HEINEKEN feels very strongly about protecting the personal data that it is entrusted with. We strive to handle personal data with care according to our internal standards and applicable local law, to be transparent on how we use personal data and how individuals can exercise their data privacy rights.
How we handle personal data with care
Data privacy laws are emerging across the globe. To establish a level playing field for data privacy within all HEINEKEN companies across the globe, we follow our 6 HEINEKEN privacy principles as well as our internal standard for managing data privacy compliance within our organizations; the HEINEKEN Privacy Procedures.
The 6 HEINEKEN Privacy Principles
Everyone at HEINEKEN must adhere to 'The 6 HEINEKEN Privacy Principles' and make them part of their daily business practices. They are the following principles:
- Principle 1: Use Limitation
Define clear business purposes before you start collecting personal data. Limit the use of personal data to what is needed to achieve your business purposes. - Principle 2: Data Minimization
Only use the personal data that is necessary for the business purpose and restrict access to ‘need-to-know’. Delete the personal data when no longer needed. Keep the personal data up to date and correct. - Principle 3: Sensitive Data
Be extra careful when using sensitive data such as health, religion, social security numbers. Ask your Privacy Officer for advice if you wish to use sensitive data. - Principle 4: Transparency & Rights of Individuals
Communicate about what you do with personal data by using privacy notices and other statements. Facilitate individuals exercising their rights in respect of their personal data (e.g. to correct or have the data deleted). - Principle 5: Security
Have appropriate organizational and technical security measures in place to protect the personal data from unauthorized and unwanted access or use. Staff accessing the data must be bound by confidentiality obligations. - Principle 6: Third Party Access
Ensure required safeguards are in place when allowing third parties to access the personal data. Additional measures may be needed for international data transfers.
The HEINEKEN Privacy Procedures
As a highly decentralized company, operating in many different countries, with various levels of personal data protection embedded in local law, the HEINEKEN Privacy Procedures for Employee Data and the HEINEKEN Privacy Procedures for Consumer, Supplier and Business Partner Data provide an internal framework for managing data privacy protection within our global group of companies. The Procedures shall be made available free of charge upon request via the data privacy request form (see below under ‘Your privacy rights’).
Global Privacy Officer network
The Global Privacy Office supervises compliance with the Principles and Procedures and coordinates the global network of HEINEKEN Privacy Officers. For each company that HEINEKEN is a majority shareholder, the Privacy Procedures apply. The local Privacy Officers implement the framework for data protection management and support and assess overall data protection management compliance within their respective HEINEKEN company. HEINEKEN Privacy Officers are not Data Protection Officers in respect of the EU General Data Protection Regulation.
Privacy Notices
The responsible HEINEKEN company will inform the relevant individuals about the processing of personal data in a transparent manner. Depending on how and where the personal data is collected, information, will be presented via the appropriate means, for instance in the form of a Privacy Notice.