This Privacy Notice explains how the Pilgrim’s Europe group of companies, which includes Moy Park Limited, Kitchen Range Foods Limited, Moy Park France SAS, Moy Park Beef Orleans Sarl, Albert Van Zoonen B.V, Pilgrim’s Pride Ltd, Pilgrim’s UK Lamb Ltd, Pilgrim’s Shared Services Ltd, Pilgrim’s Food Masters UK Limited, Pilgrim’s Food Masters Ireland Limited, Oakhouse Foods Limited and Rollover Limited (‘we’, ‘us’, ‘our’ or ‘Company’), handle and use information (both hard copy and electronic) it collects about you. This Privacy Notice is non-contractual and can be amended at any time.
The group company named above that you are visiting is the Data Controller as defined under EU and UK GDPR. This means that we are responsible for deciding what personal data we collect about you, how it is collected and used and for what purposes. The relevant company address can be found in the footer of this notice.
We will comply with our obligations under the relevant data protection laws, including the: (i) EU General Data Protection Regulation ((EU) 2016/679) (‘EU GDPR’); (ii) UK General Data Protection Regulation (as defined in The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019) (‘UK GDPR’); and (iii) Data Protection Act 2018, and any subsequent national legislation, guidance or codes of practice in the applicable jurisdiction which may be introduced from time to time when handling your personal data.
Overall responsibility for monitoring compliance with data protection sits with our Privacy Steering Group, the main contact of which is the Group Privacy Officer (who can be contacted at gpo@pilgrimseurope.com).
1. On what basis does the Company process your information?
The Company will only use your personal data in the circumstances defined below and as permitted by the law. Most commonly, we will use your personal data in the following circumstances:
- Where we need it to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. The legitimate interests of the Company are to have knowledge of who is on its premises at any one time, to protect the safety of its staff, visitors and premises, and to detect/report criminal activity. We believe that this is not incompatible with your rights and freedoms.
2. What kind of personal data do we process?
We may process some of your personal data, that we have broken down into the following categories:
- Identification data:
- Personal details including name, title, organisation details, phone numbers and e mail address ;
- Vehicle Registration Number;
- Size of clothes and shoes.
- Data related to your visit:
- Name of the person you are visiting and reason for your visit;
- Travel history.
- Security Data:
- Movement in and out of the site;
- CCTV footage captured when you visit the Company’s premises.
With your express consent, the Company may also collect and store information about your health and medical history as part of our visitor questionnaire, including any physical medical condition (i.e. special categories of personal data).
3. How and why do we process your personal data?
This privacy notice is designed to comply with both the UK GDPR and the EU GDPR. While the UK GDPR allows multiple lawful bases for processing, the EU GDPR requires that only one lawful basis is identified per processing purpose. For example, under the UK GDPR, we can rely on both our legal obligations to comply with health and safety laws and our legitimate interests in maintaining a secure environment, while for the EU GDPR purposes, we have selected the legal obligation as the primary lawful basis for processing visitor data. The primary lawful basis for processing in the EU is indicated in the following table with an asterisk (*).
| Processing activity | Purpose of processing | Personal data types | Lawful basis |
| Ensuring visitors’ safety | For logistical purposes such as providing necessary protective gear (PPE). | | Legal obligation. |
| Allowing visitors access to the premises | To identify and register visitors to the Company premises. | - Identification data.
- Data related to your visit.
| Legitimate interest: Ensuring workplace safety, compliance with food safety standards, and business operations. |
| Ensuring safety of our premises, employees and products | To prevent unauthorized access and detect suspicious activity.
To ensure the security of the premises, employees, and visitors.
To ensure compliance with food handling, food safety, and quality requirements in accordance with public health regulations and client standards. | - Identification data.
- Data related to your visit.
- Security Data.
| Legal obligation. (*) Legitimate interest: Ensuring workplace safety
Legal obligation. (*) Legitimate interest: Ensuring workplace safety
Legal obligation. (*) Legitimate interest: Ensuring workplace safety, compliance with food safety standards, and business operations. |
4. What happens if you fail to provide personal data?
Refusal to provide the required personal data will prevent you from entering the Company’s premises.
5. Will you be subject to automated decision making?
Automated decision-making takes place when an electronic system uses personal data to make a decision without human intervention. The Company does not envisage that any decisions will be taken about you using automated means, however it will notify you if this position changes.
6. Who will your personal data be disclosed to?
Your personal data will be accessed by authorised Company staff who need to have access to that information. In order to pursue the above purposes your personal data may be made available to recipients providing relevant services to the Company such as CCTV software providers, security services providers, IT software providers, insurers and legal advisers or government authorities as required by law. Such service providers will only process the personal data in accordance with our instructions.
We may also disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation; or in order to defend or make any legal claim; or for site security and access purposes where the Company occupies a shared office building and discloses your personal data to the Landlord or controller of the building for these purposes as necessary; or to protect the rights, property or safety of our Company, employees, customers or others. We require third parties to respect the security of your data, to take appropriate security measures and to treat it in accordance with the law. Personal data may also be disclosed to external parties in connection with any external third party regulatory or customer audits, as well as to parties you authorise us to disclose your personal data to. We will not sell your personal data to any third party.
We may transfer your personal data outside of the UK or EEA to a country that may have privacy protections less stringent than in the EEA or UK. For instance, we may transfer your personal data to our holding Company based in the United States of America or to a third-party service provider for the purposes of your visit. In the absence of an adequacy decision from the EU Commission or UK Parliament, we will implement measures to ensure that your personal data receives an adequate level of protection, such as EU standard contractual clauses or UK International Data Transfer Agreement, together with technical and organisational safeguards to ensure that your personal data is treated in a way that is in compliance with and which respects the EU and UK laws on data protection. For further information, or to request copies of the data transfer agreements or the safeguards we have in place, please contact the Group Privacy Officer.
7. CCTV
We have installed video surveillance in certain targeted areas of some of our sites for the purposes of the prevention of crime, site security and safety and ensuring security of employees, visitors and suppliers. The recordings will only be accessed and reviewed when necessary, subject to applicable law, including in the following circumstances:
- suspicion of criminal activities or where security concerns have been raised,
- non-compliance with internal guidelines or relevant regulations (including but not limited to food handling and health and safety);
- internal/external audits;
- investigations, disciplinary or grievance processes; and
- defending any legal claims;
The recordings may also be disclosed to the police in relation to any criminal proceedings or if the disclosure is otherwise required by law as part of any litigation or regulatory investigation. The recordings are stored on a server, which can only be accessed by a limited number of employees and are only accessible by entering a password.
8. How long will the Company use your information for?
The Company will only retain your personal data for as long as necessary to fulfil the purposes we collected the personal data for. However, we may need your personal data to establish, bring or defend legal claims. For this purpose, we may retain your personal data after the date it is no longer needed by us in accordance with our Retention Guidelines. The only exceptions to this are where:
- the law requires us to hold your personal data for a longer period, or to delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law; or
- in limited cases, the law permits us to keep your personal data indefinitely provided we put certain protections in place.
For further information please see our Retention Guidelines, which are available from the Group Privacy Officer.
9. What are your rights relating to your personal data?
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”).
- Request correction of the personal information that the Company holds about you.
- Request the erasure of your personal information.
- Request the restriction of and objection to processing of your personal information.
- Request the transfer of your personal information to a third party.
In France, data subjects can also instruct the individual(s) who are required to deal with their affairs (e.g. executors of their will) of how they wish for their personal data to be processed after their death, which may include the use of some of the rights listed above. In addition, where you provide your consent to the processing of your personal data, you have the right to withdraw your consent at any time. To withdraw your consent, please contact the Group Privacy Officer in writing. Some of these rights are not automatic, and we reserve the right to discuss with you why we might not comply with a request. If you want to exercise any of the above rights, please contact the Group Privacy Officer in writing.
10. Who can you contact if you have concerns about our use of your personal data?
You retain the right to lodge a complaint about the Company’s management of your personal data to:
If you have any questions about this Privacy Notice, please contact the Group Privacy Officer at gpo@pilgrimseurope.com.
| Governance | |
| Version | 1.0 |
| Date | April 2025 |
| Owner | Debbie Bloomfield |
| Authorised By | Kirsty Wilkins |
| Review Frequency | Annual |