PURPOSE OF THIS POLICY

SODEXO takes the protection of your Personal data very seriously. 

We have developed this policy to inform you of the conditions under which we collect, process, use and protect your Personal data on our Sites and in the context of the services provided by Sodexo Cyprus Ltd, (the "Services"). This policy covers all users, including those who use the Site and the Services without being registered or subscribing to a specific service or account (hereinafter collectively, the "Users"). 

Please read it carefully to familiarize yourself with the categories of Personal data that are subject to collection and processing, how we use this Personal data and with whom we are likely to share it. This policy also describes your rights and how you can get in touch with us to exercise these rights or to ask us any questions you might have concerning the protection of your Personal data.

This policy may be amended, supplemented or updated, in particular to comply with any legal, regulatory, case law or technical developments that may arise. However, your Personal data will always be processed in accordance with the policy in force at the time of the data collection, unless a compulsory legal prescription determines otherwise and must be enforced retroactively.

IDENTITY AND CONTACT DETAILS OF THE CONTROLLER

The data controller is: Sodexo Cyprus Ltd

DEFINITIONS

COLLECTION AND SOURCE OF PERSONAL DATA

We will most likely collect your personal data directly (in particular via the data collection forms on our website) or indirectly (in particular via our service providers and/or technologies on our website).

We undertake to obtain your consent and/or to allow you to refuse the use of your data for certain purposes whenever necessary.

You will in any event be informed of the purposes for which your data are collected via the various online data collection forms and via the Cookie Policy.

TYPES OF PERSONAL DATA COLLECTED BY US

We may specifically collect and process the following types of personal data:​

• the information that you provide when filling in the forms on the Site (for example, for subscription purposes, to participate in surveys, for marketing purposes, when downloading the application, etc.)the information that you provide for authentication purposes or to verify your age when you purchase age restricted items;
• the information that you provide for order fulfillment or to provide a service
• the data relating to your purchases such as products, quantity, price, billing and delivery addresses including health information about you only where you volunteer and consent to this, for example if you report any specific food allergies after placing an order;
• the transaction data such as payment information and credit/debit card information that is transmitted directly to third parties who process your requests; the information provided via “posts”, comments or other content that you post on the website .the information from you when you use the chat function on our Sites. 
• the information you provide for the purposes of managing your job application and, where applicable, your recruitment process (e.g.: CV, information relating to your education, your professional experience, awards, diplomas, certificates, attestations, languages spoken, salary expectations, etc.);
• your preferences in receiving marketing from us and our third parties and your communication preferences
• information collected through Cookies as defined in our Cookie Policy.

Personal data identified by an asterisk in the data collection forms are compulsory as these are necessary to fulfill any orders placed. In the absence of this compulsory information, these transactions cannot be processed. 

PERSONAL DATA THAT WE AUTOMATICALLY COLLECT

Personal data may be collected for the following general purposes (a more precise description of the processing of your data can be found in the Annex 1 below):

• Cookies
• Account creation and management
• Customer Relationship Management
• Marketing Management
• Recruitment

In addition, please note that you have the option to click on the dedicated icons of social networks such as Twitter, Facebook, LinkedIn, etc. that appear on our Sites.

When you click on these icons, we may have access to the Personal data that you have made public and accessible via your profiles on the social networks in question. We neither create nor use any separate databases from these social networks based on the Personal data that you have published there, and we do not process any Personal data relating to your private life through these means.

If you do not want us to have access to your Personal data published in the public spaces of your profile or your social accounts, then you should use the procedures provided by the social networks in question to limit access to this information.

These links to other websites should not be considered as navigation tracking and we decline any responsibility concerning the Personal data protection practices implemented by these third-party companies, each of which acts as a separate Controller of your Personal data on their own perimeter. Once you leave our Site or click on the logo/link to one of these social networks, it is your responsibility to check the privacy policy applicable to that other platform.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

We process your Personal data as part of the performance and management of our contractual relationship with you, in our legitimate interest to improve the quality and operational excellence of the Services we offer to you or in compliance with certain regulatory obligations depending on the purpose of processing as identified in the chart in Annex 1.

Your Personal data may also be processed based on your prior consent in the event that under certain circumstances, your consent would be requested (e.g regarding health data or for certain types of Cookies).

DISCLOSURE OF PERSONAL DATA

The security and confidentiality of your Personal data is of great importance to us. This is why we restrict access to your Personal data only to members of our staff only to the extent strictly necessary to process your orders or to provide the requested Services. We ensure that persons authorized to process the Personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

We will not disclose your Personal data to any unauthorized third parties. We may, however, share your Personal data with entities within SODEXO and with authorized service providers (for example: technical service providers [hosting, maintenance], consultants, etc.) whom we may call upon for the purpose of providing our Services.

We ensure that every disclosure of your Personal data to an authorized service provider is framed by a data processing agreement, reflecting the commitments laid out in this policy. We do not authorize our service providers to use or disclose your data, except to the extent necessary to deliver the Services on our behalf or to comply with legal obligations. Furthermore, we may share your Personal data (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials or (iii) if we are of the opinion that transferring these data is necessary or appropriate to prevent any physical harm or financial loss or in respect of an investigation concerning a suspected or proven unlawful activity.

STORAGE PERIOD OF YOUR PERSONAL DATA

• The purpose for which we hold your Personal data (e.g. .when you purchase products on our Sites, we keep your Personal data for the duration of our contractual relationship);
• Our legal and regulatory obligations in relation to that Personal data (e.g.. accounting reporting obligations);
• Whether you are an active user of our Services, you continue to receive marketing communications, or you regularly browse or purchase off our Sites or whether you do not open our emails or visit our Sites; For instance, if you have agreed to receive marketing communications, we keep your Personal data until you: (i) unsubscribe from receiving marketing communications (ii) request we delete your Personal data, or (iii) after a period of inactivity (i.e. where you have not interacted with us for a period of time). This period is defined in accordance with local regulations and guidance;
• Any specific requests from you in relation to the deletion of your Personal data or Account; 
• Any statutory limitation periods allowing us to manage our own rights, for example the defense of any legal claims in case of litigation; and
• Any local regulations or guidance (e.g. regarding cookies).

SENSITIVE PERSONAL DATA

As a general rule, we do not collect sensitive Personal data via our Sites. “Sensitive Personal data” refers to any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data or data relating to the sexual life or the sexual orientation of a natural person. This definition also includes personal data relating to criminal convictions and offenses.

In the event that it would be strictly necessary to collect such data to achieve the purpose for which the processing is performed, we will do so in accordance with local legal requirements for the protection of Personal data and, in particular, with your explicit prior consent and under the conditions described in this policy. 

PERSONAL INFORMATION AND CHILDREN

Our Site is for use by adult persons who have the capacity to conclude a contract under the legislation of the country in which they are located.

Children users under the age of 18 years or without legal capacity must obtain consent from their legal guardians prior to submitting their Personal data to the Site. 

TRANSFER OF PERSONAL DATA

As SODEXO is an international group, your Personal data may be transmitted to internal or external recipients that are authorized to perform Services on our behalf. These recipients are located in the European Union or the European Economic Area which offer an adequate level of Personal data protection.

You can use this form to make a request. This electronic system allows you to log in and see the progress of your request, see and send messages and review your documents securely. This system is called One Trust and after making the request you will be sent details about how to log on.

Alternatively you can also send your request or complaint by sending an email to the Local Data Protection Office at the following email address: dpo.cyprus@sodexo.com

For more details, consult the Global Data Protection Requests Policy.

SECURITY

We implement all possible technical and organizational security measures to ensure security and confidentiality in processing your Personal data.

To this end, we take all necessary precautions given the nature of the Personal data and the risks related to its processing, in order to maintain data security and in particular to prevent distortion, damage or unauthorized third-party access (physical protection of the premises, authentication procedures with personal, secured access via identifiers and confidential passwords, a connection log, encryption of certain data, etc.).

In addition, if we contract with Processors for all or part of the Processing of your Personal data, we require a contractual agreement from our service providers to guarantee the security and confidentiality of the Personal data that we transmit to them or that they collect on our behalf, in accordance with the applicable regulations on the protection of Personal data.

We regularly conduct audits to verify the proper operational application of the rules relating to the security of your Personal data.

Nevertheless, you also have a responsibility to ensure the security and confidentiality of your Personal data so we invite you to remain vigilant, especially when using an open system such as the Internet.

LINKS TO OTHER SITES

UPDATES OF OUR ONLINE PRIVACY POLICY

We may update or amend this confidentiality policy as and when needed. In this case, amendments will only become applicable after a period of 30 business days from the date of the amendment. Please consult this page from time to time if you want to be informed of any possible changes.

HOW TO CONTACT US

If you have any questions or comments with regard to this policy, please do not hesitate to contact us at the following address: cyprus.helpdesk@sodexo.com