KRAFT HEINZ PRIVACY NOTICE
Welcome to Kraft Heinz’s website privacy notice (“Notice”).
Kraft Heinz respects your privacy and is committed to protecting your Personal Data.
This Notice describes how Kraft Heinz collects and processes your Personal Data through your use of this website, including any data you may provide to us or that we receive from third parties as described in Section 3 of this Notice.
It is important that you read this Notice together with any other privacy notices we may provide to you when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Notice supplements other privacy notices and is not intended to override them.
For more detail about how Kraft Heinz deals with Personal Data, please contact the Data Privacy Team.
INFORMATION ABOUT US
Kraft Heinz is made up of different legal entities, details of which can be found at Heinz EU
This Notice is intended to cover the whole Kraft Heinz Group so when we say “Kraft Heinz”, “we”, “us” or “our” in this Notice, we are referring to the company in the Kraft Heinz Group that is responsible for processing your data.
HJ Heinz Foods UK Ltd is the controller and responsible for this website.
Data Privacy Team
We have appointed a Data Privacy team who are responsible for overseeing questions in relation to this Notice.
If you have any questions about this Notice, including any requests to exercise your legal rights, please contact the Data Privacy Team using the details below.
Full name of legal entity: HJ Heinz Foods UK Ltd
Contact: The Data Privacy Team
Postal address: Kraft Heinz, The Shard, 32 London Bridge St, London SE1 9SG
You have the right to make a complaint at any time to your local regulatory authority whose detail can be found by clicking here if you are in the European Union and by clicking here if you are in the UK. However, we would appreciate the chance to deal with your concerns before you approach the authority so please contact us in the first instance.
Helping Us Keep Your Personal Data Up To Date
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.
We do not control these third-party websites and are not responsible for their privacy statements or data handling. You should read the privacy terms for all third-party websites you visit to find out how they handle your personal data.
Children and This Website
This website is not aimed at or intended for children under the age of 16.
1. PERSONAL DATA WE COLLECT
‘Personal Data’ is any information about an identifiable living individual but does not include information which you cannot link to a specific person, such as Aggregated Data, as described below. Your Personal Data is therefore information about and linked to you.
We may collect, use, store and transfer different kinds of your personal data, which may include:
(a) Identity Datasuch as first name, last name, title, marital status, date of birth and gender.
(b) Contact Data such as home address, billing address, email address and telephone numbers.
(c) Account Data such as your account password, saved credit card information, wish list, referral program history, and loyalty program history.
(c) Financial Data such as bank account and payment card details if you order goods from us and, for Kraft Heinz investors, details relating to your investments.
(d) Transaction Data such as details of purchases you have made from us.
(e) Technical Data such as internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
(f) Profile Data such as your website username and password, purchases or orders made by you and information about your interests, preferences, feedback and survey responses.
(g) Usage Data such as information about how you use our website, products and services.
(h) Marketing and Communications Data such as your preferences in relation to receiving marketing from us and third parties and for the ways we communicate with you.
We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your Personal Data but is not Personal Data because it does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to find out how many users access a specific website feature.
If we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data and will process it as set out in this Notice.
We may collect some items of Special Category Personal Data (which includes information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) but will only do so where we believe it is necessary in connection with issues relating to our products or for some other reason that we will advise to you when we request your consent to collect the data.
Account Creation and Use
Some of our websites may require you to create an account (“Account”) if you wish to take advantage of certain site features, such as participating in our referral or loyalty programs, saving items to your wish list, saving Financial Data for later use, or viewing certain Transaction Data. You may have the option to create or access your Account using your email address and password or Facebook Login. If you choose to use Facebook Login, Facebook will authenticate your identity and you may be prompted to share additional information associated with your Facebook account. You can choose to decline to give permission for such additional information sharing, but we will continue to receive authentication information, such as your name and unique ID provided by Facebook, as long as you use Facebook Login to access your Account. Please review Facebook’s privacy notice and the privacy settings in your Facebook account for more information about how Facebook uses and shares your personal data in connection with its Facebook Login tool.
Failure to Provide Personal Data Where Requested
Where we need to collect Personal Data by law or under the terms of a contract we have with you and you do not provide that data when requested, we may not be able to perform the contract we either have or are trying to enter into with you (for example, to provide you with goods or services) and so we may have to cancel the contract because we may not be able to provide you with the products or services for which that Personal Data is required. Similarly, where we need to collect Personal Data under the terms of a contract we have with you, and you do not provide that data when requested, we may not be able to perform the contract we either have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel the contract you have with us.
1. HOW YOUR PERSONAL DATA IS COLLECTED
We use various methods to collect your personal data, including:
1. Directly from you- where you give us Personal Data such as your Identity, Contact, and Marketing Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you:
- apply to receive our products or services;
- create an Account on our website;
- subscribe to our service or publications;
- request marketing to be sent to you;
- enter a competition, promotion or survey;
- contact us on social media (such as Instagram, Facebook, or Twitter); or
- give us some feedback or raise a concern or complaint.
In addition, if you contact us by phone, email or otherwise, we may keep a record of that correspondence.
1. By automated means– when you interact with our website, we may automatically collect Technical Data about your equipment and browsing actions and patterns. We collect this Personal Data by using cookies and other similar technologies, which use small pieces of computer code to help us understand how consumers interact with our website and communications. We may also receive Technical Data about you if you visit other websites employing our cookies.
Please see our Cookie Notice for further details.
1. From third parties and publicly available sources. We may receive Personal Data about you from various third parties and publicly available sources as set out below:
- Technical Data from analytics providers such as Google;
- Contact, Financial and Transaction data from providers of technical, payment and delivery services;
- Identity Data from providers of login and authentication services, such as Facebook;
- Identity, Contact, and Profile data from data brokers or aggregators such as Nielsen, Starcom, and Amobee, which have operations inside the UK; and
- Identity and Contact data from publicly availably sources such as Companies House and the Electoral Register based inside the UK.
1. HOW WE USE YOUR PERSONAL DATA
We will only use your Personal Data when the law allows us to. Most commonly, we will use your Personal Data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your Personal Data although we will get your consent before:
- Sending third party direct marketing communications to you via email or text message;
- Obtaining Contact Data from our third party partners;
- Sending targeted advertising to you on social media platforms such as Facebook and Instagram.
You have the right to withdraw consent to marketing at any time by contacting the Data Privacy Team.
We may use your Personal Data for or in connection with the following purposes:
1. Where necessary to establish and perform your contract with us, such as where you buy products directly from us;
2. Where necessary to comply with a legal obligation:
· in connection with any potential or actual corporate transaction or transfer of employment arising in relation to a business transfer or change of service provider in which case Personal Data may only be processed to the extent permitted by applicable law
· compliance with applicable procedures, laws or regulations including in relation to retaining records of business activities and payment of taxes;
· disclosures to law enforcement agencies or in connection with legal claims, health & safety compliance, regulatory, investigative and disciplinary purposes (including disclosure of such information in connection with legal process or litigation)
3. Where necessary for Kraft Heinz's legitimate interests in connection with the purposes listed below, and where our interests are not overridden by your data protection rights:
· the proper conduct and development of Kraft Heinz’s businesses and operations;
· research including consumer and market preferences to assist with the operation and development of Kraft Heinz’s business;
· assisting with the development of existing and creation of new Kraft Heinz products and services;
· the manufacture of Kraft Heinz Products and supply of those products to Kraft Heinz customers;
· promotional and marketing activities (including running competitions and prize draws) in relation to Kraft Heinz’s business and products;
· other disclosures required in the connection with promoting or marketing of Kraft Heinz, its products or services;
· financial and other forecasting and modelling;
· operation, maintenance and development of Kraft Heinz’s Systems, networks and the equipment associated with or connecting to those systems and networks;
· development of Kraft Heinz’s business through mergers, acquisitions, disposal and other corporate actions;
· dealing with actual and potential shareholders, investors and other stakeholders in Kraft Heinz’s business;
· maintenance and protection of Kraft Heinz’s physical and intellectual property and assets;
· protecting corporate and personal security (which may include use of CCTV and other visual or audio monitoring);
· recording, responding to, dealing with and resolving matters arising in respect of Kraft Heinz products or Staff;
· recording, responding to, dealing with and resolving actual or potential complaints from customers and consumers;
· investigations to ensure compliance with or identify/confirm any potential breaches of any applicable procedures, laws or regulations;
· establishing, exercising or defending legal rights;
· working with suppliers to whom Kraft Heinz has outsourced business or other services;
· in connection with business acquisition, disposal or reorganisations other than where information is exchanged in connection with a legal obligation as set out above; and
· processing necessary for the purposes of other legitimate interests pursued by Kraft Heinz.
ADVERTISING AND PROMOTIONAL OFFERS FROM US
We may use your Identity, Contact, Technical, Usage, Account, and Profile Data, including Identity, Contact and Profile data we have received from data brokers or aggregators such as Amobee, which have operations inside the UK, to form a view on what we think you may want or need, or what kinds of products and services may be of interest to you. Combining data from multiple sources in this way is commonly known as “enriching data” or “profile building”. This is how we decide which products, services and offers to include in marketing messages we send. This process may involve automated decision-making to determine which marketing messages will be most meaningful to you. If you would not like us to use data from data brokers and aggregators to enrich the data we have collected from you or if you would like to object to automated decision-making, please contact the Data Privacy Team. We will not use Special Category data in building a profile about you unless you give us your consent to do so.
You can ask us to stop sending you email marketing messages at any time by clicking on the “unsubscribe” link within the message or by contacting the Data Privacy Team.
We may also use your Identity, Technical, Usage, Account, and Profile Data to help us understand the types of products and services that might be of interest to other consumers like you. To do this, we partner with social media companies like Facebook and Instagram to identify and deliver marketing messages to audiences of their consumers who share your characteristics, which are known as “lookalike audiences.” We will not use any Special Category data we collect from you to create lookalike audiences unless you give us your consent to do so. Delivering advertising to you through lookalike audiences involves the use of automated decision-making to build the lookalike audiences and deliver marketing messages to them. If you would like to object to our use of automated decision-making, please contact the Data Privacy Team.
You can obtain further information on the legitimate interests balancing exercises which we have carried out by contacting theData Privacy Team.
1. SHARING YOUR DATA WITH THIRD PARTIES
We may share your data with third parties, including other companies within Kraft Heinz and with third-party service providers who provide services to us as further explained below.
Where we provide Personal Data to contractors and suppliers who provide services to us, including assistance with the processing activities set out in this notice, we will enter into a data processing agreement (including provisions required by the GDPR, Data Protection Act 2018 and UK GDPR) with those contractors and suppliers.
In order to fulfil our legal and other obligations and in connection with our rights including protection of our legitimate interest, we reserve the right to disclose Personal Data (or Special Category Data as appropriate) to law enforcement agencies, regulatory bodies, government agencies and other third parties as required by law or for administrative purposes (for example, HM Revenue and Customs in the UK) and to the extent that local law allows and/or requires this.
We may transfer your Personal Data to other Kraft Heinz group companies, partners, suppliers, law enforcement agencies and to other organisations that are located outside the UK and the EEA for the purposes of establishing and performing your contract with us, fulfilling legal obligations, and where necessary to fulfill our legitimate interests described above, where our interests are not overridden by your data protection rights.
The laws of some jurisdictions outside the UK and EEA may not be as protective as data protection laws in the UK and EEA. Kraft Heinz will ensure that, for such jurisdictions, appropriate measures are in place for compliance with data protection law in relation to transfer of Personal Data to those jurisdictions.
1. DATA RETENTION
We have legal duties to keep various records and records need to be held for different periods of time, depending on their contents.
We will therefore keep Personal Data for as long as we reasonably consider we may need to in connection with those obligations.
Where we do not have keep Personal Data for a period specified by law we will not keep Personal Data for longer than data protection law allows us to.
For further information about our approach to data retention, please contact the Data Privacy Team.
1. YOUR LEGAL RIGHTS
Under the Data Protection Act 2018 and UK GDPR you are entitled to ask Kraft Heinz for a copy of your Personal Data and to ask for it to be corrected, edited or have its processing restricted. In certain situations, you may also be entitled to ask Kraft Heinz to delete your Personal Data or transfer some of your Personal Data to other organisations.
You may also have rights to object to some processing of your Personal Data although Kraft Heinz may continue that processing if it is required in connection with legal obligations.
Your Personal Data rights may be limited or subject to exceptions in some situations; for example, where Kraft Heinz demonstrates that it has a legal requirement to process your data, such as where tax authorities require us to retain it or where it is needed for proper performance of a contract.
Where Kraft Heinz has asked for your consent to process Personal Data and that consent is withdrawn we will not process that Personal Data further but may not be able to continue providing the goods or services for which the Personal Data was sought.
Where Kraft Heinz has a legal right or obligation to retain Personal Data or wishes to do so in connection with its legitimate interests, it may do so even if you have withdrawn consent for Kraft Heinz to hold your Personal Data.
Where Kraft Heinz requires Personal Data to comply with legal or contractual obligations, the provision of such data is mandatory. If such data is not provided Kraft Heinz will not be able to manage the employment or engagement relationship, or to meet legal obligations placed on us. In all other cases, provision of requested Personal Data is optional.
1. IF YOU HAVE CONCERNS ABOUT YOUR PERSONAL DATA
For any concerns or questions about how Kraft Heinz processes your Personal Data or have any questions in relation to your rights in respect of your personal data, please contact the Data Privacy Team.
In the first instance you should raise all data concerns with the Data Privacy Team but you also have the right to complain directly to data protection authorities at any time. The relevant data protection authority will be the supervisory authority in the same country as your country of residence
1. CHANGES TO THIS NOTICE
We may change this Notice at our discretion and in the event we do so we will make the revised Notice available via our websites.
Previous versions of this Notice are archived here
Publication Date: 28-02-2023