1) Can I get a more precise time-frame for how long a staff member’s personal data will be stored by Heineken?
2) When would any personal data collected about Topgolf’s staff be deleted?
3) What technical and organisational measures do you have in place for the security of any personal data collected? – I have noted the information is only accessible to Heineken staff on a ‘need-to-know’ basis.
The Hello Beer web platform and mobile application is administered, hosted and maintained by our software development partner, Hello Forward Limited. Hello Forward Limited are obliged to adhere to the attached Information Security Standards.
4) Is any of the data for our purposes exported outside the EEA requiring us to enter in a Data Processing Agreement?
Heineken UK Limited is the data controller in respect of personal data processed in order to provide the Hello Beer app and web platform and we have a Data Processing Agreement in place with our appointed data processor, Hello Forward Limited. This Data Processing Agreement obliges Hello Forward Limited to ensure that no personal data is exported outside the EEA unless the transfer is covered by an adequate transfer mechanism. There is no requirement for Heineken UK and Topgolf to enter into a Data Processing Agreement.
Also see related asana task: https://app.asana.com/0/1183515841815561/1198070155539665/f