Data Protection & Privacy Notice

1. General

This Service is a web and phone-based system provided by Primo Water Corporation (“Primo Water”, “we” or “us”) to our Personnel, and the Personnel of our business partners (together, “Reporters” or “you”) for reporting suspected violations of laws or regulations, or company policies related to financial, accounting, auditing and bribery matters.

For more information click here.

In certain countries outside the EU (such as the United States) this Service may also be used to report suspected violations of other matters. The Service and the database in which the Personal Data and other information that you may report is stored are operated by NAVEX, Inc. (“NAVEX”) in the United States.

For the purposes of this Notice, Primo Water is the Controller and NAVEX is a Processor. You may contact your local Human Resources representative, Legal, or Compliance departments with any questions relating to this Notice or Service.

Defined terms used in this Notice are explained in Section 11 below.

This Notice may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of Personal Data, or changes in applicable law. We encourage you to read this Notice carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Notice. We will notify you of any significant changes.

2. Legal basis for Processing

Use of this service is entirely voluntary. You are encouraged to report possible violations directly to your supervisor or manager and/or a representative from the Human Resources, Legal, or Compliance departments, depending on the nature of the possible violation. If you feel that you are unable to do so, you may use this Service to make your report.

In Processing your Personal Data in connection with the purposes set out in this Notice, we may rely on one or more of the following legal bases:

the Processing is required by applicable law;
the Processing is required in order to establish, exercise or defend legal rights;
the Processing is necessary to protect the vital interests of any individual, to the extent applicable; or
we have a legitimate interest in carrying out the Processing, which is not overridden by the interests, fundamental rights, or freedoms of any individual. Where we rely on this legal basis, our legitimate interests are: (i) accounting (including internal accounting controls); (ii) auditing and reporting; and (iii) combatting bribery, banking and financial crime or, insider trading.

3. Use of This Service

Use of this Service is entirely voluntary. You are encouraged to report possible violations directly to your supervisor or manager and/or a representative from the Human Resources, Legal, or Compliance departments, depending on the nature of the possible violation. If you feel that you are unable to do so, you may use this Service to make your report.

For more information click here.

In certain countries, Primo Water may only accept reports through this Service that relate to financial, accounting, auditing, or bribery matters. If your concern pertains to a matter that, under applicable law, may not be accepted by Primo Water through the system, you will need to contact a representative from the Human Resources, Legal, or Compliance departments to report the matter. Please be aware that the information you supply about yourself, your colleagues, or any aspect of the company’s operations may result in decisions that affect others. Therefore, we ask that you only provide information that, to the best of your knowledge and belief, is correct and factual. You will not be subject to retaliation from Primo Water for any report of a suspected legal or compliance violation that is made in good faith, even if it later turns out to be incorrect. Please be aware, however, that knowingly providing false or misleading information will not be tolerated. The information you submit will be treated confidentially except in cases where this is not possible because of legal requirements or in order to conduct a proper investigation, in which case the information will be handled sensitively. We encourage you to identify yourself in order for us to follow up with questions we may have.

4. Categories of Personal Data

This Service captures the following Personal Data and other information that may be shared by you: (i) your name and your contact details, when provided, and whether you are employed or engaged by us, by any of our subsidiaries, or by a business partner; (ii) the name and other Personal Data of the persons you name in your report if you provide such information (i.e., a description of functions and contact details); and (iii) a description of the alleged misconduct as well as a description of the circumstances of the relevant incident(s). Note that depending upon the laws of the country in which you work, it may not be possible to make the report anonymously; however, your personal information will be treated confidentially and will only be disclosed as set out below.

5. Collection and storage of Personal Data

The Personal Data and other information you provide are stored in a database which is located on servers hosted and operated by NAVEX in the United States. Our contracts with NAVEX legally oblige NAVEX to ensure that any Personal Data or other information transferred from any country to the United States is protected to the standards expected under all applicable privacy laws. Further details of international transfers of Personal Data are set out in Section 6 below.

For more information click here.

For the purpose of Processing your report, and subject to the provisions of applicable law, the Personal Data and other information you provide may be accessed and Processed by relevant Personnel of Primo Water who are authorized to handle such reports which may include Personnel from the Human Resources, Finance, Internal Audit, Legal, Security, Compliance departments, management, external advisors (e.g., legal advisors), or, in limited circumstances, by technical Personnel at NAVEX. Those individuals may be located in the United States or elsewhere.

6. Disclosure and international transfer of Personal Data

The Personal Data and other information you provide may also be disclosed to: (i) law enforcement and/or other enforcement or regulatory authorities if required by law; and (ii) third party investigators, advisors, and service providers, subject to suitable contractual safeguards in accordance with applicable law.

The third parties to whom we may disclose such Personal Data may be located in the US or in another country that may not provide a level of data protection as available in your country. We will ensure that any personal information transferred from any country to the United States is protected to the standards expected under applicable privacy laws. When we transfer Personal Data out of the European Economic Area we will make those transfers on the basis of [EU Standard Contractual Clauses]. A copy can be requested using the contact details provided in Section 10 below.

7. Data retention

The Personal Data and other information you provide will be kept as long as necessary to: (i) process your report and complete any necessary internal investigations; (ii) apply any appropriate disciplinary measures; (iii) satisfy our legal obligations under applicable law; (iv) participate in any legal or regulatory investigations and/or legal or regulatory proceedings; and (v) establish, exercise and defend legal rights, including retaining Personal Data for the duration of the applicable retention period. Once these periods have all expired, the Personal Data and/or information you provide will be deleted within a limited timeframe, in accordance with applicable law.

8. Rights of Report Subjects and Reporters

Primo Water will promptly notify any person who is the subject matter of a report to this Service, where required by applicable law, except where such notice needs to be delayed to ensure preservation of relevant information, or to satisfy our obligations under applicable law.

For more information click here.

In certain countries, the subject of the report may have the right to access information concerning the report (with the exception of your identity).

Subject to applicable law, you may have a number of rights regarding the Processing of your Personal Data, including:

the right to request access to, or copies of, your Personal Data that we Process or control;
the right to request rectification of any inaccuracies in your Personal Data;
the right to request, on legitimate grounds:
- erasure of your Personal Data that we Process or control; or
- restriction of Processing of your Personal Data that we Process or control;
the right to object, on legitimate grounds, to the Processing of your Personal Data;
the right to have your Personal Data transferred to another Controller, to the extent applicable and subject to any applicable confidentiality obligations; and
the right to lodge complaints regarding the Processing of your Personal Data with a Data Protection Authority.

This does not affect your statutory rights.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Notice, or about our Processing of your Personal Data, please use the contact details provided in Section 10 below.

9. Special Country Regulations

In many countries, reports can only be made relating to bribery, financial, accounting, auditing, or similar issues. Further, some countries restrict reports such that only Personnel in key roles or management functions may be reported upon.

In some countries, anonymous reports may not be permitted under the law save under extremely restrictive circumstances.

If you work in a country that has these restrictions, you will be limited to reporting only allowable issue types and/or prevented from anonymous reporting. If you are located in a country that limits who you may report upon, you will be presented with a reminder of this fact.

10. Contact details

If you have any comments, questions or concerns about any of the information in this Notice, or any other issues relating to the Processing of Personal Data by Primo Water, please email the Compliance Director at internalaudit@primowater.com and include your contact details.

11. Definitions

‘Controller’ means the entity that decides how and why Personal Data is Processed. In many situations, the Controller has primary responsibility for complying with applicable data protection laws.

‘Primo Water’ means Primo Water Corporation, together with its subsidiaries and affiliates.

‘Data Protection Authority’ means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.

‘Personal Data’ means information that is about any individual, or from which any individual is identifiable.

‘Personnel’ means any current, former or prospective employee, consultant, temporary worker, intern, other non-permanent employee, contractor, secondee, or other personnel.

‘Process’, ‘Processing’ or ‘Processed’ means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

‘Processor’ means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).

‘Service’ means the web and phone-based reporting service provided by NAVEX, to which this Notice relates.

I consent
I have read and expressly consent to the processing of my personal information as described above.