DB BREWERIES LTD, 1 Bairds Road, Papatoetoe, Auckland 2025, (“HEINEKEN” or “we” or “us”) is the controller of the processing of all personal data collected through this website (the “Website”). We respect your privacy and are committed to keeping your Personal Data secure and managing it in accordance with our legal responsibilities under applicable data protection laws.
We will comply with all laws including the Privacy Act 2020.
2. What Personal Data We Collect and How We Use your Personal Data
We respect your privacy and are committed to protecting your Personal Data. You can use the majority of our Website without being required to provide any Personal Data to us. For certain services or activities you will need to provide Personal Data for us to be able to provide you the requested service or product or for you to participate in the activity. Requested information on the Website marked with an asterisk is mandatory. If you do not provide the requested information, we will not be able to deliver the service or product to you or you cannot participate in the activity. In addition to information you are required to provide to us in order to participate in activities/campaigns, we collect certain information when you visit our Website. We do not process any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about your health or genetic and biometric data). Nor do we process any information about criminal convictions or offences.
- information when you contact us
If you visit our Website and have a question or other remark, you can submit our Contact Form. You will be asked to provide your name and email address and obviously information about your request. We will only use this information to respond to your question. We will register your requests, questions and our responses and other actions to handle your request. We will retain all information for 1 year after your question or complaint has been solved or the inquiry was closed.
- information about your visit to and use of our Website;
We collect certain information when you visit our Website, such as your IP address, which web pages you visit, device category, browser, and type of internet browser, clicks and views. The information about your use of our Website and services enables us to build segments, which are groups of website visitors or customers with a number of common characteristics such as age group, gender or region. We will likely add you to one of our segments. Segments are used by us to customize the Website and to for example, change the order of search results or where we place certain offers so you are more likely to see these. We may also use segments to show online advertisements that we think are relevant for you and to send you commercial messages.
We use this Personal Data to be able to promote our products and services to our consumers and website visitors, to enable us to attract more consumers, to improve the sale of our products and services. We will retain the Personal Data for a maximum of 1 year.
information about your online searches (clicks and views), your setting on our Website, your customer service requests and contact history can be combined by us. This information enables us to use different channels for relationship management and marketing of our products and services to you via e-mail, direct mail, social media, telephone or online advertising which may include personalising Website content and offers so these are tailored to your preferences. You can always opt-out of receiving our newsletter, direct mail, social media and telephone and you can always object to our use of your Personal Data for direct marketing purposes (for more information about how to do this, read the paragraphs below).
We use this Personal Data to be able to promote our products and services to our customers and website visitors, to enable us to attract more customers, to improve the sale of our products. The Personal Data shall generally be deleted or anonymised within a maximum of 1 year.
- maintenance and optimisation of our Website;
Your Personal Data will also be used for maintenance and analysis of our Website to solve performance issues, to improve the availability and user experience. We log all use of our Website.
The Personal Data, including in the logs of use of our Website, will be retained for a maximum period of 1 year. The logs of the use of our Website will be deleted within 1 year after creation.
3. How We Share Your Personal Data
We may need to share Personal Data with third parties to help us provide services and products to you and to run our Website. These third parties are:
- HEINEKEN group companies for the purpose of storing Personal Data processed via the Website, due to shared IT systems;
- service providers where this is needed to provide us with a service and to provide data analytics services
- service providers that help us organize campaigns and promotions;
- first and Third party advertising companies;
- media agencies for marketing purposes and research purposes; an
- in case HEINEKEN sells all or some of the assets or shares of a HEINEKEN group company to which Personal Data was transferred to a third party, your Personal Data may be provided to this third party.
These parties may be located in New Zealand or countries such as those in the European Economic Area (EEA) or elsewhere in the world. When Personal Data is stored by us outside the EEA we will ensure an adequate level of protection of the transferred Data. We require service providers to use appropriate measures to protect the confidentiality and security of the Personal Data. Where the third parties act as processors on our behalf, we only permit them to process your Personal Data for specified purposes and in line with our instructions.
4. Security of Personal Data
We will take appropriate technical, physical and organizational measures to protect the Personal Data collected through the Website from misuse or accidental, unlawful or unauthorized destruction, loss, alteration, disclosure, acquisition or access, that are consistent with applicable privacy and data security laws and regulations. In addition, we limit access to your Personal Data to those employees, agents, contractors, and other third parties who have a business need to know. They are subject to a duty of confidentiality. However, no transmission of information over the internet can be completely secure and we cannot be held responsible for unauthorised or unintended access that is beyond our control.
5. Retention of Your Personal Data
7. Social Media
You may choose to share information on our Website via social media, such as Facebook, Instagram, LinkedIn and YouTube. This means that the information you share, with name and preferences, shall be visible to visitors of your personal pages. We advise you to carefully read the privacy policies of the social media parties as these are applicable to the processing of your Personal Data by these parties.
8. Children's Privacy
The Website is not intended for use by individuals under the age of 18. We do not knowingly collect Personal Data from individuals under the age of 18 and have age verification processes on our Website. Further, we do not market our products or services to anyone under the age of 18.
9. Your rights, questions and complaints
If your personal data is or has been subject to the European GDPR (General Data Protection Regulation) or to the extent applicable under your local law, you have the right to request access to and deletion of your personal data, to object, to request restricted processing, to receive an overview of the personal data that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to file a complaint with your local data protection authority. All your rights are subject to applicable data protection laws and other relevant laws and regulations, to the HEINEKEN Privacy Procedures and other HEINEKEN guidelines. However, you always have the right to object to our use of your Personal Data for direct marketing communications, and when you do so, we will accommodate your request. Where you have provided consent to our use of your Personal Data, you have the right to withdraw your consent without this effecting the lawfulness of our use of this Data before your withdrawal.
If you wish to know which rights you have, if you wish to exercise your rights or if you have a complaint about how your personal data is processed by us or about our privacy and data protection practices in general, you can email our Privacy Officer at: firstname.lastname@example.org
Under certain circumstances, you have various rights in relation to your personal data under data protection laws. If you wish to exercise any of these rights, please contact us using the details at the end of this notice.
You will not have to pay a fee to access your data or exercise any of your other rights, but please note that we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances and will provide you with reasoning as to this refusal to comply. You have the right to seek an investigation into this refusal through the Privacy Commission.
In order to respond to any request in relation to your data access rights, we may need to request specific information from you to help us confirm your identity. If we cannot establish your identity we may refuse to comply with your request. We may also contact you to ask you for further information in relation to your request including the specific categories of data you are seeking access to, in order to speed up our response.
We will endeavour to respond to all legitimate requests within twenty working days of receiving the notice (unless we consider an extension is required in accordance with the law). Occasionally it may take us longer than twenty working days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to:
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In this case we will cease such processing and delete your personal data. You also have the right to object where we are processing your personal data for direct marketing purposes in which case we will refrain from sending further marketing material. In some cases we may demonstrate that we have compelling legitimate grounds to process your information in accordance with our governing laws which overrides your rights and freedoms. If your request is urgent, we may ask you to provide reasoning as to why your request is urgent.
Request access to your personal data (commonly known as a “data subject access request“). This enables you to receive a copy of the personal data we hold about you (unless such access would jeopardize the legitimate business interests of us or any law of the jurisdiction or right of the Company). You also have the right to:
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected;
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it, or where you have successfully exercised your right to object to processing. If your request is granted, we will erase your personal data without undue delay;
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
(a) if you want us to establish the data’s accuracy;
(b) where our use of the data is unlawful but you do not want us to erase it;
(c) where you need us to hold the data even if we no longer require it as you or we need it to establish, exercise or defend legal claims; or
(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you; and
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
You also have the right to make a complaint at any time to the Privacy Commission. We would, however, appreciate the chance to deal with your concerns so please contact us in the first instance at email@example.com
This version was last updated in January 2020.