Hello Beer - Privacy Policy 

We respect your privacy and are committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit the Hellobeer.co.uk training platform (“Hello Beer”) as pub manager or as a pub employee (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

1. Introduction and Identifying the Controller of Your Personal Data

HEINEKEN UK LIMITED (collectively referred to as “we“, “us“, or “our” in this privacy notice) is part of the Heineken Group, and is the controller of the personal data processed on Hello Beer. Our contact are as follows:

If you have any questions about this privacy notice or our processing activities, we can be contacted as follows:

Mail: 3 – 4 Broadway Park South Gyle Broadway Edinburgh EH12 9JZ, marked for the attention of the Privacy Officer; or

Email: protectingyourdata@heineken.co.uk.

It is important that you read this privacy notice together with any terms of use that apply to Hello Beer which are presented to you. This privacy notice supplements the other notices and is not intended to override them.

2. How and What Data do we Collect About You?

This privacy notice describes how we look after your personal data collected when you: (a) visit Hello Beer and make use of its services and features and (b) generally engage with us, including by contacting us with an enquiry or complaint (“Engagement”) or Access UK Limited  (02343760) with their registered address at The Old School, School Lane, Stratford St, trading as CPL Learning (the “Access Group”) who host, support and maintain Hello Beer on our behalf.

Personal datais any information about an individual from which that person can be identified. We collect this information directly from you during any Engagement, as well as automatically through your use of Hello Beer. We collect different categories of information about you which we have grouped together as follows:

• Identity Data – name. Note, if you are a pub manager or employee this may be provided to us by your employer with your permission.
• Contact Data –work or personal email address. Note, this may be provided to us by your employer with your permission.
• Technical and Usage Data – information about how you use Hello Beer such as internet protocol (IP) address, cookies, mobile device ID, any login data, browsing history, browser type and version, time zone setting and location, viewed pages with date and time stamp (log information), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access Hello Beer.
• Performance Data – data relating to your progress on Hello Beer and completion of each course, including successful completion of tests (where applicable).
• Name of Place of work – e.g. the name of the pub where you work and the name of your employer.

We also collect, use and share Aggregated Data, which is anonymised such as statistical data. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of Hello Beer. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not process any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health or genetic and biometric data). Nor do we process any information about criminal convictions and offences.

We do not knowingly collect personal data relating to children on Hello Beer.

3. Why do we Collect Your Personal Data?

Hello Beer allows you to access learning materials (as a pub employee or pub manager) or monitor the progress of the learners that are entitled to use Hello Beer (as a pub manager). In connection with that overall purpose, we collect the above categories of personal data about you for the following more specific purposes:

• to communicate with you – this includes where we manage our relationship with you; where we respond to complaints or enquiries. Such communications will always have Hello Beer branding so that you know what it relates to;
• to maintain and optimise Hello Beer– this includes where we need to solve performance issues, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, to improve the availability of Hello Beer and to secure against fraud;
• to manage our business purposes and grow as an organisation – see below for more details;
• to perform a contract we have in place with you, including managing payments and charges (if applicable) and provide you with access to reports and insights;
• to enable you to complete surveys about how we can improve the services we offer you, or ask you for information on how we can improve Hello Beer or our Engagements with you; and
• for data analytical purposes in order to improve our products/services and customer relationships.

4. What is Our Legal Basis for Collecting Your Data?

Under data protection laws, we must have a we must have a lawful basis under which we process your personal data. We will only use your personal data for the purposes outlined in paragraph 3, unless we reasonably consider that we have another appropriate reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Further information on the circumstances in which we collect your data is available in Annex 1 of this privacy notice.

When we collect and use your information, we do so under one of the following:

1. We have a legitimate interest as a business;
2. To perform a contract we have with you;
3. To comply with a legal obligation; or
4. If you have given us your consent.

Further information regarding the lawful basis which we rely upon to process your personal data can be found on our Heineken Corporate Privacy Policy.

5. Who do we Share Your Personal Data With?

We may have to share your personal data with the parties set out below for the purposes set out in the table in Annex 1:

• Internal third parties –Other companies in the Heineken group based within the EEA and the UK;
• External third parties – We share your personal data with third parties which include:
  • IT and system administration service providers based within the EEA and UK, in particular the Access Group;
  • Where a licence fee is payable, the Access Group will manage the collection of such payment on our behalf. Payment will be processed by Stripe Payments UK Limited (08480771) with their registered address at 9th Floor, 107 Cheapside, London, EC2V 6DN in accordance with their terms. No card payment information will be stored and Access Group will only provide us with confirmation that payment has been made;
  • service providers such as solicitors and accountants;
  • first and Third party advertising companies and media agencies for marketing and research purposes;
  • data storage provider(s) based within the EEA and UK;
  • data on-boarding service providers based within the EEA and UK who provide marketing strategy services;
  • courts, parties to litigation and their professional advisers where we reasonably deem it necessary in connection with the establishment, exercise or defence of legal claims; and
  • a purchaser or parties interested in purchasing any part of our business.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Where the third parties act as processors on our behalf, we only permit them to process your personal data for specified purposes and in line with our instructions.

6. International Transfers

Our external third parties may be based outside the UK or the EEA. Whenever we transfer your personal data out of the UK or the EEA, we ensure that the same level of protection is afforded to it by ensuring at least one of the following safeguards are put in place:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and/or the UK Information Commissioner’s Office. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries and International data transfer agreement and guidance | ICO.;
• Where we use certain service providers, we may use specific contracts approved by the European Commission and/or the UK Information Commissioner’s Office which give personal data the same protection it has in Europe (or the United Kingdom). For further details, see European Commission: Model contracts for the transfer of personal data to third countries and ICO: International Data Transfer Agreement and Guidance.

7. How Secure is My Data?

We have put in place reasonable security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They are subject to a duty of confidentiality. Unfortunately, no transmission of information over the internet can be completely secure, and you should also note that the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect account information and passwords, so please take care to protect this information.

Hello Beer may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites, plug-ins or applications and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit and third party service/application that you use.

8. How Long will My Personal Data be Used For?

We will only retain your personal data to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Further retention details for specific aspects of your personal data are noted in Annex 1.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

9. What are My Rights?

Under data protection laws, you have various rights which are set out below. If you wish to exercise any of these rights, please contact us using the details at the start of this notice.

You will not have to pay a fee to access your data or exercise any of your other rights, but please note that we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

In order to respond to any request in relation to your data access rights, we may need to request specific information from you to help us confirm your identity. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

1. Right of access. You have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
2. Right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.
3. Right to erasure. You have the right to ask us to erase your personal data in certain circumstances. You can read more about this right here. 
4. Right to restriction of processing. You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.
5. Right to object to processing. You have the right to object to processing of your personal data where we are relying on a legitimate interest or conducting direct marketing. You can read more about this right here. 
6. Right to withdraw consent. Where we are relying on consent to process your personal data, you may withdraw it at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
7. Right to data portability. This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent. You can read more about this right here.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the details at the start of this notice.

This version was last updated in February 2023.