You can ask us at any time to provide you with a copy of your personal data. In relation to personal data you have supplied to us, and which is held by us for the purpose of entering into a contract between us or on the basis of your consent, you are entitled to ask us for a copy of this information in a structured, commonly used and machine readable format so that you can reuse it or share it with other organisations.
If you think the personal data we hold about you is inaccurate or incomplete, you can ask us to correct it or complete it.
In some circumstances you also have the right to object to our processing of your data and can ask us to restrict our use of your data and to delete it.
There are some exceptions to these rights, however. For example, it will not be possible for us to delete your data if we are required by law to keep it or if we hold it in connection with a contract with you. Similarly, access to your data may be refused if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information.
If you wish to exercise any of these rights you should contact us using the contact details provided on our website https://www.abworldfoods.co.uk
Speak up - your privacy
For the purposes of European data protection legislation, Associated British Foods plc (ABF) is the data controller with responsibility for personal data you submit through our SpeakUp line or webservice. It will also be a data controller in connection with reports that are escalated to ABF through our Speak Up Policy. Where reports require joint investigations involving ABF group companies, ABF acts as a joint controller with the relevant group company. To identify the other joint controller(s) who may be responsible for the processing of your personal data, please contact us using the contact details at the end of this notice.
Your personal data
We use the personal data submitted under our Speak Up Policy only for the purposes of investigating allegations of inappropriate, improper, dishonest, illegal or dangerous behaviour (“inappropriate behaviour”) under our Speak Up Policy and in compliance with applicable laws. This notice tells you about the information we collect when you report inappropriate behaviour and how that information is used and shared within the ABF Group.
What personal data do we process?
If you report an issue through the SpeakUp line or webservice we collect whatever personal details you include in your report about you or anyone you identify in your report. We do not (except in some territories where this is required) require you to leave your name. We do encourage you to identify yourself, as concerns raised anonymously tend to be far less effective and if we do not have enough information, a full investigation may not be possible.
If we receive a report that you have submitted to your line manager or other group employee, we record the same information.
However you report, we encourage you to include only the relevant details that will help us investigate. This may include a limited amount of personal information falling into special categories, sometimes called “sensitive personal data”. This term includes information relating to such matters as racial or ethnic origin, religious beliefs, physical or mental health, trade union membership, sexual orientation, information regarding sexual life, biometric data, genetic data, criminal records and information regarding criminal offences or proceedings.
If you are the subject of a report or named in a report, we will endeavour to inform you promptly, unless doing so might prejudice the investigation or we are prohibited from doing so by law.
How do we use this data?
Voice reports submitted through the system are briefly recorded and then transcripts created both in original language and English. All transcripts and online reports, irrespective of country of origin, are stored in a case management system and sent to ABF.
We use data submitted to us for the purposes of reviewing the report and, where appropriate, investigating allegations made. Our use of this data is generally necessary for our legitimate interests in relation to these purposes and we put in place appropriate measures to protect the individuals involved.
Where your report includes special categories of personal data and/or personal data regarding criminal offences or proceedings, generally speaking our use of this data is necessary for our legitimate interests (as described above) and:
- In respect of the use of special categories of personal data, necessary for substantial public interests and/or necessary for the establishment or defence of legal claims; and
- In respect of information relating to criminal offences or allegations, necessary to detect or prevent unlawful acts.
Sharing your data
Reports submitted through the system will be reviewed by ABF and then directed as appropriate.
Any reports submitted through the SpeakUp system that relate specifically to your personal circumstances will initially be directed to the appropriate HR Director to deal with according to local HR procedures.
Other reports will typically be passed to your divisional or business finance director, HR director and internal audit manager to conduct the appropriate investigation. In addition, reports of issues relating to fraud, tax evasion, bribery and corruption, sanctions, competition law, potentially material events for ABF, health & safety issues, inappropriate behaviour of senior managers and ethical procurement will be shared with directors and senior management at ABF.
Local investigations may be carried out in conjunction with the ABF Group Security team where appropriate.
In order to keep an overview of any trends or areas of concern where further training or other steps are needed, all reports will be anonymised and collated into summary reports by ABF for quarterly review by the ABF Chief People & Performance Officer and the ABF Director of Financial Control and annual reports to the Audit Committee of the ABF Board.
How long do we keep your data?
Initial voice recordings are deleted once transcripts are created. The transcripts of reports will be retained within the SpeakUp system for the period of time to investigate and once a case has been ‘closed’, for a further period of 60 days. All identifying information is then deleted and only a statistical record of the type of report, the location and the outcome of the investigation are retained for internal reporting purposes.
Where is your data held and transferred?
Reports submitted through the SpeakUp line and webservice will be stored on our supplier’s servers in the Netherlands, Europe. Your data will also be accessed by ABF in the UK and then allocated for investigation to the most appropriate divisional team. This means your data will be transferred to the UK and the Netherlands and to the relevant investigation team, wherever they are based. We have put in place an intragroup data sharing agreement between ABF and all affiliates to ensure appropriate protection of the personal data submitted where data is transferred by ABF out of the UK.
You can ask us at any time to provide you with a copy of your personal data. If you think the personal data we hold about you is inaccurate or incomplete, you can ask us to correct it or complete it. In some circumstances you also have the right to object to our use of your data and the right to ask us to restrict our use of your data or to delete it. There are some exceptions to these rights however. For example, it will not be possible for us to delete your data if we are required by law to keep it or if we need to use it in order to establish or defend a legal claim.
If you wish to access your personal data or exercise any of your rights, you should contact the ABF Legal Team on Legal.Inbox@abfoods.com in the first instance. If you have a concern about the way we handle your information you have the right to complain to the Information Commissioner’s office (ICO) (https://ico.org.uk/concerns or by calling the ICO on 0303 123 1113 (UK local rate) or on +44 1625 545 700 if you are calling from outside the UK) or to your local data protection supervisory authority.