Last Updated: 30/05/2024
This is Compass Group PLC’s privacy notice. Compass Group PLC is a company incorporated in England & Wales under number 04083914 whose registered office is at Compass House, Guildford Street, Chertsey, KT16, 9BQ (“Compass”).
Compass respects your privacy and is committed to protecting your personal data. For more information about Compass Group, please see the ‘What we Do’ section of our website.
When we use ‘Compass’, ‘we’, ‘us’ or ‘our’ in this privacy notice, we are referring to Compass Group PLC. We are the data controller for your personal data under the applicable legislation and are primarily responsible for processing and ensuring proper protection of your data.
It is important that you read and retain this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information and what your rights are under the data protection legislation.
This privacy notice informs you of who we are, how we collect, share, use and protect your personal information, however you provide it to us, and tell you about your privacy rights and legal protections.
This privacy notice tells you how Compass collects and processes your personal information that we collect through this website, any enquiries you may make to us, for example to our Investor Relations or Treasury team, via the ‘Contact Us’ section of this website, responding to any shareholder notifications, signing up to receive a Regulatory News Services or RNS alert, if you are engaged in a recruitment process with us, or if you contact us via Compass’ confidential reporting programme, Speak Up, We’re Listening.
It is important that you read this privacy notice together with any other information we may provide on specific occasions when we are collecting or processing personal information about you so that you are fully aware of how and why we are using your data. This privacy notice is complementary to the other information which we might provide in specific circumstances and will not override it.
Personal data, or personal information, means any information relating to natural persons who:
It does not include data where the identity has been removed (anonymous data). There are special categories of more sensitive personal data which require a higher level of protection, such as information about a person's health, religious beliefs or sexual orientation.
The content of any enquiry you may submit via the Contact Us section of our website, or via our Investor Relations or Group Treasury team will vary but, ordinarily, in these scenarios we are likely to be collecting your personal information to respond to your request and to enable us to comply with our legal obligations. We are likely to collect, store, and use the following categories of personal information about you in order to fulfil that relationship.
We may collect, store, and use the following categories of personal information about you when you interact with our website:
How is your personal information collected?
We collect personal information when you interact with our website or send us a message.
How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
Situations in which we will use your personal information
The situations in which we will process your personal information are listed below:
We may from time to time carry out other types of processing. For example, to carry out activities necessary to the running of our business, including network monitoring, system testing, staff training, quality control and any legal proceedings. We have a legitimate interest or legal obligation to do so. We may carry out activities that process personal data in order to monitor the performance of our network, systems or the activities of our teams, so that we can ensure the integrity and availability of those systems.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
How we use particularly sensitive personal information
Special categories of personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We do not ordinarily process special categories of personal information via our website. In limited circumstances we may process special categories of personal information if you voluntarily provide it when submitting an enquiry to us.
Data sharing
We may have to share your personal information with third parties, including third-party service providers and other legal entities within the same group of companies as Compass.
We require our third-party processors to respect the security of your personal information and to treat it in accordance with the law.
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to pursue the relationship we have with you, or where we have another lawful basis for doing so.
Which third-party service providers process my personal information?
Third parties include third-party service providers (including contractors and designated agents) and other entities within our group who we might use to help respond to your request, maintain our website and make it easier for you to subscribe to different functions such as an RNS alert.
These include:
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies and our Group Data Sharing Agreement. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
What about other third parties?
We may also need to share your personal information with a regulator or to otherwise comply with the law. This may include making disclosures to stock exchange regulators.
As an individual shareholder of Compass, we will hold certain information about you, including any information that you or an agent of yours may provide to us. This may be via one of our service providers such as Link Group, or via email, telephone or in another written format.
We may collect, store, and use the following categories of personal information about you as a shareholder: personal contact details such as name, title, addresses, post code, telephone numbers, email addresses and any other profile information you may share with us.
How is your personal information collected?
We collect personal information when you transact in shares in Compass.
How we will use information about you
We will only use your personal information when the law allows us to. We will use your personal information in the following circumstances:
Situations in which we will use your personal information
The situations in which we will process your personal information are listed below:
How we use particularly sensitive personal information
Special categories of personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We do not ordinarily process special categories of personal information via your shareholding in Compass.
Data sharing
We may have to share your personal information with third parties, including third-party service providers and other legal entities within the same group of companies as Compass.
We require our third-party processors to respect the security of your personal information and to treat it in accordance with the law.
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to pursue the relationship we have with you, or where we have another lawful basis for doing so.
Which third-party service providers process my personal information?
Third parties include third-party service providers (including contractors and designated agents) and other entities within our group who we might use to help maintain our shareholder list and process share transactions.
These include:
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies and our Group Data Sharing Agreement. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
What about other third parties?
We may also need to share your personal information with a regulator or to otherwise comply with the law. This may include making disclosures to stock exchange regulators.
Speak Up, We’re Listening is Compass’ confidential reporting programme which provides a channel to seek guidance on ethical concerns and issues, express your views freely and to report, in confidence, any concerns regarding potential breaches of our Code of Business Conduct involving any unethical, illegal or other improper circumstances or behaviours.
Our Compass Speak Up platform and helpline is operated by an independent third-party provider, OneTrust LLC and is available 365 days a year, 7 days a week, 24 hours a day, in all of the countries in which we operate. Reports received are referred to Group Ethics & Integrity for confidential review and assignment for follow up and/or investigation, as appropriate.
When we receive a report from you, via our Helpline or Platform (web-intake) a case is created which contains the details of your complaint. When you make this report, the amount of personal information collected is your decision, you can choose to submit as much or as little as you wish. This may include your identity, contact details and any other information you provide which may contain special categories of personal information such as health, ethnic information and imagery. Should you make a report anonymously, the case will only reflect the information you provide about the situation. In each instance, this information will be kept confidential and restricted to a limited number of employees.
How is your personal information collected?
We will collect personal information when you submit a report via Speak Up, We’re Listening.
How we will use information about you
We will use your personal information to comply with our legal obligations and to help follow up or investigate the concern you have raised (where applicable). We may also use your personal data to contact you about your report if you have consented for us to do so. The personal information you submit will be kept confidential and we won't disclose it without lawful authority. Your identity will not be disclosed without your consent to anyone beyond those dealing with and investigating the concerns or those included on a strict need-to-know basis to receive and act upon the findings or remedial actions, unless this is necessary and proportionate in the context of looking into the matter, undertaking an investigation and/or seeking legal advice.
How we use particularly sensitive personal information
Special categories of personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We do not ordinarily process special categories of personal information via Speak Up, We’re Listening programme. In limited circumstances we may process special categories of personal information if you voluntarily provide it when making your report or a report is made where you are mentioned, or in any subsequent interactions with our Group Ethics and Integrity team.
Data sharing
We may have to share your personal information with third parties, including third-party service providers and other legal entities within the same group of companies as Compass.
We require our third-party processors to respect the security of your personal information and to treat it in accordance with the law.
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to administer and manage the Speak Up Helpline or Platform or where we have another lawful basis for doing so.
Which third-party service providers process my personal information?
Our Speak Up, We’re Listening Helpline and Platform is provided by OneTrust LLC, an industry leading technology platform. Our contract with OneTrust is supported by a Data Processing Agreement which details the controls we have in place to protect and respect personal data, and which complies with UK law on international transfers of data. Various parts of our Speak Up, We’re Listening platform are provided or hosted in the US and the EEA and your data will be processed in the US and the EEA.
We may also need to share your personal information with professional advisors such as legal advisors, our auditors and if required, law enforcement or other regulators.
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies and our Group Data Sharing Agreement. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
This section of our privacy notice applies to if you are involved in a recruitment process with Compass Group PLC or Compass Group Holdings Plc.
The kind of information we hold about you
Personal data, or personal information, means any information relating to natural persons who:
It does not include data where the identity has been removed (anonymous data).
There are special categories of more sensitive personal information which require a higher level of protection, such as information about a person's health, religious beliefs or sexual orientation.
The online or hard-copy forms and processes we might ask you to complete from time-to-time will vary but, ordinarily, in the scenarios where we are likely to be collecting your personal information to potentially pursue the employer – employee relationship. We are likely to collect, store, and use the following categories of personal information about you in order to fulfil that relationship, some of which will depend on the role for which you are applying for.
We may collect, store, and use the following categories of personal information about you:
Some roles have regulatory requirements or are client focussed roles for industries where they are obliged to undertake stringent vetting on their own employees and those of contractors. In such circumstances, we will have to undertake a level of investigation about you that might seem unnecessarily intrusive. We will only do this where we are required to do so or where our client demands this of us. If we do not do this, we may not be able to fulfil our regulatory obligations or our client might not grant you access to their premises and you might be unable to perform your intended role.
We may also collect, store and use the following special categories of more sensitive personal information:
How is your personal information collected?
We collect personal information about potential employees, workers and contactors (whether on a permanent, part-time or casual basis) through the application and recruitment process, either directly from candidates or sometimes from a recruitment agency, intermediary or background check provider.
We may sometimes collect additional information from third parties including former employers, credit reference agencies or other background check agencies.
We may also use the following other sources of personal information:
We may also collect personal information from the trustees or managers of pension arrangements operated by a group company, if relevant.
We will collect additional personal information in the course of job-related activities throughout the period for which you work for us and this is covered in our Employee Privacy Notice.
How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
Situations in which we will use your personal information
Depending on the nature of the role for which you are applying, from time-to-time, we are likely to need most of the categories of information in the list above to allow us properly to perform the relationship we have with you. Some we will need to comply with legal obligations.
In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.
The situations in which we will process your personal information are listed below:
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
How we use particularly sensitive personal information
Special categories of personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We may process special categories of personal information in the following circumstances:
Automated decision-making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. We are allowed to use automated decision-making in the following circumstances:
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making unless we have a lawful basis for doing so and we have notified you. The most likely use of automated decision making is in response to questions we ask about your entitlement to work in the UK. These decisions will be based on the information you provide to us.
Data sharing
We may have to share your personal information with third parties, including third-party service providers and other legal entities within the same group of companies as Compass.
We require our third-party processors to respect the security of your personal information and to treat it in accordance with the law.
Why might you share my personal information with third parties?
We will share your personal information with third parties where required by law, where it is necessary to pursue the relationship, we have with you or where we have another lawful basis for doing so.
Which third-party service providers process my personal information?
Third parties include third-party service providers (including contractors and designated agents) and other entities within our group who we might use to help administer the recruitment process, employment contract or agreement we have with you.
The following are the activities which are most likely to be carried out by third-party service providers for us, in relation to supporting the recruitment process such as background checking agencies, recruitment agencies, credit reference agencies and security vetting organisations.
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
What about other third parties?
We may also need to share your personal information with a regulator or to otherwise comply with the law. This may include making disclosures to stock exchange regulators and disclosures to shareholders such as directors' remuneration reporting requirements.
Compass Group PLC has two social media channels: a LinkedIn page and a YouTube channel. These channels are provided by third party providers LinkedIn Inc and YouTube Inc on their respective platforms. Each of these companies acts as a separate data controller of any personal information you post on these platforms when interacting with our channels and how they use your personal information is contained within their respective privacy notices.
Any personal information that you have made public and accessible via your profiles on the social media channels in question will be available to us.
How long will Compass keep my personal information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
What other rights do I have in respect of my personal information?
You have rights under data protection laws in relation to your personal information. Under certain circumstances your rights are as follows:
Request access to your personal information (commonly known as a "data subject access request" or “DSAR”). This enables you to receive a copy of the personal information we hold about you in order to check that we are processing it lawfully.
If you wish to exercise any of the rights set out above, please contact us at [email protected].
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
Changes to this Notice
Should Compass decide to substantially modify the manner in which Compass collects or uses your personal information, the type of personal information that Compass collects or any other aspect of this Notice, Compass will notify you as soon as possible by reissuing a revised Notice, or taking other steps in accordance with applicable law.
Who can I contact if I have questions?
Full name of legal entity Compass Group PLC
Who to contact Director of Data Privacy
Email address [email protected]
Postal address Compass House, Guildford Street, Chertsey, KT16 9BQ
As noted in the introduction, Compass has subsidiary companies through which it operates. Some group subsidiaries will contract in their own legal name and have their own privacy notices.
Please refer to their applicable privacy notices by selecting the country you require from the drop-down list found on our Contact Us page.
How to make a complaint
You have the right to make a complaint at any time to our supervisory authority the Information Commissioner's Office (ICO) (www.ico.org.uk).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO; so please contact us in the first instance.