Raynor Foods takes seriously their responsibilities for protecting and respecting the privacy of personal data and complies with the provisions of the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018), and of any other relevant legislation and amendments to these.
This Privacy Notice sets out the types of personal data we may collect about you when you interact with us. It also explains how we will capture, store, process, use and keep the data safe, including how long we will retain the data.
If you are employed by us, apply to be employed by us, ask us for information, register an interest with us, commission or contract with us or report a problem, then we may collect any personal data you submit to us.
Raynor Foods Ltd is the data controller responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
Privacy related matters are dealt with by our Data Protection Officer. His contact details are below:
Data Protection Officer: Adam Newland, Operations Director
Name of legal entity: Raynor Foods Limited
Email address: GDPR@sandwiches.uk.net
Postal address: Raynor Foods Ltd, Farrow Road, Widford Industrial Estate, Chelmsford, Essex. CM1 3TH
We have processes in place to ensure that any personal data we hold is kept up to date and accurate. To help us to do this, if your personal information changes, please email us at GDPR@sandwiches.uk.net.
WHAT DATA DO WE COLLECT ABOUT YOU, WHY, AND ON WHAT BASIS DO WE PROCESS IT?
Personal data is information that is capable of identifying you as an individual. It does not include anonymised data. Raynor Foods only processes personal data when we have a lawful basis for doing so.
There are a number of lawful bases under which Raynor Foods may collect and process your personal data, including:
- In specific situations, we can collect and process your data with your consent. When collecting your personal data on this basis, we will always make clear to you which data is necessary in connection with a particular service and only use the data for the purpose to which you consented.
- In certain circumstances, we need your personal data to comply with contractual obligations in connection with any services that we provide to you or in order to do something you have asked us to do prior to entering into a contract with you.
- In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
- In specific situations, we need to process your data because we are required to do so in order to comply with a common law or statutory obligation. This applies to certain types of employee and financial data, for example; where the law, or our contract with you, requires us to collect personal data, and you do not provide it, then we may not be able to uphold the contract with you. If this applies you will be notified.
We may process the following types of personal data about you:
- User Data: This includes data on how you use our website or online services. We process this data to manage our website or online services, to ensure website security, to maintain back-ups/databases and to enable the publication and administration of our website and business. Our lawful basis for this processing is our legitimate interests. In this case this is to administer our website and business.
- Communication Data: Includes any communication you send to us. This could be via email, text, social media message or post, the website contact form or any other communication you send us. We process this data for the purposes of communicating with you and record keeping. Our lawful ground for processing this is our legitimate interests as this is to reply to communications sent to us, to maintain records and establish, fulfil contractual obligations or pre-contractual enquiries.
- Customer Data: Includes data relating to purchases of goods and/or services such as your title, name, billing, delivery or email address, contact details, phone number, card details and purchase details. We process this data to supply the goods and/or services you have purchased and to maintain records of these transactions. Our lawful ground for processing is to manage the contract between us or to proceed to enter into a contract.
- Technical Data: Includes data about your use of our website and online services. This includes login data, browser details, IP address, visit time to our website, navigation paths, page views, website usage, time zone settings and other technology on the devices you use to access our website. Our analytics tracking system provides this data and we process this to analyse your website and online service usage, to manage and protect our website and business, to deliver relevant and useful website content and advertisements to you and to understand the success of advertising. Our lawful ground for this processing is our legitimate interests. This is to enable us to manage our website and business, improve our service, to grow our business and to formulate marketing strategies.
- Existing customers – Customers can consent, or not, to be added to our mailing list. Each customers preference is recorded in their welcome pack. The consent obtained is unambiguous and requires customers to affirmatively tick a box if they do consent. If they consent it means they agree to be added to our mailing list and are happy to receive news about Raynors which may include new product launch and other important information. The mailing list is regularly reviewed for accuracy and is stored in a secure password protected file. We do not pass this data onto third parties. Should a customer withdraw consent they are removed from this list. Our lawful basis for collecting and processing this data is your consent and our legitimate interest to continue to do business with you and to grow our business and formulate marketing strategies. It is also kept so we can monitor how customers use our products/services so we can improve them.
- Potential customers – Data held about potential customers is obtained from the public domain, typically the customer website, and includes basic information i.e. company name and address. It is maintained on a password protected file with restricted access. The data is used for business to business direct marketing only. We only contact potential customers by telephone where our number is displayed to the person we are calling, and we will respond to any requests that we do not make future calls.
- Sensitive Data: Sensitive data refers to and includes details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, or information about your health or genetic and biometric data. We do not request or collect sensitive data except where this is necessary for the purposes of employment or where we have a legal obligation to do so.
- Employee Data: Raynor Foods must collect and process personal data (including sensitive personal data also known as special category data) about employees so it can engage in an employment relationship with them and manage the employment relationship. In some cases, we may be required to use employee personal data to investigate, report and detect crime and also to comply with the law. We may also use information during internal audits to demonstrate our compliance with industry standards. The lawful bases we rely upon are to comply with a legal obligation that we have, legitimate interest and in some circumstances, consent. Employees can obtain further details about how we protect their data by referring to the Employee Data Protection Notice.
- Data for recruitment purposes: Personal data is collected for recruitment purposes. This can include, but is not limited to name, address, DOB and contact details. Prospective employee paper documents are stored in a locked filing cabinet and scanned documents are held on a central HR database with restricted access. If the candidate is successful their data is transferred onto our HR management system which is password protected, again with limited access. At that point the candidate has an induction which does include a special category pre-employment health questionnaire. Our lawful basis for obtaining this information is to ensure the candidate is medically fit to fulfil their role, and in the case of production employees who handle food is in the interests of public health.
Unsuccessful candidate data is destroyed. Sometimes the data is retained, in a locked filing cabinet for 6 months, for the purpose of considering the applicant, for a future role. This is lawfully retained only with the candidates consent. For successful candidates any recruitment data is used, with their consent, to complete our own further application and induction forms.
Our lawful ground for processing data for recruitment purposes is our legitimate interests. This is to enable us to manage new employees into the business, confirm their suitability for their role and to grow our business.
- CCTV and Tracking Data: CCTV is used to monitor the safety and security of our people and premises and to ensure compliance with our procedures. It is overwritten on a four weekly basis but can be retained if an incident occurs (injury, grievance, disciplinary). The ground for retaining this is for legitimate interests.
- Tracking data is used for the delivery vans to monitor their progress throughout their shift to ensure, where delays occur, that managers can re-route and advise customers of any delays. Tracking data is displayed on password protected management computers. Our lawful basis for processing this data is to ensure the safe and timely delivery of our products.
We will only use your personal data for the purpose it was collected. If we need to use your details for an unrelated new purpose, we will contact you and explain the legal grounds for processing. Only where the law permits can we process your personal data without your knowledge or consent. We do not carry out automated profiling or decision making.
HOW DO WE COLLECT YOUR PERSONAL DATA?
DISCLOSURES OF YOUR PERSONAL DATA
On occasion we may have to share your personal data with the following:
- IT service and system administration providers.
- Professional advisers i.e. bankers, auditors, lawyers or insurers.
- Government bodies that require us to report processing activities.
- Third parties if we merged, sold or transferred any part of the business.
We enable third parties to process your personal data only for specified purposes and in accordance with our instructions. All third parties, to whom we transfer your data, are required to respect your personal data security and to manage it legally.
DATA REVIEW & RETENTION
Personal data we hold is reviewed on a regular basis. The time we retain data for is determined on the amount, nature, sensitivity, potential risk of harm from unauthorised use or disclosure and processing purposes of the data.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Tax legislation determines we must retain basic customer information (i.e. Contact, Identity, Financial, Transaction Data) for six years after they cease being customers.
The Data Protection Act 2018, which includes requirements from the the EU GDPR, is the key piece of current legislation that determines, amongst other things, how long HR can keep paper and digital records.
There are a number of non-statutory recommended retention periods and in many cases the employer can choose how long to retain records. There are also some very specific statutory record retention time limits as below:
The National Minimum Wage Act 1998 states minimum wage records must be retained for 3 years after the end of the pay reference period.
And as per the Statutory Maternity Pay Regulations 1986, statutory maternity pay records, medical notes, MATB1 forms and maternity pay calculations etc have to be retained for 3 years after the end of the tax year in which maternity ends.
We have robust security measures to prevent your personal data from being accidentally used, altered, lost, disclosed or accessed without authorisation. Your personal data can only be accessed by employees or partners who have a legitimate purpose for accessing such data. They will only process your personal data in line with our instructions and must keep it confidential.
Procedures are in place to deal with personal data breaches. We will notify you and any applicable regulator of a breach if it meets the legal requirement to do so.
We will only process your personal data to send you marketing communications on the lawful ground that you have either given consent or that it’s in our legitimate interest to do so and after we have applied the necessity and balancing tests required by data protection legislation. In line with the Privacy and Electronic Communications Regulations, we may send you marketing communications if:
You requested information from us about our goods and/or services
You agreed to receive marketing communications and have not opted out of receiving these.
If you are a limited company, we may send you marketing emails without having obtained your prior consent. You can opt out of receiving marketing emails from us at any time.
Your consent will be required before we share your personal data with any third party for any marketing purposes.
YOUR LEGAL RIGHTS
Data protection legislation gives you rights relating to your personal data. You have the right to be informed about the personal data Raynor Foods processes and request:
- Access to the personal data we hold about you
- A correction of your personal data when it is incorrect, out of date or incomplete
- That we delete data that we hold about you. This could be if you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
- A computer file in a common format containing the personal data that you have previously provided to us.
- Restriction of the use of your personal data, in specific circumstances, generally whilst we are deciding on an objection you have made.
- That we stop processing your personal data, in specific circumstances.
- That we stop using your personal data for direct marketing.
- That we stop any processing of your personal data that was carried out on the basis of consent after you have withdrawn that consent.
Please refer to the following website for more information:
If you wish to exercise any of the rights set out above, please email us at GDPR@sandwiches.uk.net
We may request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to a person who has no right to receive it. We may also contact you to ask for further information in relation to your request.
No fee is payable to access your personal data, or to exercise these rights but we may charge a fee if your request is unfounded, repetitive or excessive.
We try to respond to requests within one month. It may take longer if your request is complex or you have made multiple requests. In this case, we will notify you.
HOW TO COMPLAIN
If you are not happy with how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). Prior to this, please contact us directly so that we can try to resolve it.