This Privacy and Cookie Notice applies to personal data collected by or on behalf of a company within the Diageo group of companies. It sets out what personal data we collect, why we collect it and what we do with it. It also explains the rights that you have in relation to your personal data.
Where you are representing one of our corporate customers or suppliers (or are a natural person acting as one of our suppliers or customers), please see the “Customers and Suppliers” section at the end of this Privacy and Cookie Notice for details on the information that we gather about you.
Who we are
Diageo is the world’s leading premium drinks business. Details of Diageo’s different brands can be found https://www.diageo.com/en/our-brands/brand-explorer.
This website and/or mobile app is operated by a member of the Diageo group of companies, the ultimate holding company of which is Diageo plc (registered in England and Wales with company number 23307 and registered address at 16 Great Marlborough Street, London, W1F 7HS, United Kingdom). Information on our subsidiaries can be found in our latest annual report, which is available https://www.diageo.com/en/investors/results-reports-and-presentations.
All references to 'our', 'us', 'we', or ‘company’ within this notice are deemed to refer to Diageo plc, its subsidiaries, affiliates, and/or associates, as appropriate.
Are you of legal purchase age?
You must not provide us with your personal data if you are not of legal age to purchase alcohol in the country in which you reside and (if different) in the country in which you are accessing the website or app.
We do not intend to collect personal data from any individuals under the legal purchase age, or to market alcoholic beverages to anyone under the legal purchase age.
If we receive notice or believe that someone under the legal purchase age has provided us with personal information, we will make a reasonable effort to remove such personal data from our records.
Data we may collect about you
We process personal data when you use our products and services based on the relationship you have with us.
What is personal data?
Personal data is any information that can be used to identify, directly or indirectly, a specific individual.
Personal data we collect includes:
- Personal data you provide to us directly;
- Personal data we collect automatically; and / or
- Personal data we collect from third parties.
Further information on the data we collect
Personal data you provide to us, includes and / or relates to
- Contact details (such as your name, postal addresses, phone numbers and email addresses) & demographic information (such as your date of birth, age or age range and gender);
- Online registration information (such as your password and other authentication information);
- Payment information and personal details where you are making a purchase (such as your credit card details, billing and shipping address, phone number);
- As part of online questionnaires (such as responses to any customer satisfaction surveys or market research),
- When you enter a competition or take advantage of a promotion;
- When you attend any of our promotional events;
- When you contact us with an enquiry or ask us to provide you with information;
- When you register on one of our websites or mobile apps;
- When you leave reviews or comments on one of our sites or social media pages;
- When you sign up for one or more of our loyalty programmes;
- Your marketing preferences; and / or
- Information is provided when you communicate with us via social media websites, third party apps or similar technologies.
We will indicate where any personal information we have requested is mandatory or optional. We will also explain the consequences should you decide not to provide information which we have indicated is mandatory. In some circumstances this may mean we are unable to provide you with a certain service or product.
Information we collect automatically
These types of personal data may relate to your device (such as your personal computer, tablet or other mobile devices), your use of our websites and apps (as well as certain third-party websites with whom we have partnered), and/or your personal preferences, interests, or geographic location.
Information collected automatically includes and / or relates to
- Name and age (or predicted age range);
- Information about your device, operating system, browser and IP address, unique identifiers associated with your device;
- Details of web pages that you have visited;
- Products you have looked at online (including information about products you have searched for or viewed, purchased or added to an online shopping basket);
- How long you spend on certain areas of a website or app together with the date and time of your visit/usage, personal data contained within user-generated content (such as blogs and social media postings), social media user name and / or ID; and / or
- Social media profile photo and other social media profile information.
We also use certain automated techniques and technologies to infer or generate additional information about you, for example by analysing or predicting certain personal aspects such as your personal preferences or interests. We also use pixels in our email communications to collect data about whether our emails have been opened and whether links in our emails have been clicked. In addition, we receive IP addresses from all website users because this information is automatically reported by your browser each time you view a web page. For most users accessing the internet, the IP address will be different every time you log on. IP addresses are generally recorded in files called “log files”.
When you are in one of our physical retail spaces, an image of you and associated audio may be collected via a body-worn camera used by our staff for incident recording purposes. These cameras are only activated when an incident takes place, and are stopped as soon as the incident has ended. Our physical retail spaces also use CCTV so images of you may be caught by CCTV when you are on our physical premises.
Information we obtain from third parties
In addition to the information we collect as described above, we may also partner with, and use the services of, third parties to collect personal data about you from other sources, We will only obtain such information where we have your consent and/or another applicable legal ground to do so.
Information we obtain from third parties includes and / or relates to
- Data from other organisations who have obtained your permission to share information about you with us;
- Data we receive when someone refers you for our products and services;
- Data we may require from other organisations to fulfil our legal obligations; and/or
- Where your information is publicly available.
Purposes for which your personal data may be used
Corporate transactions: We may use your personal data in the event of a sale, merger, consolidation, change in control, transfer of substantial assets, financing, reorganization, or liquidation whereby we transfer, sell, or assign to third-party information concerning your relationship with us.
Technical maintenance: We use personal data for system administration purposes and to diagnose service or technology problems reported by our users or engineers, these types of problems may be associated with the IP addresses controlled by a specific web company or ISP.
Marketing Communications: We may use your personal data to send you targeted marketing communications through channels such as email, SMS, social media, mobile, in-app and push notification, and post about our products and services, and those of our subsidiaries, affiliates, and parent companies, and any of their related businesses. This may also include using your date of birth to send you special offers around your birthday. You have the right to opt-out at any time from receipt of further marketing communications as described in the “Your Rights” section.
Customer Profiles: We combine the personal data obtained from the various sources referred to in this privacy notice to create a single consolidated profile of our customers. This profile allows us to engage with you more effectively and helps us to understand our customers better.
Marketing and data analysis: We may use your personal data for marketing and data analysis, for example, to assess trends amongst our consumers and what people are saying about our products, to evaluate the impact and effectiveness of our marketing campaigns and promotions, and to analyse the number and types of visitors to our websites, purchasers of our products, and/or users of our apps (including the locations from which such visitors/users access our websites and apps). We often aggregate personal data for these purposes so that it no longer identifies any particular individual. We may also use the personal data of our customers to undertake data analysis (including using third party service providers to perform such analysis) to determine whether our resellers are purchasing the relevant products from us and to ensure our e-commerce terms are being complied with.
Online interest-based advertising: We use techniques such as “online behavioural advertising” and “programmatic advertising” which involve the use of personal data, which includes the information we automatically collect/generate as referred to above (such as information about your online activity and/or personal preferences), as well as other information you provide to us (such as your contact details) and information regarding your online purchase (and the sharing of it with our service providers) to display the most appropriate and relevant advertising to you either on our websites, apps or third-party websites (including social media platforms).We also use certain automated techniques and technologies to infer or generate additional information about you, for example by analysing or predicting certain personal aspects such as your personal preferences or interests.
Similarly, we may also use such personal data (and share it with our service providers as described below in our ‘Disclosure of your personal data’ section) in order to determine if you are a user of a particular online platform so that:
- we can display our advertising to you on that service; or
- we can identify consumers who share similar interests and characteristics with you for the purposes of making our advertising more relevant to consumers – examples of this are Facebook’s “Custom Audiences” and “Lookalike Audiences” products which we may use in certain countries subject to local law.
In relation to these products, we act as joint controller in respect of some of the processing of your personal data involved.
See the section on Cookies below for more details about online interest-based advertising. You have the right to opt out at any time from the use of your personal data for online interest-based advertising.
Online ad verification: We use personal data to monitor our digital advertising to ensure that it does not appear on unsuitable websites or near inappropriate content, and to ensure that our advertising is visible and seen by real people online (as opposed to ‘bots’ or similar fraudulent techniques).
Forward to a friend: When you provide us with information regarding another individual, such as when you request that we send someone information from one of our websites, we will send that individual only the information you specifically requested that we send. We will not send them additional communications based on your providing us with their information. You must confirm that your friend is of Legal Purchase Age in the country where they are located, and that they are happy to receive any such communications, in order for us to transmit the requested information
Authentication and access control: We may use your personal data to authenticate your access to our websites or apps and to determine which content to provide you and/or whether you should be granted access to certain content (for example checking your age or location to ensure you are of Legal Purchase Age in the jurisdiction where you are located). We may also use your personal data to verify your identity when responding to any requests to exercise your rights under applicable law.
To comply with legal obligations and / or protect against legal claims or liability: We may use your personal data to comply with our legal obligations protect us against legal claims, or to detect, protect, or defend us and/or other third parties against error, negligence, breach of contract, theft, fraud, or other illegal or harmful activity, to comply with our audit and security requirements, or to audit compliance with our corporate policies, procedures, legal, or contractual obligations.
Incident Recording Purposes: As mentioned above, images of you and associated audio may be collected via a body-worn camera used by our staff in our physical retail spaces for incident recording purposes.
Customer service: We will use your personal data to provide specific services that you request from us, as well as to provide additional services that may be of interest. We will also use your personal data to process any orders you submit, to contact you in relation to any enquiries, orders or matters relating to your account and to maintain your accounts and manage transactions such as credit card payments for any products that you order from us or our agents, or for the fulfilment of such transactions (e.g. delivery) or to answer any questions you may have. We may also use your personal data to notify you about changes to our services, our terms and conditions or this Privacy and Cookie Notice.
Legal basis for the processing of personal data
We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the purposes for which we have collected and use your personal data. In almost every case the legal basis will be one of the following:
Consent: We rely on consent for targeted marketing communications. We may advertise our products, services and events through a variety of different channels and rely on your consent to do so. As part of this, we may work with advertising partners, as listed in the ‘Disclosure of your personal data’ section below. These partners have their own privacy policies and consent mechanisms for their customers, in addition to Diageo’s controls. You can withdraw your consent at any time, including by clicking on the “unsubscribe” link included in any marketing communications we send you or by entering your email in the box provided on our website.
Our legitimate business interests: Where it is necessary for us to understand our customers, promote our services and operate effectively as a multinational beverage company, provided in each case that this is done in a legitimate way where they are not outweighed by your privacy and other rights. For example we will rely on this legal basis when we conduct certain market analysis to understand our consumers in sufficient detail so we can create new products and improve the profile of our brands.
Performance of a contract with you: This would also apply where we need to take steps prior to entering into a contract with you. For example, where you have purchased a product from us and we need to use your contact details and payment information in order to process your order and send the product to you.
Compliance with law: Where we are subject to a legal obligation and need to use your personal data in order to comply with that obligation.
Disclosure of your personal data
We value your personal data and only share it in certain circumstances, such as with:
- Third parties where you have provided your consent or where permitted by applicable law. For example, we will obtain your permission before we allow a third party that is not a part of the Diageo group to send you any marketing and promotional information relating to that third party’s products or services.The advertising partners that we work with are described below;
- Our service providers and subcontractors, including our affiliates, and/or third party websites (such as social media platforms or search engines) retained to perform functions on our behalf, or to provide services to us (such as warehousing and delivery) marketing and advertising (including by delivering online interest-based advertising on third party websites and social media platforms where you have consented to the use of advertising cookies set by Diageo or our partners); credit card and data processing; age verification; monitoring our digital advertisements to ensure that they do not appear on unsuitable websites or near inappropriate content and also to ensure that our advertising is visible and seen by real people online (as opposed to ‘bots’ or similar fraudulent techniques); software development; website hosting and management; data analytics providers; information technology and office services; legal, accounting, audit and other professional service providers; and other services related to our business), provided such service providers and subcontractors have entered into written agreements with us and do not collect, use, or disclose the personal data for any purpose other than to perform such functions on our behalf, to provide services to us, or as otherwise required or permitted by law; to credit reference agencies who assist us with identity verification and credit reference checks, as described above;
- Third parties who, in our reasonable judgment, are providing or seeking the information as your authorised or appointed legal agent;
- Persons or entities, including our affiliates, in the event of a sale, merger, consolidation, change in control, transfer of substantial assets, financing, reorganisation, or liquidation whereby we transfer, sell, or assign to such third-party information concerning your relationship with us, including without limitation, personal data that you provide and other information concerning your relationship with us;
- Law enforcement, governmental or regulatory agencies, or other third parties globally in order to comply with applicable law, or where we believe such action is necessary in order to comply with applicable law, or to detect, protect, or defend us and/or other third parties against error, negligence, breach of contract, theft, fraud, or other illegal or harmful activity, to comply with our audit and security requirements, or to audit compliance with our corporate policies, procedures, legal, or contractual obligations; and
- Our advertising partners which includes Meta, Amazon, The Trade Desk, Blis, Google, Uber, AdSquare, Lotame, Globo, UOL, Twitter, Vix, HYPR, Pinterest, Adsmovil, Spotify, Terra, Teads, Vibra, Tinder, SeedTag, PMP, ROIX, Live Mode, 365 Score, Ads Menu, Blum, Squid Digital, Hands, Taboola, Rakuten, Twitch, Criteo, Joven Pan, Lance.
International data transfers
Please note that your personal data may be transferred to, and stored at, a destination outside the country in which you reside, including countries, which have less strict, or no data protection laws when compared to those in your country.
Whenever we transfer your information as described in the paragraph above, we will take steps which are reasonably necessary to ensure that adequate safeguards are in place to protect your personal data and to make sure it is treated securely regardless of their location. In these cases, we may, for example, rely on approved data transfer mechanisms (for example, where the country to which the data is transferred is deemed to have “adequate” data protection laws, or by using the UK or EU “Standard Contractual Clauses”) to ensure your information is subject to adequate safeguards in the recipient country. If you are located in the EEA or the UK, you may contact us using the contact details below for a copy of the safeguards which we have put in place to protect your personal data and privacy rights in these circumstances.
Public areas of our websites and apps
Information that you post on or through the public areas of our websites and apps (e.g., chat rooms, bulletin boards, discussion groups), or on social media platforms generally is accessible to, and may be collected and used by, others, and may result in unsolicited messages or other contact from others. You should not provide personal data about yourself in public (or interactive) areas of our websites, apps or social media pages.
We take information security seriously and take precautions to keep your personal data secure. We have put in place appropriate physical, technical, and organisational measures to safeguard the information we collect. However, we have no control over the privacy of any communication while it is in transit to us. We therefore recommend that you do not include confidential, proprietary, or sensitive information in any such communications.
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at the contact details below.
You are reminded that, in accordance with the Conditions of Use for this website and/or app, you are responsible for maintaining the strict confidentiality of your account password, and you are responsible for any activity under your account and password. It is your sole responsibility to control the dissemination and use of your password, access to and use of your account, and to notify us when you wish to cancel your account. We will not be responsible or liable for any loss or damage arising from your failure to comply with this obligation.
Depending on the country in which you are located, you have certain rights in relation to your personal data.
These rights include
- Your right to object to the processing of your information for certain purposes;
- Your right to withdraw your consent to any processing of your personal data (where you had provided consent);
- Your right to request access of your personal data, and the ability to erase, restrict or in certain cases receive a copy of your personal data.
- Your right to ask us to rectify any information about you that you think is inaccurate, you also have the right to ask us to complete information you think is incomplete.;
- Your right to data portability - You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
In addition, you have the right
- To unsubscribe from any of our marketing communications at any time; and
- To complain to a data protection authority if you think we have processed your personal data in a manner which is unlawful.
Exercising your rights
Please contact us if you wish to make a request using this web-form.
If you have any concern(s) we suggest that you initially contact us (using the contact details below in the “How to contact us” section) so that we can investigate, and hopefully resolve, your concerns.
How long will we retain your personal data?
We will retain your personal data for the period necessary to fulfil the purposes outlined in this Privacy and Cookie Notice, unless a longer retention period is required or permitted by law. After this period, it will be deleted or in some cases anonymised.
For example, where you have made a purchase with us, we will keep a record of your purchase for the necessary period for invoicing, tax and warranty purposes. We may also keep a record of correspondence with you (for example if you have made a complaint) for as long as is appropriate to protect us in the event of a legal claim.
Please note that where you unsubscribe from our marketing communications, we may keep a record of your contact details to ensure we do not send you further marketing communications in future.
Third-Party Websites and Services
Our websites and apps may contain links, references, and content from other websites and services outside of our control. Please be aware that we have no control over these websites and services and our Privacy and Cookie Notice does not apply to them. We will not be liable to you for any issues arising in connection with their use of your information and we encourage you to read the Privacy and Cookie Notices and Conditions of Use of any linked, referenced, or interfacing websites and services you visit or use.
Cookies and related technologies
- our websites and mobile apps; and
- third-party websites and / or mobile apps with whom we have partnered.
This section explains what cookies are and sets out why we use these cookies and provides information on the cookie choices that you and all our website visitors have.
We use a range of cookies on our website, including strictly necessary cookies, performance / analytics cookies, functional cookies and advertising cookies (see more details under ‘What do we use our cookies for?’ below).
The cookies may be set by us or by a third party, including advertising cookies, which are used by our advertising partners to show online adverts based on your activity.
In countries where this is legally applicable, when you first visit our website, you will be asked via our Cookie Preference Centre (the ‘CPC’) if you agree to analytics and / or advertising cookies. In these countries, we will not deploy these cookies unless and until you provide your consent. You can also change your mind at any time using the CPC or the settings on your internet browser or device (see more under ‘How to manage cookies’ below).
What is a cookie?
A cookie is a text-only string of information that a website transfers to the cookie file of the browser on your device’s hard disk. A cookie will typically contain the name of the domain from which the cookie has come, the "lifetime" of the cookie, and a value, usually a randomly generated unique number. The other technologies we use serve a very similarly function but work slightly differently.
We use two broad types of cookies:
- First party cookies, served directly by us to your device when you visit our website; and
- Third party cookies are served by a third party on our behalf when you visit our website and certain third-party websites with whom we have partnered.
These cookies can be divided into session cookies and persistent cookies. Session cookies are temporary cookies that remember your user choices and preferences and expire each time you close your browser and do not remain on your device afterwards. Persistent cookies stay in one of your browser’s subfolders until you delete them manually or until they expire.
Cookies are useful because they allow a website to recognise a user’s device. You can find more information about cookies at: www.allaboutcookies.org.uk
This website uses the following cookies for the following purposes:
Strictly Necessary cookies
- These cookies are essential to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies, our website cannot function properly and the services you have asked for, like shopping baskets or e-billing, cannot be provided.
- Examples of Strictly Necessary Cookies we may use on this website include Content Management Cookies which are required by the site for the content management system to work and Template Preference Cookies which are necessary for mobile sites and enable the site to look and feel the way it is intended to.
- These cookies allow the website to remember choices you make (such as your username, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video or posting a comment. The information these cookies collect may be anonymised and where anonymised, they cannot track your browsing activity on other websites.
- We place a cookie to remember your preferences (Preference Cookie) so that you do not need to re-enter your details (country/age) on our gateway page. You can choose this by selecting ‘Remember me on this device’, but it is not suitable if you share your computer with someone else.
Performance and Analytics cookies
- These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and any error messages visitors receive from web pages.
- These cookies do not collect information that directly identifies a visitor.
- These cookies are only used to improve how a website works and understand how most people use our website.
- These cookies are used to deliver content that is more relevant to you and your interests based on your previous browsing across the web as well as keywords we may be able to gather from the URLs of webpages from which you accessed this website, your IP address and any search engine used to reach this website.
- We may also use certain service providers to set cookies on our behalf via third-party partner websites. These cookies enable us to analyse visits to specific sections of those websites and collect certain information regarding purchases of our products. The types of information collected by such cookies may include: shopping cart information, what product pages have been viewed, whether a purchase of our product has been made, and which of our products have been searched for.
- We may also use social sharing plugins and cookies. The Social Sharing plugin works by linking you with social media sites such as Facebook, Twitter, Instagram and Pinterest and allows interaction between your activity on social media sites and on our website through your direction. For example, using your Facebook username and password to login to our website, and using the Facebook ‘Like’ and ‘Share’ buttons on our site. Social Sharing cookies are used to remember that you are logged in to our site.
- If you visit a page which we maintain on a social media site such as Facebook, it is likely that cookies will also be set on your device. These cookies are set by the social media network and so, to change the cookies that you receive from these sites, even on our pages, you will need to change use the settings provided by the social media site.
For further information on exact cookies used on our websites; please refer to the website Cookie Preference Centre (CPC).
How can you manage cookies?
There are several ways you can manage our website’s cookies, through
Our Cookie Preference Centre (‘CPC’)
When you first visit our site, and where applicable based on your country, we will ask you for your cookie preferences via our CPC. Through the CPC, you can choose to provide or withhold your consent to non-essential cookies and we will only use these cookies if and when we have your consent to do so. You can disable these cookies later or change your mind at any time via the CPC (accessible through the privacy/cookie settings link at the bottom of our web pages) or through your browser settings (see below).
Your browser settings
If you are using a web browser (e.g. Google Chrome, Mozilla Firefox or Microsoft Edge), you have the ability to accept or decline cookies by modifying the settings in your browser. Please refer to your browser instructions or help screen to learn more about the functions which your browser provides to manage cookies. If you use different browsers and/or different devices you may need to ensure that each browser is adjusted to suit your cookie preferences. For instructions on how to manage cookies in your browser, please read the information available http://www.allaboutcookies.org/manage-cookies/ .
Your mobile app
If you are using a mobile app, the operating system of your mobile device (e.g. Apple iOS, Google Android or Microsoft Windows) provides privacy settings which let you manage how mobile apps use technologies similar to cookies to recognise your device and in certain cases make interest-based advertising available within mobile apps you use. Please refer to the instructions or help pages of your mobile operating system to learn more about the functions which it provides to manage these privacy settings.
Please note that you may not be able to use all the interactive features of our site if all cookies are disabled.
How do I opt out of online interest-based advertising?
If you see any of our advertising with the logo on it, you’re able to take control of whether you get these types of ads. This is the AdChoices icon provided by the European Interactive Digital Advertising Alliance (EDAA).
When you click through the Icon, you’ll get information about the companies that provide interest-based ads on the sites you visit. You’ll learn about how it works, how this type of advertising supports free content, and about other privacy choices.
If you don’t want this type of advertising, you can click through to the consumer choice page to opt-out of the companies that participate in the Icon program.
For further information about how to manage or delete online interest-based advertising cookies in this way visit https://youradchoices.com/ .
Customers and Suppliers
At Diageo we value our suppliers and customers and understand the importance of the role of Data Protection in creating trusted and respected relationships. This section of this Privacy and Cookie Notice applies to all individuals that act on behalf of Diageo’s customers and suppliers (including employees, workers and contractors) or are natural persons acting as suppliers or customers. For the purpose of this section, “you” means an individual acting on behalf of one of Diageo’s customers or suppliers (or a natural person acting as supplier or customer); and “your employer” means the organisation that you are acting on behalf of.
- Who we are
- Are you of legal purchase age?
- Data we may collect about you
- Purposes for which your personal data may be used
- Legal basis for the processing of personal data
- Disclosure of your personal data
- International data transfers
- Your Rights
- How long will we retain your personal data
- Third-Party Websites and Services
- Cookies and related technologies
- How do I opt out of online interest-based advertising?
- Customers and Suppliers
- How long do we keep your personal data
- Contact us
Where you represent a supplier or customer (or are a natural person acting as one of our suppliers or customers), in addition to those set out above, the following sections also apply to your use of the website and your broader relationship with Diageo:
Personal data we collect includes and / or relates to
- Name, gender, address, country of residence, date of birth, work address, work email address, work phone number;
- Employment details, including position, title;
- Where you are a natural person acting as a supplier or a customer, financial information (e.g. bank account details);
- Your electronic identification data where required for the purpose of delivering products or services to us (e.g. login, passwords, badge number and picture, IP address, online identifiers/cookies, logs, access and connection times, CCTV footage);
- Tax numbers and business licences (if you are a sole trader);
- Your mailing preferences, delivery instructions, reference information, and customer service preferences;
- Your vehicle and other visitor information collected when you visit our facilities (including, at some facilities, video surveillance of facility perimeters);
- Records of our correspondence with you; and
- If you are an employee of a customer or supplier and wish to participate in one of our training projects such as “ Learning for Life” we may ask to collect details such as your ethnicity or education.
We may also collect personal data from you as part of our Business Partner identification verification process (“Know Your Customer” or “Know Your Business Partner”, as relevant), including, but not limited to copies of your identification documents and details of your ownership of the business. We may collect this information directly from you or from your employer, or in circumstances set out below, a credit reference agency.
In the course of our relationship with you and / or your employer, we may collect and process additional categories of personal data which are not specified above; for example if you voluntarily disclose it to us. In accordance with our legal obligations, we will be transparent about any new processing of personal data.
Note that where, in the course of conducting any anti-money laundering or other legally mandated checks on you, we process information about your criminal convictions, political opinions or other special category data, we do so on the basis that (i) you have given your explicit consent, acknowledging that the processing is strictly necessary for Diageo in order to continue or commercial relationship with you in light of our legal and commercial commitments; and/or (ii) it is necessary for the prevention of, or detection, prosecution or litigation against of, unlawful acts, including terrorist financing and money laundering.
How do we handle your information fairly and lawfully?
- The processing described here is necessary for us to be able to perform the contract you have entered into with us (or take steps prior to entering into a contract) or to comply with our legal obligations.
- The processing is also necessary for the legitimate interests we pursue as a company, including benefit from cost-effective services, to offer and market our products to you, ensuring compliance with statutory obligations and ensuring the administration of our relationship with our suppliers. Where we process personal data for our legitimate interest, we will limit that processing to what is necessary to achieve that objective.
- In limited circumstances, we may also seek your consent to process personal data about you for a particular purpose, and in those circumstances you will have a choice.
- The personal data we process may be held in an unstructured way, such as within paper records and emails, and / or in a structured way: within company systems, applications, solutions and databases; some of which may be owned and/or operated by third parties. Where we engage with third parties, we enter into contractual requirements to protect personal data.
Third parties from which we may collect your personal data
- We obtain your personal data from a number of sources, including from your employer (as applicable) and from any details that you subsequently provide to us during our engagement with you.
- We monitor communications on our networks, including office and mobile telephone networks and as detailed in our Information Management and Security Global Policy. The information collected may be periodically reviewed by authorised staff to ensure compliance with our policies and to detect any unauthorised use of our IT infrastructure and systems.
For what purposes will we use your personal data?
We process your personal data in order to be able to provide our products to our customers or to receive a service from our suppliers. In particular, we process your data for the following purposes
- Carrying out identification verification checks - In some countries, we may use a credit reference agency to assist with those checks and we share certain personal data with such agencies; including your forename and surname, personal address and previous address, date of birth and gender. This is to help them confirm your identity.
- Managing the relationship with our customers and suppliers including processing orders;
- Arranging the negotiation, sale and delivery of our products;
- Organising tenders, implementing tasks in preparation of or to perform existing contracts;
- To confirm the financial health of your business: in circumstances where we are considering establishing or continuing a commercial relationship with you as an individual (e.g. as a sole trader); or extending a credit or evaluating your credit standing. We reserve the right to gather and share relevant credit information with appropriate third parties in such circumstances;
- Monitoring activities at our facilities, including compliance with applicable policies as well as health and safety requirements;
- Granting you access to our training modules allowing you to provide us with services;
- Archiving and record-keeping;
- Billing and invoicing;
- Upholding our Code of Business Conduct and internal governance requirements, breach management and compliance requirements, including assurance and advisory reviews and audits to ensure an appropriate controls and compliance environment;
- Legal compliance, requirements and obligations including: (i) conducting internal investigations where there is reason to believe and a requirement to assess that there has been a breach of the Diageo Code of Business Conduct or a breach of the law; (ii) meeting our anti-bribery and anti-money laundering obligations, both at the start of the business relationship and on an ongoing basis; (iii) responding to regulatory requests for information; (iv) responding to discovery requests, court orders and/or in response to third party subpoenas in the context of litigation, mediation, arbitration or a dispute resolution forum; (v) providing documents in the context of litigation or pre-litigation in an effort to pursue or defend claims on behalf of Diageo our affiliates, employees or third parties; (vi) defending any claims made against Diageo our affiliates, employees or third parties from time to time; (vii) pursuing claims by Diageo our affiliates, employees or third parties against other persons or entities from time to time; (viii) protecting the interests of Diageo, our affiliates, employees or third parties (for example, in the event of a regulatory matter); and / or (ix) for any other legitimate purpose in the context of a legal dispute;
- Communicating and / or providing you with company information, news and updates, including travel monitoring systems emergency employee alert systems and other relevant communications;
- Live transmission of images through the use of applications including but not limited to Zoom and Microsoft Teams;
- Marketing to you our products which we think may be of interest to you via telephone, email and post;
- Monitoring to ensure our network and information security and to meet our Information Management and Security objectives;
- We also process personal data for the purposes of crime prevention and detection, including where it is necessary for the assessment of risk or the prevention of fraud as well as health and safety;
- Analytics or benchmarking activities on an aggregated or statistical level to support our legitimate business interests and performance; and / or
- Routine management of day-to-day business and operational activities with suppliers and customers, such as contact information.
Data processing as described above may continue following the termination of our arrangement with you as a supplier or customer for our legitimate business purposes (as appropriate and necessary) and in line with our records management policies from time to time (retention schedules are set out in our information asset inventories). Examples include any litigation or dispute and when there is a requirement to do so.
How long do we keep your personal data?
Where you are representing one of our suppliers or customers (or are a natural person acting as one of our suppliers or customers), we will continue to retain your personal data providing:
- You remain an appropriate contact to enable us to exercise our obligations to you under the terms of our contractual relationship with you or your employer.
- You remain an appropriate contact for us to continue managing our relationship with you and/or your employer for legitimate business interests.
Keeping your personal data up to date
We want to ensure that personal data we hold is accurate and kept up to date. We need to do this both to comply with our obligations under data protection law, and for the practical day to day management of our relationship with you. For these and other reasons related to administering your relationship with us, please notify us of any change in your information (see “How to contact us” for details on contacting us) as soon as is practicable, so that records can be updated.
We are committed to safeguarding your privacy. If you would like to submit a request to understand the collection and use of your personal data please contact us through this webform (place your cursor on “webform” for the link).
If you have any concerns regarding how we are processing your personal data we would like the opportunity to address them. Please contact us via consumer.privacy.queries@Diageo.com.
The details of the UK Information Commissioner’s Office are here https://ico.org.uk/global/contact-us/ and the details of your local regulators can be provided by email, by contacting us at consumer.privacy.queries@Diageo.com
Modification of this Privacy Notice
This Privacy Notice was last updated in June 2023
We may occasionally make changes to this Notice. When we make material changes to this Notice, we’ll provide you with prominent notice as appropriate under the circumstances, e.g., by displaying a prominent notice within our online services.
© 2023 All rights reserved. Version 15.0 dated June, 2023.