance, your rights outweigh our interests in using your personal data, then we will at your request either restrict our use of it (see section 3 below) or delete it (see section 4 below).
  • objection in relation to direct marketing – If you make such an objection, we will stop using your personal data for direct marketing purposes.

3. Restrict our use of it;

Summary of the right:

There are several situations when you can restrict our use of your personal data, this includes (but is not limited to):

  • you have successfully made a general objection (listed in section 2 above).
  • you are challenging the accuracy of the personal data we hold.
  • we have used your personal data unlawfully, but you do not want us to delete it

4. Have us delete it

Summary of the right:

There are several situations when you can have us delete your personal data, this includes (but is not limited to):

  • we no longer need to keep your personal data;
  • you have successfully made a general objection (listed in section 2 above).
  • you have withdrawn your consent to us using your personal data (and we do not have any other grounds to use it);
  • we have unlawfully processed your personal data

5. Complain to the data protection regulator

We’d like the chance to resolve any complaints you have, however you also have the right to complain to the UK data protection regulator (the ICO) about how we have used your personal data. Their website is

More Information on your Data Protection Rights

The ICO website contains more detail on the data protection rights mentioned above.

Or if you would like to speak to us about these rights in more detail, please see the “How to contact us” section below.

How to contact us

If you have any questions about how we collect, store and use personal data please contact us.

Phone: 01543 363 133
Mail: One Stop Stores Ltd, Apex Road Brownhills, Walsall, West Midlands, WS8 7HU

All contact made to and from customers via the Customer Service Centres may be recorded for training and quality purposes.