Partnership Card

Cookies policy

We use cookies on our site to create the most secure and effective website possible for our customers. Among other things, cookies allow you to log in to your account, choose log-in preferences and apply for products and services online. This cookies policy explains what cookies are, how we use them and what benefits they bring.

To make full use of http://www.johnlewisfinance.com/card, your computer, tablet or mobile phone will need to accept cookies, as we can only provide you with certain personalised features of this website by using them.

Our cookies don't store sensitive information such as your name, address or payment details. However, if you'd prefer to restrict, block or delete cookies from http://www.johnlewisfinance.com/card, or any other website, you can use your browser to do this. Each browser is different, so check the 'Help' menu of your particular browser (or your mobile phone's handset manual) to learn how to change your cookie preferences.

Here's a list of the main cookies we use, and what we use them for.

Essential Cookies – These cookies are vital to us providing key features of our website, such as the ability to log-in to your account securely.

Cookie name
Cookie description
STATE_uatser
This session cookie allows our web servers to respond to your actions on the website when you browse the secure ‘log in to your account’ pages, ensuring the security of your account.
mpo3319kg
This is a session cookie which allows the web servers on the secure website to remember your log-in ID when you request us to do so.
af anti forgery token
To help prevent CSRF attacks, ASP.NET MVC uses anti-forgery tokens, also called request verification tokens.
  1. The client requests an HTML page that contains a form.
  2. The server includes two tokens in the response. One token is sent as a cookie. The other is placed in a hidden form field. The tokens are generated randomly so that an adversary cannot guess the values.
  3. When the client submits the form, it must send both tokens back to the server. The client sends the cookie token as a cookie, and it sends the form token inside the form data. (A browser client automatically does this when the user submits the form.)
  4. If a request does not include both tokens, the server disallows the request.
Anti-forgery tokens work because the malicious page cannot read the user’s tokens, due to same-origin policies. (Same-orgin policies prevent documents hosted on two different sites from accessing each other’s content. So in the earlier example, the malicious page can send requests to example.com, but it cannot read the response.)
To prevent CSRF attacks, use anti-forgery tokens with any authentication protocol where the browser silently sends credentials after the user logs in. This includes cookie-based authentication protocols, such as forms authentication, as well as protocols such as Basic and Digest authentication.
You should require anti-forgery tokens for any nonsafe methods (POST, PUT, DELETE). Also, make sure that safe methods (GET, HEAD) do not have any side effects. Moreover, if you enable cross-domain support, such as CORS or JSONP, then even safe methods like GET are potentially vulnerable to CSRF attacks, allowing the attacker to read potentially sensitive data.
iecookiecookie
This cookie is used for the cookie policy banner displayed on the first page of each site.

Performance cookies – These cookies collect information about how visitors use a site.

Cookie name
Cookie description
pscd_source_code
This is a session cookie which allows us to identify which referring website(s) and/or email you’ve come from and then tells us if you’ve applied for a Partnership Card. This information helps us to determine the number of Partnership Card applications made via the website and how successful our marketing campaigns are.
s_adid, s_cc, s_sq, s_vi
These cookies enable the function of our SiteCatalyst analytics software, supplied by our business partner Adobe. This software helps us take and analyse visitor information such as browser usage, new visitor numbers and response to marketing activity. That information helps us to improve the website and to make our marketing campaigns relevant. The data stored by these cookies can only be seen by the relevant teams at John Lewis and Adobe and never shows any confidential information.
s_fid
This cookie name is associated with the analytics service provided by Adobe's Site Catalyst product suite. It is a new cookie introduced in 2013 as a 'fallback' visitor identifier where the s_vi cookie normally used for this purpose is blocked. It contains a randomly generated, unique id. The main purpose of this cookie is: Performance.
STATE_uatser
This session cookie allows our web servers to respond to your actions on the website when you browse the secure ‘log in to your account’ pages, remembering your preferences and selections.
WT_FPC
These cookies enable the function of webtrends analytics software used by our business partner HSBC. This software helps HSBC take and analyse visitor information such as browser usage, new visitor numbers and response to marketing activity. That information helps us to improve the website. The data stored by these cookies can only be seen by the relevant teams at HSBC and webtrends and never shows any confidential information.
_utma
The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.
_utmt
Used to throttle request rate.
_utmb
Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics.
_utmc
Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit.
_utmz
Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics.
__sid
A session identifier, session ID or session token is a piece of data that is used in network communications (often over HTTP) to identify a session, a series of related message exchanges. Session identifiers become necessary in cases where the communications infrastructure uses a stateless protocol such as HTTP.
__sid_online_apply (online apply only)
A session identifier, session ID or session token is a piece of data that is used in network communications (often over HTTP) to identify a session, a series of related message exchanges. Session identifiers become necessary in cases where the communications infrastructure uses a stateless protocol such as HTTP.

Tailored content – These cookies allow us to display content which is relevant and tailored to your interests, based on the way that you have used our website.

Cookie name
Cookie description
card_set
This is a session cookie which is set when you sign in to view the special offers on the special offers page. You wouldn’t be able to view the special offers without this cookie.

Functionality – These cookies give you extra functionality, such as being able to remember your preferences.

Cookie name
Cookie description
cookie_notif_count
This cookie is used for our cookie notification banner on our homepage. It records the number of times the banner's been shown, so that it appears on three consecutive page views before disappearing. By continuing to use the website, we assume you consent to the use of cookies. If you choose to clear your cookies prior to each visit to our website, you will see the cookie banner upon entry to the website on each visit.

Advertising cookies - These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign.

Cookie name
Cookie description
sess
An advertising cookie from a third party provider called Appnexus. These help us and our advertisers see which advertisements you click on and interact with.

Third party cookies

When you visit http://www.johnlewisfinance.com/card you may notice some cookies that aren't related to Partnership Card, and are used by our third parties. We’ve listed these cookies in the section entitled 'Our cookies policy' and placed details of our third parties below.

Third party name
What their cookies are used for
Adobe SiteCatalyst
Adobe SiteCatalyst software helps us take and analyse visitor information such as browser usage, new visitor numbers and response to marketing activity. That information helps us to improve the website and to make our marketing campaigns relevant.
HSBC
HSBC provides the secure website for Partnership Card, where existing partnership cardholders can view and update their account details and prospective customers can apply for a Partnership Card.
webtrends
This software helps HSBC take and analyse visitor information such as browser usage, new visitor numbers and response to marketing activity. That information helps us to improve the website.
 
The data stored by these cookies can only be seen by the relevant teams at HSBC and webtrends and never shows any confidential information.

What are cookies?

Cookies are small text files that are sent to and stored on your computer, smartphone or other device for accessing the Internet, whenever you visit a website. Cookies are useful because they allow a website to recognise a user’s device.

We use cookies for a variety of reasons, such as to determine preferences, let users navigate between pages efficiently, verify the user and carry out other essential security checks. Some of the functions that cookies perform can also be achieved using similar technologies. This policy refers to ‘cookies’ throughout, but it also includes these alternate mechanisms.

More information about cookies can be found on allaboutcookies.org

The cookies used on our website

Cookies are used for a variety of reasons, such as to safeguard your privacy when browsing the site. They allow you to use functions such as being able to use secure online application forms. If you leave a secure session window open when logged in to your account, cookies will enhance your security by prompting you to end, and/or automatically ending, your secure session.

Cookies can also allow us to tailor the content of our website to suit your interests. For example, instead of displaying promotional messages about products you already have, they let us show you other services you may be interested in.

Finally, we use 'analytics' cookies to help us make our website better for those who visit it regularly. They help us work out what users like and don’t like and how we can improve things for you.

When we include links to other websites, please bear in mind they will have their own privacy and cookie policies that will govern the use of any information you submit. We recommend you read their policies as we're not responsible or liable for their privacy practices.

Managing your cookies

The browsers of most computers, smartphones and other web-enabled devices are typically set up to accept cookies. If you wish to amend your cookie preferences for this website or any other websites, you can do this through your browser settings. Your browser’s ‘help’ function will tell you how to do this.

However, please remember that cookies are often used to enable and improve certain functions on our website. If you choose to switch certain cookies off, it is likely to affect how our website works. For example, if your browser is set to disable 'session' cookies, although you will still be able to view our public website, you won’t be able to log in to your account.

More information about how to disable cookies visit allaboutcookies.org

More about your privacy

To find out more about how we protect your privacy when using our website, see our Privacy Policy

Frequently asked questions

Do cookies mean I could get cold calls or junk mail?

We never use the data gathered through cookies to contact you via post, email or phone. You will never see advertising on our website from anyone other than Partnership Card.

Can cookies pass on my personal information to others?

The only time we may share personal information gathered through cookies, is when you have given us express consent to do so by applying for a product or service. For example, if you were applying for a Partnership Card, we’d inform you that we’d be passing your details to our trusted Partnership Card provider, HSBC.

Do cookies compromise my security when I’m logged in to my account?

The cookies we use are completely safe and secure. In fact, many of them are used purely to provide important security features such as protecting your data and your accounts.

Can cookies allow others access to my computer’s hard drive?

The cookies we use cannot look into your computer, smartphone or web-enabled device and obtain information about you or your family or read any material kept on your hard drive.

If I use a public computer, will someone be able to get my details from the cookies?

Our cookies can't be used by anyone else who has access to the computer to find out anything about you, other than the fact that someone using the computer may have visited a certain website. Our cookies do not in any way compromise the security of Internet Banking.

More information about cookies can be found on allaboutcookies.org

To top of this page