Who are we?
When we say ‘we’ or ‘us’ in this policy, we’re referring to J Sainsbury plc, 33 Holborn, London, EC1N 2HT. This website is created and managed by Investis Limited on behalf of Sainsbury’s.
What sorts of personal information do we hold?
- Registration and contact details– your full name, address, email address and phone number and your contact history;
- Bank account details – your bank account number and sort code;
- Shareholding– a record of the number of shares that you hold and details of past transactions;
- Communications – details and where relevant copies of communications between us, your communication preferences and, if you are a beneficial owner, any information rights you have exercised;
- Meetings– a record of your shareholder meeting attendance and votes cast;
- Payments– a record of dividends paid/payable to you or reinvestments through the Company’s Dividend Reinvestment Plan;
- Your account login details– this is your user name and chosen password;
- Contact preferences – how and whether you want us to contact you;
- Beneficiaries– if we have lost contact with you, we may employ tracing agents to find you or your beneficiaries to reunify your holding to the person(s) entitled to it; and
- Other– any special instructions or restrictions relating to your account.
How do we use your personal information?
There are a number of ways in which we use your personal information, depending on how you interact with us.
We may use your information in the following ways:
- Maintain the share register– for example to update the details we hold about you or the size of your shareholding, and to detect and prevent fraud;
- Distribute dividends – to ensure that you receive any dividends or additional shares that are due to you;
- Meeting management– to ensure that you can exercise your shareholder meeting rights, including the rights to speak and vote;
- Corporate actions– to manage any corporate actions that we may undertake, such as a rights issue, share buyback or scheme of arrangement;
- Analytics and profiling– we may use your information to help us operate the share register efficiently, to fulfil our issuer obligations, to support our shareholder communications or in connection with a corporate action; and
- Contacting you– we use your personal information to contact you in relation to our issuer obligations, to respond to any questions you have raised with us, to improve the operation of the share register, and to consult with you on, or to keep you informed about, any matter of interest to you as a shareholder.
Our legal basis for processing your personal information
Whenever we process your personal information we have to have something called a ‘legal basis’ for what we do. The different legal bases we rely on are:
- Legal obligation: We are required to process your personal information by law;
- Performance of a contract: We must process your personal information to comply with the Company’s Articles of Association;
- Consent: You have told us you are happy for us to process your personal information for a specific purpose;
- Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights;
- Public information: Where we process personal information which you have already made public; and
- Legal claims: The processing of your personal information is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
Who might we share your personal information with?
Our service providers – some third parties process your personal information on our behalf but only if they meet our standards of security before doing so. We only share information that allows them to provide their services to us or to facilitate them providing their services to you. These third parties include:
- Equinti Group plc, who provide share registrar services to us, and their subcontractors; and
- Where relevant, our professional advisors, such as lawyers and consultants;
- Third party vendors who help us to manage and maintain the J Sainsbury plc IT infrastructure;
- Companies that deploy our emails and mailings for us because they need to know your details to carry out these services.
Other organisations and individuals – we may share your personal information in certain scenarios. For example:
- If we are reorganised or sold to another organisation, we may transfer information we hold about you to them so they can continue to provide the Services to you.
- If we are required to by law, under any rule or code of practice by which we are bound or where we are asked to do so by a public or regulatory authority;
- If we need to do so in order to exercise or protect our legal rights; or
- In response to requests from individuals (or their representatives) seeking to protect their rights or the rights of others.
International transfers of personal information
Keeping you informed
You can amend your Alert preferences by using the Log in link at the beginning of the Alert service page
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you.
- the right to access a copy of the personal information we hold about you;
- the right to correction of inaccurate personal information we hold about you;
- the right to restrict our use of your personal information;
- the right to be forgotten;
- the right of data portability;
- the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects for you or affects you in any other significant way; and
- the right to object to our use of your personal information.
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below.
How long will we keep your personal information for?
We take protecting your personal information seriously and are continuously developing our security systems and processes. Some of the controls we have in place are:
- We limit physical access to our buildings and user access to our systems to only those that we believe are entitled to be there;
- We use technology controls for our information systems, such as firewalls, user verification, strong data encryption, and separation of roles, systems & data;
- Systems are proactively monitored through a “detect and respond” information security function;
- We utilize industry “good practice” standards to support the maintenance of a robust information security management system; and
- We enforce a “need to know” policy, for access to any data or systems.
If you would like to exercise one of your rights as set out in the “Your rights” section above, or you have a question or a complaint about this policy, or the way your personal information is processed, please contact us by:
By email: [email protected]
By post: Data Protection Officer, 33 Holborn, London, EC1N 2HT
You also have the right to lodge a complaint with the UK regulator, the Information Commissioner.