Asda for Business Privacy Policy

Asda for Business Privacy Policy

Our Promise

Asda is all about you – our customers and colleagues, our suppliers and our business partners – so we truly value our relationship with you and the trust you place in us. Respect for the Individual is at the heart of all we do, so we do take our responsibilities to each one of you, regarding your Privacy and Personal Information, very seriously.

This notice applies to the purchase of Gift Cards from Asda for Business at Read this notice in conjunction with Asda’s Privacy Notice at

What is Personal Information?

Personal Information (also known as personal data) is any information that identifies someone and any information that relates to that identified person. For example, if you have an Asda online account, your name and email address are information that identifies you, and your orders are information that relate to you.

Who is the Controller of your Personal Information?

The Controller of your Personal Information is Asda Stores Limited (with registered address at Asda House, Great Wilson Street, Leeds, LS11 5AD) unless we tell you otherwise. Contact Us for details on how to contact our Data Protection Officer if you have any questions or concerns about our handling of your Personal Information, or if you wish to make a complaint.

What Personal Information do we collect about you and how do we use it?

Processing Purpose Categories of data Legal Basis for Processing
To register you as a purchaser for Asda Gift Cards, and to provide you with purchased gift cards.
  • Name
  • Contact Information
  • Payment Information
  • Necessary for performance of the contract between you and us
Managing our customer service relationship with you. For example, when you communicate with Customer Services or use an online feedback form
  • Name
  • Contact Information
  • Feedback and comments
  • To meet our legitimate interests to run our business effectively by understanding how you are using our services and how to better apply the feedback provided to us
Collecting online identifiers for analytics purposes, to help us understand our customers better, to find out more about the kind of things they like or are not so keen on and help the improvement of products, services, websites and communications. Online identifiers such as:

  • IP address
  • device ID
  • session ID
  • cookie information
  • purchase history
  • To meet our legitimate interests to run our business effectively by understanding how you are using our products and services and interacting with our communications and how to improve this offering

Where do we collect your Personal Information from?

We collect most Personal Information directly from you, for example when you register with us online, purchase products from us or get in touch with us. We collect some Personal Information through observation, for example how you have used our websites or Apps.

We do not buy or sell your Personal Information.

Who do we share it with?

We have controls to limit access to your Personal Information to:

  • Individual colleagues who need it to do their job, such as processing your online orders or dealing with enquiries and complaints;
  • Select business partners and third parties, including our parent company Walmart Inc., who need it to provide services to us, such as delivering your orders, maintaining our computer systems or running marketing campaigns. For example vendors such as Technology providers, such as those who host some of our technology platforms or provide software to allow us to manage your accounts;

If requested, and where it is required or permitted by law, we may provide Personal Information to:

  • Official bodies, such as government agencies, local authorities, regulators and the police, who are authorised to request Personal Information where it is necessary for their lawful purposes;
  • Asda’s advisers, including lawyers, insurers, accountants and auditors;
  • Other organisations such as law firms or insurance companies acting on behalf of individuals, who may request CCTV or other evidence containing Personal Information, to support a claim in relation to an incident or accident involving their client at an Asda site.

If you would like to understand more detail about which trusted third parties we may share your Personal Information with, please get in touch with us using the Contact Us page.

Where is your Personal Information kept, processed and accessed from?

Some of our computer systems, including our websites, are operated by our parent company Walmart Inc. in the United States or by other companies contracted to provide services to Asda that operate in countries outside the UK or EU. So some of your Personal Information is stored and processed overseas, in the following countries: United States of America (USA)

Because the law in some of these countries does not provide the same level of protection as UK and EU law, we put in place data transfer agreements (which are considered appropriate safeguards) with Walmart and each company that processes Personal Information outside of the UK.

These agreements require that, wherever your Personal Information is held, it is protected to the same high standard as required by law in the UK. For more information, Contact Us.

How long will we keep your Personal Information for?

Unless otherwise stated, we will keep your Personal Information for three years then we will securely delete it.

We do need to keep some anonymous information for longer than this, such as customers’ shopping habits and buying patterns, so we can analyse it to identify trends and changes in activity and buying habits. We remove all names, contact details and any other information that identify individual customers, so it’s all just anonymous numbers and data.

How do we protect and secure your Personal Information?

We use security measures, including physical, administrative, and technical safeguards to protect the confidentiality of your Personal Information. These measures include encryption, security certificates, access controls, information security technologies, policies, procedures and other information security measures to help protect your Information.

When designing or implementing new computer systems and processes we look at ways to identify and mitigate potential security risks and then monitor and test our security systems to help protect your Personal Information.

Where possible, we also try to anonymise information so that individuals can’t be identified from it. An example of this is what we call Customer Insight. We analyse data about our customers’ shopping patterns and habits and use this to help us improve our product lines, how we display them, how we lay out our stores and so on. However, we don’t need to know who these customers are, we just need to know information such as how many bought certain products at certain times, or how much the average customer spends each week. So, instead of just putting all of our customers’ information together and analysing it, we first remove the pieces of information that could identify them, such as names, contact details, addresses and so on.

How can I exercise my Privacy Rights?

Personal Information is just that – it’s personal, and it’s yours. So we want to make sure that it’s easy for you to take control of it and exercise your legal rights. This Privacy Notice tells you all about how we collect and process your Personal Information, and why we are allowed to do so.

If you want to know more about your Privacy Rights and how to make a Rights Request, simply contact us by emailing us at or in writing at Data Protection, Asda House, Great Wilson Street, Leeds, LS11 5AD. Or find out more about your rights here.