- IMPORTANT NOTICE
This is the Privacy Notice of BAKKAVOR GROUP PLC (company number 10986940) whose
registered office is at Fitzroy Place 5th Floor, 8 Mortimer Street, London, W1T 3JJ
(“BAKKAVOR”). Bakkavor ispart of a group which is made up of a number of legal
entities, including Bakkavor Foods Limited, Bakkavor Limited, Bakkavor Pension Trustees Limited and any
other
subsidiaries of Bakkavor Group Plc that may process personal data from time to time
(“Group”) so where this Privacy Notice refers to
“Bakkavor”, “we”,
“us” or
“our”, it is referring to the relevant company within the Group. This Privacy
Notice
sets out how we collect and process your personal data. This Privacy Notice also provides certain
information
that
is legally required and lists your rights in relation to your personal data.
This Privacy Notice relates to personal information that identifies “you”
meaning
customers or potential customers, suppliers, shareholders, individuals who browse our website or visit any
one
of
our premises or any other individuals outside our organisation with whom we interact. If you are an
employee,
contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies
to
you
instead. This Privacy Notice is not intended for children and we do not knowingly collect personal data
relating
to
children.
This Privacy Notice may vary from time to time so please check it regularly. This version of this Privacy
Notice
was
updated on 7 March 2023.
- HOW TO CONTACT US
This Privacy Notice applies where we are a controller in respect of your personal data – this is where
we
decide how and why your personal data is processed.
If you need to contact us in connection with our use or processing of your personal data, to correct your
personal
data held by us or change any preferences or gain access to it then our contact details are:
Email: dataprotection@bakkavor.com Address: FAO
General
Counsel and Company Secretary, Bakkavor, Fitzroy Place, 5th Floor, 8 Mortimer Street, London, W1T 3JJ
- CATEGORIES OF PERSONAL DATA WE COLLECT
The categories of personal data about you that we may collect, use, store, share and transfer are:
- Individual Data.This includes personal data which relates to your identity, such as
your
first
name, middle name, last name, username or similar identifier and your contact details such as your email
address
and telephone numbers;
- Preference Data.This includes personal data which relates to your preferences, such as
information about your preferences in receiving information from us through our Alert Service;
- Information Technology Data.This includes personal data which relates to your use of
our
website, such as your traffic data, and other communication data, browser type and version, time zone
setting
and location, operating system and platform and other technology on the devices you use to access our
website;
- Economic and Financial Data.This includes personal data which relates to your finances,
such as
your bank account and payment card details and information which we collect from you for the purposes of
the
prevention of fraud;
- Sales Data.This includes personal data which relates to the transactions you have
conducted
with us;
- Audio and Visual Data.This includes personal data which is gathered using our CCTV or
other
recording systems in the form of images, video footage and sound recordings that is taken at any of our
locations or otherwise by us for promotional purposes;
- Health Data. This includes personal data which is gathered for health and safety
purposes
including any accident report or claim log or any information you provide about allergies or other
medical
conditions during the booking process or in one of our locations;
We may also create Personal Data about you, for example, if you contact us by telephone to make a complaint,
for
example about our services or goods, then we may make a written record of key details of the conversation so
that we
can take steps to address the complaint.
We also obtain and use certain aggregated data such as statistical or demographic data for the purpose of
aggregate
analytics (“Aggregated Data”). Aggregated Data may be derived from your
personal
data
but does not directly or indirectly reveal your identity. For example, we may aggregate your Information
Technology
Data to calculate the percentage of users accessing a specific feature on our website. However, if we
re-combine
or
re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we
treat
the
combined data as personal data which will be used in accordance with this Privacy Notice.
In addition, we may obtain data concerning health, which is considered a special category of personal data,
and
this
Privacy Notice specifically sets out how we may process this type of personal data.
We do not collect any information about criminal convictions and offences.
- THE SOURCES FROM WHICH WE OBTAIN YOUR PERSONAL DATA
We obtain your personal data from the following sources:
- Directly from you,either in person (at our locations or otherwise), via our website or
by
telephone or other devices. This could include personal data which you provide when you:
- buy or sell shares in Bakkavor;
- contact us by email or telephone;
- subscribe to our Alert Service;
- request information on our products or services or for other marketing to be sent to you;
- enter into a competition or promotion; and
- complete a survey from us or give us feedback.
- Via automated technologies,such as CCTV or other recording systems, cookies, server
logs
and
other similar technologies. We may automatically collect Information Technology Data about your
equipment,
browsing actions and patterns by using cookies, server logs and other similar technologies. We may also
receive
Information Technology Data about you if you visit other websites employing our cookies. Please see
our cookie policy for
further
details.
- From someone else,such as:
- search information providers (such as Google);
- providers of technical, payment and delivery services;
- providers of social media platforms (such as Facebook, Twitter and Instagram) for example where you
share
our
content through social media, for example by liking us on Facebook, following or tweeting about us on
Twitter;
and
- website providers (such as Q4 Inc).
- From publicly available sources, such as:
- Companies House;
- the electoral roll;
- HM Land Registry; and
- credit reference agencies.
- HOW WE USE YOUR PERSONAL DATA
We collect personal data about you in order to:
- perform our contractual obligations to you. This would include:
- processing and performing our obligations towards you;
- orders placed by us where you are a supplier;
- making or receiving payments, fees and charges; and
- collecting and recovering money owed.
- manage our relationship with you including:
- to send you important notices such as communications about changes to our terms and conditions and
policies
(including this Privacy Notice);
- to provide you with important real-time information about products you have ordered from us (e.g. a
change
of
time or location due to unforeseen circumstances); and
- to send you information you have requested; and
- to deal with your enquiries;
- if you are a shareholder to manage our relationship to you and comply with our obligations;
- administer our business and carry out business activities;
- make suggestions and recommendations to you about goods that may be of interest to you, deliver relevant
website
content and alerts to you via our Alert Service and to measure or understand the effectiveness of our
communications;
- communicate with you about, and administer your participation in, special events, programs, promotions,
any
prize draws or competitions;
- for internal purposes to use data analytics, to identify usage trends, determine and measure the
effectiveness
of promotional campaigns and advertising and to improve our website, products, marketing, customer
relationships
and experiences;
- protect our business including to deal with any misuse of our website and to comply with our security
policies
at our locations;
- use your personal data to comply with our own legal and industry obligations e.g. to comply with health
and
safety requirements, or to assist in a police investigation;
- enforce or apply our terms of use, terms and conditions of supply and other agreements with third
parties;
- to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law
enforcement agencies in relation to the same);
- finance, restructure, sell, make ready for sale or dispose of our business in whole or in part including
to
any
potential buyer or their advisers;
- use our knowledge of any personal data you disclose to us in the event of illness or injury or some
other
related emergency or to record any accident or injury or other incident you may suffer when visiting any
of
our
locations; and
- investigate and defend any third-party claims or allegations.
- OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA
Where we may rely on consent
For certain purposes it may be appropriate for us to obtain your prior consent (such as when you sign up to
our
Alert
Service). The legal basis of consent is only used by us in relation to processing that is entirely voluntary
–
it is not used for processing that is necessary or obligatory in any way.
In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our
processing your personal data. Please contact us using the contact details set out in paragraph 2 to do so.
Please
note even if you withdraw consent for us to use your personal data for a particular purpose we may continue
to
rely
on other lawful bases to process your personal data for other purposes.
Other legal bases we may rely on
Where we are relying on a basis other than your consent, the lawful basis for processing personal data will
be
one of
the following:
- the processing is necessary in order for us to comply with our legal
obligations(such
as
compliance with anti-money laundering legislation or communicating with our shareholders (for example to
provide
the Annual Report or notify of meetings);
- the processing is necessary for the performance of a contractyou are party to or
in
order
to take steps at your request prior to you entering into a contract;
- the processing is necessary for the pursuit of our legitimate business interests.
In
particular, our legitimate interests include:
- the provision of goods and services;
- facilitate the payment of dividends to our shareholders;
- the recovery of debt;
- the provision of administration and / or IT services;
- the security of our IT network;
- the prevention of fraud;
- marketing of goods and services and promotion of our business;
- the reorganisation or sale or refinancing of the business or a group restructure;
- the study in how to develop and the update of our products;
- the development of our business strategy;
- protecting our business and property; and
- the processing is necessary in order to protect the vital interestsof an
individual
e.g.
where there is a medical emergency at one of our premises.
Extra conditions for special category personal data
Where we are processing your special category personal data one of the following conditions will also apply:
- you have given your explicit consentto the processing;
- the processing relates to personal data which are manifestly made publicby you;
- the processing is necessary for the establishment, exercise or defence
oflegal
claims;
- the processing is necessary for archivingpurposes in the public
interest; scientific or historical research purposes or statistical purposes;
- the processing is necessary to protect an individual’s vital interestswhere
the
individual cannot give consent; or
- the processing is necessary for reasons of substantial public interest.
- WHO RECEIVES YOUR PERSONAL DATA
We may disclose your personal data to:
- our group companies and affiliates or third party data processers who may process data on our behalf to
enable
us to carry out our usual business practices. Any such disclosure will only be so that we can process your
personal data for the purposes set out in this Privacy Notice;
- our registrar (currently Equiniti Limited);
- our website provider (currently Q4 Inc.);
- HMRC, legal and other regulators or authorities, including those who request your personal data or to report
any
potential or actual breach of applicable law or regulation;
- external professional advisers such as accountants, bankers, insurers, auditors and lawyers;
- law enforcement agencies, courts or other relevant parties, to the extent necessary for the establishment,
exercise or defence of legal rights;
- third parties where necessary for the purposes of prevention, investigation, detection or prosecution of
criminal offences or the execution of criminal penalties;
- third parties which are considering or have decided to acquire some or all of our assets or shares, merge
with
us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or
liquidation); and
- third parties operating plugins or content (such as Facebook, Twitter, Instagram) on our website which you
choose to interact with.
- PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO US
If you provide personal data to us about someone else (such as one of your directors or employees, or someone
with
whom you have business dealings) you must ensure that you are entitled to disclose that personal data to us
and
that, without our taking any further steps, we may collect, use and disclose that personal data as described
in
this
Privacy Notice.
You must ensure the individual concerned is aware of the various matters detailed in this Privacy Notice, as
those
matters relate to that individual, including our identity, how to contact us, the way in which we collect
and
use
personal data and our personal data disclosure practices, that individual's right to obtain access to the
personal
data and make complaints about the handling of the personal data, and the consequences if the personal data
is
not
provided.
- ACCURACY OF YOUR PERSONAL INFORMATION
It is important that the personal data we hold about you is accurate and current and we take all reasonable
precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of
personal
data
provided by you. Please keep us informed if your personal data changes during your relationship with us
either
by
logging onto your account on the website or by contacting us. We will not be responsible for any losses
arising
from
any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
- INTERNATIONAL TRANSFERS OF PERSONAL DATA
It is possible that personal data we collect from you may be transferred, stored and/or processed outside the
United
Kingdom. In connection with such transfers we will ensure that:
- there are appropriate safeguards in place such as standard data protection clauses between us and the
recipient
(as per Article 46 UK GDPR); or
- the transfer is to a country that the Secretary of State has decided provides an adequate level of
protection
for personal data (as per Article 45 UK GDPR); or
- one of the derogations for specific situations in the first sub-paragraph of Article 49(1) UK GDPR
applies
to
the transfer including explicit consent or necessary for the performance of a contract or exercise or
defence of
legal claims.
- HOW LONG WE WILL STORE YOUR PERSONAL DATA FOR
We will store your personal data for no longer than is necessary in accordance with the following criteria:
- the on-going business operation / relationship that we have with you;
- the completion of the purpose for which the personal data was processed;
- our legal obligations in relation to that personal data and other legal requirements;
- the type and size of the data held and whether any if it is deemed to be special category personal data;
or
- our accounting requirements in relation to that personal data.
We keep the length of time that we hold your personal data for under review. These reviews take place
annually.
- CONTRACTUAL OR STATUTORY REQUIREMENTS ON YOU TO PROVIDE PERSONAL
DATA
In certain circumstances the provision of personal data by you is a requirement to comply with the law or a
contract,
or necessary to enter into a contract.
It is your choice as to whether you provide us with your personal data necessary to enter into a contract or
as
part
of a contractual requirement. If you do not provide your personal data then the consequences of failing to
provide
your personal data means we may not be able to perform to the level you expect under our contract with you.
An
example of this would be where we are unable to provide you with certain products or services as we do not
have
your
full details, or where we cannot perform our contract with you at all because we rely on the personal data
you
provide in order to do so.
- YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw
any
consent you have given to our processing your personal data (see paragraph 6), you have a number of rights
in
connection with the processing of your personal data, including:
- the right to request access to your personal data that we process or control;
- the right to request rectification of any inaccuracies in your personal data or, taking into account the
purposes of our processing, to request that incomplete data is completed;
- the right to request, on legitimate grounds as specified in law:
- erasure of your personal data that we process or control; or
- restriction of processing of your personal data that we process or control;
- the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
- the right to receive your personal data in a structured, commonly used and machine-readable format and
to
have
your personal data transferred to another controller, to the extent applicable in law; and
- the right to lodge complaints regarding the processing of your personal data with the Information
Commissioner’s Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/for how to do this.
If you would like to exercise any of the rights set out above, please contact us using the contact details
set
out in
paragraph 2.
- TECHNICAL AND SECURITY MEASURES
We take the security of your personal data seriously and have technical and organisational measures to ensure
a
level
of security appropriate to the risk.
We use a mixture of measures including utilising technology to combat cybersecurity, data management
techniques,
user
access and management procedures, physical security and guidelines for personnel.
Our measures are aimed at having the ability to:
- ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and
services;
and
- restore the availability and access to personal data in a timely manner in the event of a physical or
technical
incident.
- LINKS TO OTHER WEBSITES
This policy only applies to us. If you link to another website from our website, you should remember to read
and
understand that website’s privacy policy as well. We do not control unconnected third-party websites
and
are
not responsible for any use of your personal data that is made by unconnected third-party websites.