Sodexo Group is committed to handling personal data in compliance with the General Data Protection Regulation (GDPR) and any other applicable law.
1. TYPES OF COMPLAINTS CONCERNED
All complaints about our Sodexo entities’ processing of Personal data will be handled in line with the procedure set out below (4. Handling complaints). Non-exhaustive examples of the types of concerns likely to be raised include:
- Unfair or unlawful processing of personal data
- Misuse of your personal data
- Unauthorised access to your personal data
- Loss of your personal data.
Where a concern falls outside the scope of this complaints procedure, you will be notified of the most appropriate process to be followed.
2. YOUR RIGHTS UNDER GDPR
Sodexo is committed to ensure protection of your rights under GDPR and any other applicable law.
Accordingly, you can request access to your Personal data. You may also request rectification of inaccurate Personal data, or to have incomplete data completed.
In addition, your right to be forgotten entitles you to request erasure of the Personal data in cases where (i) the data is no longer necessary in relation for the purposes of its collection or processing, (ii) you choose to withdraw your consent, (ii) you object to the processing by automated means using technical specifications, (iv) your Personal data has been unlawfully processed, and (v) there is a legal obligation to erase your Personal data, and (iv) erasure is required to ensure compliance with applicable laws.
You may also request the restriction of processing, in cases where (i) you contest the accuracy of the Personal data, (b) Sodexo no longer needs the Personal data, for the purposes of the processing, and (c) you have objected to processing for legitimate reasons. data concerning you. Moreover, you are entitled to request and receive the Personal data concerning to you.
You may also request, where applicable, the portability of your Personal data that you have provided to Sodexo, in a structured, commonly used and machine-readable format or request to transmit it to a third party of your choice.
You may object (right to “opt-out”) to the processing of your Personal data (notably to profiling or to marketing communications). When we process your Personal data on the basis of your consent, you can withdraw your consent at any time.
3. WHAT OUR TEAMS WILL DO THEY RECEIVE A COMPLAINT/DATA SUBJECT’S REQUEST?
Our approach is to engage positively and resolve your complaint satisfactorily without you having to refer your complaint to local Court or the relevant Data Protection Supervisory Authority.
If you have any concerns or problems with the way in which your personal data has been processed, you should not hesitate to raise your concern with your contact at Sodexo e.g. your manager, or your Human Resources point of contact. To help us to deal with your complaint, please provide a full written explanation of your concerns by completing the Data Protection Complaint Form below.
4. HANDLING COMPLAINTS
At the time of drafting your complaint and to allow Sodexo to deal promptly and in the most efficient manner with your complaint, you are invited to follow the following steps:
STEP 1: Complete and submit the Complaint/Data Subject’s Request Form and send it out to one or several of the points of contact mentioned in the form.
STEP 2: You will receive a communication within two (02) business day from Sodexo acknowledging receipt of your complaint.
STEP 3: Your complaint will be treated confidentially and fully investigated where necessary. During this process, you may receive additional communications from the relevant Sodexo’s Local Data Protection Special Point of Contact and/or the Global Data Protection Office to investigate your concern. If you have not provided sufficient information in your complaint, we will let you know the further information needed to process your complaint.
STEP 4: Once the information related to your complaint is complete, we will contact you within thirty (30) days to propose a solution. This deadline may be extended in certain circumstances, depending on the nature of the complaint. If you agree with the proposed solution, we will work with you to close the matter. If you do not agree, the matter will be escalated to the Sodexo’s Global Data Protection Office.
STEP 5: The Sodexo’s Global Data Protection Office will take steps to resolve the matter and will contact you to propose a new solution within thirty (30) days of the escalation.
STEP 6: If the solution proposed resolves your complaint, the Global Data Protection Office will close the matter.
STEP 7: Should you remain unsatisfied with the outcome of the review by the Global Data Protection Office or you have not received an answer within the above-mentioned deadline, you may then seek further recourse by contacting your local Court or the relevant Data Protection Supervisory Authority.
Please note you may complain to a Sodexo entity established in Europe in and/or to the relevant European Supervisory Authority in the jurisdiction in which the Sodexo entity concerned is responsible for the processing of your personal data. Where you have suffered a damage due to non-compliance with the GDPR or the Sodexo privacy policies by a Sodexo entity based outside Europe, you may complain to Sodexo European headquarters, or choose to lodge your claim with the CNIL (the French Supervisory Authority covering Sodexo’s global headquarters, www.cnil.fr) or before any other Supervisory Authority.