DATA PROTECTION REQUESTS POLICYLast update: 11th November 2020
1. PreambleSodexo Group is committed to handling Personal Data in compliance with the General Data Protection Regulation (GDPR) and any other applicable law and aims to deal promptly and efficiently with any queries relating to the Sodexo entities’ processing of Personal Data. In some cases, Sodexo entities may act as a Processor on behalf of a Client. In this instance the Client is responsible for handling Data subject requests relating to compliance with the GDPR and the Data subject’s Personal Data.
- Client means organizations or corporations that ask Sodexo to perform services on their behalf for their employees / On-site personnel that are the end-users of these services.
- Complaint means the complaint lodged by a Data subject with a Supervisory Authority or a court of justice if the Data subject considers his or her rights under GDPR are infringed.
- Controller means the entity that determines the purposes and means of the Personal Data processing.
- Data subject means an identified or identifiable individual whose Personal Data is concerned by processing within Sodexo, including the Personal Data of Sodexo’s current, past and prospective applicants, employees, clients, consumers/beneficiaries, suppliers/vendors, contractors/subcontractors, shareholders or any third parties.
- General Data Protection Regulation or GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC
- Group Data Protection Officer means the person appointed and endorsed by the Sodexo Group Executive Committee to oversee data protection issues at the Sodexo Group level, to define and administer the Sodexo data protection compliance program and good practices relating to data protection and to ensure their implementation as set out in Rule 20.
- Local Data Protection Point of Contact means the individual appointed by a Sodexo entity, in charge of handling local data protection issues. In some cases, the Local Single Data Protection Point of Contact can be appointed as Local Data Protection Officer where required by applicable data protection law.
- Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Processing or Personal Data Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Request means one of the mechanisms provided by the GDPR to individuals to allow them to exercise their rights (such as the right of access, to rectification, to erasure etc.). An individual may make a Request against any entity which processes its Personal Data.
- Sodexo entity or Sodexo entities means any corporation, partnership or other entity or organization which is admitted from time to time as a member of the Sodexo Group. Collectively ‘Sodexo’.
- Supervisory Authority means an independent public authority which is established by a Member State as specified in the GDPR.