KRAFT HEINZ PRIVACY NOTICE
Welcome to Kraft Heinz’s privacy notice (“Notice”).
Kraft Heinz respects your privacy and is committed to protecting your Personal Data. This Notice tells you about how we look after your Personal Data, the privacy rights you have and how the law protects you.
It is important that you read this Notice, and any other privacy notices we may provide when we are collecting or processing Personal Data about you, so that you are fully aware of how and why we are using your Personal Data.
This Notice applies in addition to other privacy notices we may use and is not intended to override them. For more detail about how Kraft Heinz deals with Personal Data, please see our General Data Protection Policy.
You can click on the links below to find out more information:
Kraft Heinz is made up of different legal entities, details of which can be found here.
This Notice is intended to cover the whole Kraft Heinz Group so when we say “Kraft Heinz”, “we”, “us” or “our” we are referring to the company in the Kraft Heinz Group responsible for processing your data.
Kraft Heinz is the controller and responsible for this website.
Data Privacy Team
We have appointed a Data Privacy team who are responsible for overseeing questions in relation to this privacy notice.
If you have any questions about this Notice, including any requests to exercise your Legal Rights, please contact the Data Privacy team using the details below.
Full name of legal entity: Kraft Heinz
Contact: The Data Privacy Team
Email address: email@example.com
Postal address: Kraft Heinz, The Shard, 32 London Bridge St, London SE1 9SG
You have the right to make a complaint at any time to your local regulatory authority whose detail can be found here. However, we would appreciate the chance to deal with your concerns before you approach the authority so please contact us in the first instance.
Helping Us Keep Your Personal Data Up To Date
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
We do not control these third-party websites and are not responsible for their privacy statements or data handling. You should read the privacy terms for all third-party websites, to find out how they handle your Personal Data.
Children and This Website
This website is not aimed at or intended for children under the age of 16.
‘Personal Data’ is any information about an identifiable living individual but does not include information which you cannot link to a specific person. Your Personal Data is therefore information about and linked to you.
We may collect, use, store and transfer different kinds of your Personal Data, which may include:
(a) Identity Data such as first name, last name, marital status, date of birth and gender.
(b) Contact Data such as home address, billing address, email address and telephone numbers.
(c) Financial Data such as bank account and payment card details if you order goods from us and, for Kraft Heinz investors, details relating to your investments.
(d) Transaction Data such as details of products you have purchased from us.
(e) Technical Data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
(f) Profile Data such as your website username and password, purchases or orders made by you and information about your interests, preferences, feedback and survey responses.
(g) Usage Data such as information about how you use our website, products and services.
(h) Marketing and Communications Data such as your preferences in relation to receiving marketing from us and third parties and for the ways we communicate with you.
We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your Personal Data but is not Personal Data because it does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to find out how many users access a specific website feature.
If we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data and will process it as set out in this Notice.
We may collect some items of Special Category Personal Data (which includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) but will normally only do so where we believe it is necessary in connection with issues relating to our products or for some other reason that we will advise to you when we collect the data.
Failure to Provide Personal Data Where Requested
Where we need to collect Personal Data by law, or under the terms of a contract we have with you, and you do not provide that data when requested, we may not be able to perform the contract we either have or are trying to enter into with you (for example, to provide you with goods or services) and so we may have to cancel the contract.
We use various methods to collect your Personal Data, including:
a. Directly from you - where you give us Personal Data such as your address, identity and marketing data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:
- apply for our products or services;
- create an account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey; or
- give us some feedback or raise a concern or complaint.
In addition, if you contact us by phone, email or otherwise, we may keep a record of that correspondence.
b. By automated means – when you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
c. From third parties and publicly available sources. We may receive Personal Data about you from various third parties as set out below:
- Technical Data from analytics providers such as Google;
- contact, financial and transaction data from providers of technical, payment and delivery services;
- identity and contact data from data brokers or aggregators; and
- identity and contact data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your Personal Data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us at: GDPR@kraftheinz.com
We may use your Personal Data for or in connection with the following purposes:
a. Where necessary to establish and perform your contract with us, such as where you buy products directly from us;
b. Where necessary to comply with a legal obligation:
- in connection with any potential or actual corporate transaction or transfer of employment arising in relation to a business transfer or change of service provider in which case Personal Data may only be processed to the extent permitted by applicable law (such as the Acquired Rights Directive in Europe);
- compliance with applicable procedures, laws or regulations including in relation to retaining records of business activities and payment of taxes;
- disclosures to law enforcement agencies or in connection with legal claims, health & safety compliance, regulatory, investigative and disciplinary purposes (including disclosure of such information in connection with legal process or litigation)
c. Where necessary for Kraft Heinz's legitimate interests in connection with the purposes listed below, and where our interests are not overridden by your data protection rights:
- the proper conduct and development of Kraft Heinz’s businesses and operations;
- research including consumer and market preferences to assist with the operation and development of Kraft Heinz’s business;
- assisting with the development of existing and creation of new Kraft Heinz products and services;
- the manufacture of Kraft Heinz Products and supply of those products to Kraft Heinz customers;
- promotional and marketing activities (including running competitions and prize draws) in relation to Kraft Heinz’s business and products;
- ·other disclosures required in the connection with promoting or marketing of Kraft Heinz, its products or services by or to Kraft Heinz Staff;
- financial and other forecasting and modelling;
- ·operation, maintenance and development of Kraft Heinz’s Systems, networks and the equipment associated with or connecting to those systems and networks;
- development of Kraft Heinz’s business through mergers, acquisitions, disposal and other corporate actions;
- dealing with actual and potential shareholders, investors and other stakeholders in Kraft Heinz’s business;
- maintenance and protection of Kraft Heinz’s physical and intellectual property and assets;
- protecting corporate and personal security (which may include use of CCTV and other visual or audio monitoring);
- recording, responding to, dealing with and resolving matters arising in respect of Kraft Heinz products or Staff;
- recording, responding to, dealing with and resolving actual or potential complaints from customers and consumers;
- investigations to ensure compliance with or identify/confirm any potential breaches of any applicable procedures, laws or regulations;
- establishing, exercising or defending legal rights;
- working with suppliers to whom Kraft Heinz has outsourced business or other services;
- in connection with business acquisition, disposal or reorganisations other than where information is exchanged in connection with a legal obligation as set out above.
- processing necessary for the purposes of other legitimate interests pursued by Kraft Heinz
You can obtain further information on the legitimate interests balancing exercises which we have carried out by contacting the Data Privacy Team
We may share your data with third parties, including other companies within Kraft Heinz and with third-party service providers who provide services to us as further explained below.
Where we provide Personal Data to contractors and suppliers who provide services to us, including assistance with the processing activities set out in this notice, we will enter into a data processing agreement (including provisions required by GDPR) with those contractors and suppliers.
In order to fulfil our legal and other obligations and in connection with our rights including protection of our legitimate interest, we reserve the right to disclose Personal Data (or Special Category Data as appropriate) to law enforcement agencies, regulatory bodies, government agencies and other third parties as required by law or for administrative purposes (for example, HM Revenue and Customs in the UK) and to the extent that local law allows and/or requires this.
We may transfer Personal Data to other Kraft Heinz group companies, partners, suppliers, law enforcement agencies and to other organisations that are located outside the EEA for the purposes of:
The laws of some jurisdictions outside the EEA may not be as protective as Data Protection Laws in the EEA. Kraft Heinz will ensure that, for such jurisdictions, appropriate measures are in place for compliance with Data Protection Law in relation to transfer of Personal Data to those jurisdictions.
We have legal duties to keep various records and records need to be held for different periods of time, depending on their contents.
We will therefore keep Personal Data for as long as we reasonably consider we may need to in connection with those obligations.
Where we do not have keep Personal Data for a period specified by law we will not keep Personal Data for longer than Data Protection Law allows us to.
For further information about our approach to data retention, please see Kraft Heinz's Data Retention Policy.
Under Data Protection Laws you are entitled to ask Kraft Heinz for a copy of your Personal Data and to ask for it to be corrected, edited or have its processing restricted. In certain situations, you may also be entitled to ask Kraft Heinz to transfer some of your Personal Data to other organisations.
You may also have rights to object to some processing of your Personal Data although Kraft Heinz may continue that processing if it is required in connection with legal obligations.
Your Personal Data rights may be limited or subject to exceptions in some situations; for example, where Kraft Heinz demonstrates that it has a legal requirement to process your data, such as where tax authorities require us to retain it or where it is needed for proper performance of a contract.
Where Kraft Heinz has asked for your consent to process Personal Data and that consent is withdrawn we will not process that Personal Data further but may not be able to continue providing the goods or services for which the Personal Data was sought.
Where Kraft Heinz has a legal right or obligation to retain Personal Data or wishes to do so in connection with its legitimate interests, it may do so even if you have withdrawn consent for Kraft Heinz to hold your Personal Data.
Where Kraft Heinz requires Personal Data to comply with legal or contractual obligations, the provision of such data is mandatory. If such data is not provided Kraft Heinz will not be able to manage the employment or engagement relationship, or to meet obligations placed on it. In all other cases, provision of requested Personal Data is optional.
For any concerns or questions about how Kraft Heinz processes your Personal Data or have any questions in relation to your rights in respect of your Personal Data, please contact the Data Privacy Team at: GDPR@kraftheinz.com
In the first instance you should raise all data concerns with the Data Privacy Team but you also have the right to complain directly to data protection authorities at any time. The relevant data protection authority will be the supervisory authority in the same country as your employing entity.
Please see here for details of national data protection authorities.
We may change this Notice at our discretion and in the event we do so we will make the revised Notice available via our websites.
Previous versions of this Notice are archived here.
Publication Date: 25 May 2018