This privacy notice sets out the basis on which Muller UK & Ireland Group LLP (“Müller” or “We”) will collect and process the following categories of personal data about you or your Children (“You” or “Your”):
Photographs, still and moving footage (“Images”) taken at the Müller paper straw trial at Sunnyside Primary School on Monday 10 June 2019 (“Event”); and
related contact details (specifically, the contact details provided in the permission to use Images consent forms (“Consent Form”) or provided to Müller representatives at the Event) (the “Related Personal Data”).
This privacy notice only relates to how we will process the Images and the Related Personal Data.
It is important that You read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about You so that you are fully aware of how and why we are using Your data. This Policy supplements the other notices and is not intended to override them.
Please read this Policy carefully before You attend the Event and/or supply Your personal information to us. If You do not agree with the ways in which we intend to use Your personal information, then please do not complete the Consent Form.
If You are an adult attending the Event and do not agree with the ways in which we intend to use Your personal information, please do not enter the Event area or if You are attending with a participating school, immediately inform a member of the Müller Event team.
- Who we are
We are a private limited partnership registered in England with partnership number OC384928. Our main trading address is Tern Valley Business Park, Shrewsbury Road, Market Drayton, Shropshire, TF9 3SQ.
Your personal data is protected in the UK by the General Data Protection Regulation (Regulation (EU) 2016/679) and Data Protection Act 1998 (“Data Protection Legislation”), including any subsequent amending, supplemental or replacement legislation and other legislation in other territories. This provides, amongst other things, that the personal data we hold about You should be processed lawfully and fairly.
For the purpose of the Data Protection Legislation, the data controller is Muller UK & Ireland Group LLP.
This Policy is regularly reviewed to ensure that we continue to serve Your privacy interests. We reserve the right to update this Policy from time to time, with any updates published on https://www.muller.co.uk/mueller-paper-straw-trial-with-sunnyside-primary-school-privacy-policy/ . We will not however, substantially change the way in which we use personal information You have already provided to us without the appropriate prior agreement.
- The data we collect about You
We may collect, store, transfer and process different kinds of personal data about You, which include the following:-
- Images taken at the Event;
- Related Personal Data (including first name, last name and address) which You provided to us in the Consent Form or at the Event.
- How we will use personal data
We respect Your privacy. We will only use personal data when the law allows us to. We will use personal data in the following circumstances:
Use the Images for Müller’s internal employee engagement, presentations by Müller employees at customer meetings, Facebook, Twitter, Instagram and LinkedIn sites operated by Müller, Müller’s corporate website and on Müller’s external press releases (the “Specified Purpose”).
Storage of the Images and Related Personal Data to fulfil the Specified Purpose and in the event that we need to contact You.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
We work closely with the following third parties for the Event and in doing so, may receive and share personal data with them:-
- Our straw supplier - Tetra Pak, a company registered in England with company number 00551434, whose registered office is at Eagle House Peregrine Business Park, Gomm Road, High Wycombe, Buckinghamshire, United Kingdom, HP13 7DL.
We will not, and will not authorise any third party to, sell or rent your personal data.
We require that all third parties respect the security of Your personal data and treat it in accordance with the law. We do not allow our third party service providers to use Your personal data for their own purposes and only permit them to process personal data for the specified purpose and in accordance with our instructions.
We may disclose Your personal information to third parties if we are under a duty to disclose or share it in order to comply with any legal obligation, or where we think it appropriate to protect the rights, property, or safety of us, our staff and contractors and partners, or others.
- Your rights
You are entitled to obtain details of the information that we hold about You. You may also ask us to make changes to the information we hold about You to ensure that it is accurate and kept up to date. If You wish to do this, please send an e-mail to firstname.lastname@example.org.
All personal data You provide to us will be stored on our secure servers or those of third parties or contractors we engage to help us run our business. We will keep information no longer than we need to for the purpose for which we collected it. The period of time for which we keep personal information depends on any legal retention period to which we are subject and according to business needs.
- International Transfers
The personal data that we collect from You may be transferred to and held by us, or third parties/contractors at a destination outside of the European Economic Area that does not have equivalent data protection laws to those in the UK. We will put in place appropriate measures for the secure and confidential treatment of such personal information. We will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Policy.
Whenever we transfer Your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer Your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Please contact us if You want further information on the specific mechanism used by us when transferring Your personal data out of the EEA.
- How we secure personal data
We have put in place procedures to deal with any suspected personal data breach and will notify You and any applicable regulator of a breach where we are legally required to do so.
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to Your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process Your personal data on our instructions and they are subject to a duty of confidentiality.
- Disclosure of personal information
We may disclose Your personal data to any member of the Müller Group.
We may also disclose Your personal data to third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose Your personal data to the prospective seller or buyer of such business or assets (and their and our legal and professional advisers for this purpose). If this proceeds, the acquiring party of the business or part of it, may use Your personal information in the same ways as set out in this Policy; and
- if Müller or substantially all of its assets are acquired by a third party, in which case personal data held by it will be one of the transferred assets; and
- where we believe the law requires it or in response to a demand by any regulatory, enforcement or other government authority.
For the purposes of this Policy, the ‘Müller Group’ means any entity in which Theo Müller (or his successors in title) has a 50% or greater interest whether directly or indirectly.
- Further Information
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the United Kingdom. They make a lot of information available on their website and they ensure that the registered details of all data controllers, such as Muller UK & Ireland Group LLP are available publically. You can access them at www.ico.org.uk.
- Contact Us
If you have any questions, comments or requests regarding this Policy, please address them to:
Postal: Müller Customer Services, Shrewsbury Road, Market Drayton, Shropshire, TF9 3SQ
Telephone: +44 (0) 1630 692000
Last Update 15 May 2019