What is the background of this privacy notice?
This privacy notice contains details on the types of data we collect, process and store about you. It details how
and what we use it for, our legal basis for using it and how long we retain it. It also outlines if we disclose
this information, what we do to protect it and explains how to contact us and how to exercise your rights.
Who is Bevella?
We are an alcohol distribution and marketing company within Ireland as part of Primeline Group under the Sales
& Marketing division. Primeline Group is a group of companies comprising the largest independent Irish
provider of logistics, sales and marketing services to home-grown and international brands and retailers across
the Irish and UK markets.
The Primeline Group comprises of several branches including Primeline Logistics, Primeline Sales and Marketing
ROI & UK, Primeline Express ROI and NI and Primeline VNE.
The “Primeline Group” (as referred to herein to mean each and all of Primeline Logistics, Primeline VNE
Limited, Primeline Express Limited, Grocery Brand Solutions Limited, Primeline Sales & Marketing Limited,
Primeline Sales and Marketing (UK) Limited and Johnson Brothers Unlimited) as well as any companies that may be
added to the group in the future, is considered a Data Controller as we collect use and store your personal
data.
We are also categorised as a Data Processor as we receive and process personal data from our customers and
suppliers.
What personal data do we collect about you?
We may collect different categories of personal data from you including:
- Name
- Contact details (phone, email)
- Signature
- Age/Date of Birth
- Gender
- Bank details
- Education & Training history
- Qualification/Certifications
- Professional Body Memberships
- Current employer
- Previous Work History
- Referee contact details
- Pay Rate
- Job title/role
- Shift Patterns, Hours of Work ▪ Absence and Attendance Information ▪ Employment Dates
- Bevella Reporting/Line Manager ▪ Bevella Company/Entity, Business Unit/Division and Cost Centre
- Location and Principle(s) assigned to ▪ Kaizen app pin # and unique QR cards ▪ Photograph
- Access Control System User Number, User Group and User Group Number
- ▪ Access Control System Card Number ▪ Access Control System Card activity ▪ Access Control System
access rights ▪ Car Make, Model and Registration ▪ CCTV footage
- Travel Itineraries
- Phone call recordings
- IP addresses
We may also collect personal data that is classified as “special category” under the General Data Protection
Regulation (GDPR).
▪ We will process your passport/identification documents and where necessary your driver’s licence, all which can reveal your racial or
ethnic origin.
▪ We may process your medical information in the form of verbal notifications, letters, emails, sick certs, fit to work reports, PIAB reports, accident/incident reports, substance misuse reports, occupational health reports health declarations and any Covid-19 related forms and temperature testing
We do not collect any other Special Categories of Personal Data, such as religious beliefs, sexual orientation, political opinions, trade union membership and genetic information or biometric data about you.
What sources do we collect personal data from other than yourself?
We may collect similar categories of personal data from other sources including:
- An employer
- Public organisations
- Recruitment companies
- Public records
- Customers
- Suppliers
- Accountants or other advisers
How do we use your personal data?
We may use your personal data for the following purposes:
- To engage with prospective employees
- To provide logistics, sales and marketing services to our customers
- To comply with our legal responsibilities as an employer
- To comply with our legal responsibilities to regulatory bodies
- To engage with partners that supply us goods and services
- To comply with contractual obligations to our customers, employees and suppliers
- To manage any customer queries or complaints
- To manage performance including disciplinary and development of our employees
- To manage stock and prevent theft
- To maintain the health and safety of our customers, employees, suppliers and visitors
- To comply with contractual obligations to our customers, employees and suppliers
- To comply with legal obligations
- To act in the public interest and uphold the law
- To comply with our obligations to third parties in the context of a transfer of undertaking governed by the European Communities (Protection of Employees on Transfer of Undertakings) Regulations 2003 and/or the Employees (Provision of Information and Consultation) Act 2006 (collectively referred to here as “TUPE” which expression shall include, where applicable, equivalent UK legislation) to provide such parties (including clients and/or any new service providers) with such information as is reasonably required for us to comply with our legal obligations. We will exercise data minimisation in this regard.
What lawful basis do we rely on to collect personal data?
Bevella will only process your personal information where we have a legal basis to do so.
We rely on different Lawful Bases for processing personal data depending on the operation involved:
Consent Basis
If you have given us consent to use your personal data, and we have no other legal basis for doing so, we will
rely on your consent.
The activities where we rely on your consent are:
- Direct marketing activities including details of offers and information about our services.
- Processing of submitted job applications/applicant CV’s
- Obtaining references/Issuing statements of employment
- Communication between Bevella and Client.
- Use of photographs/videos of your image as marketing material on the Bevella website, Social Platforms, and Recruitment tools
You can withdraw your consent at any time. If you would like to withdraw your consent, then please contact our Data Protection Officer in writing using the details on Page 7.
Legal Basis
We will rely on our legal obligations to process information for the following purposes:
- Fulfilling our duties to regulators and government bodies under relevant legislation
- Complying with our legal obligations as an employer
- Conforming with obligations to Revenue concerning records keeping
- Complying with our obligations under TUPE to transfer data to the client and/or third party/incoming service providers so that they are informed as to the employees relevant to the business unit / undertaking transferring and furthermore can have the relevant employees
established on their payroll in good time for the effective date of any transfer; note that data will be anonymised where reasonably possible
- Defending a legal claim or upholding the rule of law.
Contract Basis
If we have engaged in a contractual relationship together, we will process information that relates to the services we are providing you with or receiving from you.
The activities where we are processing data to enter into, or fulfil a legal contract are:
- Performance of any legal contract as an employer
- Performance of any legal contract as a supplier or customer.
- When we are processing information from you to arrange a contract between us, such as when you give us your
details to enter into an agreement for services with us.
- Delivering services to you under contract and keeping you updated with changes or information relating to those
services.
- However, do note that in some circumstances, if you decide not to provide the personal data we require, we
might be unable to continue our contractual relationship with you.
Legitimate Interest Basis
Legitimate Interest is used as a legal basis for processing under certain circumstances.
We assess our legitimate interest to consider the rights and freedoms of the data subject.
The activities where we are processing data under a legitimate interest basis include:
- Use of CCTV. It is in our legitimate interest as a commercial enterprise to process CCTV footage for the prevention and detection of crime, to safeguard staff and visitors, ensure compliance with health and safety procedures, and improve productivity.
- Processing video and images of employees at an internal conference event. It is in our legitimate interest as a commercial enterprise to share images at a work function and it is also in the individuals’ interest to promote their attendance at the event.
- Further to the legal basis insofar as TUPE is required, it is also in our legitimate interests to ensure a smooth transfer of undertaking by providing limited employee information to a client and/or third-party incoming service provider in such circumstances. It is also in the interests of each transferring employee that such transfers be conducted smoothly, and that payroll continues without any interruptions due to lack of required data from Bevella. Vital Interest Basis
- Vital Interest is used as a legal basis for processing when we request employee emergency contact details.
- It may also be the legal basis used for processing personal data gathered as part of our efforts to control the spread of COVID-19
Public interest
- Public Interest may be the legal basis used for processing personal data gathered as part of our efforts to control the spread of COVID-19
Who do we share your personal data with?
Bevella uses third-party suppliers in certain cases, to process personal data on its behalf. The Data Protection Officer ensures that these processors have security measures in place to safeguard personal data that are appropriate to the associated risks. These include:
- Professional advisers, experts and consultants that support us
- Recruitment and training providers that help us to develop our employees and services
- Accountants and solicitors that are engaged to provide services required by law, such as filing payroll information with Revenue, reviews, due diligence, audits and risk assessments.
- Data processors, such as software providers, including Logistics systems and CRM providers, email communication platforms, social media platforms and human resource and contact centre telephony and management systems
- Third-party hosting providers to host our software and platforms
- Third parties for the purpose of processing/administration of employee benefits
- Storage and archiving companies to ensure information is secure
- Contractors and suppliers of goods and services to Bevella
- Government or publ’ic service bodies with whom we have a legal obligation
We require these processors to provide the same level of data protection as we do. These suppliers will only process personal data to carry out contractual obligations to Bevella or upon the instructions of Bevella, and not for any other purposes.
We will also share personal information with official bodies if required by law, including Revenue, DPC and the Gardai
Do we transfer your personal data 0utside The European Economic Area (EEA)?
We do not normally transfer your personal data outside of the EEA. If this happens, we will notify you of the reasons and the legal basis for doing so. We will also outline any risk assessments and explain the safeguards available to protect your rights and freedoms.
How long do be keep your personal data?
We keep personal data for no longer than is necessary for the purposes for which it is processed. (Our Data Retention Policy outlines our approach in more detail and is available on request) We use the following general retention periods and review these regularly:
Employee data
We retain employee data for 7 years after employment ceases, unless we have another legal basis to process that
information
Customer data
We retain customer data for 6 years after the customer relationship ceases, unless we have another legal basis to
process that information
Financial data
We keep tax, VAT and employment records for 6 years to comply with Revenue requirements. We retain pension and
retirement records permanently to comply with relevant legislation
Health & Safety data
We keep records of major accidents and dangerous occurrences for 10 years to comply with relevant legislation
Do we use automated decision making or automated profiling processes?
We do not currently use automated decision making or automated profiling processes.
How do we protect your personal data?
Personal data should be processed in a manner that ensures appropriate security of personal data, including
protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using
appropriate technical and organisational measures.
Only authorised employees or contractors have access to the personal information that the Bevella collects. Only
those that require access have it. The physical security of buildings, filing cabinets and offices are
considered and are secured and locked when not in use. Bevella uses best practice IT security procedures and
systems to safeguard personal data.
What rights do you have in relation to your personal data?
As a data subject you have several rights that you can elect to exercise:
The Right to Access
Individuals have the right to review their data—and any supplemental data—and understand how their data is stored
and used. Our Data Protection Officer is
responsible to ensure that such requests are processed within one month, are not excessive and do not affect the
rights to personal data of other individuals.
The Right to be Informed
Individuals have the right to fully understand how personal data is: collected, stored, managed, protected and
processed. This Privacy Notice is one way to enable this kind of transparency.
The Right to Portability
Individuals have the right to request transfer of their personal data to another person or organisation for
storage or processing.
The Right to Rectification
Individuals have the right to update, supplement or correct incomplete or inaccurate data the Bevella holds.
The Right to be Forgotten
Upon request, data subjects have the right to obtain from Bevella the erasure of its personal data. This must be
done only in compliance with any legal or statutory obligations.
The Right to Restrict Processing
Individuals may request that their data not be used for specific purposes.
The Right to Object
Individuals can object at any time to processing of personal information – for direct marketing for example or in
certain other situations
Rights in Relation to Automated Decision Making and Profiling
Individuals have the right to request manual processing for any decisions made with their data.
How do you exercise your rights?
To exercise any of the rights, please contact our Data Protection Officer using the details below and let us know who you are and what right you’d like to exercise.
How do you raise a complaint?
In the event, that you wish to complain about how we have handled your personal data, please contact our Data Protection Officer
at:
Bevella under Primeline Data
Protection Officer Primeline Group,
Unit 3, Ashbourne Business Park,
Ashbourne, Co. Meath
[email protected]
Tel: 01 8353000 or 087 4317957
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the DPC (the Irish supervisory authority for the GDPR) and file a complaint with them at:
Data Protection Commission
Canal House, Station Road, Portarlington,
R32 AP23, Co. Laois
Tel: 1890 252 231
[email protected]
What if this privacy notice changes?
This document was issued in June 2021. We regularly review our data protection policies and procedures. If anything changes, we will update our website to reflect this in a timely manner.
