Fresh & Wild EU Candidate Privacy Notice
In this Fresh & Wild EU Candidate Privacy Notice (“Notice”), references to “Fresh & Wild”, “we”, “us” and “our” will mean Fresh & Wild Limited. Fresh & Wild and its affiliated companies will be referred to collectively as the “Whole Foods Market Group”.
We know that you care how we use information about you and we appreciate your trust in us to do that carefully and sensibly. This Notice outlines how we collect, use and transfer (collectively “process”) the personal data of our candidates.
WHO IS THE CONTROLLER?
The controller is Fresh & Wild Limited; it determines how and why your personal data is processed. Our address is The Barkers Building, 63-97 Kensington High Street, London, W8 5SE, United Kingdom.
PROCESSING OF YOUR PERSONAL DATA
How and why we process your personal data?
Fresh & Wild will process your personal data for job recruiting and placement purposes, including notification of future job opportunities, and, for successful candidates, for employment purposes. You will find details on the personal data processed and the purposes for this processing below. Sometimes, these activities are carried out by third parties, including other members of the Whole Foods Market Group (see
“Does Fresh & Wild share personal data with others?” below).
If provided to us, we process the following categories of personal data about you:
identification data, including first name and surname;
contact information, including home address, phone/mobile/fax number, e-mail address;
gender, date of birth, citizenship;
data regarding responses to screening questions (where applicable);
background check information (where applicable);
previous employment information, including date of hire, job title, department and business unit, work location, work status (full time, part time), data pertaining to work preferences and abilities;
resume, including education, past work experience and references;
information on certain health conditions (only where required by law);
job interview notes;
Processing of this personal data is required to enable Fresh & Wild to administer the recruiting process, including the set-up of an electronic job applicant HR file, managing your application, organizing interviews – in short, the processing is necessary for us to enter into a contract with you. In case of legal proceedings, we will need to process your personal data to establish, exercise or defend us against the legal claim. We may also share your personal data with other Whole Foods Market Group companies to consider you for future job openings and will retain your data for a limited period of time beyond an unsuccessful application for this purpose (as described below). You can object to such use of your data (see below at
“What are my rights under applicable data protection laws”).
Where does Fresh & Wild obtain my personal data from?
Most of the personal data we process is obtained from you when you file your application with Fresh & Wild, but we also obtain personal data about you in the course of the application process (for example, during interviews or via job assessments). Other data types may be obtained from third parties, including for example, recruitment agencies.
In most cases, you will be required to submit your application online. You have the opportunity to use LinkedIn, Dropbox, Google Drive, and Microsoft Box to upload your resume, and the opportunity to use your external social media accounts, such as LinkedIn or Twitter, to facilitate the set-up of your Fresh & Wild candidate application. In that event, Fresh & Wild will be provided with the latest information from your social media account. Additional privacy terms of the social media service providers may apply.
DOES FRESH & WILD SHARE PERSONAL DATA WITH OTHERS?
Our Group Companies
Personal data will only be shared across the Whole Foods Market Group in certain circumstances and where lawful to do so, for example with limited members of the human resources department or the IT department, both of which may be working for different Whole Foods Market Group entities. Whenever we need to share your personal data, we will only do so on a need to know basis and with selected employees for tasks within their job responsibilities. The Whole Foods Market Group takes appropriate steps to ensure that such personnel are bound by duties of confidentiality with respect to your personal data.
Your personal data may in particular be shared with
Whole Foods Market Services, Inc. in the USA for storing and maintaining your personal data in our electronic database.
We use third party service providers (e.g. Workday, SalesForce Inc. or work agencies) who provide technical and support services in connection with the application and recruitment process (such as hosting or “Software as a Service”). In providing the services, your personal data will, where applicable, be processed by the service provider on the Whole Foods Market Group’s behalf.
We will confirm for any third party that we use that they can provide sufficient guarantees regarding the confidentiality and security of your data. We will ensure that any third party complies with our data security standards and international transfer restrictions.
Disclosure to third parties
In certain circumstances, we share and/or are obliged to share your personal data with third parties outside the Whole Foods Market Group, for the purposes described above and in accordance with applicable data protection laws. These parties will act as controllers of your personal data in their own right, and they will be responsible for compliance with applicable data protection laws.
These third parties are:
police, public prosecutors
external advisors (such as legal advisors, accountants)
DOES FRESH & WILD TRANSFER PERSONAL DATA TO COUNTRIES OUTSIDE THE EEA?
We also transfer the personal data we process to countries outside the European Economic Area (”EEA”), for example, when one of our service providers (including Whole Foods Market Group companies) use staff or equipment based outside the EEA. In particular, we transfer personal data to the USA pursuant to the EU-US Privacy Shield framework (see “EU-US Privacy Shield” below).
HOW IS MY PERSONAL DATA SECURED?
We maintain physical, electronic and procedural safeguards to protect the confidentiality, integrity and availability of your personal data. We have in particular taken appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data.
HOW LONG DOES FRESH & WILD STORE MY PERSONAL DATA?
If your application for employment is successful and you commence employment with Fresh & Wild, your personal data will be transferred to your personnel file and will be processed for employment purposes.
If your application for employment is not successful, we will keep your personal data for a period of up to 6 years for the purposes of (i) contacting you for future job vacancies and (ii) the establishment, exercise or defence of legal claims.
WHAT ARE MY RIGHTS UNDER APPLICABLE DATA PROTECTION LAWS?
You have the right to request access to, correction, or deletion of your personal data, to ask for data portability. You are also entitled to object to the processing of your personal data in certain instances. If we process your personal data based on your consent, you may withdraw it for the future at any time. To make a data subject request, please contact us
QUESTIONS AND QUERIES
If you would like further information about your data protection rights please contact Fresh & Wild (or our data protection officer via
). If you have any concerns, please contact us with a thorough description and we will try to resolve the issue for you. You can also file a complaint with our supervisory authority, the
United Kingdom Information Commissioner's Office, or with a local authority.
CHANGES TO THIS NOTICE
We may decide to change this Notice. If the change may significantly affect you, we will provide you with the updated Notice in advance of the change actually taking effect. We encourage you to review the content of this Notice regularly.
EU-US PRIVACY SHIELD
Whole Foods Market Services, Inc. and certain of its subsidiaries and affiliated companies in the United States (together, the "Whole Foods US Companies" or, for purposes of this “EU-US Privacy Shield” section, “we” or “our”, see below) participate in the EU-US Privacy Shield Framework regarding the collection, use, and retention of personal information from European Union member countries. We have certified with the Department of Commerce that we adhere to the Privacy Shield Principles. To learn more about the Privacy Shield Principles, see here.
If you have any inquiries or complaints about our handling of your personal information under Privacy Shield, or about our privacy practices generally, please contact us at:
GDPR@wholefoods.com . We will respond to your inquiry promptly. If we are unable to satisfactorily resolve any complaint relating to the Privacy Shield, or if we fail to acknowledge your complaint in a timely fashion, you can submit your complaint to the panel of European data protection authorities (DPAs), which serve as an independent dispute resolution body to resolve Privacy Shield complaints at no cost to you. We have committed to cooperate and comply with the panel of European DPAs in the resolution of any Privacy Shield complaints. The European DPAs’ contact details can be found here. If neither we nor the European DPAs resolve your complaint, you may pursue binding arbitration through the Privacy Shield Panel. To learn more about the Privacy Shield’s binding arbitration scheme, please see here.
We will only process personal information in ways that are compatible with the purpose we collected it for, or for the purposes you later authorize. Before we use your personal information for a purpose that is materially different than the purpose we collected it for or that you later authorized, we will provide you with the opportunity to opt-out.
We sometimes provide personal information to third parties to perform services on our behalf. If we transfer personal information received under the Privacy Shield to such a third party, the third party's access, use, and disclosure of the personal information must also be in compliance with our Privacy Shield obligations, and we will remain liable under the Privacy Shield for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.
You can review our Privacy Shield registration here. The Whole Foods US Companies are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). We may be required to disclose personal information that we handle under the Privacy Shield in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
WHOLE FOODS US COMPANIES
As of December 7, 2018, the following entities are included in Whole Foods Market Services, Inc.'s Privacy Shield Certification:
Whole Foods Market Services, Inc.
Allegro Coffee Company
Clinical Wellness Group of Texas
Mrs. Gooch's Natural Food Markets, Inc., a California corporation
WFM Northern Nevada, Inc.
WFM Private Label, L.P.
WFM Southern Nevada, Inc.
Whole Food Company, Inc.
Whole Foods Market California, Inc., a California corporation
Whole Foods Market Group, Inc., a Delaware corporation
Whole Foods Market Pacific Northwest, Inc., a Delaware corporation
Whole Foods Market Rocky Mountain/Southwest, L.P., a Texas limited partnership