Heverlee Data Privacy Notice

This privacy notice explains how we collect, use and store your personal data. It also gives you information about your legal rights granted under data protection laws.

The controller is Tennent Caledonian Breweries UK Ltd, Wellpark Brewery, 161 Duke Street, Glasgow, G31 1JD.


If you have any questions about this privacy notice, or how your personal data is processed, please contact our Group Data Protection Officer at the address above or by emailing gdpr@candcgroup.com.

This privacy notice was last updated in March 2024. We may amend this notice at any time. The latest version will be made available on this site, and we’ll contact you if we make any significant changes to it.

We won’t be able to respond to your queries, complaints or provide certain services if you don’t provide your personal data. It’s also important that the personal information we hold about you is correct and up to date, so please keep us informed if your personal information changes during your relationship with us.

1. Summary of this privacy notice

Personal data is information that relates to an identified or identifiable individual. We use your personal data for purposes including managing our relationship with you, to promote and market our products and services (including the use of profiling and social media), to run our business effectively, and so we can comply with our legal obligations. You can find out more about each of these purposes in Section 2 of this notice.

We only share your information with other organisations or transfer it outside the UK or European Economic Area (EEA) when this is necessary, and we require these third parties to respect the security of your data and treat it lawfully. Further information is found in Sections 3 and 4.

We only keep your personal data for as long as it’s needed to meet our operational, legal or reporting requirements, or to defend our legal rights. Section 5 provides more detail.

The rights you’re granted in relation to our use of your personal data and information on how to make a rights request can be found in Section 6.

Information about our use of cookies and similar technologies can be found in our cookie notice.

2. Why we use your personal data, and our lawful basis

To provide and manage our services to you

  • Your personal data is used so we can provide goods and services to you and manage any accounts you hold with us. Any such processing is a contractual requirement so we can, for example, fulfil orders you place.
  • It’s used to process payments and to prevent fraudulent transactions. We do this as part of our contractual obligations to you, and our legitimate interests to help protect our customers from fraud.
  • We’ll respond to your queries and complaints using the contact details you provide. We do this as part of our contractual obligations to you, and our legitimate interests to provide you with the best possible service.
  • Your personal data will be used if you attend any of our events, for planning and administrative purposes.

To promote and market our products and services

  • We’ll only send you electronic direct marketing by email, SMS or WhatsApp where we have your consent.
  • If you change your mind about receiving our electronic direct marketing, simply click the unsubscribe link in any marketing emails we send you, use the opt-out provided in the SMS or WhatsApp message, or contact our Data Protection Officer at the contact details above.
  • When we send you a direct marketing email, we may track how you respond to it using a ‘pixel’. We do this so we can see whether the email was opened and if any content was clicked, so that we can understand how effective our marketing strategies are and make improvements, where necessary. You can find out more about our use of pixels and cookies in our cookie notice.
  • We rely on social media and online services such as Meta (Facebook and Instagram), X (formerly Twitter), Google including YouTube, and Spotify to promote our products and raise awareness of Tennent’s. If you’ve told us that you’re interested in hearing about our brand (for example, by asking to receive our marketing emails) we may personalise the online content you see so that the marketing and offers are of most interest and relevance to you. We do this using social media ‘custom audience’ services which help us find our existing customers by sharing and matching limited personal data (names and email addresses) with these companies. We do this under our legitimate interests to promote our products and services to our consumers.
  • Regarding Meta, a joint controller addendum has been entered into, to determine the respective data protection compliance responsibilities relating to any joint personal data processing. This includes the use of ‘custom audience’ services. You can find further information on how Meta processes personal data, including the legal basis it relies on and the ways to exercise data subject rights against Meta in its privacy policy at https://www.facebook.com/about/privacy.
  • At all times you have the right to object to receiving personalised online marketing or your personal data being used for direct marketing purposes, including profiling. If you wish to exercise your right to object please contact us at GDPR@candcgroup.com. If you opt out, you may still see Heverlee marketing, but it just won’t be tailored to you.
  • You can also manage some advertising settings on the social media platforms you use. Please refer to your social media platforms for more information on how to do this.
  • Your personal data is used to administer any prize draws or competitions which you enter, based on your consent given at the time of entering. Some of these competitions use QR codes, to take you to a web-based entry form. Please note that we use a third-party vendor to provide our QR codes, who may conduct their own analysis of code usage. We also monitor QR code performance, but you cannot be identified from this data.
  • With your consent we’ll use your personal data in our marketing and promotional activities, including photographs, videos, and social media activities. You can withdraw your consent at any time, and more information on how to do this is found in Section 6 of this privacy notice. Please note that although we’ll stop using your image in the future, we’ll not always be able to remove any copies which have already been published.
  • When we capture photographs or videos at larger events, for example crowd scenes, we do so under the lawful basis of our legitimate interests. Signage will be in place to advise when photography or videography is occurring.
  • We conduct analysis to understand the sales rates of our products and services, and how well our marketing activities are performing so we can identify opportunities to promote our products and services to customers and prospective customers. This may include reviewing previous purchases or orders and combining this information with other datasets and information. The lawful basis for this type of profiling is our legitimate interests to promote and sell our brands and develop effective marketing campaigns. You can contact us if you don’t want us to use your personal data for this purpose. For more information, see the ‘right to object’ held in the ‘Your rights’ section below.
  • We conduct market research and studies to improve our websites, goods and services, and customer and supplier relationship and experiences. We do this on the basis of our legitimate interests to provide our customers with the best possible products and service, and more widely inform research and development within our industry. Any research findings or reports do not identify individuals. You can contact us if you don’t want us to use your personal data for this purpose. For more information, see the ‘right to object’ held in the ‘Your rights’ section below.

To run our business effectively

The purposes outlined in this section are primarily carried out under the lawful basis of our legitimate interests.

  • We’ll use your personal data to make sure we give you and other customers the best possible service, and to run effective and efficient systems and processes. This includes developing, testing and improving our systems, sites and services.
  • It’s used for business management, decision-making and planning purposes, to effectively run and protect our business.
  • Your data will be used to help train our staff. For example, through recording the calls made to our customer contact centres.
  • We may send you survey and feedback requests to help improve our products and services. You’re under no obligation to respond or take part if you receive these from us.
  • We monitor our network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution.
  • We maintain and monitor this website including, but not limited to, traffic data, location data, web logs and other communication data.

To comply with our legal obligations

  • Your personal data will be used to manage service issues or legal disputes involving you, other customers and suppliers, or our own employees, workers and contractors.
  • It’ll be used to help prevent and detect crime, and support the health and safety of our workforce or others. For example, through CCTV systems in place at our sites and visitor centre. Signage will be in place to tell you where CCTV is operating.
  • We may use it during our accounting and auditing processes and for any regulatory or legal reporting purposes with which we must comply.

3. Passing your information to others

We may have to share your data with other people and organisations. We require these third parties to respect the security of your data and to use it legally. Where a third-party is acting as a ‘data processor’, they’ll act solely on our instructions and will only use your information for that specific purpose.

We may share your data:

  • With the other entities within our Group (C&C Group plc), as part of our regular reporting activities on company performance, as part of research findings conducted about our brands and products, in the context of a business reorganisation or group restructuring exercise, or for system maintenance support and hosting of data.
  • With companies that help us provide our products and services, for example companies that help us process payments, or fulfil orders and deliver products to you.
  • With marketing and media agencies who help us with our promotional activities, such as competitions and prize fulfilment.
  • With social media platform providers, such as Meta, X, Google and Spotify, for the purposes of our marketing activities.
  • With IT system providers, including data storage providers and their technical support teams, if necessary.
  • Governmental bodies, regulators, law enforcement agencies, insurers, our accountants, auditors, legal advisors, debt collection agencies, or court or tribunal services where we must do so to comply with legal obligations, exercise or defend our legal rights, to prevent and detect crime or prosecute offenders, or to safeguard and protect our employees, customers or other individuals.
  • If we sell or buy any business or assets, we may disclose your information to the prospective seller or buyer of such business or assets. If we’re acquired by a third party, customer information will be one of the transferred assets so they can continue to provide services to you.

4. International transfers

Your personal data may be transferred to and stored in locations outside the UK and the European Economic Area (EEA). This will typically occur when we use service providers located outside of these areas. These data transfers require us to follow certain rules under data protection law to ensure that your data will be adequately protected, so we’ll only transfer data to countries that have been confirmed as protecting personal data to UK or EEA standards, or where we have put contractual commitments in place which make sure the data is protected to these standards.

Please contact our Data Protection Officer if you want to find out more about where personal data is transferred to, or the safeguards we have in place.

5. How long we keep your personal data

Your personal data is only kept for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any operational, legal or reporting requirements, and in order to defend our legal rights. To decide the right retention period, we consider the purposes for which the data is processed, the amount, nature, and sensitivity of it, the potential risk of harm from unauthorized use or disclosure, and any applicable legal requirements.

Your personal data is deleted once it’s no longer needed for these purposes.

6. Your rights

Under data protection law you have the right to:

  • Request access to your personal information (commonly known as a data subject access request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request the correction of incomplete or inaccurate personal information that we hold about you.
  • Request erasure of your personal information in certain circumstances. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  • Object to processing of your personal information in certain circumstances. You also have the absolute right to object where we are processing your personal information for direct marketing purposes, including personalised online marketing and profiling.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party, known as data portability.
  • Withdraw your consent. In circumstances where your consent is the lawful basis for the processing, you have the right to withdraw your consent at any time.

If you want to exercise any of these rights please contact GDPR@candcgroup.com.

Your right to complain to a data protection regulator

We aim to collect, use and safeguard your personal information in line with data protection laws and guidance. If you have concerns about how we’ve handled your personal data please get in touch with our Data Protection Officer at details above.

While we hope that we can resolve your concerns, you can complain to a data protection authority regardless of whether you have exhausted our internal procedure.

  • For UK residents:

    You have the right to lodge a complaint with the Information Commissioner’s Office (ICO). You can find further information and contact details at https://ico.org.uk.
  • For ROI residents:

    You have the right to lodge a complaint with the Data Protection Commission (DPC). You can find further information and contact details at https://www.dataprotection.ie.

Cookie Policy

1. What is a cookie?

Cookies are small text files that are placed on your computer or other internet-enabled devices, like a smartphone or tablet, by websites that you visit. They are widely used to make websites work properly, ensure site security, and to allow us to understand how people are using our sites. This policy provides information about the cookies we use.

2. Types of cookies we use

We use the following cookie types. Some of these are ‘session’ cookies which expire at the end of your browser session. Others are ‘persistent’ cookies which remain on your device for the period of time specified in the cookie.

Essential

Also known as ‘necessary’ cookies, these are required to enable basic website functionality. You can’t turn these cookies off.

Marketing

These are used to deliver advertising that is more relevant to you and your interests. They may also be used to limit the number of times you see an advertisement and measure the effectiveness of advertising campaigns.

Personalisation

Also known as ‘functionality’ cookies, these allow the website to remember choices you make (such as your language, or the region you are in) and can provide enhanced, more personal features.

Analytics

Also known as ‘performance’ cookies, these help us understand how the website performs, how you interact with the site, and whether there may be technical issues.

3. How to manage your cookie preferences

You can change your cookie preferences at any time by clicking on the cookie icon found in the corner of the screen.

Alternatively, most web browsers allow some control of cookies through browser settings. To find out more about cookies visit www.aboutcookies.org.

To find out how to manage cookies on popular browsers use these links:

To opt out of being tracked by Google Analytics across all websites, visit https://tools.google.com/dlpage/gaoptout.

4. Cookies used on our site

Cookie Name Type Duration Description
Osano Osano_consentmanager Essential 1 year The cookie manager tool we use to record your cookie preferences.
resolution Essential Session Stores your device resolution when visiting the site.
Google Analytics _ga Analytics 13 months Used to collect information about how visitors use this website. We use the information to conduct website analysis and to help us improve it.
_gat_gtag_UA Analytics Session
_gid Analytics 24 hours

If you have any queries about the cookies used on this site please contact GDPR@candcgroup.com.