PRIVACY POLICY
[effective date – 1.4.2022]
Budějovický Budvar, národní podnik, Budweiser Budvar, National Corporation, Budweiser Budvar, Entreprise Nationale (hereinafter referred to as “Budvar”, “we”, “us” or “our”) is committed to securing and managing your personal data in accordance with applicable laws.
For this purpose, this Privacy Notice (hereinafter referred to as the “Privacy Notice“) is implemented and issued in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), the GDPR as it forms part of domestic law in the United Kingdom by virtue of the European Union (Withdrawal) Act 2018 (“UK GDPR”) and other applicable data protection and privacy laws of the countries in which Budvar is established (together referred to as “Applicable Data Protection Laws”). Please read this Privacy Notice to understand how we use and protect the information that you provide to us or that we collect about you when you interact with us, including when you use our websites: https://budweiserbudvar.com/ .
The objective of this Privacy Notice is to provide information about what personal data concerning you as a data subject are processed by us, how we use your data, how long we process them, how we keep them secure, to whom and for what reason we can transmit them, and to inform you about your rights. We trust this Privacy Notice will answer any questions you have, but if not, please get in touch with us using the contact details provided at the end of this Privacy Notice.
This Privacy Notice, which enters into effect on 1.4.2022, amends the prior version which was effective as of 25th May 2018. We may need to update this Privacy Notice from time to time by updating this page (and relevant pdf version). We will notify you of any significant changes, but would encourage you to come back and review this Privacy Notice from time to time. The most recent version is always published on the website at [https://budweiserbudvar.com/privacy-policy/]
1. DATA SUBJECTS (Whose personal data we collect and process?)
We cannot do it on our own! In the course of our business, we interact with various persons whose personal data we might collect and process. You might be one of them if, especially if you are one of the following:
A. Website user and other person reaching out to Budvar
We might collect personal data about you when you visit our website, subscribe to our newsletter (or other updates), request information or interact on social media or make an inquiry through any of our online contact forms or by reaching to us (e.g., by email, phone, SMS, or other communication methods).
B. Visitor to our brewery and events
We might collect your personal data in case you visit our premises and/or participate at meetings, webinars, conferences and other events we may organize.
C. Our business partner and/or their representative
When doing business with Budvar, we might collect personal data concerning representatives (e.g., employees) of our current, past and prospective customers, vendors, suppliers, investors and business partners, that you or your company (e.g., acting as your employer/contractor) provide to us.
D. Job applicant, employee, co-worker
We also collect personal data about our employees, co-workers as well as from prospective employees, independent consultants, advisers and other prospective staff who submit applications for consideration (job applicants). These data subjects will receive a specific privacy notice. If you are such a person and you have not received the specific privacy notice or wish to receive it again, do not hesitate to contact us ().
Children – Our website and products are designed to appeal to adults only (with the exception of brewery visits and selected events). We do not knowingly solicit any information from children or people under the legal drinking age, nor do we knowingly market or otherwise target our websites, or our products and services to children or people under the legal drinking age. If we become aware a child or a person under the legal drinking age (in the country or other territory in which they are located at the relevant time) has visited our websites and/or has registered for our services (e.g. newsletter) without verifiable parental consent, we will immediately remove their personal data from our records without undue delay, unless we are required to retain such information by applicable laws.
2. In the sections below you will learn what type of data we collect about you and other details about the data processing as well as your rights.
GENERAL INFORMATION ABOUT DATA PROCESSING
(What is personal data? Where do we get your personal data? Why do we process your personal data?)
This section provides general overview of how and why Budvar collects and processes personal data. The information we collect about you and how and how we use it, depends on how you interact with us. The subsequent section covers some specific examples of the sources and categories of personal data that we might collect and process about you, why we do so, and the lawful bases for such processing.
Personal data
Personal data shall mean any and all information relating to an identified or identifiable natural person (data subject). Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
Sensitive personal data
Some of the personal data that we collect may be deemed sensitive under certain Applicable Data Protection Laws. For example, we may process personal data relating to your disabilities and health, such as your dietary restrictions or special access needs, when you register to participate in and/or attend one of our events. We will only process sensitive personal data about you where this is necessary, and permitted by Applicable Data Protection Laws.
Sources of personal data
We collect personal data directly from you or generated by you (e.g. when you browse our websites). We might also receive your personal data from a third party (such as your employer, travel agencies, reference agencies etc.) or from public resources.
Purposes and legal bases for data processing
Budvar always processes personal data only for the specified purposes of processing on the applicable legal bases (as outlined below) and to an appropriate extent, so that the processing is limited to the necessary minimum and is in accordance with Applicable Data Protection Laws.
We will usually base our processing on one or more of the following legal bases:
- our legitimate interests – Budvar might collect and process your personal data for its own legitimate business interest, such as promotion of its products and services, attracting more customers, preventing fraud, enhancing user experience and customer relationships. Budvar only relies on legitimate interest as a legal basis for your personal data processing when such interest is not overridden by your interests and fundamental rights and freedoms.
- fulfilment (or entering into) contract with you – Budvar might need to collect and process data, which are necessary for the purposes of negotiating, concluding and fulfilling the contract. Without this information Budvar will not be able to enter into such contract or provide the required products and services to you.
- our legal obligation – Budvar might need to collect and process some of your personal data to fulfil obligations imposed by applicable laws (e.g. verifying your age to ensure compliance with age limitations for alcohol consumption and marketing).
- your consent – In some cases data processing can only happen when you give us your consent. The particular purposes of processing and periods of processing will be stated in your consent. Giving the consent will not be compulsory. Refusal to give the consent will not affect your statutory rights. It may just mean that we cannot provide you with a certain service which relies on you providing us with consent (e.g. receiving a marketing newsletter). The consent may be withdrawn at any time. Consent withdrawal also does not affect your statutory rights and does not affect the validity of the data processing before the consent was withdrawn.
Where applicable, we will point out, at the time of the data collection, if the provision of the personal data is a statutory or contractual requirement and whether you are required to provide the personal data and the possible consequences of failure to provide such data.
Data processing by Budvar
- Processing operations – Budvar processes personal data manually and/or by automatic means and keeps records of all the activities during which personal data are processed. Budvar does not sell personal data.
- Automated individual decision-making, including profiling – Budvar does not carry out automated decision-making without influence of human assessment with legal effects or similarly significant effects for data subjects.
- Security – We are committed to ensuring that your personal data is secure and we have put in place suitable administrative, technical, physical, contractual and managerial measures to protect your personal data from loss, theft, unauthorised use, disclosure or modification.
3. SPECIFIC INFORMATION ABOUT YOUR DATA PROCESSING
By the way of an example, personal data, which Budvar processes about you, may be:
A. Website users and others communicating with Budvar
I. Personal data
When visiting our websites, subscribing to Budvar’s newsletter or updates, requesting product information or making an inquiry through any of our online contact forms or by reaching out to us directly (e.g., by email, phone, SMS, or other communication methods), we collect personal data about you, such as: name, username, job function/title, your employer’s company name, contact details (such as email address and phone number), information about age, the country and city where your company is based/where you reside, and additional personal data you voluntarily provide us with in your enquiries or submissions, responses you provide as part of our surveys, competitions and other interactive services, and/or behavioural information from online browsing, email and social media (if we have your permission to do so).
We might also automatically collect information that results from your use of our website, such as information about your operating system, browser type, IP address, location, other cookie data (for more information on cookies and for specific information about this type of data processing please read our Cookie Notice [https://budweiserbudvar.com]).
II. Sources of personal data
We may obtain your personal data from you directly (e.g. at the time of subscribing to our newsletter or interacting via social media), from your device or browser.
III. Purposes and legal bases
We might collect and process your personal data for the following purposes:
Purpose of the processing
(Why we might use your personal data?) |
Legal basis
(What is the legal basis for such processing of your personal data?) |
Provide you with our digital services, establish and manage our relationship | Our legitimate interest (website management, marketing reporting incl. intra-group, marketing operations) |
Learn about your browsing performance | Our legitimate interest (website management)
Your consent* (marketing operations) |
Security | Our legitimate interest (managing security, risk and crime prevention)
Legal obligation (ensure compliance with age limitations for alcohol consumption, sales and marketing) |
Sharing information with advertising partners (including Facebook, Instagram, Google) to promote our goods | Your consent |
Direct marketing** – Provide you with information about our products, services and events by letter, telephone, email or other forms of electronic communication | Our legitimate interest (promotion of our goods and services)
Your consent* |
* In case we ask for your consent to processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences.
**Direct marketing – Where we use your email or other digital means to communicate marketing information to you, we will seek your prior consent where required to do so by applicable law (we do not need to seek your consent if you are our existing customer and the marketing communication regards the same or similar products/services).
You can unsubscribe from our marketing communications by contacting us at any time using the details provided at the end of this Privacy Notice or in respect of email marketing, by clicking on the unsubscribe link provided in every marketing email.
B. Visitor to our brewery and events
I. Personal data
As part of the registration process and in the course of brewery visits, events, meetings, conferences and other events we organize, we might collect your personal data such as: name, job function/title, the company name of your employer/school/organization, contact details (such as email address and phone number), address where your organization is based/you reside, time and date of your visit, photos with your likeness, voice and/or video recordings, CCTV camera footage.
II. Sources of personal data
We may obtain your personal data from you directly or from third parties (e.g. if they help organize these events or co-organize them with us).
III. Purposes and legal bases
We might collect and process your personal data for the following purposes:
Purpose of the processing
(Why we might use your personal data?) |
Legal basis
(What is the legal basis for such processing of your personal data?) |
Ensure security | Our legitimate interest (maintaining security, risk and crime prevention). |
Event organization | Entering into/fulfilment of contract with you
Our legitimate interest (marketing and management of events) |
Maintain records of visitors to our premises | Our legitimate interest (marketing and management of events) |
Checking your age | Legal obligation (ensure compliance with age limitations for alcohol consumption, sales and marketing) |
C. Our business partner and/or their representative
I. Personal data
When Budvar has a business relationship with you, it may collect and process personal data concerning business partners and their representatives, such as name, contact details (e.g., email address, telephone number, residential address), job and company-related information, bank account details and financial information (including credit/income history), transaction history, communications and criminal records, your customer portal login details, and other business-related information.
II. Sources of personal data
We may obtain your personal data from you directly, from your company (e.g., acting as your employer), from our entities or distributors, from other third parties who provide business development services to us or from public sources.
III. Purposes and legal bases
We might collect and process your personal data for the following purposes:
Purpose of the processing
(Why we might use your personal data?) |
Legal basis
(What is the legal basis for such processing of your personal data?) |
Establish and manage our relationship | Entering into/fulfilment of contract with you(efficiently fulfil our contractual obligations)
Legal obligation Our legitimate interest (customer/supplier relationship management, exercise and defend claims) |
Provide/receive products and services | Entering into/fulfilment of contract with you
(efficiently fulfil our contractual obligations) Our legitimate interest (customer/supplier relationship management) |
Learn about and improve products/services | Our legitimate interest (customer/supplier relationship management) |
4. SHARING OF PERSONAL DATA
(Who do we share your personal data with?)
Your personal data might be shared with other Budvar entities (i.e. intra-group) or with third parties as set out below.
A. Intra-Group
Budvar entities (as listed below in ) may receive your personal data as necessary for the processing purposes described above. Depending on the categories of personal data and the purposes for which the personal data is processed, different internal departments within Budvar may receive your personal data. For example, our sales department members in a relevant country will handle your inquiry with regards to our products, depending on where your company is based; other departments within the Budvar Group have access to certain personal data about you on a need-to-know basis, such as the legal department, the finance department or internal auditing. Budvar has an intra-group sharing agreement in place to ensure confidentiality and security of your personal data and compliance with Applicable Data Protection Laws.
B. Third Parties
Service Providers Acting on our Behalf
Certain third party service providers may receive your personal data to process such data under appropriate instructions on our behalf, as necessary for the processing purposes described above, such as:
- IT providers such as companies who provide software, computing services and / or hardware, including IT support (e.g., data management, IT service management and storage services, web-hosting, video and / or voice conferencing, email services, digital communication platforms, companies providing machine translations, data analytics providers, etc.);
- support services such as companies that provide business support services (e.g., marketing services providers, mailing vendors, etc.);
- companies that provide financial administration (e.g., services and product payment services management, etc.); and
- companies that provide training and event organization services (e.g., vendors providing training platforms, event organizers, etc.).
Each such service provider is carefully selected with regard to meeting the statutory requirements and our high standards in a field of personal data protection. Our service providers are bound by applicable law and/or contract to protect the confidentiality and security of personal data, and to only use personal data to provide requested services to us and in accordance with applicable laws.
Other companies, vendors, suppliers, business partners and public entities
We may also share personal data with other companies, vendors, and business partners to perform functions for us, where these companies are themselves responsible for determining the purposes and/or means of the processing (separate data controller). We may also share some of your personal data with public or regulatory authorities. Examples include:
- financial institutions;
- telecommunications companies who provide fixed line and mobile telecommunications services;
- various professional advisors such as lawyers, accountants and auditors;
- in relation to prospective or actual strategic transactions involving Budvar (such as mergers and acquisitions), third parties involved in such transactions; and
- other public authorities such as law enforcement agencies, governmental authorities, courts, tribunals, opposing or other related parties to the proceedings and their professional advisors.
5. INTERNATIONAL TRANSFERS OF PERSONAL DATA
(Do we transfer your personal data outside the EEA/UK?)
Due to the global nature of our operations, some of the personal data recipients (mentioned above) may be located in countries outside the European Economic Area (EEA), Switzerland or the United Kingdom (UK), which do not provide an adequate level of data protection as defined by Applicable Data Protection Laws in the EEA, Switzerland or the UK. Certain third countries, such as Argentina, Canada, New Zealand and Switzerland, have been officially recognized by the European Commission and the UK Secretary of State as providing an adequate level of protection.
A. Intra-Group
International transfers of personal data will be to countries where Budvar entities have offices, including Canada. The transfer of your personal data outside the EEA/UK takes place on the basis of our [Intra-Group Data Sharing Agreement] which provides data protection safeguards for the personal data transferred thereunder as required under Applicable Data Protection Laws.
B. Third Parties
Some of the third parties with whom we share personal data are also located outside the EEA, Switzerland or the UK in third countries, which do not provide an adequate level of data protection as defined by Applicable Data Protection Laws in the EEA, Switzerland or the UK. Transfers to third parties located in other third countries outside the EEA, Switzerland or the UK take place using an acceptable data transfer mechanism, such as the EU Standard Contractual Clauses or any relevant data transfer clauses issued by the UK Secretary of State or the UK Information Commissioner (and approved by the Parliament), approved Codes of Conduct and Certifications, or on the basis of permissible statutory derogations.
Please reach out to us using the contact details below , if you want to receive further information or, where available, a copy of the relevant data transfer mechanism.
6. RETENTION PERIOD
(For how long do we store and process your personal data?)
Your personal data will not be retained for longer than is necessary for the purposes it was collected as set out in this Privacy Notice.
For example, your personal data will be processed for the duration of the concluded contract and afterwards for the limitation period of any claims arising from the contract (based on applicable laws), but generally for no longer than 7 years after the expiry or conclusion of the contract. After expiry of such period, Budvar will delete your personal data, unless authorised/obliged to continue processing such data on another legal basis. Your personal data will also be processed by Budvar for the duration of any related litigation.
If we process your personal data on the basis of your consent, then such personal data are kept by us for a period not exceeding the period for which you gave us your consent or until you withdraw your consent unless we are permitted to retain the data under an alternative legal basis.
Where applicable legislation requires so, any documents containing your personal data will be archived by us for the prescribed period.
7. YOUR RIGHTS
(What rights can you exercise with regards to your personal data?)
Under the conditions set by Applicable Data Protection Laws, you may exercise the following rights regarding your personal data (see the contact information below [link] for details on how to exercise those rights):
Access
You have the right to obtain confirmation of whether your personal data is being processed by us, and certain related information; as well as the right to obtain a copy of your personal data that we are processing.
Rectification
You have the right to request the rectification of inaccurate personal data and to have incomplete data completed.
Objection
Where we rely on our legitimate interests to process your personal data, you have the right to object to the processing of your personal data for reasons relating to your particular situation. Where you exercise this right, we will stop processing your personal data unless we can demonstrate compelling legitimate grounds to continue to process it which override your objection, or where we need to process your personal data for legal claims..
Portability
You may have the right to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit it to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
Restriction
You may request to restrict the processing of your personal data in certain cases.
Erasure
You may request the erasure of your personal data if (i) it is no longer necessary for the purposes for which we have collected it, (ii) you have withdrawn your consent and no other legal ground for the processing exists, (iii) you have objected to our processing of your personal data and no overriding legitimate grounds for the processing exist, or (iv) the processing is unlawful, or erasure is required to comply with a legal obligation.
Right to lodge a complaint
Please reach out to us using the contact details below, if you have any complaint regarding your personal data processing by us – we will do our best to resolve the issue. You may lodge a complaint with a supervisory authority and/or bring an action before a court if you believe that your rights protected by Applicable Data Protection Laws were infringed in the consequence of data processing.
Our lead supervisory authority is the Czech Data protection authority (details below), but you may lodge your complaint with any relevant supervisory authority, e.g. a supervisory authority in the country of the EEA, Switzerland or the UK where you reside, or where the issue that is the subject of the complaint occurred.
The Office for Personal Data Protection (Úřad pro ochranu osobních údajů)
Address: Pplk. Sochora 27
170 00 Praha 7
Web: https://www.uoou.cz/
E-mail: posta@uoou.cz
Phone: +420 234 665 800 (GDPR infoline)
Right to refuse or withdraw consent
In case we ask for your consent to processing, you are free to refuse to give consent and you can withdraw your consent at any time without any adverse negative consequences. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
8. DATA CONTROLLERS AND CONTACT DETAILS
(Who is responsible for your personal data?)
Our entities, which are subsidiaries/affiliates of or are otherwise associated with Budvar, are the following:
Budvar entity name | Contact details |
Budějovický Budvar, národní podnik, Budweiser Budvar, National Corporation, Budweiser Budvar, Entreprise Nationale
(“Budvar Czech Republic”) |
registered address: K. Světlé 512/4, 370 04 České Budějovice, Czech Republic
Identification No.: 00514152 registered in the Commercial Register at the Regional Court in České Budějovice under file No. AV 325 |
Budweiser Budvar SK, s.r.o. | registered address: Galvániho 15/B Bratislava – mestská časť Ružinov 821 04Identification No.: 46332642 |
BUDWEISER BUDVAR IMPORTGESELLSCHAFT GmbH | registered address: Augsburger Straße 10, DE-99091 Erfurt, Bundesrepublik Deutschland
Identification No.: E9900154 |
Budweiser Budvar UK Ltd
|
registered address: 76 Macrae Road, Eden Office Park, Pill, Bristol BS20 0DD, United Kingdom
Identification No.: E9990020 |
If you are a visitor to our websites, the relevant data controller is Budvar Czech Republic.
If you are a customer or a potential customer of one or more of our entities, or an individual related to one of our existing or potential customers, the relevant data controller is the Budvar entity, which has contractual or business relations with our customer.
If you contract with our entities in any other capacity (for example, to provide your services), your data controller will be the Budvar entity with which you contract.
If you are a visitor to our premises or events, the relevant controller is the entity that is located in that office or hosting the event.
For cross-border matters, and in relation to personal data shared by several of our entities, the relevant entities may operate as joint controllers that will collaborate with one another, as necessary, to comply with our obligations under the Applicable Data Protection Laws, including to address requests by data subjects to exercise their rights under the Applicable Data Protection Laws (as set out above).
DATA PROTECTION CONTACT DETAILS
The main establishment for our EU and UK entities for purposes of compliance with the Applicable Data Protection Laws is Budvar Czech Republic.
If you have any queries, comments, or requests regarding this Privacy Notice, you have a complaint or you would like to exercise any of your rights set out above, you can contact us through either of these channels:
Email: gdpr-manager@Budvar.cz
Postal address:
Budějovický Budvar, národní podnik,
Budweiser Budvar, National Corporation,
Budweiser Budvar, Entreprise Nationale
Světlé 512/4
370 04 České Budějovice
Czech Republic
Whistlelink: In the case of potential breach of this Privacy Policy you may also use independent whistleblowing platform available on: https://bbudvar.whistlelink.com/