Privacy Policy

Definitions

“Company” means Produce World Group Ltd

“Subsidiary Companies” means all Companies owned by Produce World Group Ltd.

1. Policy Statement The Company’s policy is designed to ensure transparency regarding the processing of personal data. Processing includes (but is not limited to) collecting, recording, storing, amending, reviewing, using and deleting personal data.

2. Key Principles

• Personal data will be processed lawfully, fairly and in a transparent manner.

• Data is processed only for specified and lawful purposes.

• Processed data is adequate, relevant and not excessive.

• Processed data is accurate and updated when necessary.

• Data is not kept any longer than necessary.

• Data is processed in accordance with an individual’s consent and rights. • Data is kept secure. • Data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection.

3. Scope This policy and procedure applies to all employees, customers and suppliers of Produce World Group Ltd and its subsidiary companies. 4. How your information will be used

4.1. As an employer, the Company needs to keep and process information about its employees for normal employment purposes. The information we hold, and process, will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with our employees effectively, lawfully and appropriately, during the recruitment process, whilst working for us, at the time when employment ends and after termination. This includes using information to enable us to comply with the employment contract, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings. If data is not provided, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.

4.2. We may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purposes or reporting potential crimes.

4.3. Much of the information we hold will have been provided by you, but some may come from other internal sources, or in some cases, external sources, such as referees.

4.4. The sort of information we hold may include personal data for our employees obtained through application forms and references, contracts of employment, copies of proof of Right to Work in the UK, information needed for payroll, benefits and expenses purposes; contact and emergency contact details; records of holiday, sickness and other absence; information needed for equal opportunities monitoring policy; medical information and, where appropriate, disciplinary and grievance records. Information for our customers or suppliers may include contact details, bank details and other invoicing information. GDPR Privacy Notice Page 4 of 6 Revision no 0.0 Author: Human Resources

4.5. You may be referred to in company documents and records that are produced by our employees in the course of carrying out their duties and the business of the company.

4.6. Where necessary, we may keep information relating to health, which could include employees reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations.. We will also need this data to administer and manage statutory and company sick pay or medical insurance if applicable.

4.7. Where we process special categories of information relating to racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, biometric data or sexual orientation, we will always obtain explicit consent to those activities unless this is not required by law or the information is required in an emergency. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.

4.8. In addition, we monitor computer and telephone/mobile telephone use and we also keep records of hours worked by our employees. 4.9. Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so or where we need to comply with our contractual duties to you. 4.10. Data is backed up and stored off-site for security and loss prevention purposes. During the transfer of data to the Secure Data Centre, the data is encrypted. The information stored in the Data Centre can only be used for restoring purposes by our company. As such, we are the only party who can access this. We may transfer information about our employees, customers or suppliers to other group companies for purposes connected with employment or the management of the company’s business. 4.11. Your personal data will be stored for a period of time that is not excessive and that is deemed appropriate for legitimate business reasons. 4.12. If in the future we intend to process your personal data for a purpose other than that which it was collected we will provide you with information on that purpose and any other relevant information.

5. Your rights

5.1. Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.

5.2. If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.

5.3. You have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 regarding your personal data. GDPR Privacy Notice Page 5 of 6 Revision no 0.0 Author: Human Resources 6. Identity and contact details of controller and data protection officer

6.1. Produce World Group Limited is the controller and processor of data for the purposes of the DPA 18 and GDPR.

6.2. If you have any concerns as to how your data is processed, you can contact the HR department at HRSS@produceworld.co.uk

or

The Data Protection Officer

Produce World Group Ltd

Stanley’s Farm

Great Drove

Yaxley

Peterborough

PE7 3TW