In this Policy, the terms “we”, “us”, and “our” refer to Synlait Milk Limited.
Maintaining the security of your data is a priority at Synlait and we are committed to respecting your privacy rights. We will handle your data fairly and legally at all times. Synlait will also be transparent about what data we collect about you and how we use it.
This Policy provides you with information about:
- how we use your data;
- what personal data we collect;
- how we ensure your privacy is maintained; and
- your legal rights relating to your personal data.
2. How we use your data
We may use your personal data:
- to provide goods and services to you;
- to make a tailored website available to you;
- for market research purposes – to better understand your needs;
- to enable Synlait to manage any consumer enquiries and customer interactions with you; and
- where we have a legal right or duty to use or disclose your information, (for example, in relation to an investigation by a public authority in a legal dispute).
3. Third parties
Aside from our service providers, we will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes.
We may share your data with governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:
- to comply with our legal obligations;
- to exercise our legal rights (for example, in court cases);
- for the prevention, detection, investigation of crime or prosecution of offenders and
- for the protection of our employees and customers.
4. How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however, the longest we will normally hold any personal data is six years.
5. What personal data do we collect?
Synlait may collect the following information about you:
- your name;
- country of origin and location;
- email address;
- phone number and other address details;
- your correspondence and communication with Synlait;
- your online browsing activities on our website; and
- other publicly available personal data, including any which you have shared via a public platform (such as a twitter feed or public website).
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example, when you send an email to our customer services team. Other personal data is collected indirectly, for example, from your browsing activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
Our websites are not intended for children and we do not knowingly collect data relating to children.
6. How we protect your data
Synlait is committed to keeping your personal data safe and secure. Our security measures include:
- encryption of data;
- regular cyber security assessments of service providers who may handle your personal data;
- security controls which protect Synlait’s IT infrastructure from unauthorised access; and
- internal policies setting out our data security approach and training for employees.
7. Your rights
You have the following rights:
- the right to ask for a copy of personal data that we hold about you (the right to access);
- the right (in certain circumstances) to request that we delete personal data held where we no longer have any legal reason to retain it (the right of erasure or to be forgotten);
- the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
- the right to opt out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reasons to do so (the right to object);
- the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
- the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).
8. Legal basis for Synlait processing customer personal data
We are required to set out the legal basis for our ‘processing’ of personal data. Synlait collects and uses customers’ personal data because it is necessary for:
- the pursuit of our legitimate interests (as set out below);
- the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer; or
- complying with our legal obligations.
In general, we only rely on consent as a legal basis for processing personal data in relation to sending direct marketing communications to customers via email.
Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
9. Our legitimate interests
The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of Synlait, including:
- selling and supplying goods to our customers;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising our products;
- understanding our customers’ behaviour, activities, preferences, and needs;
- improving existing products and developing new products;
- complying with our legal and regulatory obligations;
- preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
- handling customer contacts, queries, complaints or disputes;
- managing insurance claims by customers;
- protecting Synlait, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to Synlait;
- effectively handling any legal claims or regulatory enforcement actions taken against Synlait; and
- fulfilling our duties to our customers, colleagues, shareholders and other stakeholders.
11. Data Protection and Privacy Officer
Synlait has appointed a Data Protection and Privacy Officer to ensure we protect the personal data of our customers (and others) and comply with all privacy and data protection legislation.
If you have any questions about how Synlait uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact our Data Protection Officer’s team by contacting the Data Protection & Privacy Officer, Synlait Milk Limited via:
‒ Email: firstname.lastname@example.org; or
‒ Post: 1028 Heslerton Road, RD13, 7783.