Privacy Notice

What is this notice for?

This notice explains what we do with your personal data and the steps we take to keep it secure. It explains when and how we collect personal data, who we share it with, how we process it and what your rights are in respect of the personal data processing we carry out.

When do we use your personal data?

We believe that a good free trade customer experience means:

Providing you with the products and services you want
Giving you relevant information about the industry, our company, brands and products
Providing you with excellent business/financial support and a range of other services designed to help you make the most of your business

To do these things well, we need to process some of your personal data. We do this whenever:

you use our websites
you contact us to request a discussion about your business plan
you open a free trade customer account
we lend you money or sponsor your business
we provide a retrospective discount to you
you act as a guarantor or provide security for a free trade customer
we send you direct marketing
you opt out of direct marketing
you order from us (telesales or online)
you make a payment, sign a direct debit or request a refund
we collaborate on a promotion
you do some training with us via the BeerGenius.co.uk website
we entertain you
you submit queries or complaints
we record telephone calls
an accident occurs
when we ask for other people’s data

It’s worth remembering that personal data, which is covered by this notice, refers to information about you as an individual. Information about any companies that you own or operate through is not personal data.

Where we do hold personal data on you, we don’t keep it for any longer than we need it. See our retention periods for more details.

Sometimes we need to share your personal data with other Greene King companies or with other organisations that help us provide our products and services to you. We will not sell your personal data and we do not allow these organisations to use your personal data for anything that’s not described in this notice. We might also need to share your personal data to uphold your rights, our rights or the rights of other people and we may need to share your personal data to meet some of our legal obligations. See the data sharing section for more details.

You can find out more about how we meet our data protection law obligations here. This section also explains what rights you have in respect of the personal data processing we do, and how you can exercise them.

How can you contact us?

If you want to discuss how we use your personal data

Write to us at Greene King Customer Care Team, Westgate Brewery, Bury St Edmunds, Suffolk, IP33 1QT
Send an email to customercareteam@greeneking.co.uk
Call us on 0345 850 4545

If you want to contact our Data Protection Officer

Write to the Data Protection Officer, Greene King, Westgate Brewery, Bury St Edmunds, Suffolk, IP33 1QT
Send an email to dataprotection@greeneking.co.uk
Call us on 01284 763222

How do we use your personal data?

When you use our websites

If you fill out the ‘contact us’ form on our website, we will use the information we receive to contact you about the ways that Greene King could provide support to your organisation. If there are any offers and promotions that may be of interest to you, these will be discussed with you and data shared with particular third parties only with your consent.

Most of our websites use cookies. Cookies are small text files which websites store on the device you use to access our websites. Some cookies contain personal data. In general, we use cookies to run our websites, monitor their use and understand how our customers use them. See our cookie policy for more details.

When you request us to contact you to discuss your business plans with you to better understand your future needs

In order to anticipate the supply of our products we may discuss your business plans with you. In this instance we will ask for your name, business name, address, email address and telephone number. We may also record any other information relevant to our discussions.

When you open a new free trade account

When you open a new free trade account, we will ask you to complete an application form containing your name, address, telephone number, date of birth, the legal form through which you trade (eg sole trader, partnership or limited company) and, if you are paying by direct debit, your bank details. We will also ask for a copy of your passport, driving licence, recent utility bills and bank statements. If you have a trading history, we will also ask for statements from a previous supplier containing your name and address so that we can obtain trade references. So that we can confirm your creditworthiness we will undertake a credit check about you and as part of this process we will also undertake a search of the Land Registry or Register of Scotland when there is insufficient information from the credit check to establish creditworthiness.

In order to process your application, we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain.

Greene King will continue to run periodic credit checks for the duration of the account to ensure ongoing creditworthiness is maintained.

We will also ask if you want to sign up for direct marketing, see when you sign up for direct marketing.

When we lend you money or sponsor your business

When we lend you money or enter a sponsorship arrangement with you we will ask for your name, address, previous address, address of any properties you own, telephone number, date of birth, bank details, lease copies and will ask for a copy of your passport and driving licence. We will undertake a credit check so that we can confirm your creditworthiness and as part of this process we will also undertake a search of the Land Registry or Register of Scotland when there is insufficient information from the credit check to establish creditworthiness or as evidence of the security you can provide to us.

We will use all of this information, as well as information from third parties to help us decide whether to lend money to you and whether to sponsor your business. Please see the section on who we share data with for more information.

When you act as a guarantor or provide security for a free trade customer

When you act as a guarantor or provide security for one of our free trade customers we will ask for your name, address, date of birth, telephone number and a copy of your passport and driving licence If you provide a guarantee we will record details of the guarantee or security that you provide.

When you sign up for direct marketing

When you use one of our services, we will ask you if you want to receive direct marketing from us. You don’t have to sign up for direct marketing – it’s your choice. We will not send you excessive amounts of marketing and every marketing message we send includes an easy way for you to opt out. We use the information gathered when you open a free trade account to personalise our direct marketing, such as by addressing you by name, and targeting our marketing based on your age, birth date and where you live.

If you opt out of direct marketing

You can opt out of receiving direct marketing at any time by following the unsubscribe instructions in any of our marketing messages or by contacting our team on solutions@greeneking.co.uk

When you order from us

If you want to purchase beers from us, via telesales or online (via www.greenekingorders.co.uk ) we can deliver them directly to you. To do this we will ask for your name, postal address, email address and payment details.

When you make a payment, sign a direct debit mandate or request a refund

In order for you to pay for any goods or services that Greene King provide we will need your bank details and may ask you to sign a direct debit mandate form. If you pay for anything with a payment card, we will ask for your name and the card number, start and expiry date, verification code (CVC). We will also need these details to make any refunds.

When we provide a retrospective discount to you

If we have agreed to provide you with a retrospective discount and you are not opening a free trade account we will ask for your name, address, telephone number and bank account details.

When we collaborate on a promotion

When we work together on a promotion in order to drive the sales of our beer in your pub, we will collect your name, address and email address and record the terms of the promotion we have agreed.

When you do some training with us via the Beer genius website

Please refer to the privacy notice on the www.beer-genius.co.uk website.

When we entertain you

When you sign up to receive information about our hospitality events or we invite you to one of our events we will ask for your name, address, telephone number, email address and date of birth. For certain events we may also ask for your passport details, dietary requirements and medical information in order make arrangements for you at the event.

When you submit queries or complaints

We will ask for your name, telephone number, email address and date of birth so that we can identify you and discuss your enquiry with you. We will also ask for any other relevant information, such as further information about you, your purchases and the nature of your query or complaint. We will use this information to take your enquiry and respond appropriately to it.

When we record telephone calls to our offices

We record some of the telephone calls we receive, including all of the calls to our free trade customer sales team, customer care department and credit control. We use the recordings for staff training and to refer back to if you question something we said or you make a complaint. If we intend to record your call, a recorded message will be played first to inform you before the recording starts.

When an accident occurs

If you are unfortunate enough to be involved in an accident during use of our products or services, we will ask for your name, address, phone number, age and any other details that relate to the accident, such as information about any relevant health conditions you have or any injuries or treatments you received.

When we ask for other people’s personal data

If you need to provide us with information about other people, either as part of the application process or at any other time during the course of your relationship with us, Please ask them to read this notice before you do so.

How long do we keep your personal data for?

Information about	Is kept until
When you use our websites	Please refer to our cookie policy for information about the lifespan of cookies.
When you request us to contact you to discuss your business plans	1 year from the date of the last request correspondence. Longer (see below) if business plan is activated in any way.
When we need to verify your age	No information is retained, unless required for another purpose in this list.
When you open a new free trade customer account	6 years after all money owed to us has been repaid and your account is closed. Any credit check reports are kept until the end of the application stage.
When we lend you money, sponsor you, provide a retrospective discount to you or you act as a guarantor or provide security	6 years after all money owed to us has been repaid and the account is closed. Credit checks are kept until the end of the application stage. For all subsequent credit checks, Greene King will maintain a record showing only that these have additional checks have been performed.
If you opt out of direct marketing	We will keep your name, email address and postal address indefinitely, so that we can ensure we don’t accidentally send you direct marketing messages again without you having first opted back in.
When you order from us, make a payment, sign a direct debit mandate or request a refund	6 years after all money owed to us has been repaid and the account is closed.
When we collaboration on a promotion	12 months after our financial year end following the end of the promotion.
When we entertain you	12 months from the end of the event you have signed up to receive information about or attend.
When you submit queries or complaints	1 year from the date of the last correspondence on the matter.
When we record telephone calls to our offices	3 months from the date of the recording.
When an accident occurs	6 years from the date of the accident, or 3 years from the age at which a child becomes an adult, or 3 years from the date of settlement of a claim, whichever occurs last.
When you make a request to exercise your data protection rights	Information about your request and our response will be kept for 12 months from the date of our final response to you.
When information is relevant to a legal action, proceeding or claim	6 years from the date that the action, proceeding or claim is settled.

Who do we share your personal data with?

Other Greene King companies

Any of the information we collect from you may be shared with other companies within the Greene King group:

Company	Role	Registered Office
Greene King Limited	This is the holding company in the Greene King group	Westgate Brewery, Bury St Edmunds, Suffolk IP33 1QT
Greene King Services Limited	This company employs the employees who you will deal with in Greene King Brewing & Brands.	Westgate Brewery, Bury St Edmunds, Suffolk IP33 1QT

Each of these companies is bound by the terms of this privacy notice and they are also required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.

Organisations who help us to provide our products and services

We work with a number of third-party suppliers and service providers. Many of these organisations process personal data in order to provide products

Type of Organisation	Type of data shared	Reason for sharing
Credit reference agencies	Contact details, ,CCJs, Directorships, credit score	To enable us to assess the creditworthiness of applicants for loans or trade credit
Land Registry and Register of Scotland	Contact details, evidence of title to land and property	To enable us to establish authority to trade from an outlet, provide support for a personal guarantee & to assess the assets of individuals as part of the creditworthiness check
Law firms	Contact details, GK account number, details of debt outstanding & any other relevant data held within retention schedule to support debt recovery or completion of loan agreements	To enable us to recover debt and to provide legal services in relation to secured lending
Insolvency service providers	Contact details, , GK account number, details of debt outstanding & any other relevant data held within retention schedule to support debt recovery	To enable us to recover debt through the insolvency services provided by supplier
Website and CRM system hosts	Contact details, GK account number, order information	To enable us to respond to online queries or online ordering
Providers of corporate hospitality	Contact details, date of birth, passport details, dietary requirements, medical info	Provision of customer hospitality
Fulfilment providers	Contact details, order information	To fulfil any goods purchased through Greene King
Money Maker partners	Contact details and information about your business	To obtain quotes from third parties to present to you, based on your request.

These organisations are bound by the terms of this privacy notice and they are also required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.

International data transfers

Some of our third-party processors operate outside of the UK. Under these circumstances, before your personal data is transferred outside the UK, we implement at least one of the following safeguards:

Carry out Risk Assessments to ensure there is a suitable level of protection for your personal data
Put appropriate controls in place to ensure your personal data has a suitable level of protection where the recipient country is not deemed as adequate, for example standard contractual clauses or encryption

Other situations that may require us to share your personal data

We will share your personal data if we are required to do so by law or by a regulatory authority. For example, we may have to share your personal data for the detection or prevention of crime, fraud or money laundering, or to allow a regulator or ombudsman to investigate a complaint you have submitted to them.

During the application process we will share your data with a credit reference agency to enable use to verify your creditworthiness. We will share your personal data if we need to do so to protect our business interests, such as to enforce the terms of a contract, pursue an overdue debt, defend our legal rights or to ensure that third parties understand where responsibilities lie as between you and us.

As we develop our business, we might sell or buy group companies or other businesses. This might involve transferring customer information to the person buying the businesses. If this happens, the new owner will be bound by the terms of this privacy notice.

Occasionally, we may need to share your data to protect the rights of other organisations or people. In these cases, we will try to contact you to seek your consent first but this may not be possible, especially in the event of a medical or other emergency.

How do we comply with data protection law?

We have adopted the measures that we believe are necessary to comply with Data Protection law.

Protecting your data

We protect the personal data we hold from theft, accidental loss, corruption and other threats that would have a negative impact on our customers. These protective measures include:

Not collecting personal data that we don’t really need
Destroying or anonymising personal data securely when we don’t need it any more
Only allowing our staff and our suppliers to process the personal data they need to carry out their duties
Encrypting personal data to render it useless to anyone who is not authorised to access it
Making sure that staff are trained on how to handle personal data safely and securely and are fully aware of their personal responsibilities
Binding our suppliers and partners to the same standards and duties of care that we hold ourselves to
Protecting our websites, networks and IT systems from unauthorised access and from threats such as denial of service attacks, viruses and malware
Making periodic checks that all of these measures are working well and making improvements to them when we think we can do better

Being accountable for what we do

As well as the security measures mentioned above, we have a team of people whose job it is to make sure that Greene King does the right thing the right way whenever we’re processing personal data. This team includes a Data Protection Officer, who can be contacted using these contact details.

There are a set of checks we apply to make sure we process personal data fairly and transparently. These include:

Providing you with clear and accurate information about why we need your personal data, what we do with it and how long we keep it for
Checking that our business interests don’t unfairly or unreasonably impact upon you or your rights
Identifying personal data processing risks and reducing them to an acceptable level
Responding honestly, clearly and promptly to enquiries we receive from you or from the Information Commissioner’s Office

Making sure our processing respects the law

The ICO have published a helpful guide to lawful bases for the general public which you can find here. The lawful bases we rely on for the processing we do are shown in bold typeface in this table:

Purpose	Lawful basis
When you use our websites	We process this personal data because it is in our legitimate interests to provide a fully-functioning, accessible and useful website to our customers.
When we need to verify your age	We process this data to satisfy our legal obligation to not sell alcohol to anyone under the age of 18. We also do so because it is in our legitimate interests to ensure that we do not market alcohol to anyone under the age of 18.
When you open a free trade account, we lend you money, we sponsor you, we provide a retrospective discount to you, you act as a guarantor or provide security	This processing will be part of the pre-contract steps necessary for us to agree the terms of a contract with you. We also believe it is in our legitimate interests for us to undertake credit reference checks about you and undertake a Land Registry and Register of Scotland search to confirm your creditworthiness and ability to provide security.
When you sign up for or opt out of direct marketing and when we send direct marketing to you	We are a responsible marketer, so we don’t send marketing to people who have asked us not to do so. We send electronic direct marketing to people who consent to receive it, such as customers who sign up to one of our email clubs or to our customers who, when notified that we wanted to send them marketing information, chose not to opt out (this is a type of consent known as a soft opt-in). Occasionally, we send marketing information by direct mail. In these cases, we do so as we believe it is in our legitimate interests to let our customers know about our products, brands, services and any special offers we are running. Customers who no longer want to receive our marketing have the right to opt out by withdrawing their consent at any time. The easiest way to do this is to follow the instructions in the last marketing message you received but you can also notify our team if you no longer want to receive direct marketing.
When we discuss your business plans, we collaborate on a promotion or we entertain you	We process personal data for core business activities in connection with the contracts that exist between us. Where we share your data with third parties to obtain quotes for services which may be of interest to you, we obtain your consent beforehand. Sometimes we will process this data because it is in our legitimate interests to make you aware of products and services that we offer.
When you make a payment, sign a direct debit mandate or request a refund	We process personal data for core business activities in connection with the contracts that exist between us.
When you submit queries or complaints	We receive and respond to lots of different types of enquiry. Generally our processing will be necessary for us to meet the terms of the contract we have with you. Otherwise we do so because it is in our legitimate interests to allow you to tell us what you think of our service, what we do well and what you think we can improve on.
When there is a legal action, proceeding or claim	If the claim relates to an accident we record the details primarily for compliance with our legal obligations. The claim may also be processed under the terms of a contract with you or to protect our business interests and so this processing is a legitimate interest for us.

Your rights

Data protection laws give you certain rights and as a responsible data controller, we are committed to uphold these for you:

Name of right	Description	How to make a request
Information	You have the right to know what we want your personal data for, what we will do with it, who we share it with and how long we keep it for. This is the primary reason for publishing this notice.	Send any questions you have about our privacy notices to customercareteam@greeneking.co.uk
Access	You have the right to be sent information about the personal data we have about you and a description of what we are using it for. This is also known as a ‘subject access request’, ‘SAR’ or ‘DSAR’.	Send your request to dataprotection@greeneking.co.uk
Rectification	You have the right to ask us not to process inaccurate personal data or to ask us to correct it.	Send your request to our customercareteam@greeneking.co.uk Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
Erasure (‘right to be forgotten’)	You have a right in certain situations to ask us to delete your personal data.
Restrict processing	You have a right in certain situations to ask us not to process your personal data.
Object to processing	You have the right in certain circumstances to object to the fact that we are processing some of your personal data.
Portability	You have the right in certain circumstances to ask us to pass some of your personal data to another data controller on your behalf.
Complain	You have a right to lodge a complaint with the UK Information Commissioner’s Office or in some situations, another European Union data protection authority.	Send your complaint to the ICO. You can find a list of all European Union data protection authorities here.
Withdraw consent	Most of the personal data processing we do does not rely on your consent to make it lawful but any consent that we are relying on can be withdrawn by you if you decide you wish to do so.	Follow the unsubscribe instructions in any of the marketing messages we have sent you or send your request to customercareteam@greeneking.co.uk
Name of right	Description	How to make a request
Information	You have the right to know what we want your personal data for, what we will do with it, who we share it with and how long we keep it for. This is the primary reason for publishing this notice.	Send any questions you have about our privacy notices to customercareteam@greeneking.co.uk
Access	You have the right to be sent information about the personal data we have about you and a description of what we are using it for. This is also known as a ‘subject access request’, ‘SAR’ or ‘DSAR’.	Send your request to dataprotection@greeneking.co.uk
Rectification	You have the right to ask us not to process inaccurate personal data or to ask us to correct it.	Send your request to our customercareteam@greeneking.co.uk Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
Erasure (‘right to be forgotten’)	You have a right in certain situations to ask us to delete your personal data.	Send your request to our customercareteam@greeneking.co.uk Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
Restrict processing	You have a right in certain situations to ask us not to process your personal data.	Send your request to our customercareteam@greeneking.co.uk Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
Object to processing	You have the right in certain circumstances to object to the fact that we are processing some of your personal data.	Send your request to our customercareteam@greeneking.co.uk Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
Portability	You have the right in certain circumstances to ask us to pass some of your personal data to another data controller on your behalf.	Send your request to our customercareteam@greeneking.co.uk Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
Complain	You have a right to lodge a complaint with the UK Information Commissioner’s Office or in some situations, another European Union data protection authority.	Send your complaint to the ICO. You can find a list of all European Union data protection authorities here.
Withdraw consent	Most of the personal data processing we do does not rely on your consent to make it lawful but any consent that we are relying on can be withdrawn by you if you decide you wish to do so.	Follow the unsubscribe instructions in any of the marketing messages we have sent you or send your request to customercareteam@greeneking.co.uk

Detailed information about all of these rights can be found on the ICO website.

Responding to your questions

When you notify us that you want to exercise any of your rights, we will acknowledge your request as soon as possible and ask for any information we may need to verify your identify: if we don’t already know who you are, we will ask you to send us a copy of your passport or photo-card driving licence, so that we can check your name, address and signature.

Once we have confirmed your identity, we will validate your request then gather together the information we need to be able to respond fully to it.

Whilst we always try to carry out this work as quickly as possible, it may take us up to 30 days to respond to you in full. If your request is particularly difficult to respond to, we may ask you for any further information that will help us respond more quickly, or ask you if there is some information that you want particularly urgently. We may also respond to your request in phases, as relevant information becomes available.

If we cannot satisfy your request within 30 days, we will write to you to tell you why, and when we expect to be able to provide you with a full response. If for any reason we decide that we should not respond in the way you have asked us to, we will provide you with our decision and our reasons for reaching it within 30 days.

Changes to this privacy notice

This notice is effective from [ ] January 2023. You can check if the privacy policy has changed by revisiting this webpage at any time. If we make any significant changes to this policy, if we have your email address, we will email you to let you know.

Information on Cookies