WHAT IS THE PURPOSE OF THIS DOCUMENT?
Burts is committed to protecting the privacy and security of your personal information. This Privacy Notice describes how we collect and use personal information about you and applies to everyone whose personal data we process in our capacity as “data controller”, with the exception of our employees, workers and contractors.
We are Burts Snacks Limited. We are registered in England with company number 02665660 and our registered office address is The Klamp House, Belliver Way, Roborough, Plymouth PL6 7BP. We are not required to appoint a data protection officer, but we have chosen to appoint a Data Protection Manager, who is Eve Skuse. If you have any questions about this Notice, please call us on 0800 023 7404, e-mail us at email@example.com or write to the above address.
This Privacy Notice also applies to data processed by any subsidiary company of Burts or subsidiary of that subsidiary (as defined in section 1159 of the Companies Act 2006) (together the Group). All references to Burts in this Privacy Notice are references to Burts and / or any subsidiary of Burts, as applicable.
This notice is not contractual and we may update it at any time. This version is effective from 20 December 2022.
OUR COLLECTION, USE AND TRANSFER OF YOUR DATA
We collect information about many people, mainly in the form of contact details (name, job title, organisation, address, e-mail address and telephone number, as well as other information from e-mail signatures and footers) of people interested in our products, customer contacts and potential customer contacts, supplier contacts and potential supplier contacts, individual consumers and other stakeholders. This information is usually provided directly from you and may be used for the legitimate interest of communicating with you in relation to specific issues or products that you are involved in, or matters that you might be able to assist with. We may also contact you to keep in touch or make introductions.
We also obtain information about you, such as your name, contact details and anything you include in the message, when you make an enquiry through our website.
We keep the details of any complaints for our legitimate interest in trying to improve our business.
If you apply for a job with us, we will keep your name, contact details, current salary, covering letter and CV for up to six months and may use these to contact you about applicable jobs.
We use the contact details of our shareholders to send them updates about the business and their investment in it as well as agreements, resolutions and documents relevant to their shareholding. We also provide their name and shareholding details, as well as the name, home address, service address, date of birth, occupation and nationality of directors, to Companies House.
CCTV systems monitor our car park in Plymouth and our office in Leicester 24 hours a day. This data is recorded, kept for up to 24 months and may be used for the purpose of security for our employees, clients and other guests and may be provided to the Police if requested, all of which is a legitimate interest and in the public interests of safety.
We keep a record of the names and organisations of all our visitors, to ensure that we can account for everyone in the premises in the event of an emergency. Names are displayed on visitor badges and the accompanying visitor passes log entry and exit to different areas of the premises. If you choose to use our guest wifi network, your use of this will be recorded for security reasons. Photographs of your visit may be taken for our own security but will not be used in marketing materials without your consent.
We do not sell products directly to consumers. We do however grant licences to third parties to sell products to consumers and they may refer consumer feedback to us, which could include personal data.
We also collect data you provide as part of promotional campaigns and competitions. This data will be collected and used for the specific purpose of that campaign or competition and only added to our general marketing list if you consent to opt-in to this.
We only send marketing correspondence (whether about us or our products, or a third party or their products) to people to have specifically opted in to this. This may relate to new products, special offers or other information that we think you might find interesting. If you wish to opt out at any time, please contact us on 0800 023 7404 or at firstname.lastname@example.org or write to us at Marketing, Burts Snacks Limited, The Klamp House, Belliver Way, Roborough, Plymouth PL6 7BP.
We may use MailChimp to send marketing correspondence. They are both data processors and so can only process your data in accordance with our instructions.
Special category personal data
“Special categories” of particularly sensitive personal information, being data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for identifying people, health information and data concerning sex life or sexual orientation, require higher levels of protection.
We do not envisage using collecting any special category data except where your health information (such as the need for wheelchair access) is useful to ensure your safety whilst you are at our premises.
We will not store or use information about any criminal convictions and offences, unless you have provided your consent to it.
Any personal data may be held and used for establishing, exercising or defending legal claims.
ORGANISATIONS THAT MAY SEE YOUR DATA
Our banks, accountants, solicitors, auditors, insurers and other professional advisers, as well as accreditors, are also entitled to obtain specific data on request as part of our compliance checks and legal obligations, although they rarely need specific personal data.
We use invoice discounting and the providers of this may see limited data in relation to customer contacts.
Our IT and marketing support and office management system providers have access to all data on our systems to provide their services to us for legitimate interests. We use Microsoft Office 365 for our e-mail exchange, for which the data is stored in the UK. We only allow our third-party service providers to use your personal data for specified purposes and in accordance with our instructions.
We may share your personal data with companies within our Group if there is a legitimate interest in doing do, such as shared resources.
We may share your personal information in the context of our legitimate interests in a possible sale or restructuring of the business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.
USE OF OUR WEBSITE
Information regarding the cookies used on our website and how to adjust your settings relating to these can be found at https://www.burtschips.com/cookie-policy.
TRANSFERRING INFORMATION OUTSIDE THE EU / UK
We may use MailChimp to send some marketing correspondence. Information about MailChimp’s international transfers of data can be found at https://mailchimp.com/legal/data-processing-addendum/#6._International_Transfers. This says that data may be transferred to the USA and other countries but MailChimp shall ensure that such transfers are made in compliance with the requirements of data protection laws.
This is the only situation in which we transfer personal data outside the EU and UK.
RIGHT TO WITHDRAW CONSENT
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us on 0800 023 7404 or at HR@burtssnacks.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
IF YOU FAIL TO PROVIDE PERSONAL INFORMATION
If you fail to provide certain information when requested, we may not be able to continue our professional relationship, depending on the specific data, why we need it and what risks the provision of it poses to your rights and freedoms. For example, if a supplier fails to provide contact details of its finance department or the details needed for payments, we may not be able to pay them.
CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, where this is required or permitted by law.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
HOW LONG WE KEEP YOUR DATA FOR
We will hold your personal data until we are satisfied that there is no longer any purpose for retaining it. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We keep our general marketing database on an on-going basis but if you wish to be removed from this database, please contact us on 0800 023 7404 or at email@example.com. Marketing data for specific campaigns or competitions are retained for two years and then deleted, unless we have any specific and lawful reason to keep it longer.
If you apply for a job with us, we will keep your name, contact details, current salary and CV on file for up to six months, although we may delete it before then if we do not anticipate any need for recruitment applicable to you within this time.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
You have a number of rights under the GDPR:
These are not absolute rights and are subject to specific conditions and depend on our processing purposes. If you are interested in using any of these rights, please contact us on 0800 023 7404 or at HR@burtssnacks.com for more information.
In most situations, you will not have to pay a fee to access your personal information (or to exercise any of the other rights).
PLEASE INFORM US OF ANY CHANGES
It is important that the personal information we hold about you is accurate and current. Please contact us on 0800 023 7404 or at HR@burtssnacks.com if your personal information changes during your relationship with us so that we can update our records.
If you are unhappy with any aspect of our processing of your personal data, we ask that you contact us on 0800 023 7404 or at firstname.lastname@example.org first and discuss your concerns with our Data Protection Manager. If you are not satisfied with the outcome, you may lodge a complaint with the Information Commissioner’s Office, the UK supervisory authority for data protection issues. Information about how to do this can be found on their website at https://ico.org.uk/for-the-public/raising-concerns/.