How Clubcard data disperses beyond Tesco
Most people assume their Clubcard data sits in a Tesco database, used to generate vouchers for things they already buy. That assumption is wrong by a factor of about ten. Tesco processes your purchase history through Dunnhumby, its data science subsidiary, which shares derived insights with Meta, Google, LiveRamp, and Sky/Virgin Media. Your weekly shop becomes a targeting signal across platforms you have never connected to Tesco.
I have mapped loyalty programme data flows as part of digital footprint assessments for clients with compound exposure, and the Clubcard pipeline is one of the most sprawling I have encountered. But what surprises people more than the exposure itself is what happens when they try to get that data deleted. The dispersal is so wide, and the controller relationships so fragmented, that a single erasure request to Tesco barely scratches the surface.
What a subject access request from Tesco actually reveals
If you submit a DSAR to Tesco under UK GDPR Article 15, what comes back is instructive. You get your purchase history, your Clubcard registration details, your contact information, and your marketing preferences. What you do not get is a clear picture of everywhere that data has travelled.
Dunnhumby operates as a separate entity. Tesco Bank is a separate controller. Tesco Mobile is another. Booker and One Stop sit within the group but maintain their own data processing operations. A single DSAR to “Tesco” does not cover all of them. You need separate requests to each entity, and most people never realise this until they have already spent a month waiting for an incomplete response.
The retention period compounds the problem. Tesco retains data for up to 7 years for dispute resolution. Even if you close your Clubcard account today, records of your transactions, your addresses, and your payment methods persist in their systems until that window expires.
The LiveRamp connection
LiveRamp UK holds identity data on approximately 45 million UK consumers. When Dunnhumby shares Clubcard-derived insights with LiveRamp, your offline purchase behaviour gets linked to a RampID that connects your real-world shopping to your online advertising profile. This is the identity graph that advertisers use to target you across devices and platforms.
Requesting erasure from LiveRamp is a separate process entirely. You can submit a request at liveramp.uk/privacy/your-rights/ or email ukprivacy@liveramp.com. In my experience, the difficulty is medium to hard, because LiveRamp processes data under legitimate interest and will push back on erasure requests where they believe the lawful basis holds. I have covered the hidden data broker layer in more detail elsewhere, but LiveRamp sits at the centre of it for loyalty programme data specifically.
Price comparison sites create dozens of independent controllers
This is where loyalty programme exposure meets a completely different problem, and where I think most privacy advice falls genuinely short.
When you request an insurance quote on MoneySuperMarket, CompareTheMarket, GoCompare, or Confused.com, you hand over your name, date of birth, full address history, driving history, claims record, employment details, and income. That information is sent simultaneously to every insurer on the panel. Each insurer becomes an independent data controller the moment they receive your details.
One comparison quote can create 15 to 30 separate data controller relationships in a single click. Each insurer retains your data under their own policies, typically 6 to 7 years. To fully erase your information from one comparison session, you would need to identify every insurer that received your quote, submit individual erasure requests to each one, and follow up when they claim legitimate interest as a lawful basis for retention.
I have spoken with clients who ran comparison quotes across multiple sites before buying a policy. The data dispersal from those sessions alone created over 80 independent controller relationships. Nobody warned them. No comparison site makes this clear at the point of submission. And most data removal services do not cover insurance panel members at all.
MoneySuperMarket has also disclosed data sharing with OpenAI for AI-powered features. That means your insurance quote data, including address history and income, potentially feeds into a large language model. Whether this falls within the consent you gave when clicking “get quotes” is, at best, legally questionable under UK GDPR.
The MONY Group structure most people fund without knowing
MONY Group owns MoneySuperMarket. It also owns TopCashback and Quidco. If you use any cashback site alongside a price comparison site, there is a reasonable chance your data flows between entities within the same corporate group.
TopCashback and Quidco track your purchases, your retailer relationships, and your spending patterns. That data sits within the same corporate structure as MoneySuperMarket’s insurance and financial product data. The cross-entity sharing is buried in privacy policies that run to thousands of words.
Shopmium, a receipt scanning app, shares hashed emails and device IDs with LiveRamp. A photo of your Tesco receipt becomes a signal that links your real-world shopping to your digital advertising identity. The same LiveRamp identity graph. The same 45 million UK consumer profiles. Every receipt you scan tightens the connection between your offline life and your online one.
Nectar and Sainsbury’s: same model, same problem
Nectar has 18 million members. Sainsbury’s receives modelled household data from Experian, CACI, and Royal Mail. It shares data with Nectar Partners and Sainsbury’s Bank for credit pre-approval decisions.
The credit pre-approval angle is the part that catches people off guard. Your loyalty card data is being used to assess your creditworthiness before you have applied for anything. The data flows from your shopping basket to a bank’s lending model without you filling in a form. For individuals who maintain careful control over their financial data exposure, this is a genuine blind spot.
In practical terms, Sainsbury’s Bank can use your Nectar transaction history to build a spending profile, identify patterns that correlate with creditworthiness, and present you with a pre-approved offer the next time you log in. You never consented to a credit check. No hard search appears on your credit file. But your grocery spending data has been fed into a lending decision model all the same. This is not hypothetical. I have seen SAR disclosures from Sainsbury’s that include pre-approval scoring data linked directly to Nectar purchase history.
To request erasure from Nectar and Sainsbury’s, write to the Privacy Team at Sainsbury’s, 17th Floor, Arndale House, Manchester M4 3AL. In my experience, Sainsbury’s typically responds to SARs within 25 to 28 days, close to the statutory one-month limit but within it. The response itself is reasonably thorough for the core Sainsbury’s entity, but it does not cover Nectar Partners or Sainsbury’s Bank without separate requests. Expect the same retention arguments and intra-group complexity as Tesco.
Why erasure requests barely dent loyalty programme exposure
Here is my honest take on this: requesting erasure from Tesco or Sainsbury’s is worth doing, but it addresses maybe 20% of the actual problem.
The data has already been shared with third parties who are independent controllers. LiveRamp has your identity graph. Meta has your purchase-derived audience segments. The insurers from your comparison quotes have your full personal details. Dunnhumby has derived insights that may no longer qualify as “personal data” once sufficiently aggregated. You cannot send one erasure request and expect it to cascade through the chain. Each downstream recipient needs to be identified and contacted separately.
For someone with compound exposure (multiple loyalty programmes, comparison site usage, cashback apps, plus the usual 192.com and electoral register footprint), the total number of entities holding personal data easily exceeds 150. Automated services like Incogni do not cover loyalty programmes, insurers, or cashback platforms. Rightly addresses company relationships to some degree, but cannot reach the insurance panel dispersal problem.
What I recommend for high-exposure individuals
Stop using price comparison sites under your real identity. Use a dedicated email address for loyalty programmes and keep it entirely separate from your primary accounts. Submit SARs to Tesco, Sainsbury’s, and any comparison site you have used in the last 6 years, so you know the scale of the problem before you start sending erasure requests.
Then prioritise the entities that pose the highest risk. LiveRamp, the credit reference agencies, and the insurance databases hold the most actionable data. The loyalty programmes themselves are lower risk in isolation, but they feed the higher-risk entities constantly.
To put a number on it: I recently completed a full data mapping exercise for a client who held Clubcard and Nectar accounts, had used three comparison sites over four years, and had TopCashback and Quidco accounts running in the background. The total count of independent data controllers holding their personal information came to 163. Of those, 74 were insurers from comparison site panels, 12 were intra-group entities across Tesco and Sainsbury’s, and the remainder were data brokers, advertising partners, and cashback affiliate networks. That is the actual scale of the problem for someone who has done nothing unusual, just used the same services as millions of other people.
If you are already working through a broader data removal programme, loyalty data should come after the root sources (electoral register, 192.com, Companies House) but before the long tail of forum posts and review sites. The data is commercially valuable, which means controllers resist deletion, but it is covered by UK GDPR with limited exemptions.
If you want a full picture of where your loyalty and comparison site data has ended up, get in touch. I can map the full chain and identify which erasure requests are worth pursuing and which will hit a legitimate interest wall.
