INTRODUCTION

  1.  The Home Affairs Select Committee has invited Loyalty Management Group (LMG), the company that owns and operates the Nectar Card, to provide oral evidence to its inquiry into "A Surveillance Society?" on 7 June 2007. To assist the Committee in terms of background information and what we understand the Committee may be interested in; this written summary provides a detailed overview of how Nectar collects, uses and protects data on the individuals that participate in the Nectar loyalty programme.

THE NECTAR PROGRAMME AND HOW IT OPERATES

  2.  Nectar is a coalition loyalty programme. It consists of retailers and service companies that sign up to Nectar and offer Nectar Points to consumers. Currently there are 15 Nectar partners, each with sector exclusivity in the area in which they operate. This means, for example, that there is only one grocery supermarket, one petrol retailer, one department store, or one car-hire company in each sector participating in Nectar at any one time.

  3.  Nectar is an entirely voluntary scheme which consumers actively decide to join. These consumers are called "Collectors". Collectors earn Nectar points from the retailers and service companies. Collectors normally earn two Nectar Points for every £1 spent, although this differs in a limited number of cases (eg the rate is one Nectar Point for every one litre of fuel from the petrol retailer). At the lowest level, 500 points is equivalent to a reward worth £2.50 to collectors. This equates to 1% of the money spent by Collectors on collecting their points. This benefit level can rise to 5% depending on where Collectors redeem their points. Collectors have a variety of options when they want to redeem points, which range from money-off shopping through to booking flights, days out at theme parks and free cinema tickets.

  4.  Since the launch of Nectar in September 2002 to May 2007, Collectors have redeemed over £800 million worth of rewards.

COLLECTING DATA

  5.  Nectar collects information for two basic purposes:

(i)  Operational ie to have Collectors' contact details and to operate their Nectar account by adding and deducting Nectar Points from Collectors' accounts as they collect and redeem their points.

(ii)  Marketing ie to identify the shopping behaviour of Collectors so that Nectar and the partners in the programme can send Collectors offers that will be of interest to them. Information may also be analysed for internal purposes eg to validate the benefits a partner has gained from participating in Nectar.

NECTAR COLLECTS

  6.  Basic registration information for all Collectors collecting points on the account (name, address, phone number, e-mail address) and security information (date of birth and mother's maiden name or other memorable word); and basic lifestyle information (how many people live in the household, how many are under 18, number of cars in the household).

  7.  Shopping transaction information: where the Collector has shopped, on what date, total value of goods purchased. Nectar does not know the individual details of goods which are purchased. (For example: the data collected only tells Nectar Joe Bloggs shopped in the Westminster branch of Sainsbury's at 10 am on 4 June 2007, spent a total of £50 and is to be issued 100 points).

  8.  LMG would like Collectors to be engaged fully with Nectar by collecting and redeeming points and, if they choose to, by benefiting from the rewards and offers provided by Nectar. In order for Nectar to achieve this aim, it is paramount that it develops and maintains a high level of trust with Collectors, and a fundamental element of that relationship is that Nectar is openly transparent with how that data is used.

  9.  Partners in Nectar are only able to access data on their own customers and Nectar will carry out analysis on those customers for partners who wish to carry out marketing targeted at a particular set of their own customers eg BP may wish to make a particular offer to its customers who live within a certain radius of a petrol station. Nectar undertakes regular direct marketing communications with Collectors (eg its quarterly points update mailing) and partners can indirectly access Collectors who are not their customers by including an offer in those communications; if a Collector takes up that offer, he or she will then, of course, become a customer of that retailer or service company.

  10.  Nectar has established an internal code that applies for the benefit of the Nectar "coalition"—what we call our "database principles". These are included in all Nectar's contracts with companies which issue Nectar Points and set out the access that they are permitted to Nectar's data and also include some important safeguards for Collectors (eg Nectar has the right to refuse access to stop excessive communications). Nectar's success depends on gaining and maintaining the trust of Collectors and these principles are an important element of this.

  11.  Nectar also carries out specific marketing campaigns e.g. one that is very popular with Collectors is the offer sent when a collector has moved house, including a map of their new neighbourhood showing the nearest places they can collect Nectar Points and with bonus Points offers that can be used there.

PRIVACY AND DATA PROTECTION

  12.  It is a requirement of the Data Protection Act that everyone from whom data is collected is made aware of the information on them that is collected, what it will be used for, and to whom it will be disclosed. This must be done at the time the data is first collected. Nectar's "Policy on Privacy and Data Protection" appears prominently wherever Nectar collects data eg from registration forms and the website.

  13.  Safeguarding Collectors' data is essential to Nectar's business and to Nectar partners. Unless Collectors have the confidence of knowing that their data is secure with Nectar, they will stop engaging with the programme or "de-register". Even if there were no legal requirements, this is the most powerful underlying reason for Nectar to ensure that its data is kept as secure as possible.

  14.  However, there is another important element, which is a requirement of Nectar's partners. It is equally integral to their customer service, business model and wholesale reputation that any personal data is kept secure. In short, if they did not have confidence that Nectar could protect this information, they would not participate in the Nectar scheme.

CONCLUSION

  15.  Nectar's primary business asset is data. It therefore has a fundamental business need to ensure that its data is collected, held, used and disclosed in a way that complies not only with legal requirements but meets and exceeds best practice. Nectar relies on the continuing trust of Collectors and an important element of this is that they are confident that their data is secure with Nectar and that Nectar will handle their data properly.

  16.  The underlying aim for Nectar and its partners is to understand the needs and wishes of Collectors when they go shopping. Through the collection of data Nectar is able to provide a more detailed offering to suit the tastes of individual Collectors. The Collectors and their interests are at the heart of our business model.

  17.  In summary, it is Nectar's number one priority to safeguard any data that Collectors voluntarily choose to share with us. To fall short of providing a high level of security would damage the reputation of Nectar and would result in Collectors signalling their disapproval of Nectar through ceasing to participate in the Programme. To avoid this, we ensure, and will continue to ensure, that Nectar data is safeguarded by stringent security.

June 2007