PRIVACY POLICY

We are the Carlsberg Marston’s Brewing Company. You may know us as Carlsberg Marston’s Brewing Company Limited (company reg. no. 12577732), Carlsberg UK Limited (company reg. no. 00078439), Carlsberg Supply Company UK Limited (company reg. no. 08626420), Marston's Beer Company Limited (company reg. no. FC037407) or one of our other trading divisions or group companies from time to time. Where we refer to ‘CMBC’, ‘we’, ‘our’ or ‘us’ in this Privacy Notification, we mean Carlsberg Marston’s Brewing Company Limited, Carlsberg UK Limited, Carlsberg Supply Company UK Limited, Marston's Beer Company Limited and / or any company or division in our group depending on the specific situation / activity carried out. See “How we use your Personal Data” below for further details.

At CMBC our mission is to brew for a better today and tomorrow. Improving and constantly doing better are in our DNA. This approach is not limited to brewing but extends to all parts of CMBC and what we do – including protecting personal data. In CMBC we believe that protecting personal data is of utmost importance and we constantly strive to improve our efforts every day. ’Personal Data’ is any information relating to you.

This Privacy Notification applies to you if you purchase goods from us, receive services from us, are a business partner or supplier, a visitor at one of our sites or offices, an applicant for a job at CMBC, participate in our events or promotions or otherwise interact with us, including by using any of our websites or communicating with us via social media or other platforms.

If you are an existing customer, consumer, business partner or supplier of ours, further details about how we use your Personal Data may be set out in your contract with us. Other notices highlighting certain uses we wish to make of your Personal Data (together with the ability to opt in or out of selected uses) may also be provided when we collect Personal Data from you.

Who uses your Personal Data?

For the purpose of your interactions with CMBC, we may process and use Personal Data concerning you.

CMBC is part of a global group of companies. In that connection we may share your Personal Data with our subsidiaries, our ultimate holding company and its subsidiaries (Carlsberg Group Entities) for the purposes stated in this Privacy Notification. Each of those companies may also process and use your Personal Data for the purposes stated in this Privacy Notification, but they do it independently on their own behalf only.

With whom we may share your Personal Data?

In addition to CMBC sharing your Personal Data with Carlsberg Group Entities, CMBC may in some situations also share your Personal Data with third parties such as business partners, suppliers (e.g. online payment processors), vendors, consultants, agencies, customers, consumers, governmental bodies, courts, and IT hosting, supply and service providers that CMBC uses for its group’s IT environment (‘Third Parties’). We only share Personal Data where it is relevant and necessary for us to perform the activities described in this Privacy Notification; for example, the fulfilment of your order, the processing of your payment details, or the provision of support services.

For questions about Third Party service providers including their respective privacy policies, please send an email to uk.privacy@carlsberg.com.

For more information about whom we share your Personal Data with, please consult each activity in this Privacy Notification where you will find further details.

How we use your Personal Data

The Carlsberg Marston’s Brewing Company Group was formed on 31 October 2020 and Personal Data collected before that date by us and Marston’s PLC was transferred into this Group. We may process Personal Data provided prior to 31 October 2020 to Marston’s PLC (and any of its group companies) or to any company that forms part of the Carlsberg Marston’s Brewing Company Group (e.g. to Carlsberg Marston’s Brewing Company Limited, Carlsberg UK Limited, Carlsberg Supply Company UK Limited, Marston's Beer Company Limited and / or any company or division in our group) as a result of such transfer in connection with each activity mentioned below (where relevant) but only where the law permits us to do so. Our legal bases for such transfer are legitimate interests (in order to allow us to develop our business) and legal obligation.

For each activity mentioned below, we note the purpose for which we use the Personal Data, whom this Personal Data regards, the categories of Personal Data being used, the legal bases we rely on for our use, the source from where we received the Personal Data, for how long we keep the Personal Data and with whom we might share the Personal Data.

Depending on the specific situation, we may use your Personal Data for the following activities – please click on each activity to learn more:

Visitors of our websites

Purpose

The purpose is to manage and improve our websites, to ensure that the content is relevant and presented in the most effective manner for you and your device, that you as a visitor have a positive experience when navigating our websites, and to allow you to participate in/register for interactive features of our services. Furthermore, the purpose is to ensure that only adults of legal drinking age view and interact with our websites.

Additionally, the purpose is to keep our websites safe and secure, administer our websites for internal operations, including troubleshooting, data analysis (including traffic data analysis), testing, and research, statistical and survey purposes.

Our websites use cookies to distinguish you from other users. They help us to provide you with a good experience when you browse our websites and ensure that the content is relevant to you. To learn more about how we use cookies, please visit our Cookie Notification.

We offer chat rooms, message and bulletin boards, and interactive areas where visitors may post comments or information for our visitors' enjoyment. Furthermore, we use the so-called ‘two-click solution’, which means that when you visit our websites, generally no personal data will be shared with Third Parties. However, if you click on one of the social share buttons, information will be transmitted to the respective provider. By activating the social share button, the respective provider will receive information that your browser has accessed a specific page on our websites.

Who the Personal Data regards (Data subject)

You as a visitor of our websites.

Categories of Personal Data being used

As part of managing and administering our websites, we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information (e.g. title, workplace)

·       Information about your digital interactions (e.g. your use of chat rooms, message boards, social media pages or other interactive forums including any comments, photos, videos or other information that you post online)

·       Survey information (e.g. your responses to market surveys that we conduct)

·       Technical information (e.g. the Internet protocol (IP) address used to connect your device to the Internet, or your login information, browser type and version, time zone setting, browser plug in types and versions, operating system and platform)

·       Information about your visit to our websites (e.g. the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time), products you viewed or searched for, pages you accessed, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page)

·       Cookies and geolocation data

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Act in compliance with our legal obligations of keeping our websites safe and secure and act in compliance with marketing legislation and good practices, see Article 6(1)(c) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

·       The following applicable laws, regulations and the like impose these legal obligations upon us:

o    Digital Guiding Principles: Self-Regulation of Marketing Communications for Beverage Alcohol.

o    The UK Code of Non-broadcast Advertising, Sales Promotion and Direct Marketing (CAP Code).

o    The Portman Group Code of Practice on the Naming, Packaging and Promotion of Alcoholic Drinks.

·       Pursue our legitimate interest in managing and administering our websites and to provide you with the content and services on our websites, see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Some use of cookies require that we obtain your prior consent. For further information, please see our Cookie Notification.

CMBC may use Personal Data that you obliviously make public e.g. on our websites, social media sites, in applications, in connections with events, promotions and competitions, see Article 9(2)(e) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as a visitor of our websites.

Period of retention

We will keep your Personal Data for up to 2 years.

For cookies specifically, please see our Cookie Notification.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as business partners, suppliers, vendors, and analytics and search engine providers.


If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for example your consent.

Visitors of our social media sites

Purpose

If you are a visitor to our social media sites (e.g. Facebook, Instagram, LinkedIn), the purpose is to ensure that the content is relevant and presented in the most effective manner for you, and that you as a visitor have a positive experience when navigating our sites.

Chat rooms, message and bulletin boards, and interactive areas where you as a visitor may post comments or information for your enjoyment may be available to you on our social media sites. If you choose to use any of these, we encourage you to maintain good manners and keep a good tone. If we come across any violent, harassing, or in any other way improper content posted, we may at any time choose to remove such content.

Please note that social media sites are owned by Third Parties. This means that we don’t have full control of these sites and any information that you may choose to share on our social media sites may also be used by the site provider for their own independent purposes, which are not covered by this Privacy Notification – please read the site providers’ privacy statements for further information on how they may use your personal data. Therefore, we encourage you to always navigate the sites and share information with extra care when visiting these sites.

Who the Personal Data regards (Data subject)

You as a visitor of our social media sites.

Categories of Personal Data being used

As part of managing and administering our social media sites, we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information (e.g. title, workplace)

·       Information about your digital interactions (e.g. your use of chat rooms, message boards, social media pages or other interactive forums including any comments, photos, videos or other information that you post online)

·       Survey information (e.g. your responses to market surveys that we conduct)

Legal bases for the use

The use of your Personal Data is necessary for us to pursue our legitimate interest in managing and administering our social media sites and to provide you with the content and services on our social media sites, see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

CMBC may use Personal Data that you obliviously make public e.g. on our websites, social media sites, in applications, in connections with events, promotions and competitions, see Article 9(2)(e) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as a visitor of our social media sites.

Period of retention

Please read the site providers’ privacy statements.

Recipients

(other than CMBC Group Entities)

When you visit our social media sites your personal data is shared with the social media sites providers. Furthermore, we may in some cases share your Personal Data with Third Parties such as business partners, suppliers, vendors, and analytics providers.


If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for example your consent.

 

Visitors at our sites and offices

Purpose

The purpose is to know our guests, know who is currently present at our sites and offices and to ensure an adequate security level. For safety reasons we have installed video surveillance at our sites and offices. There are signs at our sites and offices showing that video surveillance is in operation.

Who the Personal Data regards (Data subject)

You as a visitor at one of our sites or offices.

Categories of Personal Data being used

As part of managing visitors at our sites and offices, we may use Personal Data such as:

·       Contact information (e.g. name, address, email, phone number)

·       Work related information (e.g. title, workplace)

·       Personal information (e.g. license plate, if you have used one of our parking lots)

·       Correspondence with you (e.g. any feedback, complaints and comments from you via telephone, email or social media, or records of any online, paper or in-person correspondence and interactions between us. If you have communicated with us by phone, we will collect details of the phone number used to call us, and any information collected via a call recording)

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Pursue our legitimate interest in managing visitors at our sites and offices, see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

·       Pursue our legitimate interest in security by among other installing video surveillance, see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as a visitor.

Period of retention

We will keep your Personal Data for up to 1 year, unless we are required under applicable law to keep it for a longer period of time. Video recordings from our video surveillance will be kept for up to 30 days after which they will be automatically deleted.

Recipients

(other than CMBC Group Entities)

All data will be treated as confidential information. We will not share any of your personal data with Third Parties except for the police and only where an issue requiring investigation (e.g. intrusions or theft) has been identified.

In some cases, we may share your Personal Data with Third Parties such as suppliers, for example if they are delivering the video surveillance systems to us.

If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for example that we are legally obliged to share the Personal Data with the respective Third Parties such as the police.

Events

Purpose

The purpose is to run our events.

If you attend an event organised or otherwise supported by us, we may use your Personal Data, including specific dietary requirements, health information and access assistance, in connection with the running of the event.

Who the Personal Data regards (Data subject)

You as an attendee.

Categories of Personal Data being used

As part of running our events, we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information (e.g. title, workplace)

·       Attendee information (e.g. information provided in your application forms, recordings you or we have made, or other information related to your attendance at events)

·       Photographs, videos and voice recordings (e.g. from the event)

·       Special categories of Personal Data (e.g. special medical or access assistance, which may provide us with health information about you, or your specific dietary requirements in connection with your attendance at an event, which may indicate your religious beliefs, e.g. halal or kosher meal selections)

·       Correspondence with you (e.g. any feedback, complaints and comments from you via telephone, email or social media, or records of any online, paper or in-person correspondence and interactions between us. If you have communicated with us by phone, we will collect details of the phone number used to call us, and any information collected via a call recording)

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Pursue our legitimate interest to allow us to run our events, and to cater for and accommodate your specific preferences and requirements during our events, see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

In case we receive special categories of Personal Data from you, e.g. any dietary requirements, special medical and access assistance, we rely on your freely given consent in connection with you providing us with such information, see Article 9(2)(a) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

In case we use e.g. pictures, videos and voice recordings of you that requires your consent, we will ensure to obtain your explicit and freely given consent in advance, see Article 6(1)(a) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.  

CMBC may use Personal Data that you obliviously make public e.g. on our websites, social media sites, in applications, in connections with events, promotions and competitions, see Article 9(2)(e) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as an attendee.

Third Parties such as event bureaus, venues, hotels, restaurants and the like, that we use in connection with running the event.

Period of retention

The Personal Data that we hold about you will not be kept for longer than is permitted by law and will only be kept for as long as necessary to provide you with any requested information.

As a general rule, we will keep your Personal Data for up to 5 years.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as event bureaus, venues, hotels, restaurants and the like, that we use in connection with running the event.

If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for example that we have entered into contracts with the respective Third Parties.

Promotions and competitions

Purpose

The purpose is to run our promotions and competitions.

If you participate in one of our promotions or competitions, we may use your Personal Data, including to notify you if you have won. If you win a prize, in accordance with local law, we may make your Personal Data and your guests’ Personal Data available on our websites and social media pages and in press releases. We may also make these details available to Third Parties who may need this information for prize fulfilment purposes.

Who the Personal Data regards (Data subject)

You as a participant and any of your guests you have chosen to include in the promotion or competition.

Categories of Personal Data being used

As part of running our promotions or competitions, we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information (e.g. title, workplace)

·       Participant information (e.g. details of you and your guests in connection with any promotions and competitions you have entered or won)

·       Photographs, videos and voice recordings (e.g. from the promotion or competition)

·       Correspondence with you (e.g. any feedback, complaints and comments from you via telephone, email or social media, or records of any online, paper or in-person correspondence and interactions between us. If you have communicated with us by phone, we will collect details of the phone number used to call us, and any information collected via a call recording)

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Fulfil our contract with you, see Article 6(1)(b) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

·       Act in compliance with our legal obligations, see Article 6(1)(c) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.  

·       The following applicable laws, regulations and the like impose these legal obligations upon us:

o    The UK Code of Non-broadcast Advertising, Sales Promotion and Direct Marketing (CAP Code).

·       Pursue our legitimate interest to successfully run our promotions and events, see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

In case we use e.g. pictures, videos and voice recordings of you that requires your consent, we will ensure to obtain your explicit and freely given consent in advance, see Article 6(1)(a) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

CMBC may use Personal Data that you obliviously make public e.g. on our websites, social media sites, in applications, in connections with events, promotions and competitions, see Article 9(2)(e) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as a participant and any of your guests you have chosen to include in the promotion or competition.

Third Parties such as bureaus used for the promotion or competition, gift handling or the like.

Period of retention

The Personal Data that we hold about you will not be kept for longer than is permitted by law and will only be kept for as long as necessary to provide you with any requested information.

As a general rule, we will keep your Personal Data for up to 5 years.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as bureaus used for the promotion or competition, gift handling or the like.

If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for example that we have entered into contracts with the respective Third Parties.

Marketing activities (newsletter)

Purpose

The purpose is to provide you with information by post, email, phone, SMS, on our websites, in our applications, online or social media advertisement about products and services that we offer where such products or services are similar to those you have already purchased or enquired about, or where you have agreed to being contacted for those purposes by giving your consent. We may also use your information for marketing selected business partners’ products and services.

Where required by law, we will ask for your consent at the time we collect your Personal Data to conduct any of these types of marketing activities or if we intend to share your Personal Data with any Third Party for such purposes.

We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing sent to you. You can among other prevent such use by checking certain boxes on the forms we use to collect your Personal Data or by clicking unsubscribe at the bottom of the emails we send to you for marketing purposes. You may also opt out at any time by sending an email to uk.privacy@carlsberg.com.

Who the Personal Data regards (Data subject)

You as a subscriber, customer (bar, restaurant, etc.), consumer (private person), or other business relation.

Categories of Personal Data being used

As part of providing you with information, we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information, if you are a customer or business relation (e.g. title, workplace)

·       Information about your interests (e.g. details of any hobbies or activities you undertake or details of your personal interests)

·       Marketing preferences (e.g. details of your marketing and communication preferences and information we collect to help us determine what products and services may be of interest to you)

·       Survey information (e.g. your responses to market surveys that we conduct)

·       Correspondence with you (e.g. any feedback, complaints and comments from you via telephone, email or social media, or records of any online, paper or in-person correspondence and interactions between us. If you have communicated with us by phone, we will collect details of the phone number used to call us, and any information collected via a call recording)

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Pursue our legitimate interest in keeping you updated with news in relation to our products and services, see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

In case your consent is required to conduct such marketing activities, we will ensure to obtain your explicit and freely given consent in advance, see Article 6(1)(a) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as a subscriber, customer (bar, restaurant, etc.), consumer (private person), or other business relation.

We collect much of the Personal Data that we hold about you directly from you or your interactions with us, our websites or social media sites. We may also receive your Personal Data from other sources, including Third Parties such as business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers.

Period of retention

The Personal Data that we hold about you will not be kept for longer than is permitted by law and will only be kept for as long as necessary to provide you with any requested information.

As a general rule, we will keep your Personal Data for up to 2 years after our last interaction.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as business partners, suppliers, vendors, agencies, advertising networks, analytics providers (e.g. Google Analytics) and search information providers.

If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for example your consent.

Please note that we do not share any Personal Data that can identify you with our advertisers, but we may provide them with aggregate information about our subscribers, customers (bars, restaurants, etc.), consumers (private persons) or other business relations; for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day.

Users of our applications (apps)

Purpose

If you are a user of our applications, the purpose is to develop, manage and improve our applications, to ensure that the content is relevant and presented in the most effective manner for you and your device, that you as a user have a positive experience when using the applications, and to allow you to participate in/register for interactive features of our applications.

Additionally, the purpose is to keep our applications safe and secure, administer our applications for internal operations, including troubleshooting, data analysis, testing, and research, statistical and survey purposes.

Some of our applications may use cookies to distinguish you from other users. They help us to provide you with a good experience when you use the applications and ensure that the content is relevant to you. To learn more about how we use cookies, please visit our Cookie Notification.

Chat rooms, message and bulletin boards, and interactive areas where you as a visitor may post comments or information for your enjoyment may be available to you in our applications. If you choose to use any of these, we encourage you to maintain good manners and keep a good tone. If we come across any violent, harassing, or in any other way improper content posted, we may at any time choose to remove such content.

Who the Personal Data regards (Data subject)

You as a user of our applications.

Categories of Personal Data being used

As part of managing and administering our applications, we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information (e.g. title, workplace)

·       Information about your digital interactions (e.g. your use of chat rooms, message boards, social media pages or other interactive forums including any comments, photos, videos or other information that you post online)

·       Survey information (e.g. your responses to market surveys that we conduct)

·       Technical information (e.g. the Internet protocol (IP) address used to connect your device to the Internet, or your login information, browser type and version, time zone setting, browser plug in types and versions, operating system and platform)

·       Information about your use of our application (e.g. the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time), products you viewed or searched for, pages you accessed, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page)

·       Cookies and geolocation data

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Fulfil our contract with you, see Article 6(1)(b) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

·       Pursue our legitimate interest in managing and administering our applications and to provide you with the content and services in our applications, see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Some use of cookies require that we obtain your prior consent. For further information, please see our Cookie Notification.

In case your consent is required to conduct marketing activities in the applications, we will ensure to obtain your explicit and freely given consent in advance, see Article 6(1)(a) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

CMBC may use Personal Data that you obliviously make public e.g. on our websites, social media sites, in applications, in connections with events, promotions and competitions, see Article 9(2)(e) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as a user of our applications.

Period of retention

It is our policy not to keep Personal Data for any period longer than is necessary to provide our applications and their content to you as a user, or until you as a user choose to delete your account – whichever comes first. Where Personal Data is kept, the period will be determined on a case-by-case basis that among other depends on:

·       what application you are using;

·       the categories of Personal Data being used by the application;

·       why the Personal Data is being collected and used;

·       applicable laws; and

·       legal and operational retention needs.

For cookies specifically, please see our Cookie Notification.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as business partners, suppliers, vendors, and analytics and search engine providers that e.g. help us develop, manage and improve our applications.


If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for example your consent.

Understanding our customers and consumers

Purpose

The purpose is to understand our customers (bars, restaurants, etc.) and consumers (private persons) in order to optimise, develop and tailor our products and services. In that connection we may analyse the Personal Data that we hold about you in order to measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you. Based on our analysis, we may provide suggestions and recommendations to you about products or services that may be of interest.

Please note that we do not share any Personal Data that can identify you with our advertisers, but we may provide them with aggregate information about our users; for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day. We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in a particular location). We may make use of the Personal Data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.

Who the Personal Data regards (Data subject)

You as a customer (bar, restaurant, etc.) or consumer (private person).

Categories of Personal Data being used

As part of understanding our customers (bars, restaurants, etc.) and consumers (private persons), we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information (e.g. title, workplace)

·       Information about your interests (e.g. details of any hobbies or activities you undertake or details of your personal interests)

·       Correspondence with you (e.g. any feedback, complaints and comments from you via telephone, email or social media, or records of any online, paper or in-person correspondence and interactions between us. If you have communicated with us by phone, we will collect details of the phone number used to call us, and any information collected via a call recording)

·       Marketing preferences (e.g. details of your marketing and communication preferences and information we collect to help us determine what products and services may be of interest to you)

·       Information about your digital interactions (e.g. your use of chat rooms, message boards, social media pages or other interactive forums including any comments, photos, videos or other information that you post online)

·       Survey information (e.g. your responses to market surveys that we conduct)

·       Technical information (e.g. the Internet protocol (IP) address used to connect your device to the Internet, or your login information, browser type and version, time zone setting, browser plug in types and versions, operating system and platform)

·       Information about your visit to our websites (e.g. the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time), products you viewed or searched for, pages you accessed, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page)

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Pursue our legitimate interest to ensure the quality of our products and services, allow us to improve our products and services, and provide you with relevant content and services for example on our websites, social media sites and through other channels, see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as a customer (bar, restaurant, etc.) or consumer (private person).

We collect much of the Personal Data that we hold about you directly from you or your interactions with us, our websites or social media sites. We may also receive your Personal Data from other sources, including Third Parties such as business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers.

Period of retention

The Personal Data that we hold about you will not be kept for longer than is permitted by law and will only be kept for as long as necessary to provide you with any requested information.

As a general rule, we will keep your Personal Data for up to 2 years.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as business partners, suppliers, vendors, agencies, advertising networks, analytics providers and search information providers.


If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for example your consent.

Please note that we do not share any Personal Data that can identify you with our advertisers, but we may provide them with aggregate information about our customers (bars, restaurants, etc.) and consumers (private persons); for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day.

Customer management (bars, restaurants, etc.)

Purpose

The purpose with customer management (bars, restaurants, etc.) is to:

·       provide and manage products and services you have requested. To carry out our obligations arising from any contracts entered into between you and us, including to arrange delivery, to action or cancel orders, to provide you with the information, products and services that you request from us, and to notify you about changes to our products and services.

·       communicate effectively with you, to respond to your questions, comments, complaints or other communications, including any queries relating to our products.

·       monitor activities and communications with you and to record our correspondence with you, including to ensure service quality, compliance with procedures and for internal training purposes of our employees and consultants.

·       conduct certain checks on you, such as KYC and credit checks. If you are a customer or prospective customer, we may use your Personal Data to conduct certain checks in relation to you and/or your business. In connection with this purpose, we may disclose your details to the relevant authorities including credit reference agencies, government agencies and fraud prevention agencies. Law enforcement agencies may access and use this information. We, and other organisations that access and use information recorded by such agencies, may do so from countries other than the country in which you are based.

Who the Personal Data regards (Data subject)

You as a customer (bar, restaurant, etc.).

Categories of Personal Data being used

As part of customer management (bars, restaurants, etc.), we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information (e.g. title, workplace)

·       Financial information (e.g. bank account number, financial status)

·       Correspondence with you (e.g. any feedback, complaints and comments from you via telephone, email or social media, or records of any online, paper or in-person correspondence and interactions between us. If you have communicated with us by phone, we will collect details of the phone number used to call us, and any information collected via a call recording)

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Fulfil our contract with you, see Article 6(1)(b) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

·       Act in compliance with our legal obligations, see Article 6(1)(c) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018. For special categories of Personal Data please see specifically Article 9(2)(b) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018 and Section 10 and 11 of the Data Protection Act 2018.

·       The following applicable laws, regulations and the like impose these legal obligations upon us:

o    Proceeds of Crime Act 2002.

o    Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017/692.

o    Bribery Act 2010.

·       Establish, exercise or defend legal claims, see Article 9(2)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

·       Observe the substantial public interest, see Article 9(2)(g) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018 and Section 10 and 11 of the Data Protection Act 2018.  

·       Pursue our legitimate interest:

o    to enable us to perform our obligations and provide products and services to you or to notify you about changes to our products and services;

o    to allow us to correspond with you and provide products and services to you;

o    to ensure the quality of our products and services; and

o    to assist with the prevention of crime and fraud;

see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as a customer (bar, restaurant, etc.)

Third Parties such as financial institutions (e.g. banks), tax authorities and other public authorities.

Period of retention

The Personal Data that we hold about you will not be kept for longer than is permitted by law and will only be kept for as long as necessary to provide you with any requested information.

As a general rule, we will keep your Personal Data for the duration of our engagement and for up to 5 years after the engagement has ended.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as financial institutions (e.g. banks), tax authorities and other public authorities.

If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for because it is required by law.

Consumer management (private persons)

Purpose

The purpose with consumer management (private persons) is to:

·       provide and manage products and services you have requested. To carry out our obligations arising from any contracts entered into between you and us, including to arrange delivery, to action or cancel orders, to provide you with the information, products and services that you request from us, and to notify you about changes to our products and services.

·       communicate effectively with you, to respond to your questions, comments, complaints or other communications, including any queries relating to our products.

·       monitor activities and communications with you and to record our correspondence with you, including to ensure service quality, compliance with procedures and for internal training purposes of our employees and consultants.

Who the Personal Data regards (Data subject)

You as a consumer management (private person).

Categories of Personal Data being used

As part of consumer management (private persons), we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information (e.g. if used as delivery address)

·       Financial information (e.g. credit card number)

·       Correspondence with you (e.g. any feedback, complaints and comments from you via telephone, email or social media, or records of any online, paper or in-person correspondence and interactions between us. If you have communicated with us by phone, we will collect details of the phone number used to call us, and any information collected via a call recording)

·       Information about your interests (e.g. details of any hobbies or activities you undertake or details of your personal interests)

·       Marketing preferences (e.g. details of your marketing and communication preferences and information we collect to help us determine what products and services may be of interest to you)

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Fulfil our contract with you, see Article 6(1)(b) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

·       Act in compliance with our legal obligations, see Article 6(1)(c) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018. The following applicable laws, regulations and the like impose these legal obligations upon us:

o    Consumer Rights Act 2015.

o    Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013.

·       Pursue our legitimate interest:

o    to enable us to perform our obligations and provide products and services to you or to notify you about changes to our products and services;

o    to allow us to correspond with you and provide products and services to you; and

o    to ensure the quality of our products and services;

see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as a consumer management (private person).

Third Parties such as technical, payment and delivery services.

Period of retention

The Personal Data that we hold about you will not be kept for longer than is permitted by law and will only be kept for as long as necessary to provide you with any requested information.

As a general rule, we will keep your Personal Data for the duration of our engagement and for up to 5 years after the engagement has ended.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as technical, payment and delivery services.

If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for example that we have entered into contracts with the respective Third Parties.

Business partner and supplier management

Purpose

The purpose with business partner and supplier management is to:

·       carry out contract management, receive goods and services from our suppliers and business partners and, where relevant, to provide professional services to our customers and consumers.

·       communicate effectively with you, to respond to your questions, comments, complaints or other communications, including any queries relating to our products.

·       monitor activities and communications with you and to record our correspondence with you, including to ensure service quality, compliance with procedures and for internal training purposes of our employees and consultants.

·       conduct certain checks on you, such as KYC and credit checks. If you are a business partner or supplier, or a prospective business partner or supplier, we may use your Personal Data to conduct certain checks in relation to you and/or your business. In connection with this purpose, we may disclose your details to the relevant authorities including credit reference agencies, government agencies and fraud prevention agencies. Law enforcement agencies may access and use this information. We, and other organisations that access and use information recorded by such agencies, may do so from countries other than the country in which you are based.

Who the Personal Data regards (Data subject)

You as a business partner or supplier.

Categories of Personal Data being used

As part of business partner and supplier management, we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information (e.g. if used as delivery address)

·       Financial information (e.g. bank account number, financial status)

·       Correspondence with you (e.g. any feedback, complaints and comments from you via telephone, email, or records of any online, paper or in-person correspondence and interactions between us. If you have communicated with us by phone, we will collect details of the phone number used to call us, and any information collected via a call recording)

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Fulfil our contract with you, see Article 6(1)(b) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.  

·       Act in compliance with our legal obligations, see Article 6(1)(c) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018. For special categories of Personal Data please see specifically Article 9(2)(b) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018 and Section 10 and 11 of the Data Protection Act 2018.

·       The following applicable laws, regulations and the like impose these legal obligations upon us:

o    Proceeds of Crime Act 2002.

o    Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017/692.

o    Bribery Act 2010.

·       Establish, exercise or defend legal claims, see Article 9(2)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

·       Observe the substantial public interest, see Article 9(2)(g) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018 and Section 10 and 11 of the Data Protection Act 2018.  

·       Pursue our legitimate interest:

o    to enable us to manage our business relationship;

o    to allow us to correspond with you;

o    to ensure the quality of our products and services; and

o    to assist with the prevention of crime and fraud;

see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.  

Source

(other than CMBC Group Entities)

You as a business partner or supplier.

Third Parties such as financial institutions (e.g. banks), tax authorities and other public authorities.

Period of retention

The Personal Data that we hold about you will not be kept for longer than is permitted by law and will only be kept for as long as necessary to provide you with any requested information.

As a general rule, we will keep your Personal Data for the duration of our engagement and for up to 5 years after the engagement has ended.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as financial institutions (e.g. banks), tax authorities and other public authorities.

If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for because it is required by law.

Business operations

Purpose

The purpose is to manage business operations, including to reorganise or make changes to our business. In the event that we: (i) are subject to negotiations for the sale of our business or part thereof to a third party; (ii) are sold to a third party; or (iii) undergo a re-organisation, we may need to share some or all of your Personal Data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing any proposed sale or re-organisation. We may also need to share your Personal Data with that re-organised entity or third party after the sale or reorganisation for them to use for the same purposes as set out in this Privacy Notification.

Who the Personal Data regards (Data subject)

You as a:

·       visitor to our websites, sites or offices

·       attendee at our events

·       participant in promotions and competitions, including any of your guests you have chosen to include in the promotion or competition

·       subscriber to our newsletter or other marketing activities

·       customer (bar, restaurant, etc.)

·       consumer (private person)

·       other business relation such as business partner, supplier, vendor, or the like

Categories of Personal Data being used

As part of managing our business operations, we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information (e.g. title, workplace)

·       Personal information (e.g. license plate, if you have used one of our parking lots)

·       Financial information (e.g. credit card number, bank account number, financial status)

·       Correspondence with you (e.g. any feedback, complaints and comments from you via telephone, email or social media, or records of any online, paper or in-person correspondence and interactions between us. If you have communicated with us by phone, we will collect details of the phone number used to call us, and any information collected via a call recording)

·       Attendee information (e.g. information provided in your application forms, recordings you or we have made, or other information related to your attendance at events)

·       Photographs, videos and voice recordings (e.g. from the event)

·       Special categories of Personal Data (e.g. special medical or access assistance, which may provide us with health information about you, or your specific dietary requirements in connection with your attendance at an event, which may indicate your religious beliefs, e.g. halal or kosher meal selections)

·       Participant information (e.g. details of you and your guests in connection with any promotions and competitions you have entered or won)

·       Information about your interests (e.g. details of any hobbies or activities you undertake or details of your personal interests)

·       Marketing preferences (e.g. details of your marketing and communication preferences and information we collect to help us determine what products and services may be of interest to you)

·       Information about your digital interactions (e.g. your use of chat rooms, message boards, social media pages or other interactive forums including any comments, photos, videos or other information that you post online)

·       Survey information (e.g. your responses to market surveys that we conduct)

·       Technical information (e.g. the Internet protocol (IP) address used to connect your device to the Internet, or your login information, browser type and version, time zone setting, browser plug in types and versions, operating system and platform)

·       Information about your visit to our websites (e.g. the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time), products you viewed or searched for, pages you accessed, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page)

·       Background, education and CV information (e.g. references to education, degrees, grades)

·       References check from e.g. former employers

·       Criminal records

·       Test results

·       Other ID information (e.g. social security numbers)

·       Remuneration / Benefits information (e.g. salary, employee benefits, bonuses)

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Act in compliance with our legal obligations, see Article 6(1)(c) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

·       Pursue our legitimate interest in order to allow us to manage business operations and change our business, see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as a:

·       visitor to our websites, sites or offices

·       attendee at our events

·       participant in promotions and competitions, including any of your guests you have chosen to include in the promotion or competition

·       subscriber to our newsletter or other marketing activities

·       customer (bar, restaurant, etc.)

·       consumer (private person)

·       other business relation such as business partner, supplier, vendor, or the like

We collect much of the Personal Data that we hold about you directly from you or your interactions with us, our websites or social media sites. We may also receive your Personal Data from other sources, including Third Parties such as business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers.

Period of retention

The Personal Data that we hold about you will not be kept for longer than is permitted by law and will only be kept for as long as necessary to provide you with any requested information.

As a general rule, we will keep your Personal Data for up to 5 years, unless special circumstances require a longer or shorter retention period.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as business partners, suppliers, vendors and agencies.

If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, for example that we have entered into contracts with the respective Third Parties.

 

Compliance operations

Purpose

Compliance operations enables us to protect you, our employees and all Carlsberg Group Entities. It provides you the opportunity to raise whatever concerns you may have through our whistleblower scheme (Speak Up). Furthermore, it enables us to stay compliant with applicable laws, policies and the like.

The purposes with compliance operations are:

·       Operation of our whistleblower scheme (Speak Up) (The speak up service is run and administered by an independent third party. If you have reported a speak up matter anonymously, we will not gain any access whatsoever to your Personal Data and will thus not be using it). This may among other include review of emails, chat conversations, correspondence, documents, file shares, the tracking of internet and telephone usage. Any such checks will be done in a proportionate way (e.g. through the use of specific key word searches) and only when relevant and in compliance with applicable laws.

·       Fraud prevention (relating to customers (bars, restaurants, etc.) and business partners and suppliers): We and other organisations may access and use certain information to prevent fraud as may be required by applicable law and regulation, and best practice, at any given time. If false or inaccurate information is provided and fraud is identified or suspected, details may be passed to fraud prevention agencies and other organisations and may be recorded by us or them.

·       Third party screening to ensure that we only engage with business partners and suppliers that act in compliance with applicable laws and relevant codes of ethics.

·       To comply with applicable laws, legal and regulatory obligations. We may process your Personal Data to comply with our legal and regulatory requirements, which may include disclosing your Personal Data to Third Parties, including insurers, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.

Who the Personal Data regards (Data subject)

You as a:

·       visitor to our websites, sites or offices

·       attendee at our events

·       participant in promotions and competitions, including any of your guests you have chosen to include in the promotion or competition

·       subscriber to our newsletter or other marketing activities

·       customer (bar, restaurant, etc.)

·       consumer (private person)

·       other business relation such as business partner, supplier, vendor, or the like

Categories of Personal Data being used

As part of compliance operations, we may use Personal Data such as:

·       Contact information (e.g. name, address, email)

·       Work related information (e.g. title, workplace)

·       Personal information (e.g. license plate, if you have used one of our parking lots)

·       Financial information (e.g. credit card number, bank account number, financial status)

·       Correspondence with you (e.g. any feedback, complaints and comments from you via telephone, email or social media, or records of any online, paper or in-person correspondence and interactions between us. If you have communicated with us by phone, we will collect details of the phone number used to call us, and any information collected via a call recording)

·       Attendee information (e.g. information provided in your application forms, recordings you or we have made, or other information related to your attendance at events)

·       Photographs, videos and voice recordings (e.g. from the event)

·       Special categories of Personal Data (e.g. special medical or access assistance, which may provide us with health information about you, or your specific dietary requirements in connection with your attendance at an event, which may indicate your religious beliefs, e.g. halal or kosher meal selections, or where we undertake certain background checks on you, which may disclose information about previous criminal convictions)

·       Participant information (e.g. details of you and your guests in connection with any promotions and competitions you have entered or won)

·       Information about your interests (e.g. details of any hobbies or activities you undertake or details of your personal interests)

·       Marketing preferences (e.g. details of your marketing and communication preferences and information we collect to help us determine what products and services may be of interest to you)

·       Information about your digital interactions (e.g. your use of chat rooms, message boards, social media pages or other interactive forums including any comments, photos, videos or other information that you post online)

·       Survey information (e.g. your responses to market surveys that we conduct)

·       Technical information (e.g. the Internet protocol (IP) address used to connect your device to the Internet, or your login information, browser type and version, time zone setting, browser plug in types and versions, operating system and platform)

·       Information about your visit to our websites (e.g. the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time), products you viewed or searched for, pages you accessed, page response times, download errors, lengths of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page)

·       Background, education and CV information (e.g. references to education, degrees, grades)

·       References check from e.g. former employers

·       Criminal records

·       Test results

·       Other ID information (e.g. social security numbers)

·       Remuneration / Benefits information (e.g. salary, employee benefits, bonuses)

Legal bases for the use

The use of your Personal Data is necessary for us to:

·       Act in compliance with our legal obligations, see Article 6(1)(c) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018. For special categories of Personal Data please see specifically Article 9(2)(b) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018 and Section 10 and 11 of the Data Protection Act 2018.

The following applicable laws, regulations and the like impose these legal obligations upon us:

o    Proceeds of Crime Act 2002.

o    Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017/692.

o    Bribery Act 2010.

·       Establish, exercise or defend legal claims, see Article 9(2)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.  

·       Observe the substantial public interest, see Article 9(2)(g) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018 and Section 10 and 11 of the Data Protection Act 2018.  

·       Pursue our legitimate interest to:

o    ensure that you fall within our acceptable risk profile and to assist with the prevention of crime and fraud; and

o    cooperate with law enforcement and regulatory authorities;

see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as a:

·       visitor to our websites, sites or offices

·       attendee at our events

·       participant in promotions and competitions, including any of your guests you have chosen to include in the promotion or competition

·       subscriber to our newsletter or other marketing activities

·       customer (bar, restaurant, etc.)

·       consumer (private person)

·       other business relation such as business partner, supplier, vendor, or the like

Third Parties such as external lawyers, forensic accountants, business partners, suppliers, vendors, agencies, governmental bodies and the like.

Period of retention

It is our policy not to keep your Personal Data longer than is necessary or required by applicable law.

We will delete the Personal Data as soon as possible after the specific case has ended.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as external lawyers, forensic accountants, business partners, suppliers, vendors, agencies, governmental bodies and the like.

If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers, e.g. because it is required by law.

 

Recruitment

Purpose

The purpose is to conduct a recruitment process.

If you are an applicant your Personal Data will be used for e.g. evaluating your suitability for the position, to create a sufficient offer letter/contract for employment and to keep a record of your Personal Data for documentation purposes after the recruitment process has ended.

Who the Personal Data regards (Data subject)

Job applicants.

Categories of Personal Data being used

We may use the following information provided by the job applicant:

·       Contact information (e.g. name, address, email, telephone number)

·       Background, education and CV information (e.g. references to education, degrees, grades)

·       Photograph (e.g. portrait attached the application)

If you as a candidate is invited for an interview, we may also collect and use the following information, if relevant:

·       References check from e.g. former employers

·       Criminal records

·       Test results

Furthermore, if you are offered the position, we may collect and use the following information, if relevant:       

·       Other ID information (e.g. social security numbers)

·       Financial information (e.g. bank account number, salaries, debts, social benefits, pension)

·       Remuneration / Benefits information (e.g. salary, employee benefits, bonuses)

·       Special categories of Personal Data (e.g. health data if relevant for the specific position)

Legal bases for the use

The use of your Personal Data is necessary for us to pursue our legitimate interest in assessing job applicants, filling the position with an appropriate candidate and storing the Personal Data for subsequent recruitment processes, see Article 6(1)(f) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

We use information from tests, collection of references and criminal records on the basis of your consent, see Article 6(1)(a) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.


We use special categories of Personal Data, including heath data, on the basis of your consent, see Article 9(2)(a) of the General Data Protection Regulation 2016/679, cf. as incorporated into UK law by the Data Protection Act 2018.

Source

(other than CMBC Group Entities)

You as an applicant.

Test providers, recruitment agencies, headhunters, public sources such as LinkedIn and the like.

Period of retention

If you create an applicant profile in our recruitment system, we will keep your Personal Data for up to 6 months from receipt, unless you have consented to a longer retention period, e.g. by keeping your profile active because you are interested in job possibilities. If your profile has been inactive for a period longer than 6 months, it will automatically be deleted.

If you are an unsuccessful job applicant we only keep your Personal Data relating to an application for a specific position for up to 6 months from the end of the recruitment process.

If you have provided us with your criminal record this will be deleted as soon as it is no longer relevant, i.e. when the necessary information has been checked.

If you are a successful job applicant and become an employee, we will keep your Personal Data for the duration of your employment and for up to 5 years after the employment has ended. Test results will however be kept for a maximum of 10 years during your employment, and any email correspondence during the recruitment process will only be kept for up to 6 months from you filed the position.

Recipients

(other than CMBC Group Entities)

We may in some cases share your Personal Data with Third Parties such as test providers, recruitment agencies, head-hunters and the like, which provide services to us in connection with a recruitment process.

If the Third Parties are processing and using your Personal Data on our behalf, we enter into data processing agreements with all these data processors to ensure that appropriate security measures protecting your Personal Data have been taken.

If the Third Parties process and use your Personal Data for their own purposes and benefits, we ensure that we have a legal basis for sharing your Personal Data with these independent data controllers.

Transfer of your Personal Data outside the European Union (‘EU’) and the European Economic Area (‘EEA’)

Some of the Carlsberg Group Entities and Third Parties with whom we share your Personal Data may be located in countries outside the EU and/or European Economic Area.

Where we transfer your Personal Data to CMBC Group Entities and Third Parties located outside the EU and the European Economic Area, we may be required to take specific additional measures to safeguard the relevant Personal Data. Certain countries outside the EU and the European Economic Area have been approved by the European Commission as providing essentially equivalent protections to EU and European Economic Area data protection laws and, therefore, no additional safeguards are required to transfer your Personal Data to these jurisdictions. In countries that have not had these approvals, we will use appropriate safeguards to protect any Personal Data that are being transferred, such as EU Commission-approved standard contractual clauses to ensure that your Personal Data is protected adequately.

How we protect your Personal Data

Keeping your Personal Data secure is a top priority at Carlsberg. Carlsberg adheres to internationally recognised security standards and stores your Personal Data on secure servers. All Personal Data will be treated as confidential information by those who are allowed to process and use it. Furthermore, Carlsberg limits access to your Personal Data only to those people who require it. We regularly perform internal audits and follow-ups in order to review whether our measures are appropriate and to ensure continued compliance with internationally recognised security standards and Carlsberg policies.

Where we have given you (or where you have chosen) a password that enables you to access certain parts of our websites or other platforms, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our websites – any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Consent

In certain limited circumstances, we may need to ask for your specific consent to use your Personal Data. However, in most cases we will process it for the reasons set out in this Privacy Notification and it will not be appropriate or necessary for you to provide consent.

If the legal basis for using your Personal Data is consent, you may at any time withdraw your consent by sending an email to uk.privacy@carlsberg.com and informing us about your wishes. If you choose to withdraw your consent, Carlsberg may no longer use your Personal Data based on consent. The withdrawal will not affect the lawfulness of use based on consent before its withdrawal. In some cases, Carlsberg may continue using your Personal Data after withdrawal of your consent, if the law permits.

Your rights

If the Carlsberg office you are interacting with and which uses your Personal Data for the activities mentioned in this Privacy Notification is based within the EU and/or the European Economic Area, you may:

  • request further details about how we use your Personal Data, including receiving a copy of your Personal Data
  • request that we correct, update or erase your Personal Data
  • request that we restrict the use of your Personal Data
  • object to us using it, or that we use it for direct marketing and/or automated decision making, including profiling
  • request that we transfer your Personal Data to you or a Third Party (data portability)

If we use your Personal Data specifically based on our legitimate interests, you may at any time object to us using your Personal Data based on this legal basis.

Please note that these rights are subject to certain exemptions and may not all be available in the country in which you are based. This might be due to obligations imposed upon Carlsberg, such as other legislation requiring Carlsberg to retain the Personal Data, protection of the rights and freedoms of others, or the like. Carlsberg always does its utmost to carefully evaluate every single request and will provide the reasons if actions are not taken.

If you wish to exercise your rights, you can contact us by sending an email to uk.privacy@carlsberg.com.

How to file a complaint

If you have any queries that cannot be clarified as a result of internal dialogue with us or you wish to file a complaint, you can contact the Information Commissioner’s Office. Please visit https://ico.org.uk/global/contact-us/ for further details.

Whom can I contact about this Privacy Notification?

If you have any concerns or questions about Carlsberg’s use of your Personal Data or this Privacy Notification, you can contact us by sending an email to uk.privacy@carlsberg.com.

You may also contact us at: Carlsberg Marston’s Brewing Company Limited, Marston's House, Brewery Road, Wolverhampton, England, WV1 4JT.

Updates to this Privacy Notification

Any changes to this Privacy Notification will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this Privacy Notification.

This Privacy Notification was last updated in October 2020.

where

are you?