ISS UK Privacy Statement – Better Food Website
For clarity ISS UK are the operators of the EY Better Food website, proving services to EY in UK and Ireland. We are committed to protecting your privacy and will handle your personal information in accordance with this Privacy Statement and in accordance with our obligations under the current UK legislation on processing personal data, the Data Protection Act 1998 as well as the principles of the EU General Data Protection Regulation.
This Privacy Statement covers the UK ISS Group of companies as listed in our consolidated Annual Report (together and separately, ISS, we, us or our).
We are committed to protecting your privacy and will handle your personal data in accordance with this Privacy Statement and in accordance with our obligations under:
the Data Protection Act 1998 and the EU General Data Protection Regulation, as amended from time to time
What is personal data and special categories of personal data?
Personal data means any data relating to an identified or identifiable natural person (known as the data subject) such as your name, address, telephone number and email address. Special categories of personal data is a subset of personal data and may include data such as race, origin, religion, sexual orientation, medical and health information and union membership.
What kind of personal data do we collect and hold, and why do we do so?
We collect your personal information to provide services to you. Personal information which we may ask you to provide includes your contact information such as your name, address, telephone number and email address, age, date of birth, sex, and food preferences. We may also ask you to supply information to us from time to time, including when you report a problem with our services and when we ask you to complete surveys, questionnaires and feedback forms that we use for quality monitoring and research purposes.
We use this information to focus content on the Better Food website, and to provide targeted marketing content to you, including special offers.
2.2 Legislative and Regulatory requirements We may also collect your personal information to comply with legislative and regulatory requirements.
3. What happens if you do not give us this information?
It is your right not to provide us any information and not to identify yourself to us. However, if you choose not to provide the personal information we request, or you do not wish to identify yourself to us, we may not be able to provide you with the services or information you require.
4. How do we collect your personal information
5. How do we use your personal information?
Your personal information is collected so that we can: comply with the law, including doing anything that we are required or authorised by the law to do; manage our relationship with you; resolve any legal and/or commercial complaints or issues; facilitate our business operations, including to perform other functions and activities relating to the business of ISS and improve our services. Furthermore, if you have specifically consented hereto, we may tell you about our products and services, and those of third parties, which might interest you. Generally, we will not use or exchange your information for other purposes than set out in this Privacy Statement, or for a purpose which is disclosed to you and to which you have consented.
6. Do we disclose information to third parties?
We may share or disclose your personal information for any of the reasons mentioned above to third parties, including: our related bodies corporate, agents, external advisers and our external service providers and contractors (such as any mail provider, commercial agent or support services); government agencies including law enforcement, regulatory and dispute resolution bodies (or any other body to whom disclosure is required by law or court/ tribunal order); and any other person or entity to whom disclosure is authorised by you. We will not share special categories of information concerning you with any person or entity other than: our related bodies corporate; our employees, and the employees of our related bodies corporate; government or regulatory authorities (including law enforcement bodies, tribunals and courts), where required or permitted by law; and any other person as permitted by law. When we disclose your information to a third party, we take all reasonable steps to ensure that those third parties are bound by confidentiality and privacy obligations with respect to the protection of your personal information. The disclosure is conducted in compliance with legal requirements, hereunder that transfers are guarded by data processor agreements, to ensure that data is not processed for other purposes than clearly stated and to ensure adequate security measures.
7. Do we disclose your personal information to recipients outside the EU/EEA?
We will not disclose your personal information to organisations located outside the country in which we have received your information (as applicable) without your written consent, except as set out below or where disclosure is otherwise authorised or required by law or court/ tribunal order. We may disclose your personal information within the ISS Group, to our operations or contractors outside the EU/EEA. Any such transfer, however, does not change any of our commitments to safeguard your personal information under this Privacy Statement. If your personal information is transferred outside of the EU/EEA, ISS ensures an adequate level of security by transferring to countries approved by the EU Commission as having an adequate level of protection, or by entering into an appropriately-drafted contract between ISS and the non-EU/EEA entity receiving the data.
8. Direct marketing and promotional use of your personal information
ISS may use your personal information to provide you with information about our services or products or those provided by third parties, that we believe may be of interest to you. With your specific consent, we may provide your personal information to such third party organisations for specific marketing purposes. Based on the nature of our business relationship we may wish to use you as a reference when promoting our business to others. In those circumstances, we will ask for your prior and specific consent and will only disclose personal information you have consented to. You can at any time ask us not to contact you about products or services, and not to disclose your information to others for that purpose by contacting us or, where applicable, by clicking the "unsubscribe" button from promotional email messages.
9. Storage and security of your personal information
We hold your personal information in paper-based or electronic files. We have put in place safeguards as required by law to protect the personal information we hold from misuse, interference and loss, and unauthorised access, modification or disclosure. ISS applies technical security measures such as encryption. This includes a range of systems and communication security measures, as well as the secure storage of hard copy documents. In addition, access to your personal information will be restricted to those properly authorised to have access. We take reasonable steps to destroy or permanently anonymize any personal information after it can no longer be used in accordance with this Privacy Statement.
10. How to access or correct your personal information
We take reasonable steps to ensure that the information we hold about you is accurate, up to date, complete and relevant when we use it or disclose it. You should contact us if you think your personal information is wrong. If you have a question about this Privacy Statement or want to access or otherwise correct your personal information you can contact our Group Data Protection Officer by sending an email to firstname.lastname@example.org or writing to: The Data Protection Officer, ISS A/S, Buddingevej 197, DK 2860 Soeborg, Denmark. A request for access needs to include a full description of the personal information requested. Your request for access to your personal information will be documented, as will details of the request and the identity of the ISS employee who gave it to you. You have the right to access your information and correct it if it is inaccurate, out-of-date or incomplete. You may also withdraw your consent to our processing of your personal information. If you believe that the information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can request its correction. If we are satisfied that the information needs to be corrected, we will take reasonable steps to ensure that information is corrected and notify you of the correction. We will correct your information and notify any other recipients of the information, where we are required to do so. There may be circumstances where we may have to refuse a request for correction. In cases you can request that we include a statement with that personal information that you made a request for correction. You will not be charged for accessing or correcting your information. You may be charged for reasonable costs incurred by us in the processing of, and response to your access request, including photocopying, supplying written reports, administration and postage
11. How we will respond to your request
We will acknowledge receipt of your request within 5 working days of receiving your request. We will do our best to process and reply to your request within 10 working days. If we cannot help with your request, you will receive a written explanation as to why and details of your possible actions if you are not satisfied with our response.
12. Do you want to contact us anonymously?
You can certainly contact us anonymously. However, if you choose not to be identified our ability to provide you with the services or information you require is limited.
13. Can you complain about a breach of privacy?
If you want to complain about a privacy breach, please contact our Group Data Protection Officer: • Phone: +45 41 132 332 • Post: The Data Protection Officer, ISS A/S, Buddingevej 197, DK 2860 Soeborg, Denmark; or • Email: email@example.com We will do our best to resolve your complaint as quickly as possible. If you are not satisfied with the outcome of your complaint, you may refer your complaint to: The Information Commissioner’s Office (the UK Data Protection Authority) • Phone: 0303 123 1113 • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF • Email: firstname.lastname@example.org
14. Need further information?
For more information about privacy in general, you can visit the ICO’s website at www.ico.org.uk
15. Updating our Privacy Statement
We may review, amend or revise our Privacy Statement and the way we process personal information from time to time and this will be reflected immediately on the Better Food website privacy section.