Privacy Policy & Cookies

Muller UK & Ireland Group LLP ("we" or “Müller”) is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

In addition to these safeguards, your personal data is protected in the UK by the Data Protection Act 1998 and other legislation in other territories. This provides, amongst other things, that the personal data we hold about you should be processed lawfully and fairly.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Information about you

We do not automatically collect or process any personally identifiable information such as names, date of birth, addresses, telephone numbers, financial information, email addresses or other information (“Personal Data”). Personal Data that we may collect and process about you is provided by you on a voluntary basis and you do not have to provide this information to access the website www.waitroseemmabridgewater.co.uk (the “Website”).

We may collect and process Personal Data about you when you place a product order through the Website.

How we use your Personal Data

We respect your privacy and we will treat all Personal Data received from any visitor to the Website as confidential. It will only be used for Müller business purposes or on our behalf by third party agents selected by us in connection with the promotion and who have agreed to keep it confidential and who will only use it for Müller business purposes.

We will not, and will not authorise any third party agent to, sell or rent your Personal Data. We will not contact you in the future with any marketing communications.

You are entitled to obtain details of the information that we hold about you (for which we may charge a small fee). You may also ask us to make changes to the information we hold about you to ensure that it is accurate and kept up to date. If you wish to do this, please send an e-mail to gemma@hrg.co.uk

Where we store your Personal Data

The data that we collect from you may be processed, transferred to, and stored at, a destination outside the European Economic Area ("EEA"). By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

Disclosure of your Personal Data

We may disclose your personal information to any member of the Müller Group, Waitrose Limited and/or Emma Bridgewater Limited for administration purposes only in relation to the promotion.

We may also disclose your Personal Data to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets;
  • if Müller or substantially all of its assets are acquired by a third party, in which case Personal Data held by it will be one of the transferred assets; and
  • where we believe the law requires it or in response to a demand by any regulatory, enforcement or other government authority.

Cookies

A cookie is a small file of letters and numbers that is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improve the user experience. They can also help to ensure that adverts you see online are more relevant to you and your interests. You can find more information about the individual cookies we use and the purposes for which we use them in the table below.

  • Type 1: Strictly necessary cookies: These cookies are essential in order to enable you to move around the Website and use its features. Examples include remembering previous actions (e.g. entered text on our ‘contact us’ page) when navigating back to the page in the same session.
  • Type 2: Performance Cookies: These cookies collect information about how visitors use the Website, for instance which pages visitors go to most often, and if they get error messages from web pages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. This helps us improve the performance of the Website.

By using the Website you agree that we can place these types of cookies on your device.

None of the cookies on the Website are used to store financial information, or information that could be used to identify you but are essential to ensure that the site works as it should.

You can, should you choose, disable the cookies from your browser and delete all cookies currently stored on your computer. On Microsoft Internet Explorer, this can be done by selecting “Tools/Internet Options” and reviewing your privacy settings or selecting “delete cookies”. This may prevent you from taking full advantage of the Website.

Payment Transaction Security

All transaction information passed between merchant sites and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to your servers from Sage Pay are signed using MD5 hashing to prevent tampering. You can be completely assured that nothing you pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.

Once on our systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data we hold is extremely secure and we are regularly audited by the banks and banking authorities to ensure it remains so.

Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.

Sage pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. We are also active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.

Sage Pay has multiple private links into the banking network that are completely separate from the Internet and which do not cross any publicly accessible networks. Any cardholder information sent to the banks and any authorisation message coming back is secure and cannot be tampered with.

Sage Pay is controlled by Iris Scanners, which are the latest and most precise biometric security devices available for identification. As used by; chemical plants, airports, police stations, prisons and other facilities where security is paramount. No one can enter or leave the building without a valid security pass.

All employees at Sage Pay are Criminal Records Bureau (CRB) checked prior to employment and no unauthorized individual has access to or is able to decrypt transaction information or cardholder data. Our systems only allow access to our most senior staff and only in extenuating circumstances (such as investigations of Card Fraud by the Police). All transaction information and customer card information is secure even from our own employees.

Sage Pay operates on twin data centres to ensure optimal system security and up-time and has a full disaster recovery and business continuation policy.

Click the following link to View their PCI DSS certificate- http://www.sagepay.co.uk/file/23796/download-document/PCI_DSS_Certificate_2015.pdf?token=-cok9lOatTLpRFZfRd_8MOTZ2Vx4rvsXAW6kI-e2MIE  

Other Important Information

For the purpose of the Data Protection Act 1998, the data controller is Muller UK & Ireland Group LLP, trading as Müller Dairy of Shrewsbury Road, Market Drayton, Shropshire, TF9 3SQ, registered in England and Wales under partnership number OC384928.

The Website may contain links to and from websites of our partner networks, advertisers, affiliates and others which may be of interest to you. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and cookies and that we do not accept any responsibility or liability for these policies and cookies. Please check these policies before you submit any Personal Data to these websites.

We take every precaution to ensure that all information received from the Website visitors is as secure as possible to protect against unauthorised access and use. However, please remember that the internet may not be a secure medium and accordingly the security of information transmitted over the internet cannot be guaranteed by us.

We may change this Privacy Policy from time to time. Any changes we may make to our Privacy Policy will be posted on this page.