Privacy Policy

What is the background of this privacy notice?

This privacy notice contains details on the types of data we collect, process and store about you. It details how
and what we use it for, our legal basis for using it and how long we retain it. It also outlines if we disclose
this information, what we do to protect it and explains how to contact us and how to exercise your rights.

Who is Bevella?

We are an alcohol distribution and marketing company within Ireland as part of Primeline Group under the Sales
& Marketing division. Primeline Group is a group of companies comprising the largest independent Irish
provider of logistics, sales and marketing services to home-grown and international brands and retailers across
the Irish and UK markets.

The Primeline Group comprises of several branches including Primeline Logistics, Primeline Sales and Marketing
ROI & UK, Primeline Express ROI and NI and Primeline VNE.

The “Primeline Group” (as referred to herein to mean each and all of Primeline Logistics, Primeline VNE
Limited, Primeline Express Limited, Grocery Brand Solutions Limited, Primeline Sales & Marketing Limited,
Primeline Sales and Marketing (UK) Limited and Johnson Brothers Unlimited) as well as any companies that may be
added to the group in the future, is considered a Data Controller as we collect use and store your personal
data.

We are also categorised as a Data Processor as we receive and process personal data from our customers and
suppliers.

What personal data do we collect about you?

We may collect different categories of personal data from you including:

 

We may also collect personal data that is classified as “special category” under the General Data Protection
Regulation (GDPR).

▪ We will process your passport/identification documents and where necessary your driver’s licence, all which can reveal your racial or
ethnic origin.

▪ We may process your medical information in the form of verbal notifications, letters, emails, sick certs, fit to work reports, PIAB reports, accident/incident reports, substance misuse reports, occupational health reports health declarations and any Covid-19 related forms and temperature testing

We do not collect any other Special Categories of Personal Data, such as religious beliefs, sexual orientation, political opinions, trade union membership and genetic information or biometric data about you.

What sources do we collect personal data from other than yourself?

We may collect similar categories of personal data from other sources including:

How do we use your personal data?

We may use your personal data for the following purposes:

 

What lawful basis do we rely on to collect personal data?

Bevella will only process your personal information where we have a legal basis to do so.

We rely on different Lawful Bases for processing personal data depending on the operation involved:

Consent Basis

If you have given us consent to use your personal data, and we have no other legal basis for doing so, we will
rely on your consent.

The activities where we rely on your consent are:

You can withdraw your consent at any time. If you would like to withdraw your consent, then please contact our Data Protection Officer in writing using the details on Page 7.

Legal Basis

We will rely on our legal obligations to process information for the following purposes:

established on their payroll in good time for the effective date of any transfer; note that data will be anonymised where reasonably possible

Contract Basis

If we have engaged in a contractual relationship together, we will process information that relates to the services we are providing you with or receiving from you.

The activities where we are processing data to enter into, or fulfil a legal contract are:

Legitimate Interest Basis

Legitimate Interest is used as a legal basis for processing under certain circumstances.

We assess our legitimate interest to consider the rights and freedoms of the data subject.

The activities where we are processing data under a legitimate interest basis include:

Public interest

Who do we share your personal data with?

Bevella uses third-party suppliers in certain cases, to process personal data on its behalf. The Data Protection Officer ensures that these processors have security measures in place to safeguard personal data that are appropriate to the associated risks. These include:

We require these processors to provide the same level of data protection as we do. These suppliers will only process personal data to carry out contractual obligations to Bevella or upon the instructions of Bevella, and not for any other purposes.

We will also share personal information with official bodies if required by law, including Revenue, DPC and the Gardai

Do we transfer your personal data 0utside The European Economic Area (EEA)?

We do not normally transfer your personal data outside of the EEA. If this happens, we will notify you of the reasons and the legal basis for doing so. We will also outline any risk assessments and explain the safeguards available to protect your rights and freedoms.

How long do be keep your personal data?

We keep personal data for no longer than is necessary for the purposes for which it is processed. (Our Data Retention Policy outlines our approach in more detail and is available on request) We use the following general retention periods and review these regularly:

Employee data

We retain employee data for 7 years after employment ceases, unless we have another legal basis to process that
information

Customer data

We retain customer data for 6 years after the customer relationship ceases, unless we have another legal basis to
process that information

Financial data

We keep tax, VAT and employment records for 6 years to comply with Revenue requirements. We retain pension and
retirement records permanently to comply with relevant legislation

Health & Safety data

We keep records of major accidents and dangerous occurrences for 10 years to comply with relevant legislation

Do we use automated decision making or automated profiling processes?

We do not currently use automated decision making or automated profiling processes.

How do we protect your personal data?

Personal data should be processed in a manner that ensures appropriate security of personal data, including
protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using
appropriate technical and organisational measures.

Only authorised employees or contractors have access to the personal information that the Bevella collects. Only
those that require access have it. The physical security of buildings, filing cabinets and offices are
considered and are secured and locked when not in use. Bevella uses best practice IT security procedures and
systems to safeguard personal data.

What rights do you have in relation to your personal data?

As a data subject you have several rights that you can elect to exercise:

The Right to Access

Individuals have the right to review their data—and any supplemental data—and understand how their data is stored
and used. Our Data Protection Officer is

responsible to ensure that such requests are processed within one month, are not excessive and do not affect the
rights to personal data of other individuals.

The Right to be Informed

Individuals have the right to fully understand how personal data is: collected, stored, managed, protected and
processed. This Privacy Notice is one way to enable this kind of transparency.

The Right to Portability

Individuals have the right to request transfer of their personal data to another person or organisation for
storage or processing.

The Right to Rectification

Individuals have the right to update, supplement or correct incomplete or inaccurate data the Bevella holds.

The Right to be Forgotten

Upon request, data subjects have the right to obtain from Bevella the erasure of its personal data. This must be
done only in compliance with any legal or statutory obligations.

The Right to Restrict Processing

Individuals may request that their data not be used for specific purposes.

The Right to Object

Individuals can object at any time to processing of personal information – for direct marketing for example or in
certain other situations

Rights in Relation to Automated Decision Making and Profiling

Individuals have the right to request manual processing for any decisions made with their data.

How do you exercise your rights?

To exercise any of the rights, please contact our Data Protection Officer using the details below and let us know who you are and what right you’d like to exercise.

How do you raise a complaint?

In the event, that you wish to complain about how we have handled your personal data, please contact our Data Protection Officer
at:
Bevella under Primeline Data
Protection Officer Primeline Group,
Unit 3, Ashbourne Business Park,
Ashbourne, Co. Meath
[email protected]
Tel: 01 8353000 or 087 4317957

If you still feel that your personal data has not been handled appropriately according to the law, you can contact the DPC (the Irish supervisory authority for the GDPR) and file a complaint with them at:

Data Protection Commission
Canal House, Station Road, Portarlington,
R32 AP23, Co. Laois
Tel: 1890 252 231
[email protected]

What if this privacy notice changes?

This document was issued in June 2021. We regularly review our data protection policies and procedures. If anything changes, we will update our website to reflect this in a timely manner.