Privacy Notice

Who this Privacy Notice applies to?

This site (“Site”) is owned and operated by Coca-Cola European Partners, with registered office address at Pemberton House, Bakers Road, Uxbridge, Middx UB8 1EZ, United Kingdom (referred to as “CCEP”). Our core activity is bottling, sales and marketing of Coca-Cola products. We act as a data controller on behalf on the CCEP Group of companies (https://www.ccep.com/contact). This Privacy Notice applies to each of these companies. Each CCEP entity is a separate and independent legal entity and this Privacy Notice applies to each separately and independently. None of the CCEP entities have any liability for the other entities’ acts or omissions. We want to be a great company. In order to achieve that goal we are committed to work in the right way. We act with integrity and respect your privacy. We are trusted with your personal data and we are committed to protect the personal data you share with us and handling your information in an open and transparent manner, in particular with respect of the General Data Protection Regulation 2016/679 of 27 April 2016 (‘GDPR’). With this Privacy Notice we would like to inform you more about why and how we use your personal data when we perform any activities that form part of the operation of our business as described below or when you use our Site, who we give that information to, what your rights are and who you can contact for more information or queries. What is covered by this Privacy Notice? The legal grounds for processing your data Disclosures Your rights How to contact us? Changes to this policy What is covered by this Privacy Notice? When we refer to “our Site” or “this Site” in this policy we mean this specific webpages. This Site links to several sub-sites provided by other entities within the CCEP Group of companies or third parties. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices of other websites. This Privacy Notice applies solely to data collected by this Site. These sub-sites are subject to their own Privacy Notices. We encourage you to review those notices when linking to those sub-sites before disclosing any personal information. How we obtain data

We may collect personal data from you when in connection with the performance of any activities that form part of the operation of our business as described below or when you use our Site. We may collect or obtain such data because you give it to us (for example in a form on our Site), because other people give that data to us (for example your employer or third party service providers that we use to help operate our business) or because it is publicly available. Where we are provided with personal data about you by other parties, we use reasonable efforts to include clauses into the contract with this party that will require them to comply with the privacy laws and regulations relevant to that information; this may include, for example, that this party has provided you with a proper information notice and has obtained any necessary consent for us to process that information as described in this Privacy Notice. We may also collect or obtain personal data from you because we observe or infer that data about you from the way you interact with us or others.

Data we collect and why we use it

The personal data that we collect or obtain may include: identification data (such as name, address (private/work), phone number (private/work), e-mail address (private/work), country of residence, electronic identification data (cookie identifiers, logged data, IP addresses, your browser type and language, your access times,...); personal characteristics (such as age, gender, date of birth, place of birth, civil status, nationality); your financial specifics (such as your bank account number); your personal preferences for our products; lifestyle and social circumstances; family circumstances (for example, your marital status and dependents); employment and education details (for example, the organisation you work for, your job title and your education details); your postings on any blogs, forums, wikis and any other social media applications and services that we provide; details of how you use our products and services; details of how you like to interact with us and other similar information). The types of personal data that we collect will vary depending on the nature of the services that we provide or how you use our Site, such as: Commercial relationship performance - As we are a so-called business-to-business (B2B) company, we have no direct commercial relationships with consumers, but we do have commercial relationships with companies in the context of which your personal data may be shared with us. Because we provide a wide range of services, the way we use personal data in relation to these services also varies. For example, we might use your personal data for contact, accounting, invoicing, payments, delivery or hospitality purposes. Contact us – if you contact us through the Site (via social media, the contact form or by phone), we ask you for information such as your name, address and email address so we can manage and respond to your questions and comments submitted through our Site.

The legal grounds for processing your data We are required by law to set out in this Privacy Notice the legal grounds on which we rely in order to process your personal data. As a result, we use your personal data collected via our Site for the purposes outlined above because: (a) the information is required in order to provide our services to you or our client; (b) of our legitimate interests in the effective delivery of our services to you or our client; (c) of our legitimate interests in the effective and lawful operation of our business so long as such interests are not outweighed by your interests. Where we are legally required to obtain your explicit consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you. If you do not want to continue receiving any marketing materials from us, you can click on the unsubscribe function in any such communication. Disclosures In connection with one or more of the purposes outlined in the “Data we collect and why we use it” section above, we may disclose details about you to other members of the CCEP Group of companies, third parties that provide services to us and/or the CCEP Group of companies that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “Data we collect and why we use it” section above. If our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners. Please note that some of the recipients of your personal data referenced above may be based in countries outside of the European Union whose laws may not provide the same level of data protection. In such cases, we will ensure that there are adequate safeguards in place to protect your personal data that comply with our legal obligations. The adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission for transfers of personal data to third countries. Further details of the transfers described above and the adequate safeguards used by CCEP in respect of such transfers are also available from us by contacting privacy@ccep.com. In general, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice. We reserve the right to disclose your personal information as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.

Security of your data and data retention

We employ strict technical and organizational (security) measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both online and offline. These measures include: • training to relevant staff to ensure they are aware of our privacy obligations when handling personal data; • administrative and technical controls to restrict access to personal data on a ‘need to know’ basis; • technological security measures, including fire walls, encryption and anti-virus software; • physical security measures, such as staff security badges to access our premises. Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavor to protect personal data, but we cannot guarantee the security of data transmitted to us or by us. We will retain your information for a reasonable period, i.e. the longest of the following periods: (i) as long as is necessary for the relevant activity or services; (ii) any retention period that is required by law; or (iii) the end of the period in which litigation or investigations might arise in respect of the services.