PRIVACY POLICY

INTRODUCTION

This Privacy Notice applies to personal information collected by or on behalf of East African Breweries PLC ("EABL") in respect of the EABL up to KSHS20,000,000 Medium Term Note Programme. It sets out what we do with your personal information, how we keep it secure and explains the rights that you have in relation to your personal information.

WHO WE ARE

EABL is East Africa’s leading premium drinks business. Details of EABL’s different brands can be found here.

EABL is a member of the Diageo group of companies, the ultimate holding company of which is Diageo. EABL is registered in Kenya with company number C.5/34 and is situated at the Garden City Business Park,5th Floor, Block A, Ruaraka, Nairobi, Kenya. Information on EABL can be found in our latest annual report, which is available here.

All references to 'our', 'us', 'we', or ‘company’ within this notice are deemed to refer to EABL, its subsidiaries, affiliates, and/or associates, as appropriate.

KSHS20 BILLION DOMESTIC MEDIUM-TERM NOTE PROGRAMME

WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT?

Personal information is information about an identifiable individual, as defined by applicable law. We collect personal information that you provide to us.

We have set out below more details regarding these types of personal information:

Information you provide to us: These types of personal information may include:

  • contact details (such as your name, postal & physical addresses, phone numbers, next of kin details and email addresses),
  • online registration information (such as your password and other authentication information),
  • payment information (such as your credit card information, CDSC account, bank details and billing address),
  • information provided as part of online questionnaires (such as responses to any customer satisfaction surveys or market research),

HOW/WHEN DO WE COLLECT PERSONAL INFORMATION?

Information you provide to us: You provide personal information directly to us when you subscribe to the EABL up to KSHS20,000,000 Medium Term Note Programme.

PURPOSES FOR WHICH YOUR PERSONAL INFORMATION IS USED

The different purposes for which we use your personal information are set out below:

  • Corporate transactions: We may use your personal information in the event of a sale of the EABL Medium Term Notes.
  • Authentication and access control: We may use your personal information to authenticate your access to our websites and to determine which content to provide you and/or whether you should be granted access to certain content. We may also use your personal information to verify your identity when responding to any requests to exercise your rights under applicable law.
  • Comply with legal obligations and protect against legal claims or liability: We may use your personal information to comply with our legal obligations, protect us against legal claims, or to detect, protect, or defend us and/or other third parties against error, negligence, breach of contract, theft, fraud, or other illegal or harmful activity, to comply with our audit and security requirements, or to audit compliance with our corporate policies, procedures, legal, or contractual obligations.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL INFORMATION

We will only process your personal information where we have a legal basis to do so. The legal basis will depend on the purposes for which we have collected and use your personal information. In almost every case the legal basis will be one of the following:

  • Consent: Where you have provided your consent to receive certain marketing from us. You can withdraw your consent at any time.
  • Our legitimate business interests: Where it is necessary for us to understand our customers, participants, promote our services and operate effectively as a multinational beverages company, provided in each case that this is done in a legitimate way which does not unduly affect your privacy and other rights.
  • Performance of a contract with you: This would also apply where we need to take steps prior to entering into a contract with you. For example, where you have purchased Notes from us and we need to use your contact details and payment information in order to process your order and send the product to you.
  • Compliance with law: Where we are subject to a legal obligation and need to use your personal information in order to comply with that obligation.

DISCLOSURE OF YOUR PERSONAL INFORMATION

We value your personal information and only share it with third parties in certain circumstances. From time to time we may disclose personal information to:

  • third parties where you have provided your consent. For example, we will obtain your permission before we allow a third party that is not an affiliate to access your information.
  • our service providers and subcontractors, including our affiliates, and/or third party websites (such as social media platforms or search engines) retained to perform functions on our behalf, or to provide services to us including; credit card and data processing; website hosting and management; information technology and office services; legal, accounting, audit and other professional service providers; and other services related to our business), provided such service providers and subcontractors have entered into written agreements with us and do not collect, use, or disclose the personal information for any purpose other than to perform such functions on our behalf, to provide services to us, or as otherwise required or permitted by law;
  • third parties who, in our reasonable judgment, are providing or seeking the information as your authorized or appointed legal agent;
  • a person or entity, including our affiliates, in the event of a sale, merger, consolidation, change in control, transfer of substantial assets, financing, reorganization, or liquidation whereby we transfer, sell, or assign to such third party information concerning your relationship with us, including without limitation, personal information that you provide and other information concerning your relationship with us; and
  • law enforcement, governmental or regulatory agencies, or other third parties in order to comply with applicable law, or where we believe such action is necessary in order to comply with applicable law, or to detect, protect, or defend us and/or other third parties against error, negligence, breach of contract, theft, fraud, or other illegal or harmful activity, to comply with our audit and security requirements, or to audit compliance with our corporate policies, procedures, legal, or contractual obligations.

INTERNATIONAL DATA TRANSFERS

Please note that your personal information may be transferred to, and stored at, a destination outside the country in which you reside, including countries, which have less strict, or no data protection laws, when compared to those in your country.

Whenever we transfer your information as described in the paragraph above, we will take steps which are reasonably necessary to ensure that adequate safeguards are in place to protect your personal information and to make sure it is treated securely. In these cases, we rely on approved data transfer mechanisms (for example, the EU “Standard Contractual Clauses” or the EU-US “Privacy Shield”) to ensure your information is subject to adequate safeguards in the recipient country. If you are located in the EEA, you may contact us using the contact details below for a copy of the safeguards which we have put in place to protect your personal information and privacy rights in these circumstances.

INFORMATION SECURITY

We take information security seriously and take precautions to keep your personal information secure. We have put in place appropriate physical, technical, and organizational measures to safeguard the information we collect. However, we have no control over the privacy of any communication while it is in transit to us. We therefore recommend that you do not include confidential, proprietary, or sensitive information in any such communications.

Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem by contacting us at the contact details below.

In the unlikely event that we believe that the security of your personal information in our possession or control may have been compromised, we may seek to notify you of that development. If such a notification is appropriate, we will endeavour to do so as promptly as possible under the circumstances, and, to the extent we have your email address, we may notify you by email.

You are reminded that, in accordance with the Conditions of Use for this website and/or app, you are responsible for maintaining the strict confidentiality of your account password, and you are responsible for any activity under your account and password. It is your sole responsibility to control the dissemination and use of your password, access to and use of your account, and to notify us when you wish to cancel your account. We will not be responsible or liable for any loss or damage arising from your failure to comply with this obligation.

YOUR RIGHTS

Depending on the jurisdiction in which you are located, you have certain rights in relation to your personal information. These rights may include:

  • the right to withdraw your consent to any processing of your personal information (where you had provided consent);
  • the right to object to the processing of your information for certain purposes;
  • the right to access your personal information, and the ability to erase, restrict or in certain cases receive a machine-readable copy of your personal information;
  • the right to ask us to rectify any information about you that you think is inaccurate; and
  • the right to unsubscribe from any of our marketing communications at any time.

If you wish to exercise any of these rights you may contact us as stated below. We will handle any request to exercise your rights in accordance with applicable law in your country and any relevant legal exemptions.

HOW LONG WILL WE RETAIN YOUR PERSONAL INFORMATION FOR?

We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law. After this period it will be deleted or in some cases anonymised.

Where we have collected the personal information based on your consent and we have no other lawful basis to continue with that processing, if you subsequently withdraw your consent then we will delete your personal information. However, please note that where you unsubscribe from our marketing communications, we will keep a record of your contact details to ensure we do not send you further marketing communications in future.

INTERFACES WITH THIRD-PARTY WEBSITES AND SERVICES

Our websites may contain links, references, and content from other websites and services outside of our control. Please be aware that we have no control over these websites and services and our Privacy Notice does not apply to them.

We will not be liable to you for any issues arising in connection with their use of your information and we encourage you to read the Privacy Notice and Conditions of Use of any linked, referenced, or interfacing websites and services you visit or use.

HOW TO CONTACT US

We are committed to safeguarding your privacy. If you have any comments, queries, or complaints about our collection or use of personal information please contact us via:

Post: East African Breweries PLC, Data Protection Officer, Garden City Business Park, Block A, Garden City Road, Ruaraka, Nairobi, Kenya.

Email: DataProtectionOffice@eabl.com

If you are not satisfied with the response that you receive from EABL, you may, where applicable, contact the relevant data protection regulator in your jurisdiction. EABL will provide information on the manner in which complaints to regulators may be made, if requested to do so.