Dairy Crest Privacy Notice – Country Life Promotion
Welcome to the Country Life Promotion privacy notice for 2 for 1 entry to participating English Heritage and Cadw sites (“Promotion”).
Dairy Crest Limited (trading as Saputo Dairy UK), is a part of the Dairy Crest group of companies. For more information on Saputo Dairy UK’s brands, see https://uk.saputo.com/brands/
Anyone who purchases one of our products can contact our Consumer Care Team to receive advice, give feedback or make a complaint – email@example.com
We respect your privacy and are committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you enter the Promotion
This notice will also tell you about your privacy rights and how the law protects you.
2. Important information and who we are
Purpose of this privacy notice
This privacy notice aims to give you information on how Dairy Crest collects and processes your personal data when you enter the Promotion.
We do not knowingly collect data relating to children as entry to the Promotion by children is prohibited and the Promotion website is not intended for children.
Dairy Crest Limited, English Heritage Trust and Cadw are each data controllers of personal data collected in respect of this Promotion as set out in paragraph 4 below.
This privacy notice relates to Dairy Crest’s processing of your personal data. Please also see the following privacy notices in relation to English Heritage and Cadw’s processing of your personal data:
- English Heritage Trust
Company number 07447221, charity number 1140351, registered office address Engine House, Fire Fly Avenue, Swindon, SN2 2EH.
- Cadw on behalf of The Welsh Ministers
Plas Carew, Unit 5/7 Cefn Coed Parc, Nantgarw, Rhondda Cynon Taf, Wales, CF15 7QQ.
Dairy Crest websites may include links to third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
3. The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified.
To administer the Promotion, we may collect, use, store and transfer different kinds of personal data about you including your name and your email address.
We may also collect electronic information and analytical data about your use and preferences on the website. For more information please see our ‘Cookies’ section on this website.
We may also aggregate and/or anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
If you fail to provide personal data
If you enter the Promotion you will need to provide us with your name and email address details so that we can send your 2 for 1 voucher to you.
If you do not provide us with your name and email address, we will not be able to send the 2 for 1 voucher to you.
4. How is your personal data collected?
The personal data we collect comes from you, the participant to the Promotion.
We may also collect technical information about your use of the website using cookies. Please see our cookies section for more information.
How we use your personal data
We will only use your personal data when the law allows us to. We have set out below a description of all the ways we may use your personal data, which of the legal bases we rely on to enable us to do so. We have also set out who the Data Controller is in respect of your personal data:
|Purpose/Activity||Data Controller||Lawful basis for processing, including basis of legitimate interest|
|To enable us to administer the Promotion by sending participants their 2 for 1 voucher by email||Dairy Crest Limited||Necessary for our legitimate interests (to fulfil the Promotion offered).|
|To check for fraud or malicious or unfounded claims
|Dairy Crest Limited||(a) Necessary for our legitimate interests (prevention of fraudulent claims)
(b) Necessary for the establishment, exercise or defence of legal claims.
|To use data analytics to improve our Promotional website||Dairy Crest Limited||Necessary for our legitimate interests (to keep our website updated, functioning appropriately and relevant)|
|To share your personal data with English Heritage or Cadw for marketing purposes, where you have given your permission for us to do so.||Dairy Crest Limited||Express opt-in consent from you given at the time of entering the Promotion.|
|To contact you by email with offers and information English Heritage think you will be interested in||English Heritage||Express opt-in consent from you given at the time of entering the Promotion.|
|To contact you by email with offers and information Cadw think you will be interested in||Cadw||Express opt-in consent from you given at the time of entering the Promotion.|
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
We do not use and will not share with any external third parties, any of the information you have given us by entering the Promotion for direct marketing purposes without obtaining your express opt-in consent.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
5. Third parties
We will only share your personal information with other third parties where required by law or where we have another legitimate interest in doing so. The categories of third party with whom we share information are as follows:
- Service providers, such as the promotional agency engaged by us to facilitate the Promotion.
- Third party service providers who provide our IT software and systems.
- Professional advisers acting as processors or joint controllers including lawyers, auditors and insurers who provide ad hoc legal, auditing and insurance services.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal information with a regulator or to otherwise comply with the law.
6. Transferring information outside the EEA
Some of our third party IT suppliers process personal data in the following countries outside the European Economic Area (“EEA”): United States of America. There is not an adequacy decision by the European Commission in respect of those countries. This means that the countries to which we transfer your data are not deemed to provide an adequate level of protection for your personal information.
However, to ensure that your personal information does receive an adequate level of protection we have put in place the appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection.
7. Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and the applicable regulator, the Information Commissioner’s Office (ICO), of a breach where we are legally required to do so.
8. Data retention
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In most cases, we will keep your personal data for a period of one (1) year from the year of collection.
Please see English Heritage and Cadw’s privacy notices for details of how long they retain personal data for which they are a Data Controller.
9. Your legal rights
Under certain circumstances, by law you have the right to exercise certain rights in relation to your personal data, such as the right to request correction, access and erasure or to object to or ask for processing to be restricted. Where consent is relied on as a condition of processing, you may also withdraw your consent.
In some circumstances there may be specific legal reasons why we are not able to comply with your request to exercise your rights. Where this is the case, we will inform you of this.
If you wish to exercise any of the rights set out above, please contact the applicable Data Controller as set out in paragraph 4 above.
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
10. Dairy Crest Contact
If you would like any further information about how Dairy Crest processes your personal data under this Promotion, you may contact us as follows:
|Full name of legal entity:||Contact:||Email address:||Postal address:|
|Dairy Crest Limited||Data Privacy Managerfirstname.lastname@example.org||Data Privacy Manager,
Dairy Crest Limited
Claygate House, Littleworth Road, Esher, Surrey, KT10 9PN
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
11. Changes to this privacy notice
We reserve the right to make changes to this privacy notice at any time.
This version was last updated on 09 April 2020.