Dole: Privacy Policy


1.                   Purpose and Scope of this Privacy Policy

Dole plc and its subsidiaries (the “Dole Group” or the “Company”) collect, use, share and hold certain Personal Data about current, past and prospective, consumers, customers, suppliers, business contacts, employees and other people in course of its business activities. Personal Data must be Processed in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679) and other applicable national and European privacy legislation and regulations (together the “Data Protection Law”).

The Company recognises the need to treat Personal Data in an appropriate and lawful manner and is committed to complying with its obligations in this regard. This Privacy Policy explains how the Company use Personal Data.

This Privacy Policy applies to all entities within the Dole Group and all individuals who work for, with or on behalf of any Dole business.

The Company use the words Personal Data to describe information that about an individual, and from which they are identifiable. Other key data protection terms are defined in Schedule 1.

This Privacy Policy describes how the Company use Personal Data that the Company collect as part of its business activities.  This includes Personal Data obtained from a variety of sources, including:

·                     telephone calls, emails and other communications;

·                     service providers and other third parties;

·                     the Dole website (the “Site”); and

·                     social media applications.

In this Privacy Policy, the Company refer to the Site and social media applications collectively as “Online Tools”.

Personal Data may be provided to the Company by the individual directly or by a third party. 

This Privacy Policy may be supplemented by other privacy notices tailored to the Company’s specific relationships with the individual.

2.                   Personal Data the Company Process

The Personal Data the Company hold about employees and other individuals may differ depending on the relationship, including the type of communications between the Company and the individual and the services the Company provides.

The Personal Data the Company collect generally falls within one of three categories – Personal Data about

·                     Employees;

·                     Business Contacts;

·                     Customers.

The Company endeavours to keep the Personal Data it Processes accurate and up to date. Furthermore Personal Data is stored in as few places, with as few copies, as is reasonably possible. The Company’s relevant staff are trained to not create any unnecessary additional copies of Personal Data.

Personal Data the Company may hold and process is further described in Schedule 2.

3.                   How the Company use Personal Data

The Company use Personal Data to carry out its business activities.  The purposes for which the Company use an individual’s Personal Data may differ based on the relationship, including the type of communications between the Company and the individual and the services the Company provides.

The main purposes include using Personal Data to: 

·                     facilitate general business purposes, including payroll activities, HR records, performance management, making business travel arrangements;

·                     facilitate communication with an employee and their nominated contacts in an emergency and protecting the health and safety of staff and others;

·                     provide products and services;

·                     communicate with employees and other individuals;  

·                     improve the quality of products and services, provide training and maintain information security (for example, for this purpose the Company may record or monitor phone calls);

·                     carry out research and analysis, including analysis of the Company’s customer base and other individuals whose Personal Data the Company collect;

·                     provide marketing information in accordance with preferences the individual have told the Company about (marketing information may be about products and services offered by third party partners subject to the individual’s preferences);

·                     personalise the individual’s experience when using Online Tools or visit third party websites by presenting information and advertisements tailored to the individual, and facilitate sharing on social media;

·                     manage the Company’s business operations and IT infrastructure, in line with its internal policies and procedures, including those relating to finance and accounting, billing and collections, IT systems operation, data and the website hosting, data analytics, business continuity, records management, document and print management, and auditing;

·                     manage complaints, feedback and queries, and handle requests for data access or correction, or the exercise of other rights relating to Personal Data;

·                     comply with applicable laws and regulatory obligations (including laws and regulations outside the individual’s country of residence), for example, laws and regulations relating to anti-money laundering, sanctions and anti-terrorism; comply with legal process and court orders; and respond to requests from public and government authorities (including those outside the individual’s country of residence); and

·                     establish and defend legal rights to protect the Company’s business operations, and those of its business partners.  

4.                   Automated decisions using Personal Data

The Company may use automated decision making tools (i.e. where a person is not involved in the decision).  The Company typically use these tools when making straightforward decisions about an individual.  Where this is the case the Company may provide the individual with more information at the time to aid in understanding of what is involved.

5.                   Responsibility for Personal Data

The Company is responsible for looking after Personal Data in accordance with this Privacy Policy, internal standards and procedures, and the requirements of data protection law.

When the Company provide Personal Data to third parties, the third parties will be selected carefully and required to use appropriate measures to protect the confidentiality and security of the Personal Data.  In such circumstances, the Company will disclose requested Personal Data to the extent permitted by, and in accordance with, applicable Data Protection Law.  Those third parties will assume certain responsibilities under data protection law for looking after the Personal Data that they receive from the Company.

6.                   Sharing of Personal Data

In connection with the purposes described above, the Company may need to share Personal Data with third parties (this may involve third parties disclosing Personal Data to the Company and the Company disclosing Personal Data to them). 

The types of third parties with which the Company may share Personal Data are further described in Schedule 4.

In certain circumstances, Data Protection Law allows Personal Data to be disclosed to law enforcement agencies without the consent of the Data Subject.  In such circumstances, the Company will disclose requested Personal Data to the extent permitted by, and in accordance with, applicable Data Protection Law. Prior to any such disclosure of Personal Data the Company will ensure the request is legitimate and in accordance with Data Protection Law, seeking assistance from Group Legal Counsel where necessary.

7.                   International Transfers of Personal Data

For the purposes set out in this Privacy Policy the Company may transfer Personal Data to parties located in other countries (including the USA and other countries that have data protection regimes which are different to those in the country where the individual is based, including countries which have not been found by the European Commission to provide adequate protection for Personal Data).  

The Company may transfer information internationally to its service providers, business partners, and government or public authorities.

When making these transfers, the Company will take steps to ensure that the Personal Data is adequately protected and transferred in accordance with the requirements of Data Protection Law. 

This may involve the use of data transfer agreements in the form approved by the European Commission or another mechanism recognised by data protection law as ensuring an adequate level of protection for Personal Data transferred outside the EEA (for example, the standard contractual clauses).

For further information about these transfers and to request details of the safeguards in place, please contact the Company using the details in Schedule 8.

8.                   Security of Personal Data

The Company uses appropriate technical, physical, legal and organisational measures, which comply with data protection laws to keep Personal Data secure. 

As most of the Personal Data the Company holds is stored electronically the Company has implemented appropriate IT security measures to ensure this Personal Data is kept secure.  For example, the Company may use anti-virus protection systems, firewalls, and data encryption technologies. The Company have procedures in place at their premises to keep any hard copy records physically secure. The Company also train its staff regularly on data protection and information security.

When the Company provides Personal Data to a third party (including its service providers) or engages a third party to collect Personal Data on its behalf, the third party will be selected carefully and required to use appropriate security measures to protect the confidentiality and security of Personal Data. For example Personal Data is encrypted / password protected where appropriate.

Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure.  If an individual has reason to believe that their interaction with the Company is no longer secure (for example, if they feel that the security of any Personal Data sent to the Company has been compromised), they should immediately notify the Company.

The manner in which Personal Data is kept secure is further described in the Company’s security policy, a copy of which can be obtained from the contact details in Schedule 8.

9.                   Legal Justifications for Processing of Personal Data

To comply with Data Protection Law, the Company need to describe the legal justification it relies on for using Personal Data for its purposes.

While the law provides several legal justifications, the table in Schedule 5 describes the main legal justifications that apply to the purposes for using Personal Data.

In order to obtain Personal Data from an individual to comply with applicable legal requirements, and certain Personal Data may be needed to enable the Company to fulfil the terms of its contract with an individual, or in preparation of entering into a contract with an individual. The Company may inform the individual of this at the time that the Company obtain the Personal Data.  In these circumstances, if the individual does not provide the relevant Personal Data to the Company, the Company may not be able to provide its products or services to the individual.  To obtain more information, please contact the Company using the details set out in Schedule 8.

Where the Company rely on its legitimate business interests or the legitimate interests of a third party to justify the purposes for using Personal Data, its legitimate interests are:

·                     pursuit of its commercial activities and objectives, or those of a third party (for example, by carrying out direct marketing);

·                     compliance with applicable legal and regulatory obligations, and any guidelines, standards and codes of conduct (for example, by carrying out background checks or otherwise preventing, detecting or investigating fraud or money laundering);

·                     improvement and development of business operations and service offering, or those of a third party;

·                     protection of the business, shareholders, employees and customers, or those of a third party (for example, ensuring IT network and information security, enforcing claims, including debt collection); and

·                     analysing competition in the market for the Company’s services (for example, by carrying out research, including market research).

The Company may need to collect, use and disclose Personal Data in connection with matters of important public interest, for instance when complying with its obligations under anti-money laundering and terrorist financing laws and regulations, and other laws and regulations aimed at preventing financial crime.  In these cases, the legal justification for the use of Personal Data is that the use is necessary for matters of public interest. Additional justifications may also apply depending on the circumstances.

For Processing of more Sensitive Personal Data the Company will rely on either:

·                     consent; or

·                     that use of Sensitive Personal Data is necessary for the establishment, exercise or defence of legal claims, or whenever courts are acting in their judicial capacity (for example, when a court issues a court order requiring the Processing of Personal Data).

Processing of Personal Data relating to criminal convictions and offences is subject to the requirements of applicable law.

10.               Monitoring

The Company may record telephone calls with employees so that the Company can:

·                     improve the standard of service that the Company provide by providing employees with feedback and training, where applicable;

·                     address queries, concerns or complaints;

·                     prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks; and

·                     comply with the Company’s legal and regulatory obligations.

In addition, the Company monitor electronic communications between the Company and employees (for example, emails) to protect the employees, the business and IT infrastructure, and third parties including by:

·                     identifying and dealing with inappropriate communications; and

·                     looking for and removing any viruses, or other malware, and resolving any other information security issues.

The use of CCTV involves Processing of Personal Data. Further information on how the Company Process Personal Data using CCTV is set out in Schedule 6.

11.               Retention of Personal Data

The Company will keep Personal Data for as long as is necessary for the purposes for which the Company collects it. This mean the Company will retain Personal Data for so long as the Company has a relationship with the individual to whom the Personal Data relates. Once this relationship comes to an end the Company will retain such Personal Data for a period of time that allows it to: (a) comply with legal record retention requirements; (b) defend or bring legal claims; (c) maintain records for business analyses and audit; and (d) address complaints and other issues regarding its business.

Where the Company holds Personal Data to comply with a legal or regulatory obligation, the Company will keep the information for at least as long as is required to comply with that obligation. In some cases a retention period will apply once the initial purpose has ceased e.g. payroll files are required to be kept for current year plus 6 years.

Where the Company holds Personal Data in order to provide a product or service, the Company will keep the information for at least as long as the Company provides the product or service, and for a number of years thereafter.  The number of years varies depending on the nature of the product or service provided.

The Company endeavours to ensure that Personal Data will only be kept which is relevant and not excessive to achieve the purposes for which it is being held.  Personal Data will be deleted once that purpose is achieved or it is no longer required as set out

For further information about the period of time for which the Company retains Personal Data, please contact the Company using the details in Schedule 8.

12.               Personal Data Rights

Schedule 7 sets out a summary of the data protection rights available to individuals in the EEA in connection with their Personal Data. These rights may only apply in certain circumstances and are subject to certain legal exemptions.

To exercise any of these rights, please contact the Company using the details set out in Schedule 8.

13.               Who to contact about Personal Data

For any questions or concerns about the way the Company uses Personal Data, please contact the Company at the email address in Schedule 8.

14.               Review and Revision

The Company review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in the business, legal requirements, and the manner in which the Company process Personal Data. This Privacy Policy was last updated on the date indicated on page 1. The Company may review this policy and make changes from time to time.



Definition of key data protection terms

Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed.

Data Controller” means the entity that controls Personal Data, by deciding why and how such Personal Data is Processed.

Data Processor” means the party that Processes Personal Data on behalf of the Data Controller (for example, a payroll service provider).

European Economic Area” or “EEA” means Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, the UK, Iceland, Liechtenstein, and Norway.

Personal Data” is any information relating to a living individual which allows the identification of that individual. Personal Data can include:

·                     a name, an identification number;

·                     details about an individual’s location; or

·                     any other information that is specific to that individual.

Processing” includes collecting, using, recording, organising, altering, disclosing, destroying or holding Personal Data in any way. Processing can be done either manually or by using automated systems such as information technology systems and “Process” and “Processing” shall be interpreted accordingly.

Profiling” is the automated Processing of Personal Data for the purpose of assessing certain aspects relating to an individual so as to analyse or predict the individual’s performance, decisions or behaviour.

Sensitive Personal Data” are types of Personal Data that reveal any of the following information relating to an individual: racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. Special Categories of Personal Data also include the Processing of genetic data, biometric data (for example, fingerprints or facial images), health data, data concerning sex life or sexual orientation and any Personal Data relating to criminal convictions or offences.



Types of Personal Data

Type of Personal Data



Contact information

Name, address, email and telephone number.

General information

Gender, marital and family status, date and place of birth, physical characteristics, expression of wishes form.

Education and prior employment

Educational background, employer details and employment history, skills and experience, professional licences, memberships and affiliations.


Social security number, passport number, tax number, driver’s licence number, or other government issued identification number.

Financial information

Payment card number (credit /debit card), bank account number, other financial account number and account details, other financial information.

Information enabling us to provide products and services

Status as company officer or director, or partner, or other ownership or management interest in an organisation.

Marketing preferences, marketing activities and customer feedback

Marketing preferences or responses to customer satisfaction surveys.

Online activity information

The Company may receive Personal Data about an individual when they use Online Tools; this may include social media account identifiers, IP address and other online identifiers (to the extent that they are Personal Data), and other Personal Data that an individual may provide to the Company online.

Supplemental information from other sources

The Company and its service providers may supplement the Personal Data the Company collects with information obtained from other sources (for example, publicly available information from online social media services and other information resources, third party commercial information sources, and information from its business partners).




General Staff Guidelines


Everyone who works for or with the Company and uses Personal Data has a responsibility under this Privacy Policy to ensure Personal Data is collected, stored and handled appropriately, securely and in accordance with Data Protection Law. Staff must to be vigilant to ensure that they comply with the terms of this Privacy Policy. If in doubt staff should request help using the contact details in Schedule 8.

·                     The only people able to access Personal Data covered by this Privacy Policy should be those who need it for their work.

·                     Employees should keep all Personal Data secure, by taking sensible precautions in particular, robust passwords must be used and they should never be shared. Where necessary, the Company should ensure that Personal Data is encrypted for storage and transmission.

·                     Personal Data should not be shared informally. When access to Personal Data is required, employees can request it from their line managers.

·                     Personal Data should not be disclosed to unauthorised people, either within the company or externally.

·                     Files containing Personal Data should be regularly reviewed and updated. If no longer required, it should be permanently deleted.

·                     Training is available to relevant employees to help them understand their responsibilities when handling Personal Data.  Any employee who does not feel they have had adequate training should report this to their manager.

·                     Paper-based records of Personal Data when not required, should be filed securely or shredded/disposed securely if no longer required

·                     Employees should make sure paper and printouts containing Personal Data are not left where unauthorised people could see them, e.g. on a printer.

·                     When Personal Data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:

·                     If Personal Data is stored on removable media, these should be kept securely when not being used.

·                     All servers and computers containing Personal Data should be protected in accordance with the Dole Information Security Policy.

·                     Personal Data should not be downloaded to personal laptop’s/PC’s etc. in general, unless permission has been granted by line manager and it is necessary for the execution of the employee’s role.

·                     All employees should be aware that the Company reserves the right to inspect all files stored in the network including emails and in the event of any investigation of employee conduct at the Company to ensure or monitor compliance with any legal requirements or policies of the Company for business purposes. The appointed investigator, in the course of conducting any investigation, will have free and unrestricted access to all records and premises and the authority to examine, copy, and/or remove all or any portion of the contents of files, desks, cabinets, and other storage facilities on the premises without prior knowledge or consent of any individual who may use or have custody of any such items or facilities when it is within the scope of their investigation.  No data should be destroyed once an investigation has begun.  Employees should also be aware of the requirement to maintain the confidentiality of all Confidential Information (i.e. Personal Data or business data that is not in the public domain) at all times and even after their employment with the Company has come to an end.

·                     Employees should also not disclose any Confidential Information to any third party who is not employed by the Dole Group, without the consent of their direct manager or a director of the Company Group plc other than to professional advisers of the Dole Group who are informed of the confidential nature of such information.



Third Party Disclosees


Type of third party



Service providers and advisors

External third party service providers, such as pension and payroll providers, security professionals, accountants, auditors, experts, lawyers and other professional advisors; travel assistance providers; call centre service providers; IT systems, support and hosting service providers; advertising, marketing and market research, and data analysis service providers; banks and financial institutions that service the Company’s accounts; document and records management providers; and other third party vendors and outsourced service providers that assist the Company in carrying out business activities. 

Government / Judicial authorities

The Company may also share Personal Data with:

(a) government or other public authorities (including, but not limited to, courts, regulatory bodies, law enforcement agencies, tax authorities and criminal investigations agencies); and

(b) third party participants in legal proceedings and their accountants, auditors, lawyers, and other advisors and representatives, as the Company believe to be necessary or appropriate.


Purchaser or prospective purchaser of a business of Dole.




Legal Bases for Processing


of Processing

Legal Justifications


Contractual Necessity

Legal Requirement

Legitimate Interests

To communicate with individuals





For the employment relationship





To provide products and services





To improve the quality of the Company’s products and services, for training, and to maintain information security





To manage commercial risks





To carry out research and analysis





To provide marketing information





To manage the Company’s business operations and IT infrastructure





To manage complaints, feedback and queries





To comply with applicable laws and regulations





To personalise the user experience when using Online Tools








CCTV Policy & Procedures

The purpose of the Company’s CCTV system is to ensure the health and safety of staff and customers, the security of the Company’s staff and property and to protect against crime, including theft.

The Company ensures that the use of CCTV is in line with the requirements under Data Protection Law. Staff have a responsibility to adhere to this CCTV policy and failure to do so may result in disciplinary action up to and including dismissal.

Access to the CCTV systems and recorded material is strictly restricted to authorised colleagues, security colleagues and members of the management teams.


The Company operates cameras which are located across warehouses, office buildings and stores. All areas display signage highlighting the presence of CCTV cameras.  These operate on a 24-hour basis, seven days a week.

Processing the images

Recorded images and associated information, which may include sound, will be retained for a maximum of 30 days from the date of recording.  After a period of up to a maximum of 30 days the system will automatically overwrite images.  However the Company reserves the right to retain images for a longer period where there are objective reasons for doing so.  Any CCTV footage that has been retained will be retained securely and will only be retained and /or used for the specific purpose it was retained for.  Once it is no longer necessary to retain the footage it will be destroyed by a specified person, appropriate measures must be taken to ensure that the data cannot be reconstructed and processed by third parties.  Staff with responsibility for processing CCTV images must only do so in line with established procedures and must ensure the security of the data at all times. Any colleague who uses the CCTV system or CCTV images in an unauthorised manner may be subject to disciplinary action up to and including dismissal. Unauthorised use is any processing incompatible with the data’s original purpose including, but not limited to: disclosure of images containing Personal Data to an unauthorised third party, including other colleagues; unauthorised processing of Personal Data in the form of copying the images on to a disk, the website or print format; and/or circulation of images containing Personal Data by email, phone or posting of images containing Personal Data on the internet.

Access to and disclosure of images to third parties

Access to and disclosure of images recorded by the CCTV system is carefully monitored. Access to images by third parties will only be allowed in limited and prescribed circumstances permitted by legislation. Such circumstances may include the disclosure of Personal Data in order to: prevent injury or damage to property; meet legal requirements; obtain legal advice, or for the purpose of legal proceedings; or meet a request from, or with the consent of, the data subject, or a person acting on his or her behalf.

Local Law Enforcement requests for copies of CCTV footage should only be acceded to where a formal written request is provided to the Company stating that they are investigating a criminal matter.  In some instances, where the Local Law Enforcement indicate that the viewing of CCTV footage is deemed urgent, the Company may facilitate a viewing without the formal written request but on the understanding that the formal written request will be sent by the Local Law Enforcment as soon as is reasonably practicable.


The Company also reserves the right to disclose Personal Data to specific third parties where there are objective business reasons for doing so. Such third parties may include: insurance providers; medical practitioners; pension and medical insurance providers; security providers.

Access by Data Subjects

Under the Data Protection Law individuals have the right to access images containing their Personal Data. This applies equally to colleagues and members of the public. Please see Schedule 8.

Disciplinary purposes

The Company reserves the right to use information obtained by CCTV for disciplinary purposes. Such information can be used as part or in conjunction of an investigation process and all relevant parties will have the opportunity to view and comment on such footage. Example of the use of CCTV footage for disciplinary purposes include but are not limited to; establishing the facts of an alleged incident where other evidence is in conflict; as evidence for alleged incidents of stock loss, theft or misuse of time and attendance system; as evidence of health and safety incidents.




Data Subject Rights




When is this right applicable?

Right of access to Personal Data

Individuals have the right to receive a copy of the Personal Data the Company holds about them and information about how the Company use it.


This right is applicable at all times when the Company hold individual’s Personal Data (subject to certain exemptions).   

Right to rectification of Personal Data

An individual has the right to ask the Company to correct Personal Data the Company holds about the individual where it is incorrect or incomplete.


This right is applicable at all times when the Company hold individual’s Personal Data (subject to certain exemptions).

Right to erasure of Personal Data

This right entitles an individual to request that their Personal Data be deleted or removed from the Company’s systems and records.  However, this right only applies in certain circumstances.

Examples of when this right applies to Personal Data the Company hold include (subject to certain exemptions):

·  when the Company no longer needs the Personal Data for the purpose the Company collected it;

·  if the individual withdraws consent to the Company’s use of their information and no other legal justification supports the continued use of their information;

·  if an individual objects to the way the Company use their information and the Company have no overriding grounds to continue using it;

·  if the Company have used an individual’s Personal Data unlawfully; and

·  if the Personal Data needs to be erased for compliance with law.

Right to restrict processing of Personal Data

An individual has the right to request that the Company suspend the use of their Personal Data. 

Where the Company suspend its use of the individual’s Personal Data the Company will still be permitted to store their Personal Data, but any other use of this information will require their consent, subject to certain exemptions.


An individual can exercise this right if:

·  they think that the Personal Data the Company hold about them is not accurate, but this only applies for a period of time that allows the Company to consider if the Personal Data is in fact inaccurate;

·  the Processing is unlawful and the individual opposes the erasure of their Personal Data and request the restriction of its use instead;

·  the Company no longer need the Personal Data for the purposes the Company have used it to date,  but the Personal Data is required by then individual in connection with legal claims; or

· the individual has objected to the Company’s processing of the Personal Data and the Company is considering whether its reasons for processing override the individual’s objection. 

Right to data portability

This right allows an individual to obtain their Personal Data in a format which enables them to transfer that Personal Data to another organisation. 

An individual may have the right to have their Personal Data transferred by the Company directly to the other organisation, if this is technically feasible.

This right will only apply:


·  to Personal Data the individual provided to the Company;

· where the Company has justified their use of the individual’s Personal Data based on:

o the individual’s consent; or

o the fulfilment by the Company of a contract with the individual; and


·  if the Company’s use of the individual’s Personal Data is by electronic means.


Right to object to processing of Personal Data

An individual has the right to object to the Company’s use of their Personal Data in certain circumstances.  However, the Company may continue to use their Personal Data, despite their objection, where there are compelling legitimate grounds to do so or the Company need to use the Personal Data in connection with any legal claims and employment. 






Rights relating to automated decision making and Profiling

An individual has the right not to be subject to a decision which is based solely on automated processing (without human involvement) where that decision produces a legal effect or otherwise significantly affects them.

This right means an individual can request that the Company involve one of its employees or representatives in the decision making process.


This right is not applicable if:


·  the Company need to make the automated decision in order to enter into or fulfil a contract with the individual;

· the Company are authorised by law to take the automated decision; or

·  the decision is based on the individual’s explicit consent.

Right to withdraw consent to processing of Personal Data

Where the Company have relied upon an individual’s consent to process their Personal Data, they have the right to withdraw that consent. 


This right only applies where the Company process Personal Data based upon the individual’s consent. 

Right to complain to the relevant data protection authority

If an individual thinks that the Company has processed their Personal Data in a manner that is not in accordance with data protection law, they can make a complaint to the data protection regulator.  If they live or work in an EEA member state, they may complain to the regulator in that state.

This right applies at any time.




Contact Details

 Contact details for queries on matters raised in this document are as follows:

GDPR Group Steering Committee