HEINEKEN UK is committed to making its website fully accessible. Using the guidelines set out by the W3C (World Wide Web Consortium) we aim to have our website conform to a WAI (Website Accessibility Initiative) rating of ‘A’.

The HEINEKEN UK website has the following features built into it which will help us to maintain a high level of accessibility that will comply to W3C WAI ‘A’ standards. 1. CSS & HTML markup complies with W3C guidelines up to priority. 2. Access keys are used as keyboard shortcuts. 3. A hidden ‘jump to content’ link is used allowing the user to skip over the main navigation directly to the main content of the page.

Access keys are keyboard shortcuts that allow the user to jump to selected parts of a website. Access keys work differently depending on the software and platform that is being used. The following is a guide on how to use keyboard shortcuts with different system platforms and web browsers.

Using access keys on a PC with Microsoft Windows:

  • If you are using Windows pressing the ‘ Alt ‘ key in combination with the access key will highlight that link on the page, you then press ‘ Enter ‘ to select that link.

Using access keys on an Apple Mac:

  • If you are using a Mac pressing the ‘ Ctrl ‘ and ‘Alt’ key in combination with the access key will automatically send you to that specific page.

Using access keys with different Web Browsers:

  • As mentioned before access key controls behave differently with different web browsers. The following is a guide to how different browsers handle this feature.

Using Access keys with Google Chrome:

Google Chrome (PC)

  • Hold down the ‘ Alt ‘ key, press the number of the Access key.

Google Chrome (Mac)

  • Hold down the ‘ Alt ‘ key, press the number of the Access key.

Using Access keys with Edge & Internet Explorer:

Edge (PC)

  • Hold down the ‘ Alt ‘ key, press the number of the Access key.

Internet Explorer 11 (PC)

  • Hold down the ‘ Alt ‘ key, press the number of the Access key.

Using Access keys with Firefox

Firefox, Mozilla (PC)

  • Hold down the ‘ Alt ‘ & ‘Shift’ key and press the number of the Access key

Firefox, Mozilla (Mac)

  • Hold down the ‘ Ctrl ‘ & ‘ Option ‘, key and press the number of the Access key

Using Access keys with Safari or Opera.

Safari (Mac)

  • Hold down the ‘ Ctrl ‘ & ‘ Alt ’ key and press the number of the Access key

Opera

  • Hold down the ‘ Shift ‘ key and press ‘ Escape ‘ , release both keys, then press the number of the Access key

This website uses the following access keys:

  • ‘s’ = Skip to Content
  • ‘1’ = Home
  • ‘2’ = About Us
  • ‘3’ = Pubs
  • ‘4’ = Cider & Beer
  • ‘5’ = Sustainability
  • ‘6’ = Media
  • ‘7’ = Careers
  • ‘8’ = Contact
  • ‘l’ = Legal Hub
  • ‘m’ = Site Map
  • ‘t’= Terms of Use
  • ‘p’ = Privacy Policy
  • ‘c’ = Cookie Policy

It is useful to note that you can also use your browser options to change the layout of the website you are viewing. Generally, depending on the browser you are using you can change things like text size, colours and sometimes even upload your own style sheet. The following guidelines explain how to do this with the most commonly used browsers.

Internet Explorer: Internet Explorer has a wide range of accessible options.

Changing the Text Size:

View > Text Size

Choose between – ‘Largest’, ‘Larger’, ‘Medium’, ‘Smaller’ and ‘Smallest’

Other formatting styles:

Tools > Internet Options > General.

Choose between – ‘Colors’, ‘Languages’, ‘Fonts’ and ‘Accessibility’

Colors – Allows you to choose the colours of to be used for Text, Background and Links

Languages – Allows you to add different languages to your browser to read the website

Fonts – Allows you to change the font for any font that is not styled or specified on the website

Accessibility – Gives formatting options allowing you to ignore specified Colours, Font Styles or Font Sizes. Also allows you to format pages using your own style sheet.

Firefox: Firefox has the following options.

Changing the Text Size:

View > Text Size

Choose between – increase, decrease or normal.

Other formatting styles:

Select – Tools > Options > Content > Fonts & Colours Box > Advanced – Change formatting of fonts

Select – Tools > Options > Content > Fonts & Colours Box > Colours – Change colours of text, background and links


Heineken UK Limited (“Heineken”, “we” or “us”) respects your privacy and recognises your desire to safeguard your personal information. These Terms of Use, along with our Privacy Policy and Cookies Policy, are designed to inform you about the kind of personal information collected on this website (the “Website”), to inform you of the conditions of use of the Website, and how we maintain the security of the Website. Please read the Terms of Use set out below carefully.

By using our Website, you acknowledge and agree to the following Terms of Use. If you do not agree to these terms, please do not use this Website.

 These Terms of Use are applicable to the Website, unless explicitly stated otherwise in any particular instance. By entering this Website and indicating your acceptance, you acknowledge and agree that you shall be bound by any revisions to the Terms of Use. We suggest periodically visiting this page of the Website to review these Terms of Use for any changes.

This Website is operated by Heineken UK Limited, a company registered in Scotland under company number (SC065527) with registered office at 3-4 Broadway Park, South Gyle Broadway, Edinburgh EH12 9JZ. To contact us, please e-mail us through our ‘Contact Us’ page on the Website.

This Website is intended only for residents in the UK of at least 18 years of age. Do not use this Website if you are younger than 18 and/or not resident in the UK. Date of birth verification is required to gain access to the Website and prompts may be located within the Website.

 

 

You acknowledge and agree that any personal data that you provide and/or we collect when you use this Website shall be processed in accordance with our Privacy Policy and in accordance with relevant data protection laws which include, without limitation, the Data Protection Act 2018 and the EU General Data Protection Regulation 2016/279.

This Website is controlled and operated by Heineken from its offices in the UK. Heineken makes no representation that material in the Website is appropriate or available for use in other locations. Those who choose to access this Website from other locations do so on their own initiative and are responsible for compliance with local laws if, and to the extent, that local laws are applicable. These Terms of Use and anything in the Website shall be governed by the laws of England and Wales.

Access to our Website is permitted on a temporary basis, and we reserve the right to withdraw or amend the service we provide on our Website without notice. From time to time, we may restrict access to some parts of our Website, or our entire Website, even to users who have registered with us. We will not be liable if, for any reason, our Website is unavailable at any time or for any period. You are responsible for making all arrangements necessary for you to have access to our Website. You shall not interfere or attempt to interfere with the operation of the Website or the use thereof by other users, in any way through any means or device, including, but not limited to uploading computer viruses, logic/time bombs, Trojan horses, spamming, hacking, or any other means expressly prohibited by any provision of these Terms of Use.

 

This Website contains material which may include but not be limited to audio, graphics, sound and video recordings, charts, text, databases, information, or images of places or people and any names, copyright, registered designs, logos, trademarks and/or service marks (“Materials”) which are owned by or licensed to Heineken and protected by international copyright, trade mark and other intellectual property laws. By using this Website, you acknowledge and agree that any Materials on this Website, are owned or licensed by Heineken. You shall not be permitted to reproduce, modify, reverse engineer, distribute, exploit, decompile, create derivative works of (or based on) these Materials, or do any other act which is otherwise than for your own personal use in the UK or in respect of which Heineken has provided its express prior written consent. Heineken will enforce its intellectual property rights to the fullest extent of the law. Any unauthorised use of these Materials may subject you to penalties or liability for damages including, without limitation, those related to violation of trademarks, copyrights, privacy and passing off.

Although the Materials and information on the Website are based on up-to-date information, and while Heineken makes all reasonable efforts to ensure that all content, information and Materials on this Website are correct, accuracy cannot be guaranteed and Heineken makes no warranties or representations of any kind as to its accuracy. If the need arises to update our Website, we may suspend access to our Website, or close it indefinitely.

Although this Website may be linked to other sites on the internet, Heineken provides such links solely for your convenience, and is not, directly or indirectly, implying any approval, association, sponsorship, endorsement, responsibility or affiliation with the linked site or any content, information or other materials contained therein, unless specifically stated. These links will lead you to sites operated by third parties that operate under different privacy policies and we encourage you to review these privacy policies as we have no control over the information you may submit to those third parties. By entering this Website you acknowledge and agree that Heineken has not reviewed all sites linked to this Website and is not responsible for the content of any off-Website pages. Your linking to or viewing of any off-Website pages or other sites is at your own risk. We disclaim any and all warranties, express or implied, as to the accuracy, legality, reliability, accessibility or validity of any content, information or other materials contained on any other site.

You may link to our home page only, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists. You must not establish a link from any website that is not owned by you. Our Website must not be framed on any other site. You must obtain our prior written permission to link any off-homepage pages to your website and we reserve the right to refuse permission at our sole discretion. We reserve the right to withdraw linking permission without notice.

Any use and/or browsing of this Website is performed at your own risk. This Website (including, without limitation, all information, content, materials and functions made available on or through this Website) is provided to you “as is” without further representation or warranty of any kind, either express or implied. To the fullest extent permissible by law with regard to the contents of this Website, Heineken explicitly disclaims and makes no representations or warranties of any kind whatsoever: (a) for the accuracy, merchantability, fitness for a particular purpose, title or non-infringement of any content published on or made available through this Website by any visitor to our site or by anyone who may be informed of any of its contents; or (b) that the server or means that you use to access the server that makes this Website available is free of viruses, bugs or other components that may infect, harm or cause damage to your computer equipment, network connections or any other property when you access, browse, download from or otherwise use this Website.

Under no circumstances, including but not limited to Heineken’s negligence, will Heineken, Heineken’s group companies or any third party involved in creating, producing, hosting or delivering this Website, be liable for: (a) any losses, costs or expenses of any kind (including, without limitation, legal fees, expert fees or other disbursements); or (b) any damages whatsoever, whether direct, indirect, incidental, consequential, special, punitive or of any other kind or nature; whether arising out of or through your access to, the use of or browsing of this Website, or through your downloading of any materials, including, without limitation, anything caused by any viruses, bugs, human action or inaction, failure or malfunction of any computer system, phone line, hardware or software programs, or any other errors, failures or delays in computer transmissions or network connections, or otherwise, even if Heineken has been advised of the possibility of such losses or damages or the same is considered reasonably foreseeable. This does not affect our liability for death or personal injury arising from our negligence, nor our liability for fraudulent misrepresentation, nor any other liability which cannot be excluded or limited under applicable law. Heineken further assumes no responsibility, and will not be liable for, any loss or corruption of data on account of your access to, use of, or browsing of the Website, or your downloading of any Materials from the Websites. In no event shall Heineken’s total liability to you for all damages, losses and causes of action (whether arising in contract, tort or otherwise) exceed the amount paid by you, if any, for access to the Website.

You agree to indemnify, defend and hold Heineken and each of its agents, directors, employees, information providers, licensors and licensees, officers, parents, subsidiaries and affiliates (collectively “Indemnified Parties”) harmless from and against any and all liability and costs (including, without limitation, legal fees and costs) incurred by the Indemnified Parties in connection with any claim arising out of any breach by you of these Terms of Use. You will cooperate as fully as reasonably required in Heineken’s defence of any such claim. Heineken reserves the right, at its own expense, to assume the exclusive defence and control of any matter subject to indemnification by you. In no event shall you settle any such matter without the express prior written consent of Heineken.

Heineken respects the intellectual property rights of others. It is our policy not to permit materials known by Heineken to infringe another party’s copyright to remain on any portion of the Website. If you believe any materials on any part of the Website infringe a copyright, you should provide Heineken with written notice that at a minimum contains: (a) a physical or electronic signature of a person authorised to act on behalf of the owner of an exclusive right that is allegedly infringed; (b) identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works; (c) identification of the material claimed to be infringing or to be the subject of infringing activity that that is to be removed or access to which is to be disabled and information reasonably sufficient to permit Heineken to locate the material; (d) information reasonably sufficient to permit Heineken to contact you, such as an address, telephone number and, if available, an electronic mail address; (e) a statement that you have a good faith belief that use of the material in the manner complained of is not authorised by the copyright owner, its agent, or the law; and (f) a statement that the information in the notification is accurate, and under penalty of perjury, that you are authorised to act on behalf of the owner of an exclusive right that is allegedly infringed.

These Terms of Use together with our Privacy Policy and Cookie Policy set forth the entire understanding and agreement between you and Heineken with respect to the Website and your use thereof. You agree that Heineken may transfer its rights and obligations under these Terms of Use to another person without consent. You acknowledge that any other agreements between you and Heineken with respect to the Website, if any, are superseded and of no force or effect. If any provision of these Terms of Use shall be deemed unlawful, void or unenforceable for any reason, then such provision will be deemed severable from these Terms of Use and shall not affect the validity and enforceability of any remaining provisions.

 

If you have any further questions or comments regarding our Terms of Use, Privacy Policy or Cookie Policy, please send us an e-mail with your questions or comments through our “Contact Us/Get in Touch” page. These Terms of Use were last updated in September 2019.

 


This Cookie Policy sets out:

  • what a cookie is (paragraph 2);
  • an overview of the cookies we use and why (paragraph 3);
  • what you can do if you do not consent to the cookie use (paragraph 4);
  • further information about cookies in general (paragraph 5); and
  • a detailed table listing all of the cookies that we use on this Website (paragraph 6).

When you enter the Website it will make use of “cookies”. Cookies are small text files containing small amounts of information which are downloaded and may be stored on your device e.g. your computer (or other internet enabled devices, such as a smartphone or tablet). We may use similar techniques, such as pixels, web beacons and device fingerprints, and for the sake of consistency all of these techniques will be referred to in this Cookie Policy as ‘cookies’. This Cookie Policy provides you with information about the cookies we use and why. Our Privacy Policy sets out full details of the other information we may collect and how we may use your personal information and can be

HEINEKEN UK Limited (“HEINEKEN”, “we” or “us”) uses cookies to give you a better online experience. In order to make full use of our Website, your computer, tablet or mobile device will need to accept cookies. It is important you know what cookies our Website uses and for what purposes. This will help to protect your privacy while at the same time providing you with the best online experience. If you do not wish to accept cookies in connection with your use of this Website, you have the following options:

  • you may choose not to accept cookies via the pop-up banner or turn off cookies at any time (see section 4 below for more details on how to do this), but please be aware that this may affect the functionality of the Website;
  • you can stop using this Website.

You can change your cookie preferences at any time by changing your settings which is further explained in section 4 below. You will find a list of all cookies within each category (necessary, functional and performance) in section 6 of this policy. Please note that disabling the cookies settings on our Website shall not result in the deletion of any cookies that have already been set – however, you can delete these at any time by accessing the browser settings on your device (see section 4 below for more details on how to do this).

We use several different types of cookies. In particular, we use: necessary cookies which enable certain fundamental website features; functionality cookies which allow us to remember choices you make (e.g. your cookie preference); and performance cookies which monitor usage of our Website. Some of these are session cookies which are temporary and allow us to link your actions during a single visit to our site, and which are erased when you close your browser. Others are persistent cookies which remain on your device for the period of time specified in the cookie (see paragraph 6 for details of how long these cookies persist).

The following is a more detailed explanation of the types of cookies we use, categorised by the purpose of the cookies:

  1. necessary cookies

Necessary cookies are essential and help you navigate the Website. These cookies are anonymous, and do not collect or store any personally identifying information about you. Without these cookies, we may not be able to provide the services you have asked for. For example, these cookies make sure that you only have to verify your age by responding to the age-gate once on your first visit, rather than every time you visit the Website. These cookies also help to support website security and basic functionality and are necessary for the proper operation of our Website, so if you block these cookies we can’t guarantee your use or the security of our Website during your visit.

  1. functionality cookies

Functionality cookies are used to provide you the best user experience.  They also allow the Website to remember choices made (such as language or the region you are in) and provide enhanced, more personal features.

  1. performance cookies

Performance cookies help us to understand the behaviour of our visitors and their usage of the Website in an aggregated manner. This allows us to continuously improve the Website to provide the best user experience. These cookies are also used to help us understand how effective our advertising is; for instance these cookies tell us which pages visitors go to most often, and if they get error messages from web pages. All information these cookies collect is aggregated, to assist us to improve how a website works. Some of these cookies are managed by third parties (see paragraph 6 for more details), and you may refer to the third parties’ own website privacy notifications for further information.

In particular, we use Google Analytics cookies to obtain an overall view of visitor habits and visitor volumes, and to help improve the overall experience on our website. Google Analytics, a third-party web analysis service provided by Google Inc, uses “performance cookies” and “targeting cookies” to analyse how you use the Website. The information generated by the cookie about your use of the Website (including your IP address) will be transmitted to and stored by Google on servers in the United States. However, this website uses Google Analytics with the expansion ‘anonymizeIp()’ which means that Google will truncate/anonymise the last octet of the IP address for Member States of the European Union. On our behalf, Google will use the information collected for the purpose of evaluating your use of our Website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser as described further below at paragraph 4. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB#.

You may disable the use of Google Analytics by using the link disable Google Analytics. This link creates an opt-out cookie which prevents the further processing of your data. For more information about Google Analytics cookies, please see Google’s help pages and privacy policy.

Once you have given us your agreement to the use of cookies, we shall store a cookie on your computer or device to remember this for the next time. If you wish to withdraw your consent to the use of necessary or functional cookies you will have to block these cookies separately through your internet browser settings for each browser you use. You can also use your browser settings to remove any cookies that we have already set on your device. Please be aware that some of our services will not function if your browser does not accept necessary or functional cookies. However, you can allow cookies from specific websites by making them “trusted websites” in your internet browser at a later date.

The following links may assist you in managing your cookies settings, or you can use the ‘Help’ option in your internet browser for more details:

The following link contains further information about cookies: http://www.aboutcookies.org/. In addition, a guide to online privacy has been produced by the internet advertising industry which can be found online at:

  • http://www.youronlinechoices.eu
  • www.aboutads.info

Below is a full list of the cookies used: 1. NECESSARY COOKIES (See section 3a of this Policy)

2. FUNCTIONAL COOKIES (See section 3b of this Policy)

3.PERFORMANCE COOKIES (See section 3c of this Policy)

 


We respect your privacy and are committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit this Website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

This privacy notice is provided in a layered format so you can click through to the specific areas set out below.

HEINEKEN UK Limited and Star Pubs & Bars Limited (collectively referred to as “we“, “us“, or “our” in this privacy notice) are part of the HEINEKEN Group. When we mention “we“, “us” or “our” in this privacy notice, we are referring to the relevant company which is responsible for processing your personal data. Unless we inform you otherwise, the controller will be HEINEKEN UK Limited. However, where processing of personal data is undertaken by Star Pubs & Bars Limited for their own independent purposes (for example in connection with a marketing campaign), that entity will be a separate controller of your personal data. The contact details for each controller are as follows:

Our Contact Details:

If you have any questions about this privacy notice or our processing activities, we can be contacted as follows:

It is important that you read this privacy notice together with our Cookie Policy and any terms of use that apply to the services or Website which are presented to you. This privacy notice supplements the other notices and is not intended to override them.

We respect your privacy and are committed to protecting your personal data. This privacy notice describes how we look after your personal data collected when you: (a) visit our website (“Website”), (b) visit a venue where we sponsor the Wi-Fi services (“Wifi Services”), (c) use social media profiles where you have agreed for data to be shared with us (“Social Media Platforms”) or (d) generally engage with us including by contacting us with an enquiry or complaint, taking part in a competition or purchasing products or services (“Engagement”).

Personal data, or personal information, means any information about an individual from which that person can be identified. We collect this information directly from you during any Engagement, as well as automatically through your use of our Website and indirectly from the third party providers of the Wifi Services and Social Media Platforms or from third party marketing platforms. Depending on the nature of our engagement, we collect different categories of information about you from time to time which we have grouped together as follows:

  • Identity Data – name, username, title and date of birth and personal characteristics including age and gender.
  • Contact Data – billing address, delivery address, email address and telephone numbers.
  • Profile Data – preferences, feedback, survey responses and interests including activities noted on Social Media Platforms (for example, Facebook likes/groups).
  • Technical and Usage Data – information about how you use our products, services, Website and the Wifi Services such as internet protocol (IP) address, cookies, mobile device ID, any login data, browsing history, browser type and version, time zone setting and location, viewed pages with date and time stamp (log information), browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website.
  • Marketing and Communications Data – preferences in receiving communication and marketing from us.
  • Location Data – GPS-based location information from your use of our Website, the Wifi Services or Social Media Platforms via your smartphone(s), tablet(s) or other devices.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature or using the Wifi Services and visiting venues where we supply our products. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not process any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health or genetic and biometric data). Nor do we process any information about criminal convictions and offences.

We do not knowingly collect personal data relating to children and have age verification processes on our Website and as part of the Wifi Services. Further, we do not market our products or services to anyone under the age of 18.

We collect the above categories of personal data about you for the following purposes:

  • To communicate with you – this includes where we manage our relationship with you; where we respond to complaints or enquiries; where we invite you to events, or where we make suggestions to you about various products and services that you could benefit from;
  • To maintain and optimise our Website – this includes where we need to solve performance issues, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data, to improve the availability of the Website and to secure the Website against fraud;
  • To perform a contract we have in place with you, including managing payments, fees and charges;
  • To enable you to complete surveys about how we can improve the services we offer you, or ask you for information on how we can improve our Website or our Engagements with you;
  • To enable you to partake in a promotion including: prize with purchase promotions (including giveaways, instant wins and online, mobile, social media and app entries); loyalty and reward schemes; activity challenge; sweepstake, scratch-card and raffle style promotions (including instant wins and online, mobile, social media and app entries); sampling and point of sales promotions and geo-targeted activities (including gamification and SMS);
  • For data analytical purposes in order to improve our products/services, marketing, customer relationships and experiences; and
  • To improve our marketing strategies by creating profiled audience segments so that we can send relevant tailored offers and content, in particular when we sponsor Wifi Services, use data management platforms or receive information from Social Media Platforms.

We will only use your personal data for the purposes above, unless we reasonably consider that we have another appropriate reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Further information on the circumstances in which we collect your data is available in Annex 1 of this privacy notice.

Under data protection laws, we must have a legal basis under which we process your personal data. When we collect and use your information, we do so under one of the following:

  1. We have a legitimate interest as a business;
  2. To perform a contract we have with you;
  3. To comply with a legal obligation; or
  4. If you have given us your consent.

Legitimate Interest as a business means conducting and managing our business to enable us to give you the best service and to promote and grow our business. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We will not use your personal data for activities unless we have a compelling interest which is not overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party, such as entry into a promotion or subscription to a particular service, or to take steps at your request before entering into such a contract.

Compliance with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to, such as anti-money laundering legislation.

With your consent, this can only be relied on by us as a legal basis for processing where your consent has been freely given, is unambiguous and clear (i.e. you have actively opted into a service we provide by ticking a box). If you provide us with your consent to process your data at any point on our Website or in connection with the Wifi Services or on a Social Media Platform, you can withdraw it at any time, and we will stop all processing activities that were based on consent as a legal basis for processing. Please note we may still process the data if we have another lawful basis for processing (in most instances, this will be for a more limited purpose e.g. back-up storage or to record a withdrawal).

Further information on the relevant purposes and linked legal basis are set out in Annex 1 of this privacy notice.

Where we need to collect personal data due to a legal or regulatory obligation, or in relation to the performance of a contract, and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). We will notify you of this at the time.

We may have to share your personal data with the parties set out below for the purposes set out in the table in Annex 1:

  • Internal third parties – Other companies in the HEINEKEN group based within the EEA and the UK;
  • External third parties – We share your personal data with third parties which include: 
    • IT and system administration service providers based within the EEA and UK;
    • Service providers such as solicitors and accountants;
    • First and Third party advertising companies and media agencies for marketing and research purposes;
    • Marketing agencies based within and outside the EEA and UK who provide promotion services;
    • Prize fulfilment agencies based within the EEA and UK;
    • Data storage provider(s) based within the EEA and UK;
    • Data management platform provider, Relay42, based outside the EEA and UK who provides marketing strategy services;
    • Data on-boarding service providers based within the EEA and UK who provide marketing strategy services;
    • Third party providers of Social Media Platforms (including Facebook) and the Wifi Services (including Wireless Social);
    • Courts, parties to litigation and their professional advisers where we reasonably deem it necessary in connection with the establishment, exercise or defence of legal claims; and
    • A purchaser or parties interested in purchasing any part of our business.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Where the third parties act as processors on our behalf, we only permit them to process your personal data for specified purposes and in line with our instructions.

Our external third parties may be based outside the UK or the EEA. Whenever we transfer your personal data out of the UK or the EEA, we ensure that the same level of protection is afforded to it by ensuring at least one of the following safeguards are put in place:

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They are subject to a duty of confidentiality. Unfortunately, no transmission of information over the internet can be completely secure, and you should also note that the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect account information and passwords, so please take care to protect this information.

Our Website and the Wifi Services include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites, plug-ins or applications and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit and third party service/application that you use.

We will only retain your personal data to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Further retention details for specific aspects of your personal data are noted in Annex 1.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your Identity Data, Profile Data, Technical and Usage Data and Location Data to form a view on what we think you may want or what may be of interest to you and to understand your purchasing trends. This profiling activity is used as part of how we decide which products, services and offers may be relevant (we call this marketing).

You will receive tailored marketing communications from us if you have:

  • requested information from us;
  • purchased goods or services from us; and/or
  • provided your details for the purposes of the Wifi Services, entering a competition or registering for a promotion.

You will not receive marketing communications from us in any of the above scenarios if you have opted out of receiving that marketing. Where you have not opted out, you will only receive marketing communications from us in the above scenarios if the marketing is confined to online advertisements or marketing that is not direct to you. We will only send direct electronic marketing (e.g. via emails or SMS), where we have your express opt-in consent.

You can ask us, or third parties acting on our behalf, to stop sending you marketing messages at any time by contacting us at protectingyourdata@heineken.co.uk. Where you opt out of receiving these marketing messages, we will no longer conduct any marketing unless you opt-in again at a later point. Please note that where we have another lawful basis for processing, we will continue to process personal data for other purposes – for example, we may process information provided to us in connection with an Engagement on the basis of contract necessity.

You can also set your browser or device to refuse all or some cookies including advertising cookies – please see our separate Cookie Policy for more detail on this.

Please note that other than the profiling activities described here, we do not carry out any automated decision making processes which could have a legal or significant impact on you.

Under certain circumstances, you have various rights in relation to your personal data under data protection laws. If you wish to exercise any of these rights, please contact us using the details at the start of this notice.

You will not have to pay a fee to access your data or exercise any of your other rights, but please note that we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

In order to respond to any request in relation to your data access rights, we may need to request specific information from you to help us confirm your identity. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You have the right to:

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.

Request access to your personal data (commonly known as a “data subject access request“). This enables you to receive a copy of the personal data we hold about you;You also have the right to:

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected;
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it, or where you have successfully exercised your right to object to processing (see box above);
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you; and
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the details at the start of this notice.

This version was last updated in April 2019.

 

 


  1. Basis of Sale
    1. These are the terms of sale which apply to Heineken UK Limited’s and/or any Heineken Group Company’s (as the case may be) contract with you, and any references to “we”, “our” or “us” in these terms of sale shall refer to Heineken UK Limited or such other Heineken Group Company. In these terms of sale, “Heineken Group Company” means any direct or indirect holding or subsidiary undertakings of Heineken UK Limited or any direct or indirect subsidiary of such holding company, and other undertakings in which Heineken UK Limited has a direct or indirect interest.
    2. Any terms and conditions proposed by you or which you may purport to apply under any purchase order or confirmation of order, or which are implied by trade, custom, practice or course of dealing, are expressly excluded.  The signing or acceptance of any of your documentation by any of our employees or agents shall not modify these terms of sale or form part of any contract between you and us.
    3. All descriptions and illustrations contained in our advertisements and other sales literature are intended merely to present a general impression of the products described in them and nothing contained in them shall form part of these terms of sale nor have any contractual force. The sale of products to you under these terms of sale or any contract we may have with you shall not be a sale by sample. 
    4. These terms of sale should be read in conjunction with our trading policy documents (including our Ullage Policy, Quality Policy and Supply Chain Diligence Policy), which we issue from time to time and which form part of these terms of sale.
    5. Subject to your compliance with conditions 3.1 and 3.5, the products supplied by us to you shall be of satisfactory quality (within the meaning of the Sale of Goods Act 1979). In the event that the products are not of such satisfactory quality, we shall at our sole option either supply replacement products or refund the price paid by you for the relevant products, such refund to be subject to the terms of our Ullage Policy in respect of draught products and the process outlined in condition 8 of these terms of sale.  Other than in respect of any third party claims against you relating directly to the supply by us to you of products that are not of satisfactory quality in accordance with this condition 1.5, such replacement or refund shall be your sole remedy in respect of any claim by you for our breach of this condition.
    6. The conditions, warranties and other terms implied by sections 13 to 15 of the Sale of Goods Act 1979 are, to the fullest extent permitted by law, excluded from these terms of sale and any contract we may have with you.
    7. These terms of sale cover the supply of products by us across all routes to market including the on trade, off trade and wholesale. Accordingly, some of these terms of sale may not apply to your route to market.
  1. Orders, Delivery and Returns
    1. All orders shall be deemed to be an offer by you to purchase products pursuant to these terms of sale. No order shall be binding on us until it is accepted over the telephone or by electronic communication by one of our authorised representatives or confirmed by us in writing.
    2. Time of delivery shall not be of the essence and we shall not be liable for any loss or damage whatsoever arising as a result of failure to deliver products by any particular date provided that we use reasonable endeavours to deliver the products within a reasonable timescale.
    3. We may deliver the products by instalments, which shall be invoiced and paid for separately. Any delay in delivery or defect in an instalment shall not entitle you to cancel any other instalment. We do not sell products on a “sale or return” basis, unless specifically agreed with you in writing.
    4. A deposit may be charged by us on returnable containers (as defined in condition 3.1) which will be credited to your account on their prompt return in good condition. We also reserve the right to charge a replacement cost where a returnable container is not returned to us, or to levy a reasonable charge where a returnable container is returned to us damaged.  The return of kegs and casks is subject to the keg balancing scheme outlined in condition 4.8.
    5. We will deliver the products to the location agreed by us (“Delivery Location”). You will make sure that the premises to which the products are to be delivered are compliant with all relevant health and safety legislation and codes of practice.  If any premises are not compliant, we shall be entitled to suspend deliveries until they are compliant without any liability to you.  Delivery in respect of any product is completed on arrival of the relevant product at the Delivery Location.  In the event that we have specifically agreed with you that you will collect the products, you will collect the products from the location (“Delivery Location”) and time specified by us and, in such case delivery in respect of any product is completed on the completion of loading of the relevant product at the Delivery Location. 
    6. We reserve the right to make an additional charge if you request any unscheduled delivery or emergency delivery.
    7. If you refuse to accept a delivery, for whatever reason, we reserve the right to charge you the cost of carriage both to and from your premises, in addition to a reasonable administration charge and any other claim we may have, and we may resell or otherwise dispose of all or part of the products.
    8. Acceptance of delivery, or collection, of the products (as the case may be) shall be deemed conclusive evidence of your acceptance of these terms of sale.
    9. It is a condition of these terms of sale that any products supplied under it shall not be exported outside of the EEA. If you are wholesaling our products then you must ensure that this condition 2.9 is replicated in your terms and conditions with your customer.
    10. If you are wholesaling products, you warrant and confirm that you have been approved for registration with AWRS (the Alcohol Wholesaler Registration Scheme pursuant to HMRC’s Excise Notice 2002) and you will inform us of any cancellation or change to your AWRS registration. If you are exporting products, you warrant and confirm that you have been approved for registration with WOWGR (Warehousekeepers and Owners of Warehoused Goods Regulations) and you will inform us of any cancellation or change to your WOWGR registration.
    11. If we agree to supply you with products upon which excise duty (or other duties or taxes) has not been paid, it will be on the strict condition that you comply with all legislation and procedures (whether legally binding or not) relating to excise duty suspension or such other regime as may be applicable, including receipting the products in the Excise Movement and Control System within 5 business days of delivery of the relevant products to you. You will keep us fully indemnified at all times on demand against any assessments, claims, demands, losses, liabilities or expenses which we incur as a result of any failure by you to fulfil your obligations under such legislation or procedures.  We shall not be obliged to provide you with any certificate or similar relating to payment of excise duty on any delivery.  The duty status shall be shown on the delivery note in question, a copy of which should be retained for your records.
  1. Storage, Handling and Resale of Products
    1. You shall take all reasonable steps, and shall use your reasonable endeavours to procure that your own customers take all reasonable steps, to preserve the quality of the products and any bottles, cases, canisters, kegs, casks, crates, pallets or other containers and packaging (“containers”) from the time of delivery until dispensed to the ultimate consumer. This includes:
      1. storing the products, containers and equipment (as defined in condition 6.1) in clean, sound and dry premises, out of direct sunlight and within appropriate temperatures (ensuring that the products do not freeze at any time) and other ambient conditions;
      2. observing any guidelines issued by us concerning the storage, temperature and method of dispensing to the ultimate consumer;
      3. transporting the products, containers and equipment carefully and in suitably adapted vehicles; and
      4. implementing proper stock rotation procedures to ensure that the products with the earlier “Best Before” date are delivered and used first (but not selling products which are past their “Best Before” date).
    2. Title to the returnable containers shall at all times remain vested in us or our nominated subcontractor from time to time.
    3. You shall allow us access to your premises and facilities where the products, containers or equipment are stored and handled (and shall, upon reasonable request, provide us with details of your own customers and ensure that they allow us access to their premises and facilities), so we can check compliance with these terms of sale.
    4. You shall co-operate fully with us in the event of a recall of the products, containers or equipment and you shall provide such co-operation and assistance as we may reasonably request in order to comply with applicable legal requirements relating to the products, containers or equipment or any part of them.
    5. You shall ensure, and shall use reasonable endeavours to procure that your customers ensure, that the products remain in the original containers in which they are supplied until sold or dispensed to the ultimate consumer (this does not apply to bulk products) and that any markings (including any trade marks), numbers or references indicated on the containers are not covered, defaced, altered or erased.
    6. Subject to mandatory laws, you shall not, and shall procure that your customers shall not, without our prior written consent:
      1. use any of the names, devices or logos applied by us to any of the products, containers or equipment, except for the purpose of identifying and promoting the products in a manner which is acceptable to us; or
      2. sell, dispose of or describe the products under or by reference to any name or description other than the name or description applied by us.
    7. You shall ensure, and shall use reasonable endeavours to procure that your customers ensure, that the products are not the subject of any promotions or activity that are otherwise than in accordance with the guidance published by the Portman Group and the British Beer and Pub Association relating to responsible drinking and promotions.
    8. The residual contents of any returnable containers or tankers which are collected for return to us (or our contractor) is our property from the time they are collected (except where title did not transfer to you prior to such collection, in which case title will always have vested in us), without any further payment by us. You will have no further rights in those residual contents. 
    9. We may (at our discretion) print bar codes on the products, in accordance with the rules of the GS1 UK. We shall not be liable to you in the event of any omission or error in such bar codes.
  1. Prices
    1. Subject to condition 4.2, the prices charged for products will be those applied by us on the date of acceptance of your order. All prices quoted are exclusive of Value Added Tax unless otherwise stated.  VAT shall be payable by you at the prevailing rate, subject to receipt of a valid VAT invoice from us.
    2. Any increases in rates of duty or other taxes, or any third party product price increases, will be passed on immediately in full. In the event of any such change, orders accepted but not delivered at the date of such change will be fulfilled at the revised prices.
    3. Unless otherwise agreed, where we agree to pay you a retrospective discount under any contract we may have with you, such retrospective discount payment will not include VAT. In accordance with HMRC VAT treatment under Public Notice 700 18.2, we will not reduce the output tax due and you should not reduce the input tax being claimed.
    4. The prices quoted for products are inclusive of carriage (unless expressly agreed to and stated as otherwise) to U.K. mainland premises, excluding Northern Ireland, Scottish Islands, Isle of Man, Channel Islands and Isles of Scilly. We reserve the right to charge for any deliveries which we believe (acting reasonably) cost significantly more than our average cost to deliver.  If products are supplied to premises outwith the UK, additional costs may be passed on to you, including (where appropriate) any rise in cost due to currency fluctuations.
    5. Unless you are an approved wholesaler of ours and are purchasing products on that basis, all prices are quoted on the basis that the products are being purchased by you for retail sale to end consumers for consumption on premise at an outlet. Where you purchase as an approved wholesaler, all prices are quoted on the basis that the products are being purchased by you for onward sale to retail customers who will subsequently sell to end consumers for consumption on premise at an outlet.
    6. Without limiting our other rights and remedies, should the products be sold other than in accordance with the conditionality set out in condition 4.5, we reserve the right to charge our wholesale selling price for such volume of products and any future volume of products purchased by you until such time as you prove to our reasonable satisfaction that the conditionality in condition 4.5 is being met.
    7. We operate a keg surcharge scheme whereby we will levy a charge on draught products supplied in small volume kegs. We reserve the right to amend the level of keg surcharges and/or introduce new keg sizes into the scheme from time to time at our absolute discretion.  We will communicate all keg surcharges and any changes in keg surcharges to you.  All prices quoted are exclusive of keg surcharges unless otherwise stated.
    8. We also operate a keg balancing scheme in respect of the kegs and casks in which the products are supplied. Under the keg balancing scheme, we will automatically count the number of our kegs and casks delivered to you and collected by our nominated distributor from you.  The difference between the number of kegs and casks supplied to you, and those returned will be your keg balance (“keg balance”).  Any negative balance (arising because not all kegs or casks delivered to you have been returned to us through our nominated distributor) will give rise to a charge of £25 per keg or cask  and will be applied to your trading account and collected on your normal payment terms.  Any subsequent reduction in the keg balance shall result in a credit to your trading account of £25 per keg or cask to reduce the keg balance.  Note that a positive keg balance can only be applied against a historical or a future negative balance, otherwise no credit will be given for a positive balance.  Your keg balance will be communicated on your invoices and statements.  Unless otherwise agreed, your opening keg balance will be zero, and only kegs and casks movements after the date of signing will be recorded. 
  1. Payment
    1. You shall make payment to us in cleared funds within such period or on such date as we shall specify to you from time to time (“due date”). If we do not give you a specific date then payment shall be due within 14 days of the date of invoice.
    2. Failure to pay any amount due to us or any other Heineken Group Company by the due date, or any circumstances which give us reasonable concerns about your solvency, shall entitle us to suspend delivery of any undelivered orders. The time for payment for the products shall be of the essence.
    3. We reserve the right at any time, at our sole discretion, to apply a credit limit to your trade account, and to refuse to accept any orders placed by you where the value of such orders would cause you to exceed your credit limit (unless otherwise agreed).
    4. We reserve the right at any time, at our sole discretion, to amend or withdraw any or all of the (i) payment terms, (ii) credit limit and (iii) method of payment.
    5. In the event of your breach of these terms of sale or any contract we may have with you, or any circumstances which give us reasonable concerns about your solvency, we reserve the right to amend or withdraw any or all of the payment terms, credit limit or method of payment.
    6. If payment is not made by the due date, we reserve the right to claim interest at the rate prescribed from time to time under the Late Payment of Commercial Debts (Interest) Act 1998 (as amended and supplemented by the Late Payment of Commercial Debts Regulations 2002) until payment is received by us in cleared funds.
    7. We are entitled to withhold payment to you of any agreed discounts, bonuses, rebates, overriders and/or marketing budgets and to recover any such sums already paid to you if you are in breach of these terms of sale or any contract we may have with you.
    8. In the event of any cheques or direct debits being dishonoured, a charge of £25.00 excluding VAT (or such other reasonable sum as we may from time to time advise you) will be made on your account to cover bank and administrative costs.
    9. We may make your invoices and statements available to you electronically. We reserve the right to make a reasonable administration charge for any hard copy invoice/statements requested by you.
    10. In the event that we make any payment or overpayment to you in error, such payment to you shall be treated as a debt due to us and you shall repay the amount by which you have been overpaid to us in full within 28 days of being made or becoming aware of our payment error.
  1. Dispense Equipment
    1. The terms applying to dispense equipment can be found at https://direct.heineken.co.uk/huk/en/GBP/anon/techservicesterms, which terms are hereby incorporated into and form part of these terms of sale. In these terms of sale, the term “equipment” means all raising, dispense and other equipment supplied by us (or our subcontractor).
    2. If you are wholesaling our products, you shall provide us with reasonable data for the outlets and products supplied to support the placement and maintenance of equipment and facilitate quality checking of our products in trade.
    3. If you are wholesaling our products then you must ensure that the terms of this condition 6 are replicated in your terms and conditions with your customer.
  1. Risk and Retention of Title
    1. Risk of damage to or loss of the products, containers and equipment shall pass to you on completion of delivery or, in the case of bulk products, when the relevant tanker seal is broken.
    2. Title to the products (but not in any returnable containers or equipment) shall pass to you only when we have received from you payment (in cleared funds) of:
      1. all amounts owing in respect of these products; and
      2. all other amounts then due and owing from you to us or any other Heineken Group Company, whether or not under these terms of sale.
    3. Until title to the products passes to you, you shall (i) hold the products as our fiduciary agent and bailee (or as trustee in Scotland), (ii) keep the products separate from your own products and third party products; and the products shall be properly stored, protected and insured against all risks on our behalf from the date of delivery (for an amount which is not less than the price payable to us) and identified as our property.
    4. You shall be entitled to resell or use the products in the ordinary course of your business, (provided such sale shall be on your own behalf and you shall deal as principal and not as our agent) and, in such event, title to the products shall pass to you immediately before the time such resale occurs, notwithstanding that the payment is still due. Your power of sale referred to in this condition shall automatically cease upon the occurrence of any of the events referred to in condition 10.
    5. Until title to the products passes to you (and provided the products are still in existence and have not been resold), we may require you to deliver the products to us in the event that you fail to make payment to us under these terms of sale or we have reasonable concerns about your solvency. If you fail to do so, we (or our representatives) may enter your premises or any third party premises where the products are stored and repossess the products and we (or our subcontractors) may do this at any time in order to repossess the returnable containers.
    6. You shall not be entitled to (nor purport to) sell (other than in accordance with condition 7.4), mortgage, encumber, part with possession of, pledge or charge by way of security any of the products, containers or equipment which remain our property or allow any lien or encumbrance to arise over them. If you do so or purport to do so, all money owing by you to us shall become immediately due and payable, and we shall have the right to recover our products, containers and equipment.
    7. The rights and remedies conferred to us by this condition 7 are in addition to and shall not in any way limit our other rights, including our right to sue for the price of the products (even if title to the products has not passed) and to recover our products, containers and equipment.
  1. Claims
    1. Upon delivery or collection (as the case may be), all products should be examined and signed for with a clear signature and any loss or damages entered upon the delivery note (or equivalent confirmation of products collected) and, where products are delivered, the carriers notified in writing on the same day. We shall be entitled to treat any signature obtained in good faith as binding you. Claims cannot be entertained once products have been signed for (unless the defect was not apparent until sampling). In respect of the non-delivery or non-collection of products for which an invoice has been raised, any claim must be made in writing to us within five days of the date of the invoice. Any claim in respect of incorrect pricing must be made in writing to us within fourteen days of the date of the invoice.  Our Quality Policy applies to any claims relating to the quality of the products supplied.
    2. You agree that you will not bring any claim relating to these terms of sale (in contract, tort, negligence or otherwise) personally against any director, officer, employee or consultant of ours.
  1. Liability
    1. We do not exclude any liability to you in respect of (i) death or personal injury caused by our negligence, (ii) fraud or fraudulent misrepresentation, (iii) breach of the terms implied by section 12 of the Sale of Goods Act 1979; (iv) defective products under the Consumer Protection Act 1987; or (v) anything else that cannot be excluded by the operation of law.
    2. Subject to condition 9.1, we shall under no circumstances whatsoever be liable to you (whether in contract, tort (including negligence), breach of statutory duty, or otherwise) for:
      1. any loss of profit;
      2. loss of business or business opportunity;
      3. loss of revenue;
      4. loss of anticipated savings;
      5. depletion of goodwill;
      6. or any indirect or consequential losses of any nature, howsoever arising, arising under or in connection with these terms of sale or any contract we may have with you.
    3. Subject to conditions 9.1, 9.2 and 9.4, our total aggregate liability to you in respect of all other losses arising under or in connection with these terms of sale and any contract we may have with you, whether arising in contract, tort (including negligence), breach of statutory duty, or otherwise shall be limited to the price of the products purchased by you directly from us in the preceding three months.
    4. We shall not be liable to you or be deemed to be in breach of these terms of sale or any contract we may have with you by reason of any delay in performing, or any failure to perform, any of our obligations, if the delay or failure was due to any cause beyond our reasonable control or due to your fault. This includes strikes, lock-outs or other industrial actions or trade disputes (whether involving our employees or those of a third party), adverse weather conditions, default or delays of suppliers or subcontractors, breakdown of plant or equipment, and material shortages.
    5. There are no conditions, warranties, representations or terms, express or implied, that are binding on us except as specifically stated in these terms of sale or any contract we may have with you. Any condition, warranty, representation or term concerning the products which might otherwise be implied into or incorporated in these terms of sale or any contract we may have with you, whether by statute, common law or otherwise, is hereby expressly excluded.
    6. You shall indemnify us against any third party claims, losses, damages, expenses and costs we incur as a result of your negligence or any breach by you of these terms of sale or any contract we may have with you.
  1. Insolvency
    1. We may terminate our trading relationship with you or suspend further deliveries to you (without any liability to you) if:
      1. (i) you become unable to pay your debts as they fall due; (ii) you commence negotiations with your creditors with a view to rescheduling or entering into an arrangement, compromise or composition in satisfaction of any of your debts; (iii) you suspend, threaten to suspend, cease or threaten to cease to carry on all or a substantial part of your business; (iv) the value of your assets is less than your liabilities; or (v) your financial position deteriorates to such an extent that, in our opinion, your capability to adequately fulfil your obligations to us under these terms of sale or any contract with us has been placed in jeopardy; or
      2. any steps are taken with a view to
        1. appointing an administrator, receiver, administrative receiver, liquidator (provisional or following a winding up), trustee or other similar officer in respect of you or your assets;
        2. enforcing payment of any of your debts or of any security you have granted; or
        3. obtaining a moratorium in respect of your debts; or
      3. we believe that any of the events referred to in conditions 10.1.1 and 10.1.2 are reasonably likely to occur and we notify you accordingly.
    2. Without limiting our other rights and remedies, we may suspend provision of the products under any contract with you if you become subject to any of the events listed in condition 10.1, or we reasonably believe that you are about to become subject to any of them, or if you fail to pay any amount due to us on or before the due date for payment.
    3. If we terminate our trading relationship with you for any reason:
      1. the price payable for any products that have been delivered but not paid for shall become immediately due and payable, regardless of any previous agreement or arrangement to the contrary; and
      2. you shall not be entitled to any discounts (retrospective or otherwise), rebates or overriders, and any discounts, rebates or overriders which have accrued but not yet been paid will be cancelled and any rights to these shall automatically cease.
    4. Any exercise by us of our rights under this condition 10 or condition 18 will not affect any of our other rights or remedies under these terms of sale or any contract we may have with you and (subject to condition 10.3) shall be without prejudice to any rights and remedies that have accrued as at termination. Any provision of these terms of sale or any contract we may have with you that expressly or by implication is intended to come into or continue in force on or after termination shall remain in full force and effect.
  1. Consumer orders

This condition 11 applies only if you are not a business but are a “consumer” within the meaning of The Consumer Rights Act 2015.  If, after we have accepted an order from you, you wish to withdraw from a binding order then you may do so by informing us no later than 14 working days after the date of delivery of the products.  If you notify us that you wish to cancel the order, and we have already delivered the products to you, then you must return the products to us at your own cost and risk. Provided that the products are returned in the same condition as when we supplied them to you, we shall reimburse all sums paid by you for those products less any reasonable costs of delivery.

  1. Data Protection
    1. We comply with the European Union Directive 95/46/EC, as transposed into domestic legislation pursuant to the Data Protection Act 2018, including by the General Data Protection Regulation 2016/679 (“GDPR”) and laws implementing or supplementing the GDPR and, to the extent applicable, the data protection or privacy laws of any other country, including the United Kingdom following any exit from the European Union (“Data Protection Laws”). We will use any personal data you provide to us in accordance with the Data Protection Laws.  Please note that any information, including any personal data, you provide to us during the course of the trading relationship with us may be used by us and other Heineken Group Companies and our subcontractors, representatives and/or agents for the purposes of our fulfilling our obligations to you under these terms of sale or any contract we may have with you.
    2. For more information on how we use your personal data and your rights with respect to the personal data we hold on you, please review our Privacy Policy (available at https://www.heineken.co.uk/csbp-privacy-procedure or email dataprotection@heineken.co.uk to request a copy).
    3. We are required to comply with money laundering legislation and regulations designed to combat the laundering of the proceeds of crime. Accordingly, we:
      1. reserve the right to withhold deliveries until we have been provided with satisfactory evidence of your identity and the identity of the person making payment to us on your behalf (if applicable);
      2. may be required to notify the appropriate authorities of issues relating to your affairs; and
      3. reserve the right to refuse to accept cash payments.

We shall have no liability to you for any losses that may be incurred as a result of any of the above.

  1. Set-off
    1. If you owe us, or any other Heineken Group Company, any payment or other liability, then we may set-off, withhold or deduct that amount from any sum which we, or such other Heineken Group Company, owe you.
    2. If we, or any other Heineken Group Company, owe you any payment or other liability, you shall not be permitted to set-off, counterclaim, withhold or deduct any sum which we owe you from any amount that you owe us, or any other Heineken Group Company.
  1. Waiver

No failure or delay by either of us in exercising our rights or remedies under these terms of sale or any contract we may have with you shall prevent or restrict the exercise of such rights or remedies at any time. No waiver (whether express or implied) by either of us of any breach of any of these terms of sale or the terms of any contract we may have with you by the other shall be construed as a waiver of any subsequent breach of the same or any other provision.

  1. Third Party Rights

Except as expressly provided in these terms of sale or any contract we may have with you, no third party shall have any rights under the Contracts (Rights of Third Parties) Act 1999 or otherwise to enforce any term of these terms of sale or any contract we may have with you.

  1. Compliance with Laws

In performing your obligations under these terms of sale or any contract we may have with you, you shall, and shall procure that each of your or your holding company’s direct or indirect subsidiaries, comply with all applicable laws, statutes, regulations, codes and HMRC Excise Notices from time to time in force, including the Bribery Act 2010, the Data Protection Act 2018, GDPR, the Modern Slavery Act 2015 and the Competition Act 1998.

  1. Notice

A notice given to a party under or in connection with these terms of sale or any contract we may have with you shall be in writing and sent to the party in accordance with the following:

  1. to us at our registered office address (Heineken UK Limited, 3-4 Broadway Park, South Gyle Broadway, Edinburgh EH12 9JZ) and marked for the attention of the Head of Legal;
  2. to you at your trading address,

or as otherwise notified in writing to the other party.  Any notice shall be deemed to have been received (a) if delivered by hand, on signature of a delivery receipt; (b) if sent by pre-paid first-class post or other next working day delivery service, at 9.00am on the second business day after posting.

  1. Termination

Without prejudice to our rights under condition 10, we shall be entitled to terminate our trading relationship with you immediately if you commit a material breach of any of these terms of sale or fail to pay any amount due on or before the due date for payment, or on 30 days prior written notice for any other reason.  In the event of the early termination of our trading relationship with you, we reserve the right to recover any losses which we incur as a result of such early termination, which losses shall include any loss of profit.

  1. Law and Jurisdiction

Any dispute or claim arising out of or in connection with our trading relationship with you or the formation of any contract we may have with you (including non-contractual disputes or claims) shall be governed by and construed in accordance with English law and the English Courts shall have exclusive jurisdiction over any disputes arising, unless your business is in Scotland, in which case such jurisdiction shall be non-exclusive.

  1. Law and Jurisdiction
    1. We reserve the right to transfer to any person the right to receive payment of any money payable to us, and/or any of our other rights.
    2. All copyright, patent, trade mark, trade secret, design rights, domain names and other proprietary and intellectual property rights whether registered or unregistered in the products, containers and equipment and information and know how which we may provide in relation to the products, containers and equipment (“intellectual property rights”) shall (as between you and us) remain vested in us. You shall not acquire any title in the intellectual property rights relating to the products, containers or equipment.  You may not copy or imitate the intellectual property rights, products, containers or equipment or do or omit to do, or permit any third party to do or omit to do, anything which may damage such intellectual property rights.  Any goodwill arising from the use of such intellectual property rights shall accrue to us.
    3. You shall not be entitled to assign, re-sell, charge, encumber or otherwise transfer any of your rights or obligations under these terms of sale or any contract we may have with you, in whole or in part, without our prior consent and any attempt to do so will enable us to terminate our trading relationship with you without prejudice to our other rights and remedies.
    4. Nothing in these terms of sale or any contract we may have with you is intended to, or shall be deemed to, establish any partnership or joint venture between any of the parties, constitute any party the agent of another party, or authorise any party to make or enter into any commitments for or on behalf of any other party.
  1. Amendments

We reserve the right to alter these terms of sale generally or for any particular class of products or customer. We will use our reasonable endeavours to give at least one week’s notice of alteration.

  1. Severance

If any provision or part-provision of these terms of sale or the terms of any contract we may have with you becomes invalid, illegal or unenforceable (in whole or in part) it shall be deemed modified to the minimum extent necessary to make it valid, legal and enforceable.  If such modification is not possible, the relevant provision or part-provision shall be deemed deleted. Any modification to or deletion of a provision or part-provision under this condition shall not affect the validity and enforceability of the remaining provisions (and/or the remainder of such provision).

  1. Interpretation

    In these terms of sale and in any contract we may have with you:

    1. the singular includes the plural and vice versa;
    2. any phrase introduced by the terms “including”, “in particular” or any similar expression shall be construed as illustrative and shall not limit the sense of the words preceding those terms;
    3. unless otherwise specified, a reference to “writing” does not include email or fax;
    4. any reference to “persons” includes natural persons, firms, partnerships, companies, corporations, associations, organisations, governments, states, governmental or state agencies, foundations and trusts (in each case whether or not having separate legal personality and irrespective of the jurisdiction in or under the law of which it was incorporated or exists);
    5. references to statutes, any statutory instrument, regulation or order shall be construed as a reference to such statute, statutory instrument, regulation or order as amended, supplemented or re-enacted from time to time; and
    6. words and expressions which are defined in the Companies Act 2006 have the same meanings as are given to them in that Act.

This procedure determines how personal data of HEINEKEN’s customers, suppliers, lessees and business partners, or any parties associated with them, should be handled by all of HEINEKEN’s Operating Companies, including HEINEKEN UK, as well as by third parties processing such personal data on HEINEKEN’s behalf.

Personal data is any information relating to an individual that allows them to be identified, directly or indirectly (either from that information alone or when that information is put together with other available information).  Examples of customer, supplier lessee and business partner personal data are names, job titles, work email addresses and information such as a customer’s or lessee’s hobbies or family life.

  1. To ensure a high and consistent level of data protection in all Op Cos which meets the requirements of the EU General Data Protection Regulation (GDPR) and, for HEINEKEN UK, the UK Data Protection Act.
  2. To outline the circumstances in which HEINEKEN has a legitimate interest in using customer, supplier, lessee and business partner personal data.
  3. To inform customers, suppliers, lessees and business partners of their rights with respect to their personal data that is held by HEINEKEN.
  4. To set out the requirements governing the transfers of customer, supplier, lessee and business partner personal data to third parties.

Purpose Limitation

  • Personal data should only be collected for clearly defined business purposes and not randomly or for potential future use.
  • The Privacy Procedure includes a limited list of business purposes for which HEINEKEN generally uses personal data within its organisation.
  • Only those personal data that are needed for the defined business purpose(s) should be used.
  • If a business purpose does not exist, HEINEKEN requires consent from the relevant individual to process their data.
  • Sensitive data (i.e. data which relates to race or ethnicity, physical or mental health, criminal matters, sexual preference or religious or philosophical beliefs) should be treated with extra care because of the significant consequences an individual may feel when such data is published or misused.

Transparency and Quality of Data

  • HEINEKEN has an obligation to ensure that all personal data is accurate, complete and up-to-date.
  • The persons whose personal data is used by HEINEKEN must be informed about the nature and categories of the data that are held and the purposes for which the data is held and given details of who has access to the data.
  • Individuals must be allowed access to their data upon request and HEINEKEN must deal adequately and timeously with requests for deletion or rectification of an individual’s data.
  • Individuals should be informed of data security breaches in which their personal data is involved and which pose a high risk of financial, reputational or other harm to the individual.

Security and Access

  • HEINEKEN must protect the personal data that it uses against unauthorised access, misuse or loss by taking appropriate technical and organisational security measures. Such measures must include confidentiality obligations for employees with access to personal data, access authorisation processes and may include encryption.
  • Third parties should only be allowed access to HEINEKEN personal data (e.g. for providing IT or other services) if adequate safeguard measures are in place, such as a contract imposing proper protection of the personal data by the third party. More strict requirements may apply for third parties located outside of the EU.
  • Access to customer, supplier and business partner personal data should only be given to employees who require access to it in order to fulfil their role at HEINEKEN.

Deletion

Customer, supplier and business partner personal data should be deleted when the purpose or purposes for which it was obtained have been fulfilled, unless it requires to be kept for a longer period in order to satisfy a specific legal requirement.

Privacy Procedure Index

The Privacy Procedure comprises 23 Articles and an Annex containing interpretations and definitions, which can be accessed by following the links below:

Scope

1.1 This Procedure addresses the Processing of Personal Data of Customers, Suppliers and Business Partners and other Individuals by HEINEKEN or a Third Party on behalf of HEINEKEN. This Procedure does not address the Processing of Personal Data of Employees in the context of their employment relationship with HEINEKEN.

Electronic and paper-based Processing

1.2      This Procedure applies to the Processing of Personal Data by electronic means and in systematically accessible paper-based filing systems.  

Applicability of local law and Procedure

1.3      Individuals keep any rights and remedies they may have under applicable local law. This Procedure shall apply only where it provides supplemental protection for Personal Data. Where applicable local law provides more protection than this Procedure, local law shall apply. Where this Procedure provides more protection than applicable local law or provides additional safeguards, rights or remedies for Individuals, this Procedure shall apply.

Sub-policies and notices

1.4      HEINEKEN may supplement this Procedure through sub-policies or notices that are consistent with this Procedure.

Accountability

1.5      The appropriate Responsible Manager shall be accountable for compliance with this Procedure. 

Effective Date

1.6  This Procedure has been adopted by the Executive Board of HEINEKEN N.V. and shall enter into force as of 1st January 2018, and shall be published on the HEINEKEN website and HEINEKEN intranet and shall be made available to Individuals upon request.

Procedure supersedes prior policies

1.7   This Procedure supersedes all HEINEKEN privacy policies and notices that exist on the Effective Date to the extent they are in contradiction with this Procedure.

Implementation

1.8   This Procedure shall be implemented in the HEINEKEN organisation based on the timeframes specified in Article 23.

Role of HEINEKEN International B.V.

1.9  HEINEKEN N.V. has tasked HEINEKEN International B.V. with the coordination and implementation of this Procedure.

Legitimate Business Purposes

2.1 Personal Data shall be collected, used or otherwise Processed by HEINEKEN for one (or more) of the following purposes (Business Purposes):

(a)  Assessment and acceptance of Customers, Suppliers and Business Partners. This purpose includes Processing of Personal Data that are necessary in connection with the assessment and acceptance of Customers, Suppliers and Business Partners including confirming and verifying the identity of relevant Individuals (this may involve the use of a credit reference agency or other Third Parties), conducting due diligence, and screening against publicly available government and/or law enforcement agency sanctions lists;

(b)  Conclusion and execution of agreements with Customers, Suppliers and Business Partners. This purpose addresses the Processing of Personal Data necessary to conclude and execute agreements with Customers, Suppliers and Business Partners, including required screening activities (e.g. for access to HEINEKEN’s premises or systems and on compliance with the HEINEKEN Code of Business Conduct) and to record and financially settle delivered services, products and materials to and from HEINEKEN. This purpose also includes the Processing of Personal Data in connection with the execution of agreements, including the delivery of Customer Services;

(c)  Development and improvement of products and/or services. This purpose includes Processing of Personal Data that are necessary for the development and improvement of HEINEKEN products and/or services, research and development;

(d)  Relationship management and marketing. This purpose includes activities such as maintaining and promoting contact with Customers, Suppliers and Business Partners, account management, customer service, recalls and the development, execution and analysis of market surveys and marketing strategies, including online marketing activities, (e.g. advertising, analysing of online use of the services and the HEINEKEN website and the purchase of products;

(e)  Business process execution, internal management and management reporting. This purpose includes the management of company assets, conducting audits and investigations, reviewing and monitoring compliance with HEINEKEN Code of Business Conduct and other terms applicable to the relationship with Customers, Suppliers and Business Partners and other Individuals, finance and accounting, implementing business controls, provision of central processing facilities for efficiency purposes managing mergers, acquisitions and divestitures, and Processing Personal Data for management reporting and analysis, archive and insurance purposes, legal or business consulting, and preventing, preparing for or engaging in dispute resolution;

(f)  Health, safety, security and integrity.  This purpose includes the protection of the interests of HEINEKEN, its Employees, Customers, Suppliers and Business Partners and activities such as those involving health and safety, the protection of HEINEKEN and Employee assets, and the authentication of Customer, Supplier or Business Partner status and access rights;

(g)  Compliance with law. This purpose addresses the Processing of Personal Data necessary for the performance of a task carried out to comply with  a legal obligation or sectorial recommendation to which HEINEKEN is subject, including the disclosure of Personal Data to government institutions or supervisory authorities, including tax authorities, in relation thereto; or

(h)  Protection of the vital interests of Individuals. This is where Processing is necessary to protect the vital interests of an Individual. Where there is a question whether a Processing of Personal Data can be based on a Business Purpose listed above, the appropriate Privacy Officer will be consulted before the Processing takes place.

Consent

2.2 If a Business Purpose does not exist or if applicable local law so requires, HEINEKEN shall (also) seek consent from the Individual for the Processing. If the Processing is reasonably necessary to address a request of the Individual (e.g. he subscribes to a service or seeks a benefit), the Individual’s consent is implied. When seeking consent, HEINEKEN must inform the Individual:

a)    of the purposes of the Processing for which consent is required;

b)    of the possible consequences for the Individual of the Processing;

c)    which Group Company is responsible for the Processing; and

d)    that he or she is free to refuse or withdraw consent at any time;  and

e)    that withdrawal of consent does not affect the lawfulness of the relevant Processing before such withdrawal.

Denial or withdrawal of consent

2.3 The Individual may both deny consent and withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of the Processing based on such consent before its withdrawal.

Use of Data for Secondary Purposes

3.3 Generally, Personal Data shall be used only for the Business Purposes for which they were originally collected (Original Purpose). Personal Data may be Processed for a legitimate Business Purpose of HEINEKEN different from the Original Purpose (Secondary Purpose) only if the Original Purpose and Secondary Purpose are closely related. Depending on the sensitivity of the relevant Personal Data, and whether use of the Data for the Secondary Purpose has potential negative consequences for the Individual, the use of Secondary Purpose may require additional measures such as: a)    limiting access to the Data;

b)    imposing additional confidentiality requirements;

c)    taking additional security measures;

d)    informing the Individual about the Secondary Purpose;

e)    providing an opt-out opportunity; or

f)    obtaining an Individual’s consent in accordance with Article 2.2 or Article 4.3 (if applicable).

Specific purposes for Processing Sensitive Data

4.1 This Article sets forth specific rules for Processing Sensitive Data. HEINEKEN shall Process Sensitive Data only to the extent necessary to serve the applicable Business Purpose. The following categories of Sensitive Data may be collected, used or otherwise Processed only for one (or more) of the purposes specified below:

(a)  Racial or ethnic data (including pictures and moving images of an Individual):

(i)  in some countries, photos and video images of individuals qualify as racial or ethnic data. HEINEKEN may process photos (e.g. a copy of a passport containing a photo) and video images for the protection of HEINEKEN and Employee assets, site access and security reasons;

(ii) for assessment and acceptance of Customers including the identification and authentication of Customers (including confirming and verifying the identity of relevant Individuals);

(iii) for assessment and verification of Supplier or Business Partner status and access rights; and

(iv) for verifying and confirming advice provided by HEINEKEN to Individuals (e.g. when Individuals participate in video conferencing which is recorded);

(b)  Criminal data (including data relating to criminal behaviour, criminal records or proceedings regarding criminal or unlawful behaviour):

(i)    for assessment and acceptance of Customers, Suppliers and Business Partners, including the identification and authentication of Customers (including confirming and verifying the identity of relevant Individuals);

(ii) for the execution of an agreement with Customers; and further

(iii) for protecting the interests of HEINEKEN, its Employees, Customers, Suppliers and Business Partners;

(c)  Religion or philosophical beliefs:

(i)    accommodating specific products or services for a Customer and to accommodate dietary requirements or religious holidays e.g. for Customer, Supplier or Business Partner events.

General Purposes for Processing of Sensitive Data

4.2 In addition to the specific purposes listed in Article 4.1 above, all categories of Sensitive Data may be Processed under one (or more) of the following circumstances:

(a)  as required or allowed for the performance of a task carried out to comply with a legal obligation or sectorial recommendation to which HEINEKEN is subject;

(b)  by or allowed under applicable law;

(c)  for the establishment, exercise or defence of a legal claim;

(d) to protect a vital interest of an Individual, but only where it is impossible to obtain the Individual’s consent first;

(e) to the extent necessary to comply with an obligation of international public law (e.g. treaties);

(f) where Sensitive Data have manifestly been made public by the Individual; or

(g) to the extent necessary for reasons of substantial public interest.

Consent, and the denial or withdrawal thereof

4.3 In addition to the specific purposes listed in Article 4.1 and the general purposes listed in Article 4.2, all categories of Sensitive Data may be Processed if the Individual has given his explicit consent to the Processing thereof. If one of the purposes listed in Articles 4.1 and 4.2 apply, HEINEKEN shall in addition seek consent if applicable local law so requires. The information requirements set out in Article 2.2 and Article 2.3 apply to the granting, denial or withdrawal of consent.

 Prior Authorisation of Privacy Officer 4.4 Where Sensitive Data are Processed based on a requirement of law other than the local law applicable to the Processing, the Processing requires prior authorisation with the appropriate Privacy Officer.

Use of Sensitive Data for Secondary Purposes 4.5 Sensitive Data of Individuals may be Processed for Secondary Purposes in accordance with Article 3.

No Excessive Data

5.1 HEINEKEN shall restrict the Processing of Personal Data to those Data that are reasonably necessary for and relevant to the applicable Business Purpose. HEINEKEN shall take reasonable steps to delete Personal Data that are not required for the applicable Business Purpose.

Storage period

5.2 HEINEKEN generally shall retain Personal Data only for the period required to serve the applicable Business Purpose, to the extent reasonably necessary to comply with an applicable legal requirement, or as advisable in light of an applicable statute of limitations. HEINEKEN may specify (e.g., in a sub-policy, notice or records retention schedule) a time period for which certain categories of Personal Data may be kept. Promptly after the applicable storage period has ended, the Privacy Officer shall direct that the Data be:

(a)  securely deleted or destroyed;

(b)  de-identified; or

(c)  transferred to an Archive (unless this is prohibited by law or an applicable records retention schedule).

Quality of Data

5.3 Personal Data should be accurate, complete and kept up-to-date to the extent reasonably necessary for the applicable Business Purpose.

 ‘Privacy by Design’

5.4 HEINEKEN shall take commercially reasonable technical and organisational steps to ensure that the requirements of this Article 5 are implemented into the design of new systems and processes that Process Personal Data.

Accurate, complete and up-to-date Data

5.5 It is the responsibility of Individuals to ensure that their Personal Data, as held by HEINEKEN, are accurate, complete and up-to-date. Individuals shall inform HEINEKEN regarding any changes in accordance with Article 7.

Information requirements
 
6.1 HEINEKEN shall inform Individuals through a privacy policy or notice of the following information, unless the Individual already has the information:
 
(a)  the Business Purposes (including Secondary Purposes) for which their Data are Processed;
 
(b)  which Group Company is responsible for the Processing as well as the contact information of the Privacy Officer;
 
(c)  the categories of Third Parties to which the Data are disclosed (if any) and whether any Third Party is located in a country outside the EEA which Third Party or country is not covered by an Adequacy Decision; and
 
(d)  other information where relevant e.g.:
 
(i)  the nature and categories of the Processed Data;
 
(ii) the period for which the Data will be stored or (if not possible) the criteria used to determine this period;
 
(iii) an overview of the rights of Individuals under this Procedure and how these can be exercised;
 
(iv) the existence of automated decision making referred to in Article 10.10 as well as meaningful information about the logic involved and potential negative consequences thereof for the Individual;
 
(v) the source of the Data (where the Personal Data have not been obtained from the Individual), including whether the Personal Data came from a public source.
 
Personal Data not obtained from the Individual
 
6.2 If applicable local law so requires, where Personal Data have not been obtained directly from the Individual, HEINEKEN shall provide the Individual with the information as set out in Article 6.1, unless the Individual already has the information:
 
(a)  at the time that the Personal Data are recorded in a HEINEKEN database; or
 
(b)  at the time that the Personal Data are used for a mailing, provided that this mailing is done within six months after the Personal Data are recorded in a HEINEKEN database.
 
Exceptions
 
6.3 The requirements of Article 6.2 may be set aside if:
 
(a) it is impossible or would involve a disproportionate effort to provide the information to Individuals; or
 
(b) it results in disproportionate costs.
 
These exceptions to the above requirements qualify as Overriding Interests.

Rights of Individuals

7.1 Every Individual has the right to request a copy of his Personal Data Processed by or on behalf of HEINEKEN and further, where reasonably possible, the following information: the categories of Data concerned, available information as to their source, the Business Purposes of the Processing, storage periods (or the criteria to determine such periods), the categories of Third Party recipients of the relevant Personal Data, including whether such Third Party is located in a country outside the EEA and whether the Third Party or the country are covered by an Adequacy Decision, and the existence of automated decision making referred to in Article 10.1, as well as meaningful information about the logic involved and potential negative consequences thereof for the Individual.

If the Personal Data are incorrect, incomplete or not Processed in compliance with applicable law or this Procedure, the Individual has the right to have his Data rectified, deleted or the Processing thereof restricted (as appropriate).

In addition, the Individual has the right to object to:

(a)  the Processing of his Data on the basis of grounds related to his particular situation, unless HEINEKEN can demonstrate a prevailing legitimate interest for the Processing; and

(b)  the Processing of his Data for direct marketing communications, including profiling to the extent that it is related to such direct marketing.

The Individual has the right (at his option) to receive a copy of the Data that he has provided in a common machine readable format.

Procedure

7.2 The Individual should send his request to the contact person or contact point indicated in the relevant privacy statement or notice. If no contact person or contact point is indicated, the Individual may send his request through the general contact section of the HEINEKEN website. Prior to fulfilling the request of the Individual, HEINEKEN may require the Individual to:

(a)  specify the categories of Personal Data to which he is seeking access;

(b)  specify to the extent reasonably possible the data system in which the Data are likely to be stored;

(c)  specify the circumstances in which HEINEKEN obtained the Personal Data;

(d)  provide proof of his identity when HEINEKEN has reasonable doubts concerning such identity, or to provide additional information enabling his identification;

(e)  pay a fee to compensate HEINEKEN for the reasonable costs relating to fulfilling the request, provided HEINEKEN can reasonably demonstrate that the request is manifestly unfounded or excessive, e.g. because of its repetitive character; and

(f)   in case of a request for rectification, deletion, or blockage, specify the reasons why the Personal Data are incorrect, incomplete or not Processed in accordance with applicable law or this Procedure.

Response period

7.3 Within four weeks of HEINEKEN receiving the request, the contact person, contact point, or Privacy Officer shall inform the Individual in writing or electronically either

(i) of HEINEKEN’s position with regard to the request and any action HEINEKEN has taken or will take in response or

(ii) the ultimate date on which he will be informed of HEINEKEN’s position and the reason for the delay, which date will be no later than eight weeks after the communication was sent to the Individual.

Complaint

7.4 An Individual may file a complaint in accordance with Article 17.3 if:

(a) the response to the request is unsatisfactory to the Individual (e.g. the request is denied);

(b) the Individual has not received a response as required by Article 7.3; or

(c) the time period provided to the Individual in accordance with Article 7.3 is, in light of the relevant circumstances, unreasonably long and the Individual has objected but has not been provided with a shorter, more reasonable time period in which he will receive a response.

Denial of requests

7.5 HEINEKEN may deny an Individual’s request if:

(a)  the request does not meet the requirements of Articles 7.1 and 7.2.

(b)  the request is not sufficiently specific;

(c)  the identity of the relevant Individual cannot be established by reasonable means, including the additional information provided by the Individual;

(d)  HEINEKEN can reasonably demonstrate that the request is manifestly unfounded or excessive, e.g. because of its repetitive character. A time interval between requests of six months or less shall generally be deemed to be an unreasonable time interval; or

(e)  the request violates the rights of other individuals.

No requirement to Process identifying information

7.6 HEINEKEN is not obliged to Process additional information in order to be able to identify the Individual for the sole purpose of facilitating the rights of the Individual under this Article 7.

Data security

8.1 HEINEKEN shall take appropriate commercially reasonable technical, physical and organisational measures to protect Personal Data from misuse or accidental, unlawful, or unauthorised destruction, loss, alteration, disclosure, acquisition or access. To achieve this, HEINEKEN has developed and implemented the HEINEKEN Information Security Policy and other policies relating to the protection of Personal Data.

Staff access

8.2 Staff members shall be authorised to access Personal Data only to the extent necessary to serve the applicable Business Purpose and to perform their job.

Confidentiality obligations

8.3 Staff members who access Personal Data must meet their confidentiality obligations.

Data Security Breach notification requirement

8.4 HEINEKEN shall notify the Individual of a Data Security Breach within a reasonable period of time following discovery of such breach, unless a law enforcement official or supervisory authority determines that notification would impede a (criminal) investigation or cause damage to national security. In this case, notification shall be delayed as instructed by such authority. HEINEKEN shall respond promptly to inquiries of Individuals relating to such Data Security Breach.

Direct marketing

9.1 This Article sets forth requirements concerning the Processing of Personal Data for direct marketing purposes (e.g. contacting the Individual by email, fax, phone, SMS or otherwise, with a view of solicitation for commercial or charitable purposes).

Consent for direct marketing (opt-in)

9.2 If applicable law so requires, HEINEKEN shall only send to Individuals unsolicited commercial electronic communication with the prior consent of the Individual (“opt-in”). If applicable law does not require prior consent of the Individual, HEINEKEN shall in any event offer the Individual the opportunity to opt-out of such unsolicited commercial communication.

Exception (opt-out)

9.3 Prior consent of the Individual for sending unsolicited commercial electronic communication is not required if:

(a)  an Individual has provided his electronic contact details to a Group Company in the context of a sale of a product or service of such Group Company;

(b)  such contact details are used for direct marketing of such Group Company’s own similar products or services; and

(c)  provided that an Individual clearly and distinctly has been given the opportunity to object free of charge, and in an easy manner, to such use of his electronic contact details when they are collected by the Group Company.

Information to be provided in each communication

9.4 In every direct marketing communication that is made to the Individual, the Individual shall be offered the opportunity to opt-out of further direct marketing communications.

Objection to direct marketing

9.5 If an Individual objects to receiving marketing communications from HEINEKEN, or withdraws his consent to receive such communications, HEINEKEN will take steps to refrain from sending further marketing materials as specifically requested by the Individual. HEINEKEN will do so within the time period required by applicable law.

Third Parties and Direct marketing

9.6 No Data shall be provided to, or used on behalf of, Third Parties for purposes of direct marketing of such Third Party without the prior consent of the Individual.

Personal Data of Children

9.7 HEINEKEN shall not use any Personal Data of Children for direct marketing, without the prior consent of their parent or custodian.

Direct marketing records

9.8 HEINEKEN shall keep a record of Individuals that used their “opt-in” or “opt-out” right and will regularly check the public opt-out registers.

Automated decisions

10.1 Automated tools may be used to make decisions about Individuals but decisions with a negative outcome for the Individual may not be based solely on the results provided by the automated tool. This restriction does not apply if:

(a)  the use of automated tools is necessary for the performance of a task carried out to comply with a legal obligation or sectorial recommendation to which HEINEKEN is subject;

(b)  the decision is made by HEINEKEN for purposes of (a) entering into or performing a contract or (b) managing the contract, provided the underlying request leading to a decision by HEINEKEN was made by the Individual (e.g., where automated tools are used to filter promotional game submissions); or

(c)  the Individual has given his explicit consent.

In case Article 10.1(b) or (c) is applicable, HEINEKEN shall take suitable measures to safeguard the legitimate interests of the Individual, e.g. by providing the Individual with an opportunity to express his point of view.

Transfer to Third Parties

11.1 This Article sets forth requirements concerning the transfer of Personal Data from HEINEKEN to a Third Party. Note that a transfer of Personal Data includes situations in which HEINEKEN discloses Personal Data to Third Parties (e.g., in the context of corporate due diligence) or where HEINEKEN provides remote access to Personal Data to a Third Party.

Third Party Processors and Third Party Controllers 11.2 There are two categories of Third Parties:

(a)  Third Party Processors: these are Third Parties that Process Personal Data solely on behalf of HEINEKEN and at its direction (e.g., Third Parties that Process online registrations made by Customers);

(b)  Third Party Controllers: these are Third Parties that Process Personal Data and determine the purposes and means of the Processing (e.g., Business Partners that provide their own goods or services directly to Customers).

Transfer for applicable Business Purpose only

11.3 HEINEKEN shall transfer Personal Data to a Third Party to the extent necessary to serve the applicable Business Purpose (including Secondary Purposes as per Article 3 or purposes for which the Individual has provided consent in accordance with Article 2).

Third Party Controller safeguards

11.4 Third Party Controllers (other than government agencies) may Process Personal Data only if they have a contract with HEINEKEN. In the contract, HEINEKEN shall seek to contractually protect the data protection interests of its Individuals when Personal Data are transferred to Third Party Controllers. All such contracts shall be drafted in consultation with the appropriate Privacy Officer. Individual Business Contact Data may be transferred to a Third Party Controller without safeguards if it is reasonably expected that such Business Contact Data will be used by the Third Party Controller to contact the Individual for legitimate business purposes related to the Individual’s job responsibilities.

Third Party Processor contracts

11.5 Third Party Processors may Process Personal Data only if they have a validly entered into written or electronic contract with HEINEKEN (Processor Contract). The contract with a Third Party Processor must include the following provisions:

(a) the Third Party Processor shall Process Personal Data only in accordance with HEINEKEN’s instructions including on transfers of Personal Data to any Third Party Processor located in a country outside the EEA and which Third Party Processor or country are not covered by an Adequacy Decision, unless the Third Party Processor is required to do so under mandatory requirements applicable to the Third Party Processor and for the purposes authorised by HEINEKEN;

(b) the Third Party Processor shall keep the Personal Data confidential;

(c) the Third Party Processor shall take appropriate technical, physical and organisational security measures to protect the Personal Data;

(d) the Third Party Processor shall only permit subcontractors to Process Personal Data in connection with its obligations to HEINEKEN (a) with the prior specific or generic consent of HEINEKEN, and (b) based on a validly entered into written or electronic contract with the subcontractor, which imposes similar privacy protection-related Processing terms as those imposed on the Third Party Processor under the Processor Contract, and provided that the Third Party Processor remains liable to HEINEKEN for the performance of the subcontractor in accordance with the terms of the Processor Contract;

(e) HEINEKEN has the right to review the security measures taken by the Third Party Processor and the Third Party Processor shall subject its relevant data processing facilities to audits and inspections by HEINEKEN, a Third Party on behalf of HEINEKEN or any relevant government authority;

(f) the Third Party Processor shall promptly inform HEINEKEN of any actual or suspected Data Security Breach involving Personal Data; and

(g) the Third Party Processor shall deal promptly and appropriately with (a) inquiries of HEINEKEN related to the Processing of Personal Data; and (b) requests for assistance of HEINEKEN, as reasonably required to ensure compliance of the Processing of Personal Data with applicable law; and

(h) upon termination of the Processor Contract, the Third Party Processor shall, at the option of HEINEKEN, return the Personal Data and copies thereof to HEINEKEN or shall securely delete such Personal Data, except to the extent the Processor Contract or applicable law provides otherwise.  

Transfer of Data to Third Parties outside the EEA and that are not covered by an Adequacy Decision

11.6 This Article sets forth additional rules for Personal Data that are (a) collected originally in connection with activities of a Group Company that is located in the EEA or located in a country outside the EEA and which Group Company or country are covered by an Adequacy Decision; and (b) transferred to a Third Party that is located in a country outside the EEA and which Third Party or country are not covered by an Adequacy Decision. Personal Data may be transferred to such a Third Party only if:

(a)  the transfer is necessary for the performance of a contract with the Individual, for managing a contract with the Individual or to take necessary steps at the request of the Individual prior to entering into a contract, e.g., for processing orders;

(b)  a contract has been concluded between HEINEKEN and the relevant Third Party requiring that Third Party (a) be bound by the terms of this Procedure as were it a Group Company; or (b) provides for safeguards at a similar level of protection as that provided by this Procedure; the contract shall conform to any model contract requirement under applicable local law (if any);

(c)  the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the Individual between HEINEKEN and a Third Party (e.g. in case of recalls);

(d)  the Third Party has been certified under a program that is recognised under applicable local law as providing an “adequate” level of data protection;

(e) the Third Party has implemented Binding Corporate Rules or a similar transfer control mechanism which provides adequate safeguards under applicable law;

(f) the transfer is necessary to protect a vital interest of the Individual;

(g) the transfer is necessary for the establishment, exercise or defence of a legal claim;

(h) the transfer is necessary to satisfy a pressing need to protect the public interests of a democratic society; or

(i) the transfer is necessary for the performance of a task carried out to comply with a legal obligation or sectorial recommendation to which the relevant Group Company is subject; or

(j) the transfer is necessary to satisfy a Business Purpose of HEINEKEN, provided the transfer is not repetitive, concerns only a limited number of Individuals, and the interests of the affected Individuals do not outweigh the Business Purpose for which the transfer is made. Items 00, 0 and 0 above require the prior approval of the Global Privacy Officer.

Consent for transfer

11.7 If none of the grounds listed in Article 11.6 exist or if applicable local law so requires HEINEKEN shall (also) seek consent from the Individual for the transfer to a Third Party located in a country outside the EEA which Third Party or country is not covered by an Adequacy Decision. Prior to requesting consent, the Individual shall be provided with the following information:

(a)  the purpose of the transfer;

(b)  the identity of the transferring Group Company;

(c)  the identity or categories of Third Parties to which the Data will be transferred;

(d)  the categories of Data that will be transferred;

(e)  the country to which the Data will be transferred; and

(f)   the fact that the Data will be transferred to a Third Party located in a country outside the EEA and which Third Party or country are not covered by an Adequacy Decision.

The requirements set out in Articles 2.2 and 2.3 apply to the requesting, denial or withdrawal of consent.

Transfer of Data to Third Parties outside the EEA and that are not covered by an Adequacy Decision

11.8 This Article sets forth additional rules for transfers of Personal Data that were collected in connection with the activities of a Group Company located in a country outside the EEA, and which Group Company or country is not covered by an Adequacy Decision to a Third Party also located in a country outside the EEA which Third Party or country is not covered by an Adequacy Decision. In addition to the grounds listed in Article 1.6, these transfers are permitted if they are:

(a)  necessary for compliance with a legal obligation to which the relevant Group Company is subject;

(b)  necessary to serve the public interest; or necessary to satisfy a Business Purpose of HEINEKEN.

Overriding Interests

12.1 The obligations of HEINEKEN or rights of Individuals as specified in Articles 12.2 and 12.3 may be overridden if, under the specific circumstances at issue, a pressing need exists that outweighs the interest of the Individual (Overriding Interest). An Overriding Interest exists if there is a need to:

(a)  protect the legitimate business interests of HEINEKEN including:

(i)   the health, security or safety of Employees or Individuals;

(ii) HEINEKEN’s intellectual property rights, trade secrets or reputation;

(iii) the continuity of HEINEKEN’s business operations;

(iv) the preservation of confidentiality in a proposed sale, merger or acquisition of a business; or

(v) the involvement of trusted advisors or consultants for business, legal, tax, or insurance purposes;

(b) prevent or investigate (including cooperating with law enforcement) suspected or actual violations of law, breaches of the terms of contract, or non-compliance with the HEINEKEN Code of Business Conduct or other HEINEKEN policies and procedures; or

(c) otherwise protect or defend the rights or freedoms of HEINEKEN, its Employees or other persons.

Exceptions in the event of Overriding Interests

12.2 If an Overriding Interest exists, one or more of the following obligations of HEINEKEN or rights of the Individual may be set aside:

a) Article 3.1 (the requirement to Process Personal Data for closely related purposes);

(b) Article 6.1 and 6.2 (information provided to Individuals, Personal Data not obtained from the Individuals);

(c) Article 7 (rights of Individuals);

(d) Articles 8.2 and 8.3 (Staff access limitations and confidentiality requirements); and

(e) Articles 11.4, 11.5  and 11.6(b) (contracts with Third Parties).

Sensitive Data

12.3 The requirements of Articles 4.1 and 4.2 (Sensitive Data) may be set aside only for the Overriding Interests listed in Article 12.1(a)(i), 12.1(a)(ii), 12.1(a)(v), 12.1(b) and 12.1(c).

Consultation with Global Privacy Officer

12.4 Setting aside obligations of HEINEKEN or rights of Individuals based on an Overriding Interest requires prior consultation of the Global Privacy Officer. The Global Privacy Officer shall document his advice.

Information to Individual

12.5 Upon request of the Individual, HEINEKEN shall inform the Individual of the Overriding Interest for which obligations of HEINEKEN or rights of the Individual have been set aside, unless the particular Overriding Interest sets aside the requirements of Articles 6.1 or 7.1, in which case the request shall be denied.

Global Privacy Officer

13.1 HEINEKEN International B.V. shall appoint a Global Privacy Officer who is responsible for:

(a)  Supervising compliance with this Procedure;

(b)  Coordinating the Privacy Officers network and communicating and consulting with the Privacy Officers network on central data protection issues;

(c)  Providing annual privacy reports, as appropriate, to the Executive Board on data protection risks and compliance issues, and as described in article 16.2;

(d)  Coordinating, in conjunction with the Privacy Officers network and the relevant compliance officers, official investigations or inquiries into the Processing of Personal Data by a government authority;

(e)  Dealing with conflicts between this Procedure and applicable law as described in Article 20.2;

(f)   Approving transfers as described in Articles 20.1 and 11.6;

(g)  Monitoring the performance and periodic review of a Privacy Impact Assessment (PIA) before a new system or a business process involving Processing of Personal Data is implemented as described in Article 14.3.

(h)  Monitoring the documentation, notification and communication of Data Security Breaches;

(i)    Deciding on complaints as described in Article 17; and creating and maintaining a framework for:

(i) the development, implementation and updating of local data protection policies and procedures;

(ii) the maintaining, updating and publishing of this Procedure and related sub-policies;

(iii) the creating, maintaining and updating of information regarding the structure and functioning of all systems that process personal data (as required by Article 14);

(iv) the development, implementation and updating of the relevant data protection training and awareness programs;

(v) the monitoring, auditing and reporting on compliance with this Procedure to the management board;

(vi) the collecting, investigating and resolving privacy inquiries, concerns and complaints; and

(vii) determining and updating appropriate measures/sanctions for violations of this Procedure (e.g. disciplinary standards);

(viii) Devising the data management processes, systems and tools to implement the framework for data protection management as referred to under 0(i).

In addition, and notwithstanding Article 13.2, the Global Privacy Officer can determine for which specific Organisational Unit a Privacy Officer is appropriate (see Article 13.2), after which the respective Organisational Unit shall designate a Privacy Officer.

Privacy Officer

13.2 HEINEKEN shall for each Organisational Unit designate a Privacy Officer. HEINEKEN may also designate a Privacy Officer for a group of Organisational Units. These Privacy Officers may, in turn, establish a network of Privacy Officers sufficient to direct compliance with this Procedure within their respective regions or functions. A list of designated Privacy Officers is published on the HEINEKEN intranet.

The Privacy Officers shall perform the following tasks:

(a)  Implement the data management processes, systems and tools, devised by the Global Privacy Officer to implement the framework for data protection management in their respective  Organisational Unit;

(b)  Support and assess overall data protection management compliance within their Organisational Unit;

(c)  Regularly advise their respective executive teams, Responsible Manager and the Global Privacy Officer on privacy risks and compliance issues; (d)  Maintain (or ensure access to) an inventory of the system information about the structure and functioning of all systems that process Personal Data (as required by Article 14.2);

(e)  Be available for requests for privacy approvals or advice as described in Articles 2.1, 2.2, 4.4, 7 and 11.7;

(f)   Provide information relevant to the annual privacy report of the Global Privacy Officer (as required in Article 16);

(g)  Assist the Global Privacy Officer in the event of official investigations or inquiries by government authorities;

(h)  Own and authorise all appropriate privacy sub-policies in their organisations;

(i)    Direct that stored Personal Data be deleted or destroyed, de-identified or transferred as required by Article 5.2;

(j)    Decide on and notify the Global Privacy Officer of complaints as described in Article 17; and

(k)  Cooperate with the Global Privacy Officer, other Privacy Officers, and the general business principles compliance officers to:

(i)Ensure that the instructions, tools and training are in place to enable the Organisational Unit, to comply with this Procedure;

(ii) Share and provide guidance on best practices for data protection management within their Organisational Unit;

(iii) Ensure that data protection requirements are taken into account whenever new technology is implemented in their Organisational Unit; and

(iv) Notify the Responsible Manager of the involvement of external service providers with data processing tasks for their Organisational Unit.  

Responsible Manager

13.3 The Responsible Manager is accountable that effective data protection management is implemented in his Organisational Unit (including but not limited to the obligation to appoint a Privacy Officer and the responsibility for executing Privacy Impact Assessments, where necessary), is integrated into business practices, and that adequate resources and budget are available.

Responsible Managers are accountable for:

(a)  Ensuring overall data protection management compliance within their Organisational Unit, also during and following organisational restructuring, outsourcing, mergers and acquisitions and divestures;

(b)  Implementing the data management processes, systems and tools, devised by the Global Privacy Officer to implement the framework for data protection management in their respective  Organisational Unit;

(c)  Ensuring that the data protection management processes and systems are maintained up to date against changing circumstances and legal and regulatory requirements;

(d)  Ensuring and monitoring ongoing compliance of third parties with the requirements of this Procedure in case Personal Data are disclosed by HEINEKEN to a Third Party (including entering into a written or electronic contract with such Third Party and obtaining a sign off of such contract from the legal department);

(e)  Ensuring that relevant individuals in their  Organisational Unit follow the prescribed data protection training courses; and

(f)   Directing that stored Personal Data be deleted or destroyed, de-identified or transferred as required by Article 5.2.

Responsible Managers are responsible for:

(g)  Appointing a Privacy Officer for their  Organisational Unit;

(h)  Consulting with the Global Privacy Officer in all cases where there is a conflict between applicable local law and this Procedure as described in Article 20.2; and

(i)   Informing the Global Privacy Officer of any new legal requirement that may interfere with HEINEKEN’s ability to comply with this Procedure as required by Article 20.3.

Privacy Officer with a statutory position

13.4 Where a Privacy Officer holds his position pursuant to law, he shall carry out his job responsibilities to the extent they do not conflict with his statutory position.

Policies and procedures

14.1 HEINEKEN shall develop and implement policies and procedures to comply with this Procedure.

System information

14.2 HEINEKEN shall maintain readily available information regarding the structure and functioning of all systems and processes that Process Personal Data (e.g. inventory of systems and processes, Privacy Impact Assessments).

Privacy Impact Assessments

14.3 HEINEKEN shall maintain a procedure to conduct and document a prior assessment of the impact that processing may have on the protection of Personal Data, where such Processing is likely to result in a high risk for the rights and freedoms of Individuals, in particular where new technologies are used.

Staff training

15.1 HEINEKEN shall provide training on this Procedure and related confidentiality obligations to Staff members who have access to Personal Data.

Audits

16.1 HEINEKEN Global Audit shall audit business processes and procedures that involve the Processing of Personal Data for compliance with this Procedure. The audits shall be carried out in the course of the regular activities of Global Audit or at the request of the Global Privacy Officer. The Global Privacy Officer may request to have an audit as specified in this Article 16.1 conducted by an external auditor. Applicable professional standards of independence, integrity and confidentiality shall be observed when conducting an audit. The Global Privacy Officer and the appropriate Privacy Officers shall be informed of the results of the audits. Reported violations of the Procedure will be reported back to senior management. A copy of the audit results will be provided to the Dutch Data Protection Authority upon request.

Annual Privacy Report

16.2 The Global Privacy Officer shall implement appropriate processes to monitor compliance with this Procedure and produce an annual Personal Data privacy report for the Executive Board on compliance with this Procedure, data protection risks and other relevant issues. Each Privacy Officer shall provide information relevant to the report to the Global Privacy Officer.

Mitigation

16.3 HEINEKEN shall, if so indicated, ensure that adequate steps are taken to address breaches of this Procedure identified during the monitoring or auditing of compliance pursuant to this Article 16.

Complaint

17.1 Individuals may file a complaint regarding compliance with this Procedure or violations of their rights under applicable local law:

(a)  in accordance with the applicable complaints procedure set forth in the HEINEKEN Code of Business Conduct or contract; or

(b)  with the appropriate Privacy Officer.

The appropriate Privacy Officer shall:

(a)  notify the Global Privacy Officer;

(b)  initiate an investigation; and

(c)  when necessary, advise the business on the appropriate measures for compliance and monitor, through to completion, the steps designed to achieve compliance.

The appropriate Privacy Officer may consult with any government authority having jurisdiction over a particular matter about the measures to be taken.

Reply to Individual

17.2 Within four weeks of HEINEKEN receiving a complaint, the appropriate Privacy Officer shall inform the Individual in writing, or electronically either

(i) of HEINEKEN’s position with regard to the complaint and any action HEINEKEN has taken or will take in response, or (ii) when he will be informed of HEINEKEN’s position, which date shall be no later than twelve weeks thereafter.

The appropriate Privacy Officer shall send a copy of the complaint and his written reply to the Global Privacy Officer.

Complaint to Global Privacy Officer

17.3 An Individual may file a complaint with the Global Privacy Officer if:

(a)  the resolution of the complaint by the appropriate Privacy Officer is unsatisfactory to the Individual (e.g., the complaint is rejected)

(b)  the Individual has not received a response as required by Article 17.2;

(c)  the time period provided to the Individual pursuant to Article 17.2 is, in light of the relevant circumstances, unreasonably long and the Individual has objected, but has not been provided with a shorter, more reasonable time period in which he will receive a response; or

(d)  in the events listed in Article 7.4.

The procedure described in Articles 17.1 and 17.2 shall apply to complaints filed with the Global Privacy Officer.

Complaints procedure

18.1 Individuals are encouraged to first follow the complaints procedure set forth in 0 of this Procedure before filing any complaint or claim with the competent DPA or courts.

Local law and jurisdiction

18.2 The rights contained in this Article are in addition to and shall not prejudice any other rights or remedies that either party may otherwise have by law.

In case of a violation of this Procedure, the Individual may only, at his choice, submit a complaint or a claim to the following DPAs or courts (as applicable):

(a)  in the EEA country at the origin of the Data transfer against the Group Company in such country of origin responsible for the relevant Data transfer;

(b)  of the EEA country where the Individual resides, against the Group Company being the Data Controller of the relevant Data; or

(c)  in the Netherlands, against HEINEKEN International B.V. The DPAs and courts shall apply their own substantive and procedural laws to the dispute. Any choice made by the Individual will not prejudice the substantive or procedural rights he or she may have under applicable law.

Right to claim direct damages

18.3 In case an Individual brings a claim under Article 18.2, such Individual shall be entitled to compensation of damages, to the extent provided by applicable EEA law, suffered by an Individual resulting from a violation of this Procedure.

Burden of proof in respect of claim for damages

18.4 In case an Individual brings a claim for damages under Article 18.2, it will be for the Individual to demonstrate that he has suffered actual damages and to establish facts which show it is plausible that the damage has occurred because of a violation of this Procedure. It will subsequently be for the relevant Group Company to prove that the damages suffered by the Individual due to a violation of this Procedure are not attributable to HEINEKEN.

Mutual assistance and redress

18.5 All Group Companies shall co-operate and assist each other to the extent reasonably possible to handle:

(a)  a request, complaint or claim made by an Individual; or

(b)  a lawful investigation or inquiry by a competent DPA or public authority.

The Group Company that receives a request, complaint or claim from an Individual is responsible for handling any communication with the Individual regarding his request, complaint or claim except where circumstances dictate otherwise.

The Group Company that is responsible for the Processing to which the request, complaint or claim relates, shall bear all costs involved and reimburse HEINEKEN International B.V.

Advice of the Lead DPA

18.6 HEINEKEN International B.V. shall abide by the advice of DPAs, competent pursuant to Article 18.2, issued on the interpretation and application of this Procedure.

Mitigation

18.7 HEINEKEN International B.V. shall ensure that adequate steps are taken to address violations of this Procedure by a Group Company.

Law applicable to this Procedure

18.8 This Procedure shall be governed by and interpreted in accordance with Dutch law.

Non-compliance

19.1 Non-compliance of Employees with this Procedure may result in appropriate measures in accordance with applicable local law up to and including termination of employment.

Conflict of law when transferring Data

20.1 Where a legal requirement to transfer Personal Data conflicts with the laws of the Member State(s) of the EEA or the law of Switzerland, the transfer requires the prior approval of the Global Privacy Officer. The Global Privacy Officer shall seek the advice of Global Legal Affairs if appropriate. The Global Privacy Officer may seek the advice of the Dutch Data Protection Authority or another competent government authority.  

Conflict between Procedure and law

20.2 In all other cases, where there is a conflict between applicable local law and the Procedure, the relevant Responsible Manager shall consult with the Global Privacy Officer to determine how to comply with this Procedure and resolve the conflict to the extent reasonably practicable given the legal requirements applicable to the relevant Group Company.

New conflicting legal requirements

20.3 The relevant Responsible Manager shall promptly inform the Global Privacy Officer of any new legal requirement that may interfere with HEINEKEN’s ability to comply with this Procedure.

21.1 Any changes to this Procedure require the prior approval of the Executive Director Global Legal Affairs of HEINEKEN. HEINEKEN shall notify the Dutch Data Protection Authority in case of material changes to this Procedure on a yearly basis.

21.2 This Procedure may be changed by HEINEKEN without Individual’s consent even though an amendment may relate to a benefit conferred on Individuals.

21.3 Any amendment shall enter into force and take immediate effect after it has been approved in accordance with this Article 21 and is published on the HEINEKEN website.

21.4 Any request, complaint or claim of an Individual involving this Procedure shall be judged against the Procedure that is in force at the time the request, complaint or claim is made.

22.1 This Procedure does not apply to the Processing of Personal Data collected in connection with local activities of a HEINEKEN Group Company located in a country outside the EEA and which Group Company or country are not covered by an Adequacy Decision, with the exception of the security and governance requirements of this Procedure which will remain applicable. In respect of such Processing of Personal Data, the relevant HEINEKEN Group Company may decide whether to apply this Procedure. Such Processing of Personal Data shall at least be compliant with applicable local law.

General transition period

23.1 Except as indicated below, there shall be a two-year transition period for compliance with this Procedure. Accordingly, except as otherwise indicated, within two years of the Effective Date, all Processing of Personal Data shall be undertaken in compliance with this Procedure. During the transition period, any transfer of Personal Data to a Group Company under this Procedure as a data transfer mechanism may only take place to the extent that (i) the Group Company receiving such Personal Data is compliant with this Procedure, or (ii) the data transfer meets one of the grounds for transfer listed in Articles 11.6 through 11.8.

Transition period for new Group Companies

23.2 Any entity that becomes a Group Company after the Effective Date shall comply with this Procedure within two years of becoming a Group Company.

Transition Period for Divested Entities

23.3 A Divested Entity may remain covered by this Procedure after its divestment for such period as may be required by HEINEKEN to disentangle the Processing of Personal Data relating to such Divested Entity.

Transition period for IT Systems

23.4 Where implementation of this Procedure requires updates or changes to information technology systems (including replacement of systems), the transition period shall be three years from the Effective Date or from the date an entity becomes a Group Company, or any longer period as is reasonably necessary to complete the update, change or replacement process.

Transition Period for Existing Agreements

23.5 Where there are existing agreements with Third Parties that are affected by this Procedure, the provisions of the agreements will prevail until the agreements are renewed in the normal course of business.

Transition Period for Local-for-Local Systems

23.6 Processing of Personal Data that were collected in connection with activities of a Group Company located in a country outside the EEA and which Group Company or country are not covered by an Adequacy Decision shall be brought into compliance with this Procedure within five years of the Effective Date.

Contact details

HEINEKEN Global Privacy Officer

c/o HEINEKEN International B.V.

Tweede Weteringplantsoen 21

1017 ZD Amsterdam

The Netherlands

Tel: +31 (0)20 523 92 39

Interpretations of this procedure

(a)       Unless the context requires otherwise, all references to a particular Article or Annex are references to that Article or Annex in or to this document, as they may be amended from time to time;

(b)       headings are included for convenience only and are not to be used in construing any provision of this Procedure;

(c)       if a word or phrase is defined, its other grammatical forms have a corresponding meaning;

(d)       the male form shall include the female form;

(e)       the words “include”, “includes” and “including” and any words following them shall be construed without limitation to the generality of any preceding words or concepts and vice versa;

(f)        a reference to a document (including, without limitation, a reference to this Procedure) is to the document as amended, varied, supplemented or replaced, except to the extent prohibited by this Procedure or that other document; and

(g)       a reference to law includes any regulatory requirement, sectorial recommendation, and best practice issued by relevant national and international supervisory authorities or other bodies.  

Definitions

Adequacy Decision

ADEQUACY DECISION shall mean a decision issued by the European Commission under Article 25 of the EU Data Protection Directive that a country or region outside the EEA or a category of recipients in such country or region is deemed to provide an ‘adequate’ level of data protection.  

Archive

ARCHIVE shall mean a collection of Personal Data that are no longer necessary to achieve the purposes for which the Data originally were collected or that are no longer used for general business activities, but are used only for historical, scientific or statistical purposes, dispute resolution, investigations or general archiving purposes. An archive includes any data set that can no longer be accessed by any Employee other than the system administrator.

Article

ARTICLE shall mean an article in this Procedure.

Binding Corporate Rules

BINDING CORPORATE RULES shall mean a privacy policy of a group of undertakings which under applicable local law (such as Article 25 of the EU Data Protection Directive) is considered to provide an adequate level of protection for the transfer of Personal Data within that group of undertakings.

Business Contact Data

BUSINESS CONTACT DATA shall mean any data typically found on a business card and used by the Individual in his contact with HEINEKEN.  

Business Partner

BUSINESS PARTNER shall mean any Third Party, other than a Customer or Supplier, that has or had a business relationship or strategic alliance with HEINEKEN (e.g. joint marketing partner, joint venture or joint development partner).

Business Purpose

BUSINESS PURPOSE shall mean a purpose for Processing Personal Data as specified in Article 2 or 3 or for Processing Sensitive Data as specified in Article 3 or 4.

Children

CHILDREN shall mean individuals under the age of 13 years.

Customer

CUSTOMER shall mean any person, private organisation, or government body that purchases, may purchase or has purchased a HEINEKEN product or service.

DPA

DPA shall mean any data protection authority of an EEA country.

Data Security Breach

DATA SECURITY BREACH shall mean the unauthorised acquisition, access, use or disclosure of unencrypted Personal Data that compromises the security or privacy of such information to the extent the compromise poses a high risk of financial, reputational, or other harm to the Individual. A Data Security Breach is deemed not to have occurred where there has been an unintentional acquisition, access or use of unencrypted Personal Data by an Employee of HEINEKEN or Third Party Processor or an individual acting under their respective authority, if:

(a)  the acquisition, access, or use of Personal Data was made in good faith and within the course and scope of the employment or professional relationship of such employee or other individual; and

(b)  the Personal Data are not further acquired, accessed, used or disclosed by any person.

Divested Entity

DIVESTED ENTITY shall mean the divestment by HEINEKEN of a Group Company or business by means of: (a) a sale of shares as a result whereof the divested Group Company no longer qualifies as a Group Company and/or (b) a demerger, sale of assets, or any other manner or form.  

EEA

EEA or EUROPEAN ECONOMIC AREA shall mean all Member States of the European Union, plus Norway, Iceland and Liechtenstein.

Effective Date

EFFECTIVE DATE shall mean the date on which this Procedure becomes effective as set forth in Article 1.5.

Employee

EMPLOYEE shall mean the following persons:

(a)       an employee, job applicant or former employee of HEINEKEN including temporary workers working under the direct supervision of HEINEKEN (e.g. independent contractors and trainees). This term does not include people working at HEINEKEN as consultants or employees of Third Parties providing services to HEINEKEN;

(b)       a (former) executive or non-executive director of HEINEKEN.

Employee Data

EMPLOYEE DATA shall mean any information relating to an identified or identifiable Employee in the context of their employment relationship with HEINEKEN. This definition does not cover the processing of Employee Data in the Employee’s capacity as a customer of HEINEKEN.

Employment-at-will

EMPLOYMENT-AT-WILL means an employment relationship in which either the employer or employee can terminate the employment relationship at any time for any reason, with or without advance notice.

EU Data Protection Directive

EU DATA PROTECTION DIRECTIVE shall mean the Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of and the free movement of such data or any successor or replacement thereof.

Executive Board

EXECUTIVE Board shall mean the Executive Board of HEINEKEN N.V.

Global Privacy Officer

GLOBAL PRIVACY OFFICER shall mean the officer as referred to in Article 13.1.

Group Company

GROUP COMPANY shall mean HEINEKEN N.V. and any company or legal entity of which HEINEKEN N.V., directly or indirectly owns more than 50% of the issued share capital, has more than 50% of the voting power at general meetings of shareholders, has the power to appoint a majority of the directors, or otherwise directs the activities of such other legal entity; however, any such company or legal entity shall be deemed a Group Company only as long as a liaison and/or relationship exists, and  that is covered by the HEINEKEN Code of Business Conduct.

HEINEKEN

HEINEKEN shall mean HEINEKEN N.V. and its Group Companies.

HEINEKEN International B.V.

HEINEKEN INTERNATIONAL B.V. shall mean HEINEKEN International B.V., having its registered seat at Tweede Weteringplantsoen 21, 1017 ZD, Amsterdam, The Netherlands.

HEINEKEN Code of Business Conduct

HEINEKEN CODE OF BUSINESS CONDUCT shall mean the HEINEKEN Code of Business Conduct as published on the HEINEKEN intranet and any amendments thereto from time to time.

HEINEKEN N.V.

HEINEKEN N.V. shall mean HEINEKEN N.V., having its registered seat at Tweede Weteringplantsoen 21, 1017 ZD, Amsterdam, The Netherlands.  

Individual INDIVIDUAL shall mean any individual (employee of or any person working for) Customer, Supplier or Business Partner and any other individual whose Personal Data HEINEKEN processes in the context of the provision of its services.

Organisational Unit

ORGANISATIONAL UNIT shall mean each operating company or Global Function of HEINEKEN.

Original Purpose

ORIGINAL PURPOSE shall mean the purpose for which Personal Data was originally collected.

Overriding Interest

OVERRIDING INTEREST shall mean the pressing interests set forth in Article 12.1 based on which the obligations of HEINEKEN or rights of Individuals set forth in Article 12.2 and 0 may, under specific circumstances, be overridden if this pressing interest outweighs the interest of the Individual.

Personal Data or Data

PERSONAL DATA or DATA shall mean any information relating to an identified or identifiable Individual.

Privacy Impact Assessment (PIA)

PRIVACY IMPACT ASSESSMENT (PIA) shall mean a procedure to conduct and document a prior assessment of the impact which a given Processing may have on the protection of Personal Data, where such Processing is likely to result in a high risk for the rights and freedoms of Individuals, in particular where new technologies are used.

A PIA shall contain:

(a)  a description of:

(i)      the Processing;

(ii)     the Business Purpose for which Personal Data is Processed;

(iii)   the specific purposes for which Sensitive Data is Processed;

(iv)   the categories of Personal Data recipients, including recipients located in a country outside the EEA which recipients or countries are not covered by an Adequacy Decision;

(v)     Personal Data storage periods;

(b) an assessment of:

(i)      the necessity and proportionality of the Processing;

(ii)     the risks to the privacy rights of Individuals and the measures to mitigate these risks.

Privacy Officer

PRIVACY OFFICER shall mean the privacy officers appointed pursuant to Articles 13.1 and 13.2.

Processing

Processing shall mean any operation that is performed on Personal Data, whether or not by automatic means, such as collection, recording, storage, organisation, alteration, use, disclosure (including the granting of remote access), transmission or deletion of Personal Data.

Procedure

PROCEDURE shall mean this Privacy Procedure for Customer, Supplier and Business Partner Data and any amendments thereto.

Processor Contract

PROCESSOR CONTRACT shall mean any contract for the Processing of Personal Data entered into by HEINEKEN and a Third Party Processor  

Responsible Manager

RESPONSIBLE MANAGER shall mean the head of an Organisational Unit.

Secondary Purpose

SECONDARY PURPOSE shall mean any purpose other than the Original Purpose for which Personal Data is further Processed.

Sensitive Data

SENSITIVE DATA shall mean Personal Data that reveal an Individual’s racial or ethnic origin, political opinions or membership in political parties or similar organisations, religious or philosophical beliefs, membership in a professional or trade organisation or union, physical or mental health including any opinion thereof, disabilities, genetic code, addictions, sex life, criminal offenses, criminal records, biometric data, proceedings with regard to criminal or unlawful behaviour, or social security numbers issued by the government.

Staff

STAFF shall mean all Employees and other persons who Process Personal Data as part of their respective duties or responsibilities using HEINEKEN information technology systems or working primarily from HEINEKEN premises.

Supplier

SUPPLIER shall mean any Third Party that provides goods or services to HEINEKEN (e.g. an agent, consultant or vendor).

Third Party

THIRD PARTY shall mean any person, private organisation or government body outside HEINEKEN.

Third Party Controller

THIRD PARTY CONTROLLER shall mean a Third Party that Processes Personal Data and determines the purposes and means of the Processing.  

Third Party Processor

THIRD PARTY PROCESSOR shall mean a Third Party that Processes Personal Data on behalf of HEINEKEN that is not under the direct authority of HEINEKEN.


This privacy notice aims to give you information on how HEINEKEN processes the personal data it collects when recording phone calls that you place with our customer service centre.

HEINEKEN UK Limited is the data controller and responsible for your personal data. Our full details are: HEINEKEN UK Limited, 3-4 Broadway Park, South Gyle Broadway, Edinburgh, EH12 9JZ, United Kingdom

We may use your personal data collected by recording phone calls (including phone calls where you are transferred to HEINEKEN’s third party technical services partner) for the following purposes:

  1. account management;
  2. prevention, detection, investigation and prosecution of fraud;
  3. complaint handling and resolution;
  4. measuring the quality of the call;
  5. internal training on call handling.

We have a legitimate interest in recording calls in order to offer our customers a good service and to protect our business.  If you object to the call recording, you will have the option to end the call when you are informed that calls may be recorded.  You will have the option to contact us through alternative means. All calls will be retained for a period of one year. Although HEINEKEN’s third party technical services partner will receive any personal data you provide after a recorded call has been transferred to them, we will not share the call recording with them or any other third party. Your information will not be transferred outside the European Economic Area.

You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. Under certain circumstances, you have the right to:

  • Withdraw consent.
  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.

If you wish to exercise any of these rights, please contact us at protectingyourdata@heineken.co.uk.


Under data protection laws, photos and videos featuring people are treated as personal data. This privacy notice aims to give you information on how HEINEKEN processes photos and/or videos it takes of you at public and private events.

HEINEKEN UK Limited is the data controller and responsible for your personal data. Our full details are: HEINEKEN UK Limited, 3-4 Broadway Park, South Gyle Broadway, Edinburgh, EH12 9JZ, United Kingdom

Purpose 

We may use photos and/or videos we take of you (or a third party takes of you on our behalf) where:

  • it is necessary for our legitimate interest, to promote our business, and your interests and fundamental rights do not override that interest, or
  • we have asked you for your express consent, in which case you will be informed of the purpose when we obtain your consent.

We will delete photos and videos 6 years after the date they were taken.

Recipients

When using photos and videos to promote our business we may share them:

  • on public forums such as social media,
  • with marketing and agencies and content moderation supplier based within and outside of Europe, and
  • internally, including with other HEINEKEN companies within Europe.

When using photos and videos where you have provided your express consent, you will be informed of the recipients when we obtain your consent.

You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Under certain circumstances, you have the right to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing your personal data.
  • Request transfer of your personal data.
  • Withdraw consent.

If you wish to exercise any of these rights, please contact us at protectingyourdata@heineken.co.uk.


Year Ended 31 December 2018

Prepared in accordance with the requirements of Schedule 19, Finance Act 2016.

We believe that responsible tax behaviour is an essential element of our sustainability strategy. The taxes we pay are an important part of our contribution to local economies and support the development of the many countries in which we operate.

We support stable, transparent and predictable tax regimes that incentivise long-term investment and economic growth. We also support the principles that underpin the OECD’s work on Base Erosion and Profit Shifting (BEPS), including country-by-country reporting to tax authorities. HEINEKEN is working to ensure compliance with the new requirements.

In support of HEINEKEN’s business priorities we pursue a tax strategy that is sustainable and transparent. This strategy is annually reviewed and approved both by the Executive Board and the Audit Committee. Our commitment to tax planning is based on a number of key principles which conform with the HEINEKEN Global Tax Strategy:

  • Our commitment to comply with relevant tax laws and international regulations goes beyond legal compliance:
    • Our way of working conforms with the HEINEKEN Code of Conduct;
    • We expect to pay tax on our activities in the country where they take place; and
    • We do not use tax havens for tax avoidance purposes.
  • We fully support and follow the OECD transfer pricing guidelines. Transactions between HEINEKEN companies are conducted at ‘arm’s length’.
  • We pursue an open and constructive dialogue with HMRC.
  • We report taxes based on international (IFRS) and local reporting standards.

Risk profile

HEINEKEN is present in more than 70 countries, with a growing share of its revenues originating from emerging markets. The tax legislation in these countries is often complex and subject to interpretation. Recent international tax developments (incl. BEPS) have increased the likelihood of changes to tax systems in the countries we operate, and may lead to additional uncertainty and risk. Failure to comply with applicable regulations could lead to fines, claims and reputational damage.

Risk appetite

The international spread of our business, a robust balance sheet and strong cash flow, as well as a commitment to prudent financial management, form the context based on which HEINEKEN determines its appetite to risk. A structured risk management process allows HEINEKEN to take risks in a managed and controlled manner. Key to determining the risk appetite is the nature of the risks. In this respect, HEINEKEN is averse to the risk of non-compliance with applicable tax laws or regulations.

Risk management

HEINEKEN has put in place a comprehensive risk management system which identifies, assesses, prioritises and manages risks on a continuous and systematic basis, and covers all subsidiaries across regions, countries, markets and corporate functions. As part thereof, the HEINEKEN Tax Control Framework describes how tax is managed within HEINEKEN, both at a strategic and operational level. It supports tax risk management and ensures adherence to our tax principles, requiring documented policies and procedures across all our operating companies.

Our tax function ensures tax compliance of all HEINEKEN companies. It maintains communications with tax authorities and advises management on tax-related topics. External advisors are involved in material transactions or when a specific area of expertise is required. The Global Tax Department monitors and supports the local tax function and sets the global tax policies together with the Executive Board. The UK Head of Tax reports to the UK Finance Director. The UK Head of Tax is responsible for all taxes which impact the HEINEKEN UK (‘HUK’) corporate group, with the HR department having day to day responsibility for employee taxes. The HUK tax team members are suitably trained and experienced to deal with administration of the other taxes. The input of suitably qualified external advisors is a key source of expertise to supplement the skills of the HUK tax team. External advisors are therefore used when required on specialist matters. HUK carries out an assessment on an annual basis against the HEINEKEN Tax Control Framework to identify any potential improvements that could be made regarding tax risk management.

We seek to develop strong relations with HMRC based on respect, transparency and trust. We are committed to a collaborative approach to our dealings with HMRC. We engage with HMRC through our Customer Compliance Manager to discuss our tax affairs on a real time basis. We take care to ensure that our tax affairs are reported accurately. We would seek to voluntarily disclose any errors found in a submitted tax return, quantifying the effect of any error and paying any additional tax, interest and penalties due as a result. HEINEKEN is committed to paying the right amount of tax in the UK, and to work collaboratively with the tax authorities.


HEINEKEN’s Statement on Slavery and Human Trafficking, together with its Anti-Slavery and Human Trafficking Policy, reinforce our zero-tolerance approach to modern slavery.

We are committed to acting ethically and with integrity in all our business dealings and relationships.

For our Statement on Slavery and Human Trafficking, and for more information on our Anti-Slavery and Human Trafficking Policy, please click on the links below.

Anti-Slavery and Human Trafficking Policy (Official Version)

Modern Slavery and Human Trafficking Statement


HEINEKEN’s Code of Business Conduct, and its underlying policies, apply to all HEINEKEN colleagues.

It explains what’s expected of our people, individually and as a team, and highlights the basic principles we all need to observe when acting for or on behalf of our Company.

We are passionate about our business and about achieving our goals, and we’ll always do so with fairness and integrity, and with respect for our values, the law and our Code of Business Conduct.

For more information about our Code of Business Conduct, click on the link below.

HEINEKEN Code of Business Conduct


These Terms and Conditions prevail in the event of any conflict or inconsistency with any other communications, including advertising or promotional materials. Entry instructions are deemed to form part of the terms and conditions and by entering this promotion all participants will be deemed to have accepted and be bound by the terms and conditions. Please retain a copy for your information.

The personal data provided by entrants will only be used by the Promoter for the purpose of conducting the promotion and at all times in accordance with the Data Protection Act 2018 and the Promoter’s Privacy Policy (available at https://heineken.co.uk/legal-hub/?article=privacy-policy). From time to time, the Promoter may share entrants’ personal data with their agents/representatives to assist with administering the promotion and contacting entrants (as necessary) and/or fulfilling the prize(s).

  1. Only open to residents in the UK and Channel Islands and Isle of Man aged 18 or over, excluding employees of any company in the Heineken group and any person whom, in the Promoter’s reasonable opinion, should be excluded due to their involvement or connection with this promotion.
  2. No Purchase Necessary to enter. Complete the survey, enter your personal details and submit your completed survey via the supplied TypeForm link.  Only one entry per person – any repeat submissions will be disregarded. Standard network rates apply.
  3. Entries must be made personally. Entries made through agents/third parties, bulk entries or automated entries are invalid. No multiple entries from a single IP address will be valid. 
  4. The promoter accepts no responsibility for lost, damaged, incomplete, illegible or delayed entries, such entries will be void. Proof of sending is not proof of receipt and promoter does not accept any responsibility for the non receipt or the late receipt of message due to network failure or for any associated costs to entrants. No entries submitted via any other means will be accepted. The promoter cannot guarantee uninterrupted or secure access to the web entry route. Any mechanical reproduction or automated entries is prohibited, and any use of such automated devices will cause disqualification. 
  5. Promotion dates. Survey promotion runs from Monday 23rd September – Sunday 29th September 2019. 
  6. Nature of the prizes. There is 1 prize. The prize consists of one £100 Amazon voucher. Voucher terms and conditions apply – see  https://www.amazon.co.uk/gp/help/customer/display.html/280-5725522-2075014?ie=UTF8&nodeId=1040616 for details. The voucher is not for resale and Amazon reserves the right to invalidate any voucher sold contrary to the voucher terms. Vouchers must be redeemed by the date stated by Amazon.
  7. Winner election. The winner will be the first entry randomly selected from the list of survey respondents within 7 working days of the promotion closing date. The Promoter reserves the right to verify all entries and the winner and to refuse to award a prize or withdraw a prize entitlement and/or refuse further participation and disqualify the participant where there are reasonable grounds to believe there has been a breach of these terms and conditions or any instructions forming part of entry requirements or otherwise where a participant has gained unfair advantage in participating in the promotion or won using fraudulent means.  The Promoter will be the final arbiter in any decisions and these will be binding and no correspondence will be entered into. 
  8. How and when the winner will be notified of results. The winner will be contacted within 7 working days of the promotion end date. If the winner cannot be contacted within 7 working days, the Promoter reserves the right to re-draw and select a new winner (and so on until a winner can be contacted who will take up the prize).
  9. How and when winner and results will be announced. The winner’s details will be announced on LinkedIn 14 days following the promotion end date. By entering, the winner consents to such information being disclosed upon request.
  10. There is no cash or other alternative to the prize in whole or in part. Prize is not transferable. The Promoter reserves the right to reclaim the prize if it is transferred.  
  11. The decision of the promoter in all matters is final and binding and no correspondence will be entered into.
  12. The promoter is not responsible for any third party acts or omissions.
  13. The promoter reserves the right to cancel or amend this promotion due to events or circumstances arising beyond its control. 
  14. The promotion is in no way sponsored, endorsed or administered by, or associated with, LinkedIn. LinkedIn is not responsible to entrants in respect of any aspect of this promotion.
  15. All taxes (including without limitation national & local taxes) in connection with any prize & the reporting consequence thereof, are the sole responsibility of the prize winner.
  16. These rules and any dispute or difference arising out of or in connection with them shall be governed by and construed in accordance with English law. The Promoter and each entrant irrevocably agrees to submit to the exclusive jurisdiction of the Courts of England and Wales over any claim or matter arising under or in connection with these rules or the legal relationships established by this agreement. 

Promoter: Heineken UK Limited, 3-4 Broadway Park, South Gyle Broadway, EDINBURGH, EH12 9JZ