PRIVACY NOTICE
Last Updated: June 2018
What is this notice for?
This notice explains what we do with your personal data and the steps we take to keep it secure. It explains when and how we collect personal data, who we share it with, how we process it and what your rights are in respect of the personal data processing we carry out.
Who is Greene King?
As the country's leading pub retailer and brewer, Greene King creates fine ales from our two historic breweries in Bury St Edmunds and Dunbar for sale in pubs, restaurants, hotels and shops across the UK. Our products and services trade under a wide range of well-known brands, including Greene King, Greene King IPA, Old Speckled Hen, Abbot Ale and Belhaven.
When we say ‘we’, ‘us’ or ‘our’ in this notice, we are referring to Greene King Brewing and Retailing Limited. We are the data controller in respect of this website and the services described in this notice. Our ICO registration number is ZA054235.
When do we use your personal data?
When you use this website, we need to process some of your personal data. We do this whenever:
- you use this website
- you register or sign in to do some e-learning via this website
- you submit questions via our website
- we ask you for other people’s data
We don’t keep your personal data for any longer than we need it. See our section on retention periods below for more details.
Sometimes we need to share your personal data with other Greene King companies or with other organisations that help us provide our products and services to you. We will not sell your personal data and we do not allow these organisations to use your personal data for anything that’s not described in this notice. We might also need to share your personal data to uphold your rights, our rights or the rights of other people and we may need to share your personal data to meet some of our legal obligations. See the data sharing section for more details.
You can find out more about how we meet our data protection law obligations below. That section also explains what rights you have in respect of the personal data processing we do, and how you can exercise them.
How can you contact us?
If you want to discuss how we use your personal data
- Write to us at Greene King Beer Genius, Greene King, Westgate Brewery, Bury St Edmunds, Suffolk IP33 1QT
- Send an email to solutions@greeneking.co.uk
- Call us on 01284 763222
If you want to contact our Data Protection Officer
- Write to the Data Protection Officer, Greene King, Westgate Brewery, Bury St Edmunds, Suffolk, IP33 1QT
- Send an email to dataprotection@greeneking.co.uk
- Call us on 01284 763222
How do we use your personal data?
When you use our websites
Most of our websites use cookies. Cookies are small text files which websites store on the device you use to access our websites. Some cookies contain personal data. In general, we use cookies to run our websites, monitor their use and understand how our customers use them. See our cookie policy for more details.
When you register or login to do some e-learning
When you register to join the scheme we will ask for your name, pub location, date of birth, email address, and a password. You will then need your user name (your email address) and password to sign in again for further training. This is so that we can record the training that you have undertaken.
When you submit questions
We will ask for your name, email address, pub name and postcode so that we can identify you and discuss your question with you. We will also ask for any other relevant information about the nature of your enquiry. We will use this information to take your enquiry and respond appropriately to it.
When we ask for other people’s personal data
If you need to provide us with information about other people, please ask them to read this notice before you do so.
How long do we keep your personal data for?
| Information about |
Is kept until |
| When you use our website |
Please refer to our cookie policy for information about the lifespan of cookies. |
| When you register or sign in for e-learning |
Three years from when you sign up to the website |
| When you submit questions |
6 months from the date you submit the question |
Who do we share your personal data with?
Other Greene King companies
Any of the information we collect from you may be shared with other companies within the Greene King group:
| Company |
Role |
Registered Office |
| Greene King plc |
This is the holding company in the Greene King group |
Westgate Brewery, Bury St Edmunds, Suffolk IP33 1QT |
| Greene King Services Limited |
This is the company that employs some of the group’s employees. |
Greene King plc
This is the holding company in the Greene King group
Westgate Brewery, Bury St Edmunds, Suffolk IP33 1QT
Greene King Services Limited
This is the holding company in the Greene King group
Westgate Brewery, Bury St Edmunds, Suffolk IP33 1QT
Each of these companies is bound by the terms of this privacy notice and they are also required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.
Organisations who help us to provide our products and services
We work with a number of third-party suppliers and service providers. Many of these organisations process personal data in order to provide products or services to us or on our behalf. See our data sharing list below for more details.
| Organisation |
Contact details |
Data shared |
Reason for sharing |
International data transfers |
| CPL Training Limited |
Egerton House
2 Tower Road
Birkenhead
Wirral, CH41 1FN
https://www.cpltraining.co.uk/policies
|
Individual Registration - Greene King employee
- Site
- Location (auto populated from site)
- Postcode (auto populated from site)
- First name
- Surname
- Email Address
- Password
- Date of Birth
Individual Registration - Non Greene King Employee
- Company (optional)
- Pub/bar
- First name
- Surname
- Email Address
- Password
- Date of Birth
Greene King Manager registering staff
- Title
- First Name
- Surname
- Email
- Date of Birth
|
For fulfilment of course certification. |
|
CPL Training
Contact Details
Egerton House
2 Tower Road
Birkenhead
Wirral, CH41 1FN
https://www.cpltraining.co.uk/policies
Data shared
Individual Registration - Greene King employee
- Site
- Location (auto populated from site)
- Postcode (auto populated from site)
- First name
- Surname
- Email Address
- Password
- Date of Birth
Individual Registration - Non Greene King Employee
- Company (optional)
- Pub/bar
- First name
- Surname
- Email Address
- Password
- Date of Birth
Greene King Manager registering staff
- Title
- First Name
- Surname
- Email
- Date of Birth
These organisations are bound by the terms of this privacy notice and they are also required to comply with our data protection policies. They are not permitted to use your personal data for their own purposes.
International data transfers
Some of the third parties we work with have operations in countries outside of the European Union or the European Economic Area. Before your personal data is transferred outside of these regions, we implement at least one of the following safeguards:
- We check whether the personal data is being transferred to a country that has been deemed to provide an adequate level of protection by the European Commission.
- Where we use third parties based in the United States, we check if they have signed up to the Privacy Shield framework. This framework requires signatories to provide a similar level of protection to personal data as would be the case if the personal data remained within the European Union or European Economic Area.
- We may use specific contracts approved by the European Commission which give personal data the same protection as it has in the European Union and European Economic Area.
- If we are unable to apply any of the first three safeguards, we will try to contact you to ask for your consent before we transfer your personal data.
Other situations that may require us to share your personal data
We will share your personal data if we are required to do so by law or by a regulatory authority. For example, we may have to share your personal data for the detection or prevention of crime, fraud or money laundering, or to allow a regulator or ombudsman to investigate a complaint you have submitted to them.
We will share your personal data if we need to do so to protect our business interests, such as to enforce the terms of a contract, pursue an overdue debt or defend our legal rights.
As we develop our business, we might sell or buy group companies or other businesses. This might involve transferring customer information to the person buying the businesses. If this happens, the new owner will be bound by the terms of this privacy notice.
Occasionally, we may need to share your data to protect the rights of other organisations or people. In these cases, we will try to contact you to seek your consent first but this may not be possible, especially in the event of a medical or other emergency.
How do we comply with data protection law?
We have adopted the measures that we believe are necessary to comply with the Data Protection Act 1998 and we are preparing for the act’s replacement, which will fully embed the General Data Protection Regulation into UK law.
We have also adopted the measures that we believe are necessary to comply with the Privacy and Electronic Communications Regulations 2003. This law sets out an additional set of rules that we must follow whenever we communicate with you via any of our websites and apps, or by telephone, fax, email or text message.
Protecting your data
We protect the personal data we hold from theft, accidental loss, corruption and other threats that would have a negative impact on our customers. These protective measures include:
- Not collecting personal data that we don’t really need
- Destroying or anonymising personal data securely when we don’t need it any more
- Only allowing our staff and our suppliers to process the personal data they need to carry out their duties
- Encrypting personal data to render it useless to anyone who is not authorised to access it
- Making sure that staff are trained on how to handle personal data safely and securely and are fully aware of their personal responsibilities
- Binding our suppliers and partners to the same standards and duties of care that we hold ourselves to
- Protecting our websites, networks and IT systems from unauthorised access and from threats such as denial of service attacks, viruses and malware
- Making periodic checks that all of these measures are working well and making improvements to them when we think we can do better
Being accountable for what we do
As well as the security measures mentioned above, we have a team of people whose job it is to make sure that Greene King does the right thing the right way whenever we’re processing personal data. This team includes a Data Protection Officer, who can be contacted using these contact details.
There are a set of checks we apply to make sure we process personal data fairly and transparently. These include:
- Providing you with clear and accurate information about why we need your personal data, what we do with it and how long we keep it for
- Checking that our business interests don’t unfairly or unreasonably impact upon you or your rights
- Identifying personal data processing risks and reducing them to an acceptable level
- Responding honestly, clearly and promptly to enquiries we receive from you or from the Information Commissioner’s Office
Making sure our processing respects the law
The ICO have published a helpful guide to lawful bases for the general public which you can find on their website – www.ico.org.uk. The lawful bases we rely on for the processing we do are shown in bold typeface in this table:
| Purpose |
Lawful basis |
| When you use our website |
We process this personal data because it is in our legitimate interests to provide a fully-functioning, accessible and useful website to our customers. |
| When you register or sign in to do some e-learning |
We process this personal data because it is in our legitimate interests to train both our employees on cellar and bar management and to offer that training to other people |
| When you submit queries or complaints |
We process this personal data because it is in our legitimate interests to answer your questions. |
Your rights
Data protection laws give you certain rights and as a responsible data controller, we are committed to uphold these for you:
| Name of right |
Description |
How to make a request |
| Information |
You have the right to know what we want your personal data for, what we will do with, who we share it with and how long we keep it for. This is the primary reason for publishing this notice. |
Send any questions you have about our privacy notices to solutions@greeneking.co.uk |
| Access |
You have the right to be sent information about the personal data we have about you and a description of what we are using it for. This is also known as a ‘subject access request’, ‘SAR’ or ‘DSAR’. |
Send your request to solutions@greeneking.co.uk |
| Rectification |
You have the right to ask us not to process inaccurate personal data or to ask us to correct it. |
Send your request to solutions@greeneking.co.uk
Some conditions and limits apply to these rights: you can find out more about these on the ICO website. |
| Erasure (‘right to be forgotten’) |
You have a right in certain situations to ask us to delete your personal data. |
| Restrict processing |
You have a right in certain situations to ask us not to process your personal data. |
| Object to processing |
You have the right in certain circumstances to object to the fact that we are processing some of your personal data. |
| Portability |
You have the right in certain circumstances to ask us to pass some of your personal data to another data controller on your behalf. |
| Complain |
You have a right to lodge a complaint with the UK Information Commissioner’s Office or in some situations, another European Union data protection authority. |
Send your complaint to the ICO. |
| Withdraw consent |
Most of the personal data processing we do does not rely on your consent to make it lawful but any consent that we are relying on can be withdrawn by you if you decide you wish to do so. |
Follow the unsubscribe instructions in any of the marketing messages we have sent you or send your request to solutions@greeneking.co.uk |
Information
You have the right to know what we want your personal data for, what we will do with, who we share it with and how long we keep it for. This is the primary reason for publishing this notice.
Send any questions you have about our privacy notices to solutions@greeneking.co.uk
Access
You have the right to be sent information about the personal data we have about you and a description of what we are using it for. This is also known as a ‘subject access request’, ‘SAR’ or ‘DSAR’.
Send your request to solutions@greeneking.co.uk
Rectification
You have the right to ask us not to process inaccurate personal data or to ask us to correct it.
Send your request to solutions@greeneking.co.uk
Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
Erasure (‘right to be forgotten’)
You have a right in certain situations to ask us to delete your personal data.
Send your request to solutions@greeneking.co.uk
Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
Restrict processing
You have a right in certain situations to ask us not to process your personal data.
Send your request to solutions@greeneking.co.uk
Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
Object to processing
You have the right in certain circumstances to object to the fact that we are processing some of your personal data.
Send your request to solutions@greeneking.co.uk
Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
Portability
You have the right in certain circumstances to ask us to pass some of your personal data to another data controller on your behalf.
Send your request to solutions@greeneking.co.uk
Some conditions and limits apply to these rights: you can find out more about these on the ICO website.
Complain
You have a right to lodge a complaint with the UK Information Commissioner’s Office or in some situations, another European Union data protection authority.
Send your complaint to the ICO.
Withdraw consent
Most of the personal data processing we do does not rely on your consent to make it lawful but any consent that we are relying on can be withdrawn by you if you decide you wish to do so.
Follow the unsubscribe instructions in any of the marketing messages we have sent you or send your request to solutions@greeneking.co.uk
Detailed information about all of these rights can be found on the ICO website.
Responding to your questions
When you notify us that you want to exercise any of your rights, we will acknowledge your request as soon as possible and ask for any information we may need to verify your identify: if we don’t already know who you are, we will ask you to send us a copy of your passport or photo-card driving licence, so that we can check your name, address and signature.
Once we have confirmed your identity, we will validate your request then gather together the information we need to be able to respond fully to it.
Whilst we always try to carry out this work as quickly as possible, it may take us up to 30 days to respond to you in full. If your request is particularly difficult to respond to, we may ask you for any further information that will help us respond more quickly, or ask you if there is some information that you want particularly urgently. We may also respond to your request in phases, as relevant information becomes available.
If we cannot satisfy your request within 30 days, we will write to you to tell you why, and when we expect to be able to provide you with a full response. If for any reason we decide that we should not respond in the way you have asked us to, we will provide you with our decision and our reasons for reaching it within 30 days.
Changes to this privacy notice
This notice is effective from 23 May 2018. You can see the previous version of this privacy notice here. You can check if the privacy policy has changed by revisiting this webpage at any time. If we make any significant changes to this policy, if we have your email address, we will email you to let you know.