Privacy Notice Blade
1. General
This Privacy Notice applies to our mobile application (the “App”) dedicated to the connected Blade device (the “Blade”) for customers and consumers in the European Union where we, HEINEKEN International B.V., located at Tweede Weteringsplantsoen 21 H, 1071 ZA Amsterdam and Heineken UK Limited (company number SC065527) having its registered office at 3-4 Broadway Park, South Gyle Broadway, Edinburgh, EH12 9JZ, will collect certain personal information. Please read this privacy notice carefully as it contains important information to help you understand our practices regarding any personal information that you give to us or that we otherwise collect in the context of the App (‘Personal Data’). HEINEKEN International B.V. and Heineken UK Limited (‘HEINEKEN’, ‘we’ or ‘us’) are separate and independent controllers in respect of the Personal Data processed by each party.
We respect your privacy, and we are committed to keeping your Personal Data secure and managing it in accordance with our legal responsibilities under applicable data protection laws.
If you have any questions about this privacy policy or our processing activities, we can be contacted as follows:
• Mail: HEINEKEN International B.V., Tweede Weteringsplantsoen 21 H, 1071 ZA Amsterdam, Netherlands, marked for the attention of the Global, Data & Technology Office and Heineken UK Limited, 3-4 Broadway Park, South Gyle Broadway, Edinburgh, EH12 9JZ, marked for the attention of the Privacy Officer; or
• Email: bladeplus@heineken.com and protectingyourdata@heineken.co.uk.
2. What Personal Data We Collect and How We Use your Personal Data
We receive and collect Personal Data and other technical information (“Data”), as described in detail below, when we provide our Blade services, including when you (a) install the Blade (including powering it up and scanning the QR code), (b) download and use the App; and (c) use the Blade services, including real time monitoring of the Blade performance including troubleshooting information, poured volume information and generic support information (together, the “Services”). We may use this Data to (i) provide you with the Services, (ii) operate, provide, improve, customise, support and market our Services, and (iii) comply with our legal obligations. If you do not want us to collect and process your Data, you may not be able to use some of the Services.
We have specified below what Data we collect, the purposes for which we use the Data, our lawful basis for processing your Personal Data and how long we will generally retain your Personal Data:
A. Blade Account Data:You can choose to create an account in the App so that you can benefit from our full Services (a “Blade Account”). When you create a Blade Account, we will ask you to provide us with your email address, password, company name (if applicable), phone number, country and date of birth (which we need for our age compliance requirements) (“Blade Account Data”).
Creating a Blade Account is optional and is not necessary to use the Blade. Without a Blade Account, on the App you will be able to see the current technical information of the Blade (including temperature and when the keg was last changed), trouble shooting information to assist in resolving any issue that may arise with your Blade and generic support information.
However, creating a Blade Account is necessary if you wish to access historical information about the usage of your Blade. In addition, it ensures that only the Blade Account holder has access to the registered information of your Blade. You can use your Blade Account to securely login to the App.
We will retain your Blade Account Data for as long as you actively use your account, and for a maximum period of 7 years. When you have not used your Blade for more than 2 years, we will automatically delete your Blade Account Data. You can also request to have your Blade Account Data deleted at any time via the “Privacy Settings” section in the App. Please note that deletion is permanent.
The lawful basis for processing your Blade Account Data is that is necessary for the performance of the contract which you enter into with us when you create a Blade Account and accept the applicable Terms and Conditions
B. Blade Technical Data: When you switch on your Blade it will automatically be connected which means that we can see at all times if your Blade is switched on or off. In addition, provided you give your consent, we collect sensor and device-specific information of your Blade, such as your unique user Blade ID, simcard ID, network provider and any Wi-Fi connections.. The App also records your Blade’s time of use, the lifespan of the keg and the temperature of your Blade. Furthermore, ambient temperature, keg pressure, current volume, tapping cycle, several operating parameter statuses and events based on measurement/switch changes are measured.
Blade Technical Data enables us to track your Blade’s effectiveness and alert you when the Blade needs maintenance or problem solving. It also allows you to perform self-diagnosis of the problem, and the App will present you with the possible solution.
Blade Technical Data also enables us to provide you with bespoke and pro-active customer support and analyse our customer support efforts on an aggregated basis. Such analysis gives us insight into whether the technical support process works efficiently so we can improve, where possible.
We will retain Blade Technical Data for as long as you actively use your account, and for a maximum period of 7 years. When you have not used your Blade for more than 2 years, Blade Technical Data will be anonymised.
The lawful basis for processing Blade Technical Data is consent, i.e., provided on a voluntary basis. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before withdrawing your consent. You can withdraw your consent in the “Privacy settings” section in the App.
C. Blade Usage Data: When you connect your Blade and if you consent, we collect usage data. This data includes information about your interaction with our Services how much volume your Blade poured daily, monthly and yearly, and how well your Blade is performing in comparison to other Blades (passives, low performers, medium performers, high performers) (“Blade Usage Data”). The
Blade Usage Data will provide you with insights into your historic usage, provided you have created a Blade Account.
Blade Usage Data can also be used for marketing purposes when you have consented to this purpose during the set-up of your connected Blade – or later via the ‘privacy settings’ section in the App. If you consent, we will use your Blade Usage Data to help optimize our products and to send you commercial messages from our marketing and sales departments.
We will retain Blade Usage Data for as long as you actively use your account, and for a maximum period of 7 years. When you have not used your Blade for more than 2 years, your Blade’s usage data will be anonymized.
If at any time you decide to use the Blade Usage Data for monitoring your staff’s performance (e.g., pouring skills), please note that you are controller for this processing activity and not HEINEKEN. This means you are responsible for acting in accordance with applicable privacy laws and regulations. This includes, but is not limited to, informing your staff about the monitoring of their performance and what criteria you see to assess their performance.
The lawful basis for processing Blade Usage Data is consent, i.e., provided on a voluntary basis. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before withdrawing your consent. You can withdraw your consent in the “Privacy settings” section in the App.
D. Blade Location Data:When you connect your Blade and if you consent, we collect your Blade’s location data (“Blade Location Data”) to optimize our technical support or for marketing purposes.
If you share your Blade Location Data for technical support purposes, we can remotely check the status of your Blade and improve our technical and customer support, e.g., gain insight into local network coverage issues and optimize route planning for our technical support team.
Should you choose to share your Blade Location Data for marketing purposes, we can use this to optimize our marketing route and strategy of the sales representatives. It will allow us to understand your business better, e.g., it will give us insights in local and regional popularity of certain products, and we can provide you with improved commercial options and promotions in relation to type of kegs, or HEINEKEN appliances/devices.
We will retain Blade usage data for as long as you actively use your account, and for a maximum period of 7 years. When you have not used your Blade for more than 2 years, we will anonymize your Blade Location Data.
The lawful basis for processing Blade Location Data is consent, i.e., provided on a voluntary basis You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before withdrawing your consent. You can withdraw your consent in the “Privacy settings” section in the App
E. Cookie data: We use cookies, tags or similar technologies to operate, provide, improve, understand and customise our Services. Cookies allow us to recognise your mobile device/computer and collect your Personal Data, including your unique user Blade number, the IP address of your mobile device/computer, the type of internet browser or operating system you use, session and usage data, or service-related performance information, which is information about your use of the App.
For further information about the use of cookies or other similar technologies used in the App, please read our Cookie Policy, which you can find under the privacy settings of the App
F. Transactional data. If you pay for our Services or products (e.g., kegs), we may receive information and confirmations, such as payment receipts, including from distributors or other third parties processing your payment.
You can choose to make use of our Services or products via the Blade and therefore pay for these Services. The lawful basis for processing of your Transactional data is therefore that it is necessary for the performance of the contract to which you are party.
G. Combined Data: We may combine your personal data, including Blade Account Data, Blade Technical Data, Blade Usage Data, Blade Location Data and transactional data (“Combined Data”), either for aggregated business insights purposes or for personalised and marketing purposes, provided you have given us consent to do so.
The Combined Data is analysed and used to provide you with the Services, e.g., personalised Blade usage data in your venue (such as higher volumes being poured on certain days and times), and to help us improve the content, functionality and usability of the App, Blade and Services, as well as for the development of new products and services.
The lawful basis for processing of your Combined Data for aggregated business insights, development of new products and services, and the improvement of our content, and the functionality and usability of the App, Blade and Services, is our legitimate interests.
The lawful basis for processing of your Combined Data for personalised and marketing purposes is consent, i.e. provided on a voluntary basis. You have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before withdrawing your consent. You can withdraw your consent in the “Privacy settings” section in the App.
3. How We Share Your Personal Data
We may need to share Personal Data on a need-to-know basis with third parties to help us provide our Services and products to you, and to run the App. These third parties are:
• Companies in the HEINKEN Group.
• Evalan B.V., develops, creates, manages and optimizes IoT-systems. Evalan B.V. acts as processor and ensures that the IoT-system, the App, is secured and streamlined.
• Microsoft Azure, a SaaS provider of a public cloud computing platform providing data storage in the cloud. Microsoft acts as processor.
We may transfer your Personal Data to recipients who may be located anywhere in the world. We will only transfer your Personal Data from the European Economic Area (EEA), United Kingdom or Switzerland to third countries, i.e., countries outside the EEA, based on appropriate safeguards or if otherwise authorized by applicable law. In other cases, we provide the necessary safeguards, e.g., through the conclusion of standard contractual clauses adopted by the European Commission with the recipients, or through other measures provided for by law.
We may also need to provide Personal Data to law enforcement bodies in order to comply with any legal obligation or court order.
4. Security of Personal Data
We will take appropriate technical, physical and organizational measures to protect the Personal Data collected through App from misuse or accidental, unlawful or unauthorized destruction, loss, alteration, disclosure, acquisition or access, that are consistent with applicable privacy and data security laws and regulations. However, no internet-based site can be 100% secure and we cannot be held responsible for unauthorised or unintended access that is beyond our control.
The App may contain links to other websites. We are not responsible for the privacy practices, content or security used by such other websites, which shall not be governed by this Privacy Policy. We advise you to always read the privacy policies carefully on these other websites.
5. Retention of Your Personal Data
We will retain your Personal Data for as long as legally required or for as long as necessary to provide you with any requested services or for any of the other purposes listed in this Privacy Policy. The specific retention terms are listed in this Privacy Policy for each of the relevant purposes. We will take reasonable steps to destroy or de-identify Personal Data we hold if it is no longer needed for the purposes set out above or after the expiration of the defined retention term.
6. Children's Privacy
The App and the Blade are not intended for use by individuals under the age of 18 (or the applicable legal age for using the Blade in your country). We do not knowingly collect Personal Data from individuals under the age of 18.
7. Your choices and rights
Under data protection laws, you have various rights which are set out below. The rights available to you depend on our reason for processing your personal data. You are not required to pay any charge for exercising your rights, although we may charge a reasonable fee if your request is unfounded, repetitive or excessive. We have one month to respond to you (unless you have made a number of requests or your request is complex, in which case we may take up to an extra two months to respond). Please note that, where we ask you for proof of identification, the one-month time limit does not begin until we have received this. If we require any clarification and/or further information on the scope of the request, the one-month deadline is paused until we receive that information.
a) Right of access. You have the right to ask us for copies of your personal data. This right always applies. There are some exemptions, which means you may not always receive all the information we process. You can read more about this right here.
b) Right to rectification. You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can read more about this right here.
c) Right to erasure. You have the right to ask us to erase your personal data in certain circumstances. You can read more about this right here.
d) Right to restriction of processing. You have the right to ask us to restrict the processing of your information in certain circumstances. You can read more about this right here.
e) Right to object to processing. You have the right to object to processing of your personal data where we are relying on a legitimate interest or conducting direct marketing. You can read more about this right here.
f) Right to withdraw consent. Where we are relying on consent to process your personal data, you may withdraw it at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
g) Right to data portability. This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent. You can read more about this right here.
If you would like to exercise any of these rights, please contact us at bladeplus@heineken.com. In your request, please make clear what right you are exercising.
Please note that if you exercise (some of) your choices and rights, you may not be able to use, in whole or in part, of our Blade services anymore.
8. Updates
We will keep this Privacy Policy under review and make updates from time to time. Any updated Privacy Policy will be posted in our App and to the extent reasonably possible, will be communicated to you.
9. Contact
If you have any other question, objection to our use of your Personal Data or a complaint about this Privacy Policy or about our handling of your Personal Data, you can mail at bladeplus@heineken.com. You also have the right to file a complaint with your local data protection authority.
For the Netherlands:
Autoriteit Persoonsgegevens
Postbus 93374
2509 AJ DEN HAAG
For Heineken UK Limited
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
The most recent version of this privacy notice is dated: March 2023.
