Privacy policy

The Data Controllers are Alliance in Partnership Ltd, 03577003, Class Catering Services Ltd 03653905, The Contract Dining Company Ltd 07185364 registered offices at One Southampton Row, London, WC1B 5HA of One Southampton Row, London WC1B 5HA. The Data Controller will be the entity which you contract with. Sodexo Ltd is our parent company.

We are committed to protecting and respecting your privacy. The sites are
www.allianceinpartnership.co.uk , www.classcatering.co.uk, www.thecontractdiningcompany.co.uk

Your privacy is very important to us. We are committed to complying with any applicable legislation relating to Personal Data. This policy together with our terms of use set out the basis on which any personal data We collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Sodexo Limited is part of an international group of companies. Our parent Company Sodexo SA was founded in 1966 in France and is now the worldwide leader in quality-of-life services. We provide onsite services, benefits and rewards services and personal and home services to many clients to improve quality of life. We don’t routinely share Personal Data between our group companies, and we’ve set out more details about when we do in the section titled “Disclosure of your Information”

To find out more about us visit our website uk.sodexo.com and search under the other locations tab. The email for our local Data Protection Officer is
DataProtection.UKandIE@sodexo.com

How we may collect data from you and how and why we use it

Collection and source of personal data

When using the website, We will most likely collect your Personal data directly (via the data collection forms on our Site) or indirectly via our service providers and/or technologies on our Site. Further information is contained in the Cookie Policy and as appropriate provided in online data collection
forms.

Types of personal data collected and used by us

We may specifically collect and process the following types of Personal data:

  • the information that you provide when filling in the forms on the Site (for example, for subscription purposes, to participate in surveys, for marketing purposes, when downloading the application, the information that you provide for authentication purposes or to verify your age when you purchase age-restricted items.
  •  the information that you provide for order fulfillment or to provide a service
  • the data relating to your purchases such as products, quantity, price, billing, and delivery addresses including health information about you only where you volunteer and consent to this, for example, if you report any specific food allergies after placing an order.
  • the transaction data such as payment information and credit/debit card information that is transmitted directly to third parties who process your requests; the information provided via “posts”, comments, or other content that you post on the website. the information from you when you use the chat function on our Sites.
  • your preferences in receiving marketing from us and our third parties and your communication preferences.
  • information collected through Cookies as defined in our Cookie Policy.
  • Information collected to onboard and manage our suppliers and their sub-contractors.
  • Information collected to provide services to our Corporate clients, and customers, run our business, market, and improve our services.
  • the information you provide for the purposes of managing your job application and, where applicable, your recruitment process is contained within a separate candidate privacy policy.

Personal data identified by an asterisk in the data collection forms are compulsory as these are necessary to fulfil any orders placed. In the absence of this compulsory information, these transactions cannot be processed.

Please find details of the different data collected for the various purposes, in the chart (Annex 1).

Sensitive personal data

As a rule, we do not collect sensitive Personal data via our Sites. “Sensitive Personal data” refers to any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data, or data relating to the sexual life or the sexual orientation of a natural person. This definition also includes personal data relating to criminal convictions and offenses.

If it would be strictly necessary to collect such data to achieve the purpose for which the processing is performed, we will do so in accordance with local legal requirements for the protection of Personal data and, in particular, with your explicit prior consent, where appropriate and under the conditionsdescribed in this policy.

Personal information and children

Our Site is for use by adult persons who have the capacity to conclude a contract under the legislation of the country in which they are located.

Children users under the age of 16 years or without legal capacity must obtain consent from their parents or legal guardians prior to submitting their Personal data to the Site.

Purposes for which we use personal data

Personal data may be collected for the following general purposes (a more precise description of the
processing of your data can be found in the Annex 1 below):

  • Cookies
  • Account creation and management
  • Customer Relationship Management
  • Marketing Management
  • Recruitment
  • Supplier Management
  • Service Provision
  • Running and improving our business, including bids, acquisitions, and sales.

Legal basis for the processing of personal data

We process your Personal data as part of the performance and management of our contractual relationship with you, the services we provide to clients, for our legitimate interest to run our business, market and improve the quality and operational excellence of the Services we offer or in compliance with certain regulatory obligations depending on the purpose of processing as identified in the chart in Annex 1.

Your Personal data may also be processed based on your prior consent if under certain circumstances, your consent would be requested (e.g., regarding health data or for certain types of
Cookies).

Please find more information about the legal basis for each of our processing in the Annex 1 below.

Transfer of personal data

As SODEXO is an international group, your Personal data may be transmitted to internal or external recipients that are authorized to perform Services on our behalf. Data protection law does not allow the transfer of Personal Data to third countries outside UK and EEA that do not ensure an adequate level of data protection. Some of the third countries in which Sodexo operates outside UK and EEA do not provide the same level of data protection as the country in which you reside and are not recognized by the European Commission or ICO as providing an adequate level of protection for individuals’ data privacy rights.

To guarantee the security and confidentiality of Personal data thus transmitted, we will take all necessary measures to ensure that this data receives adequate protection, such as entering into data transfer agreements with the recipients of your personal data based on the applicable standard contractual clauses (“SCCs”) or other valid transfer mechanisms and we carry out, in accordance with the European Court of Justice’s decision of 16 July 2020 “Scherms II” (Case C 311-18), a risk assessment of the transferred data. If you would like to receive a copy of the safeguards in place to secure data transfers outside the UK or European Economic Area, please contact the Data Protection Officer.

Disclosure of your information

The security and confidentiality of your Personal data is of great importance to us. This is why we restrict access to your Personal data only to members of our staff only to the extent strictly necessary to process your orders or to provide the requested Services. We ensure that persons authorized to process the Personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

We will not disclose your Personal data to any unauthorized third parties. We may, however, share your Personal data with entities within SODEXO and with authorized service providers (for example: technical service providers [hosting, maintenance], consultants, etc.) whom we may call upon for the purpose of providing our Services. We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 2006. This information is not routinely shared. It may be shared for the provision of joint services, for example IT support, Legal advice, debt recovery or HR support. It may also be shared for statistical analysis. Where appropriate a data sharing agreement is put in place. In the unusual circumstance that personal data could be shared with a Group Company outside UK/EEA standard contractual clauses will be applied.

We ensure that every disclosure of your Personal data to an authorized service provider is framed by a data processing agreement, reflecting the commitments laid out in this policy. We do not authorize our service providers to use or disclose your data, except to the extent necessary to deliver the Services on our behalf or to comply with legal obligations.

We may also share your Personal data (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials or (iii) if we are of the opinion that transferring these data is necessary or appropriate to prevent any physical harm or financial loss or in respect of an investigation concerning a suspected or proven unlawful activity (iv) providing the service/contract, (v) fraud protection and credit risk reduction, (vi) to protect rights, property and safety or enforce our agreements, (vii) buy or sell business assets.

Storage limitation and accuracy

Sodexo will keep Personal Data that is processed accurate and, where necessary, up to date.

We will store your Personal data only for as long as necessary to fulfil the purposes for which it was collected and processed. This period may be extended, if applicable, for any amount of time prescribed by any legal or regulatory provisions that may apply.

To determine the retention period of your Personal data, we take into consideration several criteria such as:

  • The purpose for which we hold your Personal data (e.g., when you purchase products on our Sites, we keep your Personal data for the duration of our contractual relationship).
  • Our legal and regulatory obligations in relation to that Personal data (e.g. accounting reporting obligations).
  • Whether you are an active user of our Services, you continue to receive marketing communications, or you regularly browse or purchase off our Sites or whether you do not open our emails or visit our Sites; For instance, if you have agreed to receive marketing communications, we keep your Personal data until you: (i) unsubscribe from receiving marketing communications (ii) request we delete your Personal data, or (iii) after a period of inactivity (i.e. where you have not interacted with us for a period of time). This period is defined in accordance with local regulations and guidance.
  • Any specific requests from you in relation to the deletion of your Personal data or Account.
  • Any statutory limitation periods allowing us to manage our own rights, for example the defence of any legal claims in case of litigation; and
  • Any local regulations or guidance (e.g., regarding cookies).

Please find more information about the storage period of your Personal data in Annex 1 below.

Security of your personal data

We implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful alteration or loss, or from unauthorized, use, disclosure or access, in accordance with our Group Information and Systems Security Policy.

We take, when appropriate, all reasonable measures based on Privacy by design and Privacy by default principles to implement the necessary safeguards and protect the Processing of Personal Data. We also carry out, depending on the level of risk raised by the processing, a Privacy impact assessment (“PIA”) to adopt appropriate safeguards and ensure the protection of the Personal Data. We also provide additional security safeguards for data considered to be Sensitive Personal Data.

Where We have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential.

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once We have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Your rights

Sodexo is committed to ensure protection of your rights under applicable laws. You will find below a table summarizing your different rights:

Right of access
You can request access to your personal data. You may also request rectification of inaccurate personal data, or to have incomplete personal

And Rectification 
You can request any available information as to the source of the personal data and you may also request a copy of your personal data being processed by Sodexo.

Right to be forgotten
Your right to be forgotten entitles you to request the erasure of your personal

  1. data in cases where: the data is no longer necessary
  2. you choose to withdraw your consent
  3. you object to the processing of your personal data by automated means using technical
    specifications
  4. your personal data has been unlawfully processed
  5. there is a legal obligation to erase your personal data
  6. erasure is required to ensure compliance with applicable laws

Right to restriction of processing
You may request that processing of your personal data be restricted

  1. in the cases where: you contest the accuracy of the personal data
  2. Sodexo no longer needs the personal data, for the purposes of the processing
  3. you have objected to processing for legitimate reasons

Right to data portability
You can request, where applicable, the portability of your personal data that you have provided to Sodexo, in a structured, commonly used, and machine-readable format and you have the right to transmit this data to

  1. another Controller without hindrance from Sodexo where: the processing of your personal data is based on consent or on a
  2. contract: and the processing is carried out by automated means. You can also request that your
    personal data be transmitted to a third party of your choice (where technically feasible).

Right to object to processing including direct marketing
You can object to us using your Personal Data for direct marketing. You can also contact us to object to how we are using your Personal Data for any other reason, but we may not have to stop using it for this purpose.

Right to Withdraw Consent
If We process your personal data since your consent, you can withdraw your consent at any time.

Right not to be subject to automated decisions
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal affect upon you or significantly affects you. You have the right to object to processing including direct marketing which uses profiling.

Right to lodge a complaint
Within the EU, You can choose to lodge a Complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages. You have also the right to lodge your Complaint before the courts where the Sodexo entity has an establishment or where you have your habitual residence. In the UK you have the right to lodge a complaint with the Information Commissioner or lodge a Complaint before the courts.

You can use this form to make a request. This electronic system allows you to log in and see the progress of your request, see and send messages and review your documents securely. This system is called One Trust and after making the request you will be sent details about how to log on.

Alternatively, you can also send your request by email to DSAR.UKandIE@sodexo.com, in writing to 310 Broadway, Salford, M50 2UE or by calling Sodexo People Centre on 0845 603 3644 and asking for DSAR team. The team will liaise with you about how you to contact you about your request and receive information. Please note that it is usually necessary to arrange a telephone appointment to discuss your request once it has been made. You can also contact the DPO at this address or by email to DataProtection.UKandIE@sodexo.com .

If you wish to unsubscribe to marketing emails communications, you can also do so by using the unsubscribe function on the email.

Links and social

Links to other websites should not be considered as navigation tracking and we decline any responsibility concerning the Personal data protection practices implemented by these third-party companies, each of which acts as a separate Controller of your Personal data on their own perimeter. Once you leave our Site or click on the logo/link to one of these social networks, it is your responsibility to check the privacy policy applicable to that other platform.

When you click on social media icons, we may have access to the Personal data that you have made public and accessible via your profiles on the social networks in question. If you do not want us to have access to your Personal data published in the public spaces of your profile or your social accounts, then you should use the procedures provided by the social networks in question to limit access to this information.

Changes to our privacy policy

Any changes We may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Annex 1:

Information about the processing of your personal data

Obtained from Purpose of the Processing Personal data collected Legal basis of the Processing Retention of the Personal data
Website and application management For more information on the processing of your Personal data in the specific context of
Cookies we invite you to consult our Cookie Policy.
Account creation and Management

Directly (from webforms/calls/emails.) or
from a
provider/previous provider of the service.

 Send an initial communication via email to invite you to register and use our Sites and Services Identity data Contact data Financial data Transaction data Technical data Profile data In order to take steps at the request of the data subject prior to entering into a contract Consent
Legitimate Interest		 If you are one of our customers, these communications may be sent to you for the duration of our
commercial relationship, then for three (3) years after the end of this relationship or of the last
contact you initiated.

If you are not yet sure whether you want to benefit from our products and Services, and you are
still in the
prospecting phase, we can send you communications on our offers and products for a period of three
(3) years from the last contact you initiated.
Register you as a user and create an account for you on our Site Identity data Contact data Financial data Transaction data Technical data Performance of a contract to which the data subject is party Legitimate Interest Legal Obligation We will keep your Personal data in your customer account (s) until you delete your account or as
necessary for legal accounting obligations or legal limitation period.
Customer and Client Relationship Management Manage and monitor our relationships with existing and potential customers and clients. Carry out
the service
provided by us or a client of ours/previous provider- steps to enter contract or perform/fulfil the
contract.		 Contact data Identity data Transaction data Financial data Technical data Profile data Marketing
data Usage data		 Contract and legitimate interest We will keep your Personal data for the duration of our commercial relationship, after which only
the data necessary for pre-litigation or litigation purposes will be archived until the legal
prescription is acquired. The usual limitation period in civil and commercial matters is six (6)
years. In the event of a dispute, this data is kept for the duration of the procedure
and until the expiration of ordinary and extraordinary remedies.
Respond to your requests for information, searches, newsletter, and other content. Identity data Contact data Transaction data Technical data Profile data Usage data Marketing data Legitimate interest and consent We will send you our newsletter until you unsubscribe.
Access whether you are eligible for certain products and Services Contact data Identity data Technical data Usage data Profile data Contract Legitimate interest We will keep your Personal data for the period necessary to carry out those checks.
Process and deliver your order Identity data Contact data Financial data Transaction data Technical data Profile data Usage data Contract Legitimate Interest We will keep your Personal data for the duration of our commercial relationship, after which only
the data necessary for pre-litigation or litigation purposes will be archived until the legal
prescription is acquired. The usual limitation period in civil and commercial matters is six (6)
years. In the event of a dispute, this data is kept for the duration of the procedure
and until the expiration of ordinary and extraordinary remedies.
Comply with legal obligations Identity data Contact data Financial data Transaction data Technical data Profile data Usage data
Marketing data		 Legal obligations We will keep your Personal data for the duration of the procedure, plus the period of acquisition of
legal requirements.
The usual limitation period in civil and commercial matters is six (6) years from the end of the
contract.
Marketing Management Conduct surveys and gather statistics Identity data Contact data Financial data Transaction data Technical data Profile data Legitimate interest We will keep your data for a period of three (3) years from the last contact you initiated.
Usage data Marketing data
Manage, organize and improve of the competitions and related promotional operations Identity data Contact data Financial data Transaction data Technical data Profile data Usage data
Marketing data		 Consent Legal obligations Legitimate interest We will keep your data for a period of three (3) years after the end of the competition or the last
contact you initiated.
Send commercial communications about products and services that may be of interest to you Identity data Contact data Transaction data Technical data Profile data Usage data Marketing data Consent Legitimate Interest We will keep your data for a period of three (3) years after the end of the competition or the last
contact you initiated.
Profile your Personal data to use internally to help us understand your motivations, values, and
needs.		 Identity data Contact data Financial data Transaction data Technical data Profile data Usage data
Marketing data		 Consent Legitimate interest If you are one of our customers, these communications may be sent to you for the duration of our
commercial relationship, then for three (3) years
after the end of this relationship or of the last contact you initiated.

If you are not yet sure whether you want to benefit from our products and services, and still in the
prospecting phase, we can send you communications on our offers and products for a period of three
(3) years
from the last contact you initiated.
Running a business running and improving our business, business development, recovering payments, keeping accounting
records, security, health and safety, fraud prevention customer service, statistical analysis and
marketing including segmenting, bids, acquiring and disposing of businesses, governance.		 Identity data Contact data Financial data Transaction data Technical data Profile data Usage data
Marketing data		 Legal obligation Legitimate Interests The usual limitation period in civil and commercial matters is six (6) years from the end of the
contract.
Supplier Management running Identity data Contact data Financial data Transaction data Technical data Profile data Usage data
Marketing data		 Legal Obligation Legitimate Interests The usual limitation period in civil and commercial matters is six (6) years from the end of the
contract.

Any changes We may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Identity Data includes [first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender].

Contact Data includes billing address, delivery address, email address and telephone numbers. For clients and suppliers this includes contacts within your organisation and may include publicly available information such as Companies House

Financial Data includes bank account and payment card details.

Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us or enquired about and for suppliers, products and services we have purchased or enquired about from you.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.

Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

Usage Data includes information about how you use our website, products and services.

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Contract and providing services

This means things like, carrying out our obligations arising from contracts we’ve entered into or a third party we are fulfilling a contract for, managing our relationship and notifying you about changes to our services or that we have taken over a service.

Legal obligations

This is things like keeping records for tax purposes and complying with statutory requirements.

Legitimate interests

This means things like running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, health and safety or security requirements such as managing CCTV. Where we manage CCTV on site a separate policy will set out details regards the CCTV used. It can also mean enabling you to take part in a prize draw, competition or complete a survey. Studying how customers use our products and services to develop our business. We may use profile data to establish what you want or may of interest to you and decide which offers or services may be relevant to you (we call this marketing). For example we may market an event to individuals who live near a venue based on the geographical data we hold about you.

School Food United by Sodexo PRIVACY POLICY

Purpose of this policy

  • This Privacy Policy (“Policy”) describes how we use and protect your personal data for the management of this Portal, who will have access to it and for what purposes, what your rights are and how you can get in touch with us to exercise these rights or to ask us any questions you might have concerning the protection of your personal data.
  • This Policy may be amended, supplemented or updated, to comply with any legal, regulatory, case law or technical developments that may arise.

What is the portal?

  • The Portal is designed to facilitate contact-free ordering and payment for school meals.
  • The Portal School Food United is provided by Sodexo and operated on behalf of its subsidiary companies, (Class Catering Services Ltd, The Contract Dining Company Ltd, AIP Catering Ltd and Alliance in partnership Ltd) to customers for the purpose of purchasing school meals.
  • Access to the personal data processed through the Portal is limited to Sodexo and their subsidiaries authorized persons on a need-to-know basis.

Definitions

  • “Portal” means the consumer web portal called School Food United.
  • “Controller” means any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal data.
  • “Personal data” means any information relating to an identified natural person or one that can be directly or indirectly identified by reference to an identification number or to one or more factors specific to this person.
  • “Us” or “Our” means Sodexo and its subsidiaries, insofar as it is concerned.
  • “You” any Portal user.

Identity and contact details of the controller

Sodexo Ltd, Registered No: 2987170, registered office at One Southampton Row, London, WC1B 5HA. Email : DataProtection.UKandIE@Sodexo.com

Collection and source of personal data

  • We will most likely collect your Personal data directly from you and the children you add to the account (in particular via the data collection forms on the Portal and transaction data).
  • We undertake to obtain your consent and/or to allow You to refuse the use of your Personal data for certain purposes whenever necessary.

What are the types of personal data collected and used by us?

  • We may collect and use the following categories of Personal data relating to you and children you list on your account:
  • The information that You provide when filling in the forms on the Portal or corresponding with us by email or via the Portal, (for example, for subscription purposes, to participate in surveys, for marketing and rewards purposes, etc.); This may include your name, email address, phone number, details of pupils school and class, free schools meals and transaction history.
  • The information that You provide for authentication purposes your name and contact details (email and phone);
  • The information that You provide for order fulfillment or to receive a service;
  • Your transactional data;
  • Metadata and navigation data; (usage and permissions on the Portal)
  • Anonymised statistical data; With regard to each of your visits to the Portal we may automatically collect information about your computer and/or your mobile device, including, where available, your IP address, operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
  • Payment Information; In order to make a payment using the Portal, you will need to enter your payment information. Payment processing services are provided by a specialist third party provider called Stripe (the “Payments Processor”).

Is it mandatory that i provide personal data to the portal?

  • Yes, some personal data mandatory. If we do not get your Personal data, or that of the pupils you are paying for school meals for, you and the pupils will not be able to use the Portal and benefit from the services offered.
  • Some personal data is optional. For example, you can provide other information to receive a more personalized service and choose whether to receive offers and news.

How and for which purposes will the personal data collected be used?

We use your and pupils you add, Personal data specifically for the following purposes:

  • To manage your account and your access to the platform;
  • To communicate with You and to respond to your queries or requests;
  • To provide, deliver and improve the services and offers available on the Portal;
  • To allow you to pay your order on the Portal
  • To conduct satisfaction surveys and perform statistics analyses;
  • To make available to You or notify You about exclusive offers, products or services, unless objected by You;
  • To carry out data analytics and statistical analysis to monitor the quality and operational excellence of Our services and the Portal;
  • Anonymized statistical reporting may be shared with client organisations where the Portal is used.
  • To manage Our contractual relationship with You;
  • To customize your experience on the Portal;
  • To prevent potential fraud and ensure the security of Our IT systems
  • To comply with Our legal and regulatory obligations
  • Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
  • Cookies. In order to improve the Application, or where necessary (e.g. real time customer service chat or making payments) we may use small files commonly known as “cookies”. A cookie is a small amount of data which often includes a unique identifier that is sent to your computer or mobile phone (referred to in this policy as a “device”) from the Application and is stored on your device’s hard drive. A cookie records on your device information relating to your internet activity (such as whether you have visited our website before). The cookies we use on the Application won’t collect personally identifiable information about you and we won’t disclose information stored in cookies that we place on your device to third parties.
  • Google Analytics. We use Google Analytics which is a web analytics service provided by Google Inc. in order to understand how visitors to the Application use the Application. The Google Analytics cookies collect information about how people are using the Application, for example which pages are visited the most often, how people are moving from one link to another and if they get error messages from certain pages. The cookies do not gather any information that identifies you. The information these cookies collect is grouped together with information from other people’s use of the Application on an anonymous basis. Overall, these cookies provide us with analytical information about how the Application is performing and how we can improve our service.

    • On which legal basis will my personal data be collected and processed?

    We may have to collect and process your Personal data where necessary for the performance of a contract to which You are subject or for the benefit of the pupils on your account, as well as for Sodexo’s legitimate interests except where such interests are overridden by your or the pupils’ interests or fundamental rights and freedoms. We will also rely on your consent to collect and process any sensitive Personal data or receive marketing. You will be able to withdraw your consent at any time.

    To whom will the personal data be disclosed?

    • We will not disclose your Personal data to any unauthorized third parties. Your Personal data will only be available to internal or external third parties, who need such access for the purposes listed above or where required by law, for claims or to prevent fraud. Personal data may be shared with other Sodexo Group Companies only where necessary, for fulfilment of an order, where joint services are provided, or for legal, reporting or business re-organisation.
    • The main categories of data recipients are the following (without this list being exhaustive): our Subsidiary Companies ( who provide catering services, Class Catering Services Ltd, The Contract Dining Company Ltd, AIP Catering Ltd and Alliance in partnership Ltd) authorized internal persons, third-party service providers or other contractors who process Personal data on behalf of Sodexo and, as the case may be, judicial and regulatory authorities.
    • We will need to pass your details to the payment processor in order for you to make payments on the Portal.
    • Different access levels are applied to data captured by the Portal to ensure that such data is visible only to appropriate persons who need such access for the purposes listed above or where required by law.
    • We do not authorize Our service providers to use or disclose your Personal data, except to the extent necessary to deliver the services on Our behalf or to comply with legal obligations.
    • The data that we collect from you will be stored on our secure servers within the European Economic Area (“EEA”) or UK.

    How will the personal data be protected?

    • We implement appropriate technical and organizational measures to protect Personal data against accidental or unlawful alteration or loss, or from unauthorized, use, disclosure or access, in accordance with Our Group Information & Systems Security Policy.
    • We take, when appropriate, all reasonable measures based on privacy by design and privacy by default principles to implement the necessary safeguards and protect the Personal data processing. We also carry out, depending on the level of risk raised by the processing, a privacy impact assessment to adopt appropriate safeguards and ensure the protection of the Personal data. We also provide additional security safeguards for data considered to be sensitive Personal data.
    • Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Application, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
    • Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Application; any transmission is at your own
      risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

    How can i access my personal data?

    Sodexo is committed to ensure protection of your rights under applicable laws. You will find below a table summarizing your different rights, where applicable:

    RIGHT OF ACCESS

    • You can request access to your Personal data. You may also request rectification of inaccurate Personal data, or to have incomplete Personal data completed.
    • You can request any available information as to the source of the Personal data, and You may also request a copy of your Personal data being processed by Sodexo.

    RIGHT TO BE FORGOTTEN
    Your right to be forgotten entitles You to request the erasure of your Personal data in cases where:

    (i) the data is no longer necessary in relation for the purposes of its collection or processing;
    (ii) You choose to withdraw your consent;
    (iii) You object to the processing by automated means using technical specifications;
    (iv) your Personal data has been unlawfully processed;
    (v) there is a legal obligation to erase your Personal data;
    (vi) erasure is required to ensure compliance with applicable laws.

    RIGHT TO RESTRICTION OF PROCESSING
    You may request the restriction of processing in the cases where:

    (i) You contest the accuracy of the Personal data;
    (ii) Sodexo no longer needs the Personal data, for the purposes of the processing;
    (iii) You have objected to processing for legitimate reasons.

    RIGHT TO DATA PORTABILITY
    You can request, where applicable, the portability of your Personal data that You have provided to Sodexo, in a structured, commonly used, and machine-readable format You have the right to transmit this data to another Controller without hindrance from Sodexo where:
    a) the processing of your Personal data is based on consent or on a contract; and
    b) the processing is carried out by automated means.

    You can also request to transmit directly your Personal data to a third party of your choice (where technically feasible).

    RIGHT TO OBJECT TO PROCESSING FOR THE PURPOSES OF DIRECT MARKETING
    You may object (right to “opt-out”) to the processing of your Personal data (notably to profiling or to marketing communications). When we process your Personal data on the basis of your consent, You can withdraw your consent at any time.

    RIGHT NOT TO BE SUBJECT TO AUTOMATED DECISIONS
    You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning You or similarly significantly affects You.

    RIGHT TO LODGE A COMPLAINT TO THE COMPETENT SUPERVISORY AUTHORITY
    You can choose to lodge a Complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages. Personal Data You have also the right to lodge your Complaint before the courts where the Sodexo entity has an establishment or where you have your habitual residence. In the UK the authority is the ICO https://ico.org.uk.

    You can use this form to make a request : click here
    This electronic system allows you to log in and see the progress of your request, see and send messages and review your documents securely. This system is called One Trust and after making the request you will be sent details about how to log on.

    Alternatively, you can also send your request by email to DSAR.UKandIE@sodexo.com, in writing to 310 Broadway, Salford, M50 2UE or by calling Sodexo PeopleCentre on 0845 603 3644 and asking for DSAR team. The team will liaise with you about how you to contact you about your request and receive information. Please note that it is usually necessary to arrange a telephone appointment to discuss your request once it has been made.

    If you wish to unsubscribe to marketing emails communications, you can also do so by changing your preferences on your account.

    How long will my personal data be held?

    Generally, the Personal data collected through the Portal will be anonymized after 12 months of inactivity/closure of the account or three years after its collection unless it is required to kept for a legal reason.

    How will i be notified if the uses of my data change?

    If the use of Personal data in the Portal significantly changes, we will issue an updated Policy and/or take other steps to notify You beforehand of such changes so that You may review them and check whether they are acceptable (to the extent necessary) to You.

    Who is my local system administrator?

    If You should require any further information concerning this Policy and/or the Portal, please contact our Customer Support Team by email to Parent@SchoolFoodUnited.com