Contractor Privacy Notice

The Jordans & Ryvita Company (a division of ABF Grain Products Limited)

Contractors Privacy Notice


The protection of your personal data is of paramount importance to The Jordans & Ryvita Company (a division of ABF Grain Products Limited) (“we”, “us” and “our”). This notice sets out how we use and protect your personal data in accordance with current data protection law. It also describes your data protection rights (including the right to object to some of the data handling we carry out). More information about your rights and how you can exercise them is set out in the “Your Rights” section below.

Further information regarding the way in which we use your personal data is set out in Annex 1.

What personal data do we collect and use?
We collect and use information in connection with your employment or engagement by us. This information includes:
• Personal Identification and Communication Information: your name, home address, phone number, nationality, photo, details of your intermediary, right to work documentation, which is required for the purposes of Experian Background Checks;
• Information about your attendance, performance and training: professional experience, performance history, training records, accident records, compliance with company policies;
• Information collected via CCTV and other monitoring systems: phone, written and electronic communications, and information collected on CCTV, to the extent this is necessary (please see the Monitoring section below for more information about this); and
• Information about your use of our systems: for example, your use of our IT systems and electronic devices used by, or allocated to, you.
We usually only ask you to supply us with your personal data which is necessary in connection with the performance of your role. However whenever we ask you to supply us with personal data and the provision of this data is optional we will tell you about this and where relevant we will explain what the consequences will be if you decide not to provide the information that we have asked for.1

Sensitive personal data
Sensitive personal data means personal data about racial or ethnic origin, political opinion, religious or philosophical belief, trade union membership, genetic data, biometric data used for the purpose of uniquely identifying individuals, data concerning health or a person’s sex life or sexual orientation. Where sensitive personal data is collected, we will ensure that any additional legal requirements are complied with. Further information about the way in which we protect your personal data is available from the Data Protection Coordinator.

Why we collect and use your personal data
We use your personal data for the following reasons:
• Establishing and managing your engagement;
• Carrying out our responsibilities in relation to any payment of income tax and NIC arising from your engagement;
• Managing workplace investigations, disciplinary action and grievances;
• Managing attendance, performance, development and training;
• Providing and managing our IT systems and infrastructure;
• Providing you with access to our offices and systems;
• Protecting the security of our premises, assets, systems, and intellectual property;
• Managing our internal and external communications, (including the provision of communication services such as email, telephone and internet access and publishing information (and, where necessary your photograph) in internal and external directories, internal and external communications and newsletters, and in external news and media in connection with events and updates about us;
• Ensuring compliance with our policies and with applicable laws, (including by monitoring communications (please see the Monitoring section below for more detail about this)), and protecting our legitimate business interests and legal rights; and
• Providing whistleblowing support.

Legal basis

Further information about the way in which your data is used for these purposes is included in the table in Annex 1. This table explains the legal basis that we rely on when we use your data for each of these purposes. For example:
• in some cases we use your data in order to comply with the law;
• in some cases we will use your data because this is necessary for a legitimate business interest which is not overridden by your own privacy interests; when we rely on our legitimate interests to use your personal data, you have the right to object to this;
• in exceptional circumstances we can only use your data if you consent. If we ask you for consent2 so that we can use your data for a particular purpose, we will remind you that you are free to withdraw your consent at any time and we will tell you how you can do this.

Retention of your data
We will retain your data in a form that identifies you for no longer than is necessary for the purposes for which the personal data is processed. Further information about our retention of your data is set out in the JDR Data Retention Checklist, a copy of which can be obtained from the HR team or access via the JDR Intranet, click the link here: JDR Retention Checklist.

Transfer outside the UK
We ensure that we comply with the applicable legal requirements when transferring personal data outside the UK. Further information regarding these data transfers is set out in Annex 1 and can be obtained from your Data Protection Coordinator.

Sharing your data
We share your personal data with your employer in connection with the management of your engagement with us.
Your personal data will also be shared with companies providing services under contract to us, such as training providers, help desk providers and IT hosting and/or IT maintenance providers.
Your personal data will also be shared with third party service providers so that they can provide you with applicable benefits.
Your personal data will be shared with HMRC to the extent required for the purposes of ensuring compliance with applicable intermediaries’ legislation.
Personal data will be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.
In the event that we are sold or integrated with another business, your details will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.
For further information regarding recipients of your data see Annex 1.

We have taken appropriate technical, administrative, physical and procedural security measures, consistent with local and international information practices, to protect your personal data from misuse, unauthorised access or disclosure, loss, alteration, or destruction.

We carry out routine monitoring of the use of our systems for the purpose of securing our systems, monitoring compliance with relevant policies, and protecting the interests of our business. We also carry out monitoring of our systems where this in necessary in order to investigate misconduct or wrong-doing. Monitoring may be carried out either actively or retrospectively and is conducted in accordance with robust governance arrangements to ensure compliance with our legal obligations.
For more information about the acceptable use of our IT systems, infrastructure and communication services while at work, please view our IT Acceptable Use Policy, a copy of which can be obtained from the HR team and can be accessed on JDR intranet, link here: IT Acceptable Usage Policy.

Your Rights
If you wish to access your personal data or exercise any of your rights you should contact a member of the HR Team.
You have the right to ask us to rectify, block, complete and delete your personal data, to restrict its use, and to ‘port’ your personal data (that is, to ask us to provide it to you in a structured, commonly used and machine readable format and to transmit it directly to another organisation). You also have the right to request a copy of your personal data.
You also have the right to object to the processing of your data by us in some circumstances, in particular where we don’t have to process the data to meet a contractual or other legal requirement.
There are exceptions to these rights, however. For example, it will not be possible for us to delete your data if we are required by law to keep it. Similarly, access to your data may be refused if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information.
You also have the right to make a complaint to the data protection supervisory authority or to seek a remedy through the courts if you believe that your rights have been breached.


To access Annex 1, please contact the HR team at