Business to Business Group Privacy Policy

Group Privacy Policy for Business to Business

Who is the intended audience for this policy?

This privacy policy is intended for:

  • Retailers and potential retailers that trade or intend to trade under one of the Henderson Group brands in Northern I.e., SPAR, EUROSPAR, ViVO, ViVOXtra and\or ViVO Essentials.
  • Customers of Henderson Foodservice Limited, Henderson Technology Limited and Henderson Print.
  • Suppliers to Henderson Wholesale Limited, Henderson Retail Limited, Henderson Foodservice Limited, Henderson Group Property Limited, Henderson Technology Limited and Henderson Print
  • Clients and tenants of Henderson Group Property.
  • Trainees of The Academy 
  • Attendees of Henderson company organised conferences
  • Visitors to the Mallusk depot

 

Who is not the intended audience of this policy?

This policy is not intended to supply information to:

  • Shoppers of any store that trades under any of the Henderson Group brands in Northern Ireland. I.e., SPAR, EUROSPAR, ViVO, ViVOXtra and\or ViVO Essentials.
  • Cover any activities marketed by Henderson Wholesale at the above
  • Barista Bar loyalty

 

Related policies

Other Henderson Group activity is contained in separate privacy policies. These include:

  • Shoppers – Group Privacy Policy
  • Barista Bar Privacy Policy
  • Recruitment Privacy Policy
  • Employee Privacy Policy
  • Cookie policies (relevant to website)

 

For queries on any of these policies please contact the GDPR team on the email address in the

Contact section.

 

Who we are:

 

The Henderson Group consists of the following companies:

Company Name                                                            Company Number

Henderson Wholesale Limited (HWL)                             NI000068

Henderson Retail Limited (HRL)                                     R0000035

Henderson Foodservice Limited (HFL)                           NI006894

Henderson Group Property Limited (HGP)                                                 NI020650

Henderson Technology Limited (HTL)                                                                NI072364

Henderson Print                                                            NI006447

John Henderson (Holdings) Limited                                NI0I0588

For the purposes of this document the companies above will be referred to as “the business” or “we.”

 

Contact details:

 

Head Office address:

Henderson Group, 9 Hightown Avenue, Mallusk, Newtownabbey BT36 4RT. Tel: +44(0)28 9034 2733

Address postal queries: FAO – The GDPR Team (I.T. Dept)

GDPR Queries              : GDPRteam@henderson-group.com General Queries     : info@henderson-group.com

 

Purpose:

This Privacy Policy explains how we collect and use your personal data. All personal data will be held and stored securely in accordance with this policy and the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018, and any amending and replacement legislation in future.

 

For the purpose of this policy, we are the data controller, which means we are responsible for determining when, why and how to process personal data. We will only collect personal data about you, where it is legal, and\or it is specifically and knowingly provided by you.

 

How do we collect Personal Data?

We collect information on you through:

 

  • Our contract with
  • Our representatives who have had conversations with
  • Details you have supplied through post, your website or in-
  • Your use of our websites*.
  • Public platforms g., Meta, Instagram, X, YouTube etc.
  • Trade shows or
  • Phone and email E.g., Some phone calls are recorded for training and monitoring purposes. (Both parties will be notified of recordings.)
  • Images captured through Mallusk depot CCTV, company delivery vehicle CCTV and body cams were appropriate.
  • TUPE information supplied through acquisitions and potential acquisitions in the case of a business transfer. (Reference – Transfer of Undertakings (Protection of Employment) Regulations 2006.)
  • HMRC (NI) & The Revenue Commission (ROI) if HWL payroll service is
  • Third parties who have your consent to pass your details to E.g., Your business manager or event management companies working on our behalf.
  • Regular business with

 

*Our websites include:

 

As part of our dedication to high standards we use cookies and other tracking tools on our websites. Cookies are small packets of data that your web browser stores on your computer when you visit websites, which enable the server to collect information. (See Cookie policy on each website for further information.)

 

What Personal Data do we collect from you?

As appropriate for the intended use of the information described below, we collect or may collect certain personal data including your:

 

  • Name, date of birth (if required), address, phone\mobile and email This data may be required for the following examples – the business owner\director details, business referee, contact person, buying representative, client, tenant, site visitor, trainee, conference delegate, etc.
  • Purchases, orders, customer loyalty
  • On-line browsing activities on our websites and related
  • Login details including passwords for websites g. horis.henderson-group.com/ or henderson-foodservice.com/.
  • Interests, preferences, feedback, and survey
  • Location
  • Correspondence and communications with
  • Publicly available personal data, including any which you have shared via a public
  • CCTV
  • Retail system IP address and remote connection data to enable technical
  • Photographs for marketing purposes g. A retailer may feature with his spouse.
  • Family details for succession planning. e., Details of partner\spouse and children.
  • Delegate data for conferences which includes passport details to organise trips outside NI. E.g., retailer or catering conferences.
  • Business bank account details (for the purpose of collecting payment by direct )
  • Credit
  • Qualification prerequisites for trainees attending
  • Retailer employee data in the form of a cashier ID which is collected as part of sales transaction data for each store.
  • Details during an acquisition g. A store acquisition as part of TUPE. I.e., A list of the employee’s national insurance number, date of birth and bank account details.

 

If the business uses the (HWL) payroll service, we may also collect:

  • Contact details of your
  • Bank account details of your
  • Hours
  • Details of the terms and conditions of your staff employment, including renumeration and entitlements to benefits.
  • National Insurance Number (NI) / Personal Public Service Number (ROI) of staff and other PAYE details.
  • Information about staff nationality and entitlement to work in either Ireland or the
  • Changes to personal details of staff during
  • Reasons for absences which may include health

 

Children’s Personal Data:

The age of consent in the UK for data processing is 13 years old as stipulated by the Data Protection Act 2018. Occasionally children’s personal data is collected. Typically, this data is used for:

  • Photographs – g. To promote events e.g. A family retail store has been newly opened.
  • Succession Management – to assist the planning of family run

 

We gain written parental consent before collecting the personal data of children. The personal data might include the image, name, age and school of the child.

We do not actively solicit or knowingly collect personal data from children without proper parental consent.

 

Special Categories of Personal Data:

 

We do not collect any of the following Special Categories of Personal Data. Information about your religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your genetic and\or biometric data. Neither do we collect any information about criminal convictions and offences.

However, if you use the (HWL) Payroll service for your staff the business will require details on staff nationality and entitlement to work in either Ireland or the UK, which will include details on race and ethnicity. They may also access sick notes to do with absence from work which may include details about a person’s health.

 

Legal Basis for processing your Personal Data:

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data where:

 

  • We need to perform the contract; we are about to enter into or have entered into with
  • It is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • We need to comply with a legal or regulatory
  • We might need to protect your vital interests in the event of an

 

How we use your Personal Information:

Examples of the way in which we may use your information is set out below:

 

  • Perform the contract we are about to enter into or have entered into with
  • Process and fulfil orders placed with us by
  • Have orders fulfilled by you for
  • Pay or receive payment for those
  • Administrate and enable an ongoing contract with
  • Confirm
  • Notify you of changes to products\service.
  • Run promotional campaigns and deliver relevant marketing
  • Request or receive sales promotional
  • Manage queries/concerns regarding our products or services;
  • Keep our records updated and study how our services are
  • Deliver relevant content of websites and advertisements and measure the effectiveness of that content.
  • Use data analytics to enhance our websites, products/services, marketing, customer relationships and to understand the effectiveness of the business processes we
  • Run and grow our business, develop our services, and administer ancillary services such as IT provision and network security.
  • Installation and training of equipment g. EDGEPoS tills.
  • Provide technical support for retail
  • Use images for marketing g. A retailer opening a store with his family.
  • Maintain our database of retail store
  • Organise work-based conferences or business
  • To pay employees of retailers as part of the (HWL) Payroll
  • Plan succession ownership for retail
  • List employee details as part of a store acquisition (TUPE.)
  • Comply with our legal obligations and responsibilities and to defend legal
  • For good governance, accounting and managing our business
  • To support Spar Benevolent Fund claims
  • Offer a training service g. to retailer employees.
  • Acquire
  • Provide surveys, plans and elevations for store designs\enhancements.
  • Review retailers’ succession planning or ability to expand the

Data Retention

We retain retailer and HFL customer personal data while you remain a customer of the business and for 7 years thereafter.

 

We retain other personal data e.g., supplier, tenant, client, or trainee data for as long as required for the purposes for which we need it. After which it is securely deleted, destroyed, or anonymised. We retain CCTV images for approximately 30 days and then record over.

 

Personal data may be retained for extended periods if there is:

 

  • an unresolved issue, such as a claim or dispute
  • a legal requirement to store the data for a longer period or
  • an overriding legitimate business interests, including but not limited to fraud prevention and protecting customers’ safety and security.

 

How we protect your Personal Data

 

We take all necessary and reasonable steps to ensure that your data is managed securely and in accordance with this privacy policy. All information you provide to us is stored on our secure servers or within secure filing systems and we use strict procedures and security features to prevent unauthorised access.

To whom will we share your Personal Data?

We disclose your information to:

 

  • Other companies within our group and their employees to provide a wide-ranging service, based within NI.
  • SPAR UK and Retail I., based within the UK.
  • Market research companies to carry out market research, based within the UK
  • Marketing sub-contractors for leaflet distribution or photographs of events, based within the UK.
  • Suppliers who wish to measure their own brand sales regionally, based within the
  • Loyalty\rewards programme promoters, based in the US, that adhere to GDPR
  • Loyalty\rewards programme promoters, based in the
  • Event management organizations and digital agencies g. For organizing business conferences.
  • External training organisations based in the UK and accredited examination bodies (e.g. For emergency first aid, Food safety etc).
  • External pension providers were appropriate, based in the
  • Central billing suppliers to make deliveries to retailers based in
  • Third party transport organisations to make deliveries, based in
  • Professional advisors where applicable (including lawyers, bankers, accountants, insurers, and insurance brokers), based in the UK.
  • T. network and hosting providers.
  • Data security
  • Payment solution providers based in the S and UK.
  • Select suppliers and\or couriers to facilitate delivery of stock, point-of-sale and display stands, within the UK.
  • Organisations or sub-contractors based in the UK involved in store maintenance or development g., supplying and installing coffee machines, fixtures and fittings, fridges, freezers, ovens, wallboards, alarms and other equipment and generally fulfilling service contracts.
  • External contractors for projects, signage installation, surveys or repairs if an accident has occurred at a store.
  • HMRC for the Payroll service. HMRC has an obligation to other government bodies for the purposes of earnings information, such as DEAs, AOEs, Pension regulators and providers. Also, part of the payroll service and if requested, personal data may be sent to the local benefits office of employees or their solicitors.
  • Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
  • Third parties in connection with, or during negotiations of, any merger, consolidation, restructuring, financing, or sale of company assets.
  • Other retailers in the context of litigation (if authorised).
  • Insurance companies (in the event of an accident at the store).
  • The emergency services e., police, fire, medical, etc, if it is appropriate and necessary.

E.g. A visitor collapses at head office and a medical practitioner would like to examine the CCTV recording to understand if the visitor hit their head as they fell.

  • Other partnering organisations for the purposes of security, crime prevention or

These organisations process your information in order for us to provide services to you and to facilitate the purposes described previously. We will only ever do so as permitted by and in accordance with applicable data protection law.

 

Transfers to Third Countries and International Organisations

A third country is a country other than the EU member states (and additional EFTA countries) that have implemented GDPR as law.

 

We transfer personal data to third countries or international organisations to help deliver our products and services. We are satisfied that the personal data is appropriately secured and protected by the receiving organisations.

 

Your rights over your Personal Data

GDPR provides data protection rights in relation to your personal data. You have the right to:

 

  • Be informed about the collection and use of your personal
  • Request access to your personal
  • Request correction of your personal
  • Request erasure of your personal
  • Object to processing of your personal
  • Request restriction of processing your personal
  • Request transfer of your personal
  • Withdraw
  • Be protected against solely automated decision making and

Note that some of these rights are not absolute and only apply in certain circumstances. Where we rely on consent as a legal basis for processing your personal data, you have the right to withdraw that consent at any time.

If you would like to exercise any of these rights, please contact us: GDPRteam@henderson-group.com

FAO – GDPR Team (I.T. Dept),

Henderson Group, 9 Hightown Avenue, Mallusk, Newtownabbey BT36 4RT. Tel: +44(0)28 9034 2733

Your right to lodge a complaint:

If you are not happy with how your personal data has been handled, you have the right to lodge a complaint with a supervisory authority. The UK supervisory authority for data protection issues is the Information Commissioner’s Office (ICO) www.ico.org.uk. We would, however, appreciate the chance to redress your concerns before you approach the ICO.

 

What if there are changes to this Privacy Policy?

Occasionally, to better protect you and in accordance with the law, we may need to update our privacy policy. Those changes will be made here. We reserve the right to amend, update or replace this privacy policy at any time.

Shoppers Group Privacy Policy

Group Privacy Policy for Shoppers

 

Who is the intended audience for this policy?

 

This privacy policy is intended for:

  • Shoppers that use company-owned For the most part these are owned by

Henderson Retail Ltd (HRL) and occasionally by Henderson Wholesale Ltd. (HWL).

  • Activities performed by Marketing (HWL) targeting shoppers that use the SPAR, EUROSPAR, ViVO, ViVOXtra and\or ViVO Essentials

 

For the purposes of this document Henderson Retail Ltd and Marketing (HWL) will be referred to as “the business” or “we.”

 

Who is not the intended audience of this policy?

 

The policy does not extend to customers or consumers of Barista Bar products. There is a specific Barista Bar policy.

This policy does not extend to the day to day running of Independently owned stores that trade under any of the Henderson Group brands in Northern Ireland. I.e., SPAR, EUROSPAR, ViVO, ViVOXtra and\or ViVO Essentials. They are independent businesses that manage their own data. Please contact the specific store manager for advice. Note also independent stores may also run their own promotions.

However, marketing events that relate to the Group brands that run in independent stores may be covered by this policy.

 

Related Policies

 

Other Henderson Group activity is contained in separate privacy policies. These include:

  • Business to Business – Group Privacy Policy
  • Barista Bar Privacy Policy
  • Recruitment Privacy Policy
  • Employee Privacy Policy
  • Cookie policies (relevant to website)

 

For queries on any of these policies please contact the GDPR team on the email address below.

 

Who we are:

 

The Henderson Group consists of the following companies:

Company Name                                                            Company Number

Henderson Wholesale Limited (HWL)                             NI000068

Henderson Retail Limited (HRL)                                     R0000035

Henderson Foodservice Limited (HFL)                           NI006894

Henderson Group Property Limited (HGP)                       NI020650

Henderson Technology (HTL)                                        NI072364

Henderson Print                                                            NI006447

John Henderson (Holdings) Limited                                NI0I0588

For the purposes of this policy, Marketing (HWL) is a function of Henderson Wholesale Ltd.

 

Contact Details:

 

Head Office address:

Henderson Group, 9 Hightown Avenue, Mallusk, Newtownabbey BT36 4RT. Tel: +44(0)28 9034 2733

 

Address postal queries: FAO – The GDPR Team (I.T. Dept)

 

GDPR Queries              : GDPRteam@henderson-group.com General Queries     : info@henderson-group.com

 

Purpose:

 

This privacy policy explains how we collect and use your personal data. All personal data will be stored and processed securely in accordance with this policy and the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018, and any amending and replacement legislation in future.

 

For the purpose of this policy, the business is the data controller, which means we are responsible for determining when, why and how to process personal data. The business will only collect personal data about you, where it is legal, and\or it is specifically and knowingly provided by you.

 

How do we collect Personal Data?

 

The business collects information on you through:

  • Our store staff\representatives who have had conversations with
  • Our Head Office staff g. Customer Service, Quality Assurance teams, Complaint handling etc.
  • Details you have supplied through post, website, or in-
  • Your use of our websites*.
  • Public platforms g., Meta, Instagram, X, WhatsApp, YouTube etc.
  • Competition entry
  • Events
  • Retailers forwarding shopper contact details for marketing
  • Phone and email
  • Shopper
  • Store credit account
  • The store acquisition process e. the purchase of the store, including shopper credit accounts.
  • Use of credit account, loyalty\discount card
  • Video or image recording by us at various
  • Images captured through in-store, forecourt and car park CCTV, company delivery vehicle CCTV and body cams where appropriate.
  • Third party security organisations providing facial recognition images and

 

*Our websites include:

 

As part of our dedication to high standards we use cookies and other tracking tools on our websites. Cookies are small packets of data that your web browser stores on your computer when you visit websites, which enable the server to collect information. (See the Cookie policy on each website for further information.)

 

We also use: app.tellusfirst.com/spar to assist with consumer feedback.

 

What Personal Data do we collect from you?

 

As appropriate for the intended use of the information (described below), we may collect your:

 

  • Name, age\date of birth, gender, sex and job
  • Contact details including postal address, phone\mobile numbers and e-mail
  • Purchases and orders g., via a store credit account.
  • On-line browsing activities on our websites and related
  • Competition entry details and marketing
  • Interests, preferences, feedback, and marketing survey
  • Location data
  • Online identifier
  • Correspondence and communications with us
  • Shopper credit accounts
  • Loyalty account information based on use of card g., MyRewards card etc.
  • Publicly available personal data, (including any which you have shared via a public platform).
  • Information through the store acquisition process g., shopper credit accounts
  • CCTV images as part of store security
  • Image via third party facial recognition security

 

Children’s Personal Data:

The age of consent in the UK for data processing is 13 years old as stipulated by the Data Protection Act 2018. Occasionally children’s personal data is collected.

Typically, this data is used for:

  • Entering competitions – g., colouring competition to win a prize.
  • Photographs – g. To promote events such as the Balmoral Show.

We gain written parental consent before collecting the personal data of children. The personal data might include the image, name, age and school of the child.

 

We do not actively solicit or knowingly collect personal data from children without proper parental consent.

 

Personal Data we do not collect:

We do not collect any Special Categories of Personal Data about you, this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and\or biometric data. Neither do we collect any information about criminal convictions and offences. The exception to this is when we capture images of people through for example CCTV and those images incidentally reveal a person’s race, ethnic origin, or disability.

 

Legal Basis for Processing your Personal Data:

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data where:

 

  • We need to perform the contract; we are about to enter into or have entered into with
  • It is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • We need to comply with a legal or regulatory
  • We might need to protect your vital interests in the event of an

 

How we use your Personal Data:

Examples of the way in which we may use your information is set out below:

 

  • To communicate requested information concerning goods and
  • Track queries and communicate progress,
  • Enter competitions that we run and
  • Deliver relevant content of websites and advertisements and measure the effectiveness of that content.
  • Research the customer experience and understand sales hotspots by using anonymised personal data.
  • Use data analytics to enhance our websites, products/services, marketing, customer relationships and experiences.
  • To improve programmes\services g. Loyalty cards.
  • Run promotional campaigns and deliver relevant marketing
  • Retailers forwarding shopper contact details to enable the distribution of electronic magazines\emails, for marketing purposes.
  • To continue to provide a credit account facility in the case of a store
  • To provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you.
  • Verify identification
  • Notify you of changes to products\services.
  • Comply with our legal obligations and responsibilities and to defend legal claims
  • For crime and fraud prevention, detection, and related purposes
  • For good governance, accounting and managing our business operations
  • To support any other intended purpose stated at the time in which your information is collected, subject to any preferences which you may have indicated.

 

Image Repository

Personal data in the form of CCTV recorded images is used to prevent and detect crime. Images of shoppers leaving the store without paying for goods or driving away without paying for fuel are submitted to a secure database. HRL stores can securely access the same database with the objective to watch for repeat behaviour.

 

Data Retention

The business retains general CCTV shopper images for approximately 30 days and then records over. The database of shopper images that fail to pay for goods is retained for up to 9 months before being automatically deleted.

 

We retain other personal data for as long as required for the purposes for which we need it.

After which it is securely deleted, destroyed, or anonymised. Exceptions to this include if there is:

 

  • an unresolved issue, such as a claim or
  • a legal requirement to retain the data or
  • an overriding legitimate business interests, g., fraud prevention and protecting customers’ safety and security.

 

How we protect your Personal Data

 

We take all necessary and reasonable steps to ensure that your data is managed securely and in accordance with this privacy policy. All information you provide to us is stored on secure servers or within secure filing systems and we use strict procedures and security features to prevent unauthorised access.

 

To whom will we provide your Personal Data?

 

From time to time, we may need to disclose your information to:

 

  • Market research companies to carry out market research about the HWL or HFL
  • Suppliers, where appropriate. E.g. Customer complaint letters. Normally permission will be asked of the customer, either verbally or by email, if they are happy for their details to be shared with a supplier.
  • Professional advisors (including lawyers, solicitors, bankers, accountants, insurers, and insurance brokers) in the event of a breach of contract, dispute, or other legal
  • Third party data processing service providers such as marketing automation platform and service providers, IT hosting providers, data security providers and FMCG suppliers to HWL, who process your information on our behalf in accordance with our instructions to enable us to provide services to you.
  • The emergency services e. police, fire, medical, etc, if it is appropriate and necessary.

E.g. A shopper collapses in a store and a medical practitioner would like to examine the CCTV recording to understand if the shopper hit their head as they fell.

  • Other organisations for the purposes of crime prevention and/or detection, including identifying individuals e.g. A CCTV recording might be shared which identifies a supplier’s delivery driver frequently taking a coffee without paying for it.
  • Organisations to recover E.g. In HRL stores where a customer has no means of payment or has driven off without paying for fuel.

 

Transfers to Third Countries and International Organisations

A third country is a country other than the EU member states (and additional EFTA countries) that have implemented GDPR as law.

 

We transfer personal data to third countries or international organisations to help deliver our products and services. We are satisfied that the personal data is appropriately secured and protected by the receiving organisations.

 

Your rights over your Personal Data

GDPR provides data protection rights in relation to your personal data. You have the right to:

 

  • Be informed about the collection and use of your personal
  • Request access to your personal
  • Request correction of your personal
  • Request erasure of your personal
  • Object to processing of your personal
  • Request restriction of processing your personal
  • Request transfer of your personal
  • Withdraw
  • Be protected against solely automated decision making and

 

Note that some of these rights are not absolute and only apply in certain circumstances.

 

Where the business relies on consent as a legal basis for processing your personal data, you have the right to withdraw that consent at any time. Each marketing email we send you will offer an option to unsubscribe.

If you would like to exercise any of these rights, please contact us. GDPRteam@henderson-group.com

FAO – GDPR Team (I.T. Dept),

Henderson Group, 9 Hightown Avenue, Mallusk, Newtownabbey BT36 4RT. Tel: +44(0)28 9034 2733

 

Your right to lodge a Complaint:

If you are not happy with how your personal data has been handled, you have the right to lodge a complaint with a supervisory authority. The UK supervisory authority for data protection issues is the Information Commissioner’s Office (ICO) www.ico.org.uk. We would, however, appreciate the chance to redress your concerns before you approach the ICO.

 

What if there are changes to this Privacy Policy?

Occasionally, to better protect you and in accordance with the law, we may need to update our privacy policy. Those changes will be made here. We reserve the right to amend, update or replace this privacy policy at any time.

Share this page: