Tayto Snacks Unlimited Company Privacy Notice
Tayto Snacks Unlimited Company (referred to as “our”, “us” and “we” in this notice) is the owner of the Tayto brand. As a business, we are committed to respecting and protecting the privacy of all individuals with whom we interact. We are committed to being transparent in our handling of personal information and processing personal information at all times in accordance with applicable privacy and data protection laws. We respect your right to privacy and take seriously our responsibilities in relation to the processing of personal data. This Privacy Notice (the “Policy”) explains how we may collect and use personal information from you when you use our websites www.taytosnacks.ie and www.taytocrisps.ie and any other websites and webpages linked to or associated with these websites, from time to time, which are operated by us (together our “Site” or the “Site”) and/or our products and how you can instruct us if you prefer to limit the use of that information. In this Policy, “third parties” means persons, firms or companies which are not subsidiary or associated or joint venture companies of Tayto Snacks. We do not knowingly attempt to solicit or receive information from children.
This Privacy Notice explains the following:
- What personal information we collect on this website;
- How we use this information;
- How we store your personal information;
- How we secure your personal information;
- Whether we disclose or share your personal information;
- Your choice regarding the personal information you provide to us;
- Our responsibility for website links;
- How to contact us.
In the Supplementary Information section of this Privacy Notice, we explain what is meant by “personal information” and other terms used in this notice.
Who we are
The Site is controlled by Tayto Snacks Unlimited Snacks. Tayto Snacks is a private unlimited company incorporated in Ireland with company number 80072. Our registered office address is:
Controller and our contact details
Under this Policy, and unless the circumstances otherwise require, we will be what’s known under the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) as the “controller” of the personal data you provide to us.
Any queries regarding this Policy may be directed to email@example.com.
What personal information we collect on this website
We collect information about how you use our website and the device(s) you use to access our site. This includes collecting unique mobile device ID or the internet protocol (IP) address online identifiers, which are numbers that can uniquely identify a specific computer or other network device on the internet. This information is linked to a cookie ID, which we receive and process.
We also collect information about you if you make use of any of the interactive features within our Site that rely on a personalised response, or where you process an order in our online shop. The information we collect is limited to the details we need to provide the specific service you have asked for. We do not collect sensitive information, such as your political or religious beliefs, ethnic background, sexual preference, health or any other sensitive information.
We do not actively seek to collect information about children aged 16 or under. If you have any concerns about your child’s privacy in relation to our services, or if you believe that your child may have entered personal data onto our Website, please contact us at firstname.lastname@example.org .We will delete such information from our records with a reasonable time.
We will collect and process the following personal data about you for the following purposes:
Information you give us:
Your Data. This is information about you that you give us by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you use our Site or report a problem with our Site.
The information you give us may include:
Identity Data: your full name, address, e-mail address, phone number, age, title and personal description.
Financial Data: your financial details, including bank account details, billing contact e-mail address and VAT number.
Information we collect about you:
Automatically Collected Information. With regard to each of your visits to our Site, we may automatically collect the following information:
Usage Data: information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our Site (including date and time), publications, services or other products you viewed or searched for, page response times, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page.
Technical Data: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser and type and version, time zone setting, browser plug-in types and versions and operating system and platform.
No special categories of personal data
We do not require or collect any personal data that is your sensitive personal data or any special category data under the GDPR, unless you decide to provide this information to us.
How we use this information
Except where required by law, we only use the personal information you provide for the following purposes:
- to deliver the specific information or services you have requested. For example, if you have ordered an item from our online shop and we need to contact you to process the order or any issues with the order. We will only use the email address you provide to us to respond to that request. Without your express consent, we will not use your contact details for any other purpose;
- where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests;
- where we need to comply with a legal or regulatory obligation.
We have set out below, in table format, a description of the ways we plan to use your personal data and the legal basis we rely upon to do so. We have also identified our legitimate interests where appropriate:
|Purpose/Activity||Type of data||Legal basis for processing|
|To respond to your queries and to provide you with the information you request from us in relation to our products.
|– Identity Data
– Technical Data
– Usage Data
|– Necessary for our legitimate interests (to respond to new or existing customer queries and grow our business)
|To manage payments, fees and charges and to collect and recover money owed to us.||– Identity Data
– Financial Data
– Necessary for our legitimate interests (to recover debts due to us)
– Technical Data
– Usage Data
– Necessary to comply with a legal obligation
– Necessary for our legitimate interests (to keep our records updated and to study how customers use our products).
|To provide you with information about products we offer that are similar to those that you have enquired about.||– Identity Data
– Technical Data
– Usage Data
|– Necessary for our legitimate interests (to develop our products and grow our business) (existing customers)
|To provide you with marketing communications about other products, promotions, competitions or events we feel may interest you.||– Identity Data
– Technical Data
– Usage Data
|To ensure that content is presented in the most effective manner for you and for your computer or device.
|– Identity Data
– Technical Data
– Usage Data
|– Necessary for our legitimate interests (to keep our Site updated and relevant and to develop and grow our business).
|To administer and protect our business, our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
|– Identity Data
– Technical Data
– Usage Data
|– Necessary for our legitimate interests (for running our business and as part of our efforts to keep our Site safe and secure)|
|To use data analytics to improve or optimise our Site, marketing, customer relationships and experiences.||– Technical Data
– Usage Data
|– Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site updated and relevant, to develop and grow our business and inform our marketing strategy).
|To measure or understand the effectiveness of advertising we serve to you and others, and, where applicable, to deliver relevant advertising to you.||– Identity Data
– Technical Data
– Usage Data
|– Necessary for our legitimate interests (to study how customers use our products, to develop them, to grow our business and to inform our marketing strategy).
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us via e-mail at email@example.com.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with this Policy, where this is required or permitted by law.
How long we keep your information
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period of time for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For example, we may hold personal data as needed for our accounting or tax compliance purposes for a period of 6 years. For more information about our data retention policies please contact us at firstname.lastname@example.org.
How we store your personal information
We are committed to ensuring your personal information is kept secure and confidential and not kept for longer than is necessary. From time to time we may ask other members of our group, or third party service providers, to help us manage our information technology systems. Some of these systems may be located in countries overseas.
We will only transfer your information to a third party service provider or overseas, where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any information being processed and compliance with applicable privacy and data protection laws.
How we secure your personal information
We have appropriate security measures in place to prevent unlawful or unauthorised use, access or accidental loss of personal information. We also seek to ensure our service providers do the same.
Information Sharing and Disclosure
We do not sell or rent any personally identifiable information about you to any third party.
We may disclose personally identifiable information in response to legal process, for example in response to a court order or a subpoena, or in response to a law enforcement agency’s request, or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, and as otherwise required by law. Our agents and contractors may have access to personally identifiable information to help carry out the services they are performing for us.
We may disclose information to third parties if you consent to us doing so as well in the following circumstances:
You agree that we have the right to share your personal information with the following recipients or categories of recipients:
- any department or authorised person within our company or any member company within our group, which means any subsidiary or holding company within the meaning of sections 7 and 8 of the Companies Act 2014;
- selected third parties including:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you in relation to our products;
- analytics and search engine providers that assist us in the improvement and optimisation of our Site.
We will disclose your personal information to third party recipients:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of our business or assets;
- if all or substantially all of our business or assets are acquired by or transferred to a third party whether in the event of a merger, reorganisation, transfer of undertakings, receivership, liquidation or other winding up or any other similar circumstances, in which case personal data held by us will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or under an agreement;
- to protect our rights, property or safety, our customers, or others. This includes exchanging information with other companies and organisations for the maintenance and security of the Site.
Your choice regarding the personal information you provide to us
- If you would like us to delete your information from our records, please contact us using the contact details below and we will respond within a reasonable time. Please note that we may be required to retain certain information by law and/or for our own legitimate business purpose.
Users from the European Economic Area
If you are from the European Economic Area, you have rights (with some exceptions and restrictions) to:
- object to our processing of your personal data for direct marketing purposes or for profiling to the extent it relates to direct marketing. You can object at any time and we shall stop processing the information you have objected to, unless we can show compelling legitimate grounds to continue that processing which would override your interests, rights and freedoms or in connection with the enforcement or defence of a legal claim;
- access your personal data. If you make this kind of request and we hold personal data about you, we are required to provide you with information on it, including a description and copy of the personal data and why we are processing it. Any such request should be submitted to us in writing to email@example.com. We will need to verify your identity in such circumstances and may request more information or clarifications from you if needed to help us locate and provide you with the personal data requested. There is usually no charge applied to access your personal data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee. Alternatively, we may refuse to comply with your request in these circumstances;
- request erasure of your personal data in certain circumstances. This right, however, will not apply where we are required to process personal data in order to comply with a legal obligation or where the processing of this information is carried out for reasons of public interest in the area of public health. Erasure rights do not apply where the data is processed for historical research purposes or statistical purposes;
- request correction or updating of the personal data that we hold about you and that is inaccurate. If the personal information we hold about you is inaccurate, you may request to have your personal information updated and corrected. To do so at any time, please contact us at firstname.lastname@example.org;
- request the restriction of our processing of your personal data where (i) you have contested the accuracy of the personal data we hold on record in relation to you or for a period of time to enable us to verify the accuracy of the personal data; (ii) the processing of your personal data is unlawful and you request the restriction of use of the personal data instead of its erasure; (iii) we no longer require your personal data for the purpose of processing but you require this personal data for the establishment, exercise or defence of legal claims; or (iv) where you have contested the processing (under Article 21(1) of the GDPR) pending the verification of our legitimate grounds. If you request this, we can continue to store your personal data but are restricted from processing it while the restriction is in place;
- withdraw your consent to our use of your personal data. When you use our website you may have been asked to consent to the dropping of a cookie. You may withdraw your consent to our processing of your personal data that has been derived from cookies. If you do withdraw consent, that will not affect the lawfulness of what we have done with your personal data before you withdrew consent;
- complain to your local data protection authority about our collection or use of your personal data.
If you exercise the rights above and there is any question about who you are, we may require you to provide information from which we can satisfy ourselves as to your identity.
If you are from the European Economic Area and would like to exercise any of these rights in relation to any information we hold about you via this website please contact us using the contact details provided below. We will consider and respond to your request in accordance with the relevant law.
Where we process your personal data by automated means (i.e., not on paper) and this processing is based on your consent or required for the performance of a contract between us, you have the right to request from us a copy of your personal data in a structured, commonly used machine-readable format and, where technically feasible, to request that we transmit your personal data in this format to another controller.
Profiling is an automated form of processing of personal data often used to analyse or predict personal aspects about an individual person. This could relate to a person’s performance at work, economic situation, health, personal preferences, reliability, behaviour, location or movements. An example of this would be where a bank uses an automated credit scoring system to assess and reject a loan application.
You have the right to be informed if your personal data will be subject to automated decision making, including profiling. You also have the right not to be subject to a decision based solely on automated process, including profiling, where that decision impacts on your legal rights. There are some exceptions to this rule, where, for example, the decision is necessary in connection with the performance of a contract between us, is authorised by law or where you have given your explicit consent to this automated processing. In this case, however, we do not engage in profiling or automated processing for profiling purposes.
The rights described in this section are personal rights and are exercisable only by the individual person (or data subject) concerned.
What are cookies and why we use them
Cookies may be used to save your personal preferences so you do not have to re-enter them each time you access the Site.
Personal Data may be transferred to our trusted partners and service providers who maintain their servers outside of the European Economic Area (the “EEA”), where the privacy and data protection laws may not be as protective as those in your jurisdiction. There are special requirements set out under Chapter V of the GDPR (with which we would comply) to regulate such data transfers and ensure that adequate security measures are in place to safeguard and maintain the integrity of your personal data on transfer.
For more information about this and the safeguards in place relating to such transfers, please contact us at email@example.com.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will not use your data to send marketing communications to you about promotions, competitions, updates and new products that may be of interest to you, unless we have your permission to do so.
Your right to object
You have the right to object to the processing of your personal data for our marketing purposes. To object or if you change your mind at any later time, you can withdraw your consent to the processing of your personal data for such marketing purposes by contacting us at firstname.lastname@example.org. You may also opt out of receiving marketing communications at any time by selecting the unsubscribe option when you receive an electronic marketing communication from us. The withdrawal of your consent will not impact upon the lawfulness of processing based on your consent prior to the withdrawal.
Our responsibility for website links
This Policy is limited to the personal information which we collect and use via this Site. We do provide links within this Site to other websites, including social media sites such as Facebook, Twitter and Instagram. We always endeavour to deal with vendors and other third parties who are GDPR compliant or, in the case of the third parties located outside of the EEA, who have adequate security measures in place to safeguard the security of personal data. However, if you follow these links, you should use these websites in conjunction with their applicable user and privacy notices as their data practices fall outside the scope of this Policy and are governed by their privacy policies. Further, we, our employees, agents, holding company and subsidiaries can have no responsibility or liability for the content or reliability of any third party materials or websites referenced by hyperlink or other means on the Site or control over the information collected by any third party website and we cannot be responsible for the protection and privacy of any information which you may provide on such websites. We encourage you to carefully read their privacy policies.
This Policy may be updated from time to time to reflect changes in law, best practice or a change in our practices regarding the treatment of personal information. Any changes made to this Policy from time to time will be published at the Site. Any material or other change to the data processing operations described in this Policy which is relevant to or impacts on you or your personal data, will be notified to you in advance by e-mail. In this way, you will have an opportunity to consider the nature and impact of the change and exercise your rights under the GDPR in relation to that change (e.g to withdraw consent or to object to the processing). If you do not agree to the changes, please do not continue to use our Site. You should check this notice frequently for updates. This notice was last updated 23rd May 2018.
If you have any questions about our approach to privacy or you would like to exercise any of the rights mentioned in this Policy, you can contact us in any of the following ways:
Address: Tayto Snacks, Kilbrew, Ashbourne, Co.Meath, Ireland.
Telephone +353 1 8350611
We are committed to complying with the terms of the GDPR and to the processing of personal data in a fair, lawful and transparent manner. If, however, you believe that we have not complied with our obligations under the GDPR, you have the right to lodge a complaint with the Data Protection Commission https://www.dataprotection.ie/.
In this Supplementary Information section, we explain some of terminology used in this Privacy Notice.
“personal information” – any information that relates to you (or from which you can be identified).
“profiling” – automatically using personal data to work out certain things about people, like analysing or predicting their performance at work, reliability, economic situation, personal preferences, interests, behaviour, location or movements.