Elementor #245 – BAT Trade Digital

BRITISH AMERICAN TOBACCO LA REUNION

CONFIDENTIALITY DECLARATION

At BRITISH AMERICAN TOBACCO LA REUNION (“BAT/US/WE”), we respect your privacy. We are committed to protecting the privacy of visitors to our website. Please read this document carefully because it presents our “Confidentiality Policy” which informs you of the use we make of your personal data, whether it is intended to provide you with electronic alerts or whether it is part of research that we conduct or for statistical purposes.

This privacy statement applies to the personal data of visitors to this website.

For the purposes of applicable data protection law (including, but not limited to, the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”), the company responsible for your personal data is British American Tobacco La Reunion.
 We may change this Privacy Statement at any time. Please reach us at 5, Immeuble Cap 2000, 6 Avenue Theodore Drouet, ZAC 2000-97429 LE PORT to enquire about any changes made or report a concern.
 If you are not satisfied with any aspect of our Privacy Statement, you can assert the legal rights we have described below, if applicable.

1) Information we collect about you

Depending on the relevant circumstances and applicable local laws and requirements, we may collect some or all the information listed below to assist us in this task:

 Last name;
 Contact information;
 Country of residence;
 Situation, i.e. career / profession; and
 Additional information that you choose to provide to us.

The above list details the methods of collecting your personal data. Please note that this list is not exhaustive.

Some of the personal data we collect from you is necessary for us to fulfill our obligations to you or to third parties. For example, when you sign up for email alerts, we need to collect your email address, name, and country in order to process your request. Other things may simply be necessary in order to keep our relationship running smoothly.
Depending on the type of personal data in question and the reasons why we might process it, if you refuse to provide this data to us, we may not be able to respond to your request.
For further details on the legal bases on which we rely in order to be able to use and process your personal data, please see the section below entitled “Legal bases for the processing of your data”.

2) How do we collect your personal data?

We collect your personal data mainly in three ways:

The personal data that you communicate to us;
Personal data that we receive from other sources; and
Personal information that we collect automatically.

The personal data that you communicate to us:

There are many ways to share your information with us, including the following:

 When you register on our website (for example: email alerts);
 When you contact us proactively, usually by phone, email or social media; and or
 When we contact you, by phone or email.

Personal data we receive from other sources 

We may obtain more information about you from other sources, including generally from third parties.

Personal information that we collect automatically

We collect technical information, including the IP address used to connect your computer to the Internet, your browser type and version, your time zone, the types and versions of your plug-in, your operating system and your platform. We use this information for statistical reporting and do not associate it with named persons.

We will not intentionally collect any information from visitors to this site who are under the age of eighteen. If we find out that a child has provided information, it will be immediately deleted from our records.

3) Why do we collect your personal data?

We collect, use and disclose your personal data for several reasons, including the following:

 to make sure we can answer your questions and contact you if you ask us
 to store your contact details (and update them if necessary) on our database, so that we can contact you in connection with email alerts or answer any questions you have asked us to answer
 as part of our research for statistical purposes
 to ensure the proper functioning of software and IT services provided by us (including for data recovery in the event of a disaster)

 for other reasons with your consent.

4) Who do we share your information with?

We will share your personal data primarily for the purpose of ensuring that we provide you with the most relevant and up-to-date information, content and events, or in order to ensure that we can respond to any request quickly and efficiently. Unless otherwise specified, we may share your information with any of the following groups:

 All our BAT entities, when necessary, and in accordance with the laws relating to data transfers;
 Tax, audit or other authorities, when we believe that the law or another regulation requires us to share this data (for example, following a request from a tax authority or in the context of an anticipated litigation) or to help prevent fraud or to enforce or protect the rights and property of British American Tobacco or its affiliates; or in order to protect the personal safety of British American Tobacco employees, third party agents or members of the public.

 Third party service providers who perform certain functions on our behalf (including external consultants, investor relations service providers and professional advisers such as lawyers, auditors and accountants, technical support functions and consultants IT performing tests and developments on our business technology systems);
 outsourced third party IT service providers where we have appropriate data processing agreements (or similar protections) in place;
If a BAT entity merges with or is acquired by another business or company in the future, we may share your personal data with the new owners of the business or company (and notify you of such disclosure); and
Certain circumstances may arise in which British American Tobacco, whether for strategic or other business reasons, decides to sell, buy, merge or reorganize businesses in certain countries. Such a transaction may involve the disclosure of your personal information to potential or actual buyers, or its receipt by sellers. British American Tobacco’s practice is to ensure the appropriate protection of personal information in these types of transactions.

We do not share, rent, or trade your information with third parties for marketing or promotional purposes.

5) How long do we keep your personal data?

We will not keep your personal data for longer than necessary to fulfill the purposes for which we collect it, unless we believe that the law or another regulation requires us to keep it (for example, at the request of ‘a tax authority or in the context of a planned dispute).

When it is no longer necessary to keep your data, we delete from our systems the personal data we hold about you.

6) How do we ensure the security of your personal information?

We attach great importance to the protection of your information. We therefore take appropriate measures to prevent unauthorized access and misuse of your personal data.

We are committed to taking all reasonable and appropriate measures to protect the personal information we hold against misuse, loss or unauthorized access. We do this by implementing a range of appropriate technical and organizational measures, including encryption measures and disaster recovery plans.

Unfortunately, there is always a risk in transmitting information through any channel on the Internet. Indeed, you send information on the Internet at your own risk. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted via the internet and we do not guarantee the security of any information, including personal data, that you transmit to us via the internet.

If you suspect any unauthorized use, loss or unauthorized access to your personal information, please notify us immediately. Please let us know your concerns by contacting us using the address provided herein then we will investigate the matter and keep you informed as soon as possible of the next steps.

7) Your rights

You have different rights with respect to the data we hold about you. We have listed them below.

Right of opposition

This right allows you to object to the processing of your personal data when we use it for one of the following reasons:

 because it is in our legitimate interest to do so (for more information, please see section 10 below);
 in order to enable us to perform a task of public interest or to exercise official authority; or
 for scientific, historical, research or statistical purposes.

Right to withdraw consent

Where we have obtained your consent to the processing of your personal data for certain activities, you can withdraw that consent at any time and we will then stop using your data for that purpose, unless we consider that there is another legal basis. justifying the continuation of our processing of your data for this purpose, in which case we will inform you of this condition.

Requests for access to the data of the data subject

You can ask us for a copy of the information we hold about you at any time, and ask us to change, update or delete that information. If we give you access to the information we hold about you, we will not charge you for this service, except as permitted by law. If you request other copies of this information from us, we may charge you a reasonable administrative fee. Where we are legally authorized to do so, we may refuse your request. If we deny your request, we will always tell you the reasons for the denial. 

Right to erasure of data

You have the right to request that we “erase” your personal data in certain circumstances. Normally, this right exists when:

 The data is no longer needed;
 You have withdrawn your consent to the use of your data, and there is no other valid reason for us to continue to use it;
 The data has been processed illegally;
 It is necessary that the data is erased so that we can comply with our legal obligations; or

 You object to the processing of your data and we are unable to demonstrate compelling legitimate grounds for continuing to process your data.

We would only be allowed to refuse to comply with your erasure request in limited circumstances and we will always communicate the reason for such refusal to you.

When we comply with a valid data erasure request, we take all steps reasonably possible to remove the data concerned.

Right to restrict data processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, for example if you dispute the accuracy of the personal data we hold about you or if you object to our processing of your personal data in the within our legitimate interests. If we have shared your personal data with third parties, we will inform them of this restricted processing, unless this is impossible or involves disproportionate efforts. We will, of course, inform you before lifting any restriction on the processing of your personal data.

Right of rectification

You have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them of this rectification unless this is impossible or involves disproportionate efforts. You can also request information about third parties to whom we have communicated this inaccurate or incomplete personal data. If we believe it is reasonable for us not to act on your request, we will explain the reasons for this decision to you.

Right to data portability

If you wish, you have the right to transfer your personal data between service providers. Concretely, this means that you can transfer the information that we hold about you to another third party. To enable you to do this, we will provide your data to you in a commonly used machine-readable format so that you can transfer that data. Otherwise, we can directly transfer the data for you.

Right of complaint

You also have the right to file a complaint with your local supervisory authority which, in France, is the CNIL (Commission Nationale de l’Informatique et des Libertés). You can contact her as follows:

 Phone: 01 53 73 22 22
 Support: https://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil
 Postal mail: National Commission for Computing and Liberties
3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07

If you wish to exercise any of these rights, or withdraw your consent to the processing of your personal data (where such consent constitutes our legal basis for the processing of your personal data), please contact us using the address details provided at the beginning. Please note that we may keep a record of your communications to help us resolve any issues you raise.

8) Who is responsible for processing your personal data?

We are responsible for the processing of your personal data.
If you have any comments or suggestions regarding this Privacy Statement, please contact us. We take data privacy very seriously and will get back to you as soon as possible.

9) How do we store and transfer your data internationally?

Your personal data may be transferred outside the European Economic Area to the types of entities described in section 4 above.

We want to make sure that your personal data is stored and transferred securely. We will therefore only transfer data outside the European Economic Area or the EEA (i.e. Member States of the European Union, Norway, Iceland and Liechtenstein) if it complies with the legislation on data protection and whether the means used for this transfer offer adequate guarantees for your data, for example:

by means of an intra-group agreement between BAT entities, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data from data controllers in the EEA to data controllers and to data processors located in jurisdictions without adequate data protection laws;
by means of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data from data controllers in the EEA to data controllers and data processors located in jurisdictions without adequate data protection laws; or
by transferring your data to a country in which the European Commission has determined that the levels of data protection are adequate through the legislation of that country; or
when this is necessary for the conclusion or performance of a contract between us and a third party and the transfer is in your interest for the purposes of that contract (for example, if we need to transfer your data to a provider of social benefits outside the EEA); or
 when you have consented to the transfer of data.

If we transfer your personal data outside the EEA and the country or territory in question does not meet adequate data protection standards, we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

10) Legal bases for the processing of your data

We are legally entitled to process your personal data in various ways. We have defined them below.

When the use of your data is in our legitimate interest

We are permitted to use your personal data when it is in our interest to do so and no potential harm to you outweighs that interest.

We believe that our use of your personal data serves a number of our legitimate interests, including, but not limited to the following:

 To help us better understand our visitors and to provide them with more relevant information and services;
 To help us secure our systems and prevent unauthorized access or cyber-attacks.

We do not believe that the activities described in this Privacy Statement will harm you in any way. However, you have the right to object to the processing of your personal data on this basis. We have defined the methods of opposition available to you in section 7 above.

When you give us your consent to use your personal data

We are authorized to use your data when you have expressly consented to it. For your consent to be valid:

It must be given freely, without us putting any kind of pressure on you;
You must know what you are consenting to, and we will make sure to give you enough information in this regard;
You should only be asked to consent to one thing at a time – so we avoid “bundling” consent requests so that you know exactly what you are agreeing to; and
Your consent requires positive and affirmative action from you – we will likely provide you with a checkbox so that you can answer this requirement clearly and unequivocally.

If we need your consent for anything else in the future, we will provide you with enough information for you to decide whether or not you want to consent.

You have the right to withdraw your consent at any time. We have defined terms for this withdrawal in section 7 above.

When the use of your personal data is necessary for the performance of our obligations under our contract with you

We are authorized to use your personal data when it is necessary to do so for the performance of our contract with you.

For example, we need to collect your email address so that we can provide you with the email alerts you have requested.

When data processing is necessary for the performance of our legal obligations

In addition to our obligations to you under a contract, we also have other legal obligations which we must comply with and we are authorized to use your personal data when we need it in order to be able to comply with these other legal obligations.