DATE OF ENTRY INTO FORCE: 1 FEBRUARY 2021
Who is Aramark? For the purposes of this Policy, Aramark refers to the Aramark group that manages the site you visit. Please consult the Contact Us section, for further details.
When does this Policy apply? This Policy applies to personal data used by us in connection with our European websites as listed in the Contact Us section, and any other website or place in which this Policy is posted or to which it is linked, unless otherwise stated (each being a “Site”).
How will my personal data be used? We will only use your personal data in the manner described in this Policy and only when there is a legal basis for the same. Please refer to the Legal Information section below for further details.
Will my personal data be shared with others? We do not sell or share your personal data, unless otherwise specified in this Policy. See the How We Share Your Personal Data section below for further details.
Where will my personal data be sent? Aramark is part of a global group of companies with affiliates and service providers inside as well as outside the European Economic Area (EEA). Therefore, in accordance with the purposes of this Policy, we may transfer your personal data to these parties outside the EEA, including two countries in which the legislation on the protection of personal data is not equivalent to the legislation in the EEA. See the International Data Transfer section below for further details on the safeguards applied to these transfers.
What rights do I have? Personal data protection legislation gives you important rights relating to your personal data. Please consult the Your Rights section for further details.
How can I get more information? You can contact us anytime with your questions and feedback.
Personal data collected
Personal data that you provide to us. This includes the personal data that you may provide to us when you:
- create an account on the Site, such as the username or password;
- fill out forms or surveys, or use interactive features on our Site, including your name, mailing address, e-mail address, telephone number, or demographic information (such as your gender);
- ·contact us to report a problem with our Site, or when you contact our customer service;
- ·communicate with us by phone, e-mail, in person, or in any other manner.
It is important that the personal data in our possession is accurate and updated. Please inform us of any changes in your personal data during our collaboration.
Information collected automatically. We may collect information about you and your computer or mobile device automatically, when you visit our Site. For example, we may record the name and version of your computer or mobile device’s operating system, manufacturer and model, browser type, browser language, screen resolution, the website you visited before entering our Site, the pages you viewed, how long you viewed a page, access times, and information about your use of our Site and your actions on the same. We collect this information about you through cookies. Please consult the Cookies and Similar Technologies section for more details.
Cookies and Similar Technologies
What are cookies?
We may collect information with the help of “cookies”. Cookies are small data files stored by a website on the hard drive of your computer or mobile device. We may use session cookies (which disappear as soon as you close your web browser) as well as persistent cookies (which remain stored on your computer or mobile device until you delete them), in order to provide you with a more personalised and interactive experience on our Site.
We use two broad categories of cookies: (1) first-party cookies, which are placed directly by us on your computer or mobile device and which we use to recognise your computer or mobile device when you revisit our Site; and (2) third-party cookies, which are placed on our Site by our service providers and which may be used by those service providers to recognise your computer or mobile device when you visit other websites.
Cookies that we use
Our Site uses the following types of cookies for the purposes specified below:
Type of cookie
Analytical and Performance Cookies
We use Google Analytics in order to achieve the above. Google Analytics uses its own cookies. You will find more information about Google Analytics cookies here, and furthermore, about how Google protects your data. You can prevent Google Analytics from being used for data relating to your use of our Site by downloading and installing this browser plug-in.
Targeting and Advertising cookies
You can normally delete or reject cookies via your browser settings. You will need to follow the instructions from your browser (usually found under “settings”, “help”, “tools” or under “edit”). Many browsers are set to accept cookies by default until you change your settings.
Visit www.allaboutcookies.org for further information about cookies, such as how to see which cookies are stored on your computer or mobile device, and how to manage and delete them.
If you do not accept our cookies, you may be inconvenienced when using our Site. For example, we will be unable to recognise your computer or mobile device, and you will therefore have to log in again each time you visit our Site.
We may also use pixel tags (also known as web beacons and clear GIFs) on our Site to track users’ actions on our Site. Unlike cookies, which are stored by a website on the hard drive of your computer or mobile device, pixel tags are embedded invisibly in the web pages. Pixel tags measure the success of our marketing campaigns and compile statistics about the use of our Site so that we can manage our content more efficiently.
Do Not Track Signals
Some Internet browsers may be configured to send “Do Not Track” signals to the online services you visit. Currently we do not respond to such “Do Not Track” signals. To find out more about “Do Not Track”, please visit http://www.allaboutdnt.com.
How We Use Your Personal Data
To manage the Site
We use your personal data:
- to manage, maintain and secure the Site;
- to investigate how the Site is used and to improve the Site and our other products and services;
- to manage your account and communicate with you, including by sending service announcements, technical communications, updates, security notices, and support and administrative notices, if you create an account on the Site;
- to be able to send your purchased goods and service to your indicated address;
- to better understand your needs and interests and personalise your experience with our Site;
- to manage promotions on the Site; and
- ·to respond to your requests, questions and feedback.
Sending direct marketing messages
If you request information from us, create an account on the Site or participate in our surveys, promotions or events, we or our group companies may, if permitted by law, send you direct marketing communications. You will always have the opportunity to oppose the same.
Creation of anonymous data
We may collect anonymous data, including aggregate or anonymous data derived from our users’ personal data. We anonymise personal data by not including the information that would allow us to identify you personally, and we use this anonymous data for our legitimate business purposes.
For security, regulatory compliance, fraud prevention and safety
We use your personal data when we regard it to be necessary or appropriate to (a) implement and enforce security measures designed to protect the Site and your personal data; (b) enforce our Terms and Conditions; (c) protect our rights, privacy, security or property, as well as those of you or others; and (d) protect against, investigate and discourage, fraudulent, harmful, unauthorised, unethical or illegal activities.
To provide requested services
If you participate in a promotion on the Site or request a service through the Site, we may request the personal data we need in order to facilitate participation in the promotion or to provide the service requested.
Compliance with legislation
We use your personal data when we believe it is necessary or appropriate to comply with applicable laws, legal requests and legal procedures, such as responding to summons or requests from governmental authorities.
With your consent
We will request your consent to use your personal data wherever required by law, such as when we use certain cookies or similar technologies or when we want to send you certain direct marketing messages. If we request your consent to use your personal data, you have the right to revoke your consent at any time in the manner stated at the time of the request for your consent, or by contacting us.
Sharing with external parties
We share your personal data with external parties in the limited cases described below.
For more information on the legal basis for the purposes described above, see the Legal Information section below.
How We Share Your Personal Data
We may disclose your personal data to our subsidiaries and business affiliates for the purposes laid down in this Policy.
We may employ external companies and individuals to assist us in processing your personal data as described in this Policy (such as hosting, data storage, website analytics and testing, delivery of e-mails and database management services).
Compliance with and enforcement of legislation; protection and safety
We may disclose information about you to the government, law enforcement officials or private parties as required by law, and disclose and use such information as we deem necessary or appropriate to comply with the law, as described above, and for security, compliance, fraud prevention and safety purposes.
We may sell, transfer, or otherwise share part or all of our business or assets, including your personal data, in connection with a business transaction (or potential business transaction) such as in case of a merger, consolidation, acquisition, reorganisation, or sale of assets in case of bankruptcy.
Websites of third parties
Our Site may contain links to third-party websites and functions. This Policy does not cover the privacy practices of such third parties. Such third parties have their own privacy policies and we do not accept any responsibility or liability for their websites, functions or policies. Please read the privacy policies of these third parties before providing your data to them.
International Data Transfer
If we transfer personal data to a country for which the European Commission has not passed an adequacy decision because there is no equivalent protection under the personal data protection legislation of the EEA, we will conduct the transfer under certain guarantees which allow us to carry out the transfer in accordance with the personal data protection legislation of the EEA, such as the specific contracts approved by the European Commission to provide adequate protection of personal data. For further details, please consult the European Commission website for model contracts on the transfer of personal data to third countries.
For further information about the specific mechanism we use for transmitting your personal data outside the EEA, please contact us.
Although we implement a variety of technical and organisational measures to protect your personal data, no security measure can ensure complete security, and we cannot guarantee the security of the Site or your personal data. If you suspect that the Site or the personal data you have shared with us is not secure, please contact us immediately.
We will only retain your personal data for as long as is necessary to fulfil the purposes for which we have collected the personal data, including the fulfilment of all legal, accounting or reporting obligations.
To determine the appropriate retention period for the personal data, we take into account the quantity, nature and sensitivity of the personal data, the potential risk of damage in the event of unauthorised use or disclosure of the personal data, the purposes for which we process your personal data, and whether or not we can achieve these purposes by other means, and the applicable legal requirements.
Our Policy with regard to children
Our Site is not intended for children under the age of 16. If a parent or guardian becomes aware that their child has provided information to us without their consent, they should contact us. We will remove such information from our files as soon as reasonably possible.
Sensitive personal data
We ask you not to send or disclose to us sensitive personal data (for example, social security numbers, information relating to race or ethnic origin, political opinions, religion or other beliefs, health, biometric data, genetic characteristics, criminal background or trade union membership) through our Site or in any other manner.
By voluntarily sending or disclosing unsolicited sensitive personal data to us when you use our Site, you consent to the processing of such sensitive personal data. We will delete such sensitive data as soon as we become aware that you have provided it to us.
European data protection legislation grants you certain rights in relation to your personal data. You can request us to take the actions below with regard to the personal data that we have at our disposal:
- Opt-out. Stop sending direct marketing messages. However, you may continue to receive administrative and other non-marketing related e-mails.
- Access. Providing you with information on how we use your personal data and granting you access to these data.
- Correction. Updating or correcting inaccuracies in your personal data.
- Deletion. Deleting your personal data.
- Transfer. Transferring a machine-readable copy of your personal data to yourself or to a third party of your choice.
- Restriction. Restricting the processing of your personal data.
- Objection. Objection to the legitimate interests that we invoke as a legal basis for using your personal data as described in the Legal Information section.
You may submit these requests by contacting us according to the contact details listed in the Contact Us section below. We may request you to provide us with specific information so that we can confirm your identity and process your request. Applicable law may impose a duty on us - or may permit us to refuse your request. If we refuse your request, we shall notify you of the reasons for the same, subject to legal restrictions. If you wish to make a complaint concerning the use of your personal data or your requests concerning your personal data, you can contact us here, or lodge a complaint with the personal data protection supervisory authority in your jurisdiction. You can find the supervisory authority for the protection of your personal data here.
Amendments to this Policy
We reserve the right to change this Policy at any time. If we make significant changes to this Policy, we shall notify you by e-mail (if you have an account linked to your e-mail address) or in some other manner via the Site, on the basis of which it will be reasonable for us to assume that we can reach you (which may include posting a new notice or notification via the Site).
Any amendment to this Policy shall be effective as soon as the amended Policy is posted (unless otherwise specified at the time of posting).
You can reach us via the contact details of the applicable controller as laid down in the table below. The Aramark Group company, which is identified below as the data controller of the Site, is responsible for processing your personal data in connection with the Site.
If you contact us, please let us know which website(s) in the table below you would like to know more about.
We must inform you of the legal grounds, described in the table below, on the basis of which we process your personal data. If you have any questions about the legal grounds or how we process your personal data, please contact us.
Purpose of processing(click on the link for more details)
Managing the Site
We use your data in connection with our legitimate interests. Click on the processing purpose in the left column to obtain a description of the activities that constitute our legitimate interests. We take into account and weigh any potential impact on you and your rights before processing your personal data for our legitimate interests. We will not use your personal data for activities in which our interests are subordinate to the impact they have on you (subject to your consent or otherwise imposed or permitted by law).
Provision of requested services
The processing is required in order to be able to provide the requested services or to enable us to take the requested steps prior to the request for services or the conclusion of the relevant contract. If we are unable to process your personal data, we may not be able to provide the services requested.
Compliance with legislation
The processing is required in order to comply with our legal obligations.
With your consent
The processing is based on your consent. In cases where we rely on your consent, you have the right to revoke your consent at any time in the manner described at the time we requested your consent or by contacting us.