More
During the course of your business relationship with Pilgrim’s Pride Ltd. (Company number: 608077) (“PPL”), we will process your personal data in accordance with this privacy notice. We are committed to protecting and respecting your privacy. PPL is the controller in relation to the personal data which is collected and processed in connection with our business relationship.
This privacy notice sets out the basis on which any personal data we collect from you, or that you provide to us will be processed by us. Please read this carefully to ensure you understand our processes regarding your personal data and how we will treat it.
Personal data, or personal information, means any information from which that person can be identified. It does not include data where the identity of the person has been removed (anonymous data).
We will collect and process the following personal data about you:
We do not routinely collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data). We do not collect any information from you about criminal convictions or offences.
We provide access to an ethics hotline to allow both employees and third parties to raise any concerns they might have in relation to our operations that employees and third parties cannot or do not feel able to raise in other ways. In order to allow for an element of confidentiality, this ethics hotline is operated by an independent third-party processor. However, you will appreciate that in order to investigate and deal with some cases, it may be necessary for the information you provide to the ethics hotline (which may include personal data) to be shared with us, or other companies in our group. We will use the data for the purposes of investigating the matter to which it relates and will handle your data during such investigations in accordance with this privacy notice.
PPL is a member of the Modern Slavery Intelligence Network (MSIN). The MSIN is a non-profit collaboration of organisations in the UK food and agriculture industry who are coming together to share intelligence relating to modern slavery and trafficking with the aim of interrupting worker exploitation and preventing instances of Modern Slavery.
The MSIN is a working pilot to develop and trial a structured intelligence-sharing mechanism between its members which will enhance the effectiveness of their contribution to the disruption of modern slavery and labour exploitation practices. PPL may share details of actual or suspected worker exploitation or modern slavery with the members of MSIN with the intention of detecting, preventing and disrupting modern slavery and labour exploitation activity, protecting workers and improving outcomes for victims. The NGO Stop the Traffik has been appointed as a data sharing partner to develop an online platform for secure sharing of data by members.
We process the information, including personal data, which we receive in connection with our business relationship for the following purposes:
The primary basis of our processing of your personal data is for the performance of the contract between you and PPL. We may also process your personal data on the basis of our legitimate interests (e.g. prior to entering an agreement with you or to recover debts due to us) or as is necessary to comply with legal obligations (e.g. supply chain traceability and visibility). Furthermore, in very limited circumstances, your personal data may be processed on the basis of your consent.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may combine any information we receive from other sources (e.g. credit reference agencies) with information you give us and information we collect about you. We may use this information for the purposes set out above.
The list of reasons and purposes may be ongoing and updated in order to comply with other business needs and/or statutory requirements.
If you fail to provide certain information when requested, we may not be able to perform the contract we are trying to enter into with you or have entered into with you, or we may be prevented from complying with our legal obligations.
In the normal course of business, your information may be transferred/disclosed to the following recipients:
In addition, we may give information about you (‘Debtor Information’) to our bank (‘The Bank’) to allow them to provide services to us and to manage our account. The Debtor information may also identify the names or other personal information (such as address information) of your owners, partners or directors.
The Debtor Information may include details of account balances, historical payment experiences, and other information regarding the conduct of your account such as disputes, defaults etc.
The Bank may store and process the Debtor Information on their computer system (s) and in any other way. Such information may be used by them and other companies within their Group for training purposes, credit or financial assessments, market and product analysis, making and receiving payments, recovering monies and preparing statistics. They may also use such information to prevent fraud, bad debts and money laundering.
The Bank may also give information about your account and its indebtedness to: their insurers or re-insurers so they can quote for and issue any policy or deal with any claim; any guarantor or indemnifier of our obligations to them (if any); and Group company of them or any advisor acting on our or their behalf
Your personal data may be disclosed to our ultimate parent company Pilgrim’s Pride Corporation and its majority shareholder JBS USA. We also utilise the services of Pilgrim’s Shared Services Ltd (PSSL) to provide IT, accounts and payments and other key function services which means that we may share your information with PSSL who are bound by terms of confidentiality and must meet our standards in regards data protection. PSSL will be acting as a data processor for us in this respect. We will also share your information as necessary with our UK based sister companies including Moy Park Limited, Pilgrim’s Food Masters (UK) Limited and Pilgrim’s Food Masters Ireland Limited and their affiliates.
Our ethics hotline is provided by a third-party company who store the data in the EEA but the data will be shared with JBS USA who administer the ethics investigations in the USA. Copies of the applicable privacy notice will be made available to you at the time of logging any complaints via the ethics line. Certain personal data may also be reported to government authorities such as HMRC, where required by law.
We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of sale, terms and conditions of purchase, terms of any contract with you and other agreements; or to defend or make any legal claim; or to protect the rights, property or safety of PPL, our customers or others. This includes exchanging information with other companies for the purposes of fraud protection and credit risk reduction.
If your personal data is transferred to controllers or processors located in countries outside the United Kingdom and the EEA, including group entities, not ensuring an adequate level of protection, such transfer will be safeguarded by either the EU Commission’s Standard Contractual Clauses or the Standard Contractual Clauses issued by the Information Commissioner pursuant to section 119A of the Data Protection Act 2018, other appropriate safeguards, or any approved derogations under applicable data protection legislation. Otherwise, you will be asked to provide your explicit consent to the transfer.
As a general rule, your personal data will be kept for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we may consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
If our business relationship no longer exists, we will store your personal data for seven years after cessation of our relationship.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact gpo@pilgrimssharedservices.com
Right to withdraw consent
In the very limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that processing of your personal data at any time. To withdraw your consent, please contact gpo@pilgrimssharedservices.com
Once we have received notification that you have withdrawn your consent, we will no longer process your personal data and we will dispose of your personal data securely, unless we are permitted or required by law or regulatory requirements to process your personal data without your knowledge or consent. In such a case, we will not process more personal data than is required under the circumstances.
We reserve the right to update this privacy notice at any time and any changes will be posted on this page. Please check back frequently to see any updates or changes to our privacy notice. We may also notify you in other ways from time to time about the processing of your personal information.
If you want to exercise any of your rights, if you have any questions regarding this privacy notice or the processing of your personal data, you may contact: gpo@pilgrimssharedservices.com.
If you have any complaints regarding the processing of your personal data, please do not hesitate to contact us. You also have the right to make a complaint at any time to:
Information Commissioner’s Office (”ICO”)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AT
Telephone: 0303 123 1113 or 01625 545745
Live chat and online reporting – www.ico.org.uk
We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance.
Privacy Notice – Prospective Customers or Suppliers
As part of our customer and supplier due diligence , you may be asked to complete a Supplier Completion Form- Compliance, a Business Intermediary Due Diligence Request Form or a Due Diligence Questionnaire and provide associated information as a potential customer or supplier (“ Due Diligence Information”) to a company in the Moy Park and Pilgrims Group including Moy Park Limited, Kitchen Range Foods Limited, Pilgrim’s Pride Ltd, Pilgrim’s UK Lamb Limited, Pilgrim’s Shared Services Ltd, Pilgrim’s Food Master’s UK Limited, Pilgrim’s Food Masters Ireland Limited, Oakhouse Foods Limited, Rollover Limited, Albert Van Zoonen BV, Moy Park France SAS and Moy Park Beef Orleans SARL and their affiliated companies (each described as “ we/ the Company” individually and collectively as “the Group”).
The particular Group company that you are establishing a business relationship with will be the “Data Controller” and you will be the “Data Subject” as defined under EU and UK GDPR of any personal data you provide in response to the Due Diligence Information and in response to any other information provided to us as part of the Company customer and supplier set up process.
The Company will comply with our obligations under the relevant data protection laws, including the: (i) EU General Data Protection Regulation ((EU) 2016/679) (‘EU GDPR’; (ii) UK General Data Protection Regulation (as defined in The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) (‘UK GDPR’); and (iii) Data Protection Act 2018, and any subsequent legislation (together the ‘Data Protection Law’) when handling your personal data ( as defined by the Data Protection Law).
Overall responsibility for monitoring compliance with data protection sits with the Privacy Steering Group, the main contact of which is the Group Privacy Officer (who can be contacted at gpo@pilgrimssharedservices.com).
1. What information is being gathered and held?
Due Diligence Information that you have provided to the Company by completing the due diligence forms or as part of any associated tender or other pre-contract processes, communication, correspondence, or enquiries. We may also gather information about you from other third parties such as credit refence agencies and third party agencies that we use as part of our due diligence and compliance processes for example to screen against international sanctions lists and to complete appropriate due diligence in compliance with our Anti-Bribery and Anti-Corruption Policy and all applicable anti-bribery and anti-corruption laws and guidance. Occasionally we may sometimes collect additional information from publicly available sources, such as Companies House or publicly available internet and social media sites. To the extent that the information gathered falls into the category of personal data, this is collectively referred to as your personal data in the notice.
2. On what basis do we process your information?
The Due Diligence Information will be used by the Company to help achieve compliance with anti-corruption laws including the UK Bribery Act 2010 and the United States Foreign Corrupt Practices Act. The questions have been tailored to seek only information that is relevant to the Group’s anti-corruption compliance efforts. The lawful basis for processing this data is to comply with our legal obligations and for our legitimate business interests of the Company which include ensuring that we complete appropriate due diligence on customers and suppliers to ensure we comply with our internal compliance processes and policies, and we believe that these legitimate business interests are not incompatible with your rights and freedoms.
We will not normally process Special Category Personal Data or data relating to criminal offences save for in the following circumstances:
• you have provided us with the information with your explicit consent;
• where it is necessary to comply with our obligations under the law; or
• to enable us to meet our regulatory requirements relating to unlawful acts and dishonesty.
We will use information about you to determine your suitability to become an approved customer or supplier to the Company in compliance with our legal obligations and internal compliance processes.
3. What happens if you fail to provide personal data?
The provision of any personal data as part of the Due Diligence Information is required for us to complete our customer and supplier due diligence processes prior to entering into a contract with you as a customer or supplier. You do not have to supply the information but a refusal to provide this personal data may prevent us from being able to process your enrollment onto our systems as a customer or supplier which may prevent us from entering into a contract with you.
4. Will you be subject to automated decision making?
Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so. Where your data is subjected to automated processing, we will inform you in advance.
5. Who will your personal data be disclosed to?
Your personal data will be accessed by authorised staff at the Company who need to have access to that information to complete customer and supplier due diligence checks which will include relevant members of the supply chain, finance, commercial, legal and compliance teams.
The Company utilises the services of Pilgrim’s Shared Services Ltd (PSSL) to provide IT, finance, supply chain and legal and compliance support and other key function services which means the Company shares your information with PSSL who are bound by terms of confidentiality and must meet the Company standards in regards data protection. PSSL will be acting as the data processor for the Company in this respect. We will also share your information as necessary with our UK based sister companies.
We may also have to share your data with third parties, including third-party service providers and other entities in the group or where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so. The following activities are carried out by third-party service providers:
• IT services;
• auditing;
• whistleblowing/ ethics helpline;
• lawyers in law firms in the course of obtaining legal advice and other professional advisors;
• company reference agencies and other background checks;
• responding to data subject access requests and data breaches; and
• with a regulator or to otherwise comply with the law.
We require third parties to respect the security of your data, to take appropriate security measures and to treat it in accordance with the law. We only permit third parties to process your personal data for specified purposes and in accordance with our instructions.
6. Will your personal data be transferred to third parties outside of the European Economic Area (EEA) or UK?
We may transfer the personal data we collect about you outside of the UK or EEA to a country that may have privacy protections less stringent than in the EEA or UK. For instance, we may transfer your personal data to our parent company, Pilgrim’s Pride Corporation (‘PPC’), and its majority shareholder, JBS USA, (both based in the United States of America) in order to complete due diligence checks on you and to report on our compliance with Anti-Bribery and Anti-Corruption laws or any related audit. We also use third-party processors to carry out due diligence and profile checks on potential customers and suppliers who are based in the United States of America.
In the absence of an adequacy decision from the EU Commission or UK Parliament, we will implement measures to ensure that your personal data receives an adequate level of protection, such as EU standard contractual clauses or UK International Data Transfer Agreement, together with technical and organizational safeguards to ensure that your personal data is treated in a way that is in compliance with and which respects the EU and UK laws on data protection. For further information, or to request copies, about the data transfer agreement or the safeguards in place please contact the Group Privacy Officer.
7. How long will we use your information for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected the personal data for, including for the purposes of satisfying any legal, accounting, or reporting requirements. For further information, please see our Retention Guidelines available from the Group Privacy Officer.
For further information on how the Company uses, handles and stores your data and your rights as a data subject please see the Company general Privacy Notice available on the Company internet site, copies of which are available from the Group Privacy Officer.
If you have any concerns or queries about our use of your personal data, please contact the Group Privacy Officer at gpo@pilgrimssharedservices.com.
