Privacy Policy

The Data Controller is Sodexo Ireland Ltd of Fourth floor, One Grand Parade, Dublin 6, D06 R9X8  

Sodexo ("We") are committed to protecting and respecting your privacy. The site is IE

Your privacy is very important to us. We are committed to complying with any applicable legislation relating to Personal Data. This policy together with our terms of use set out the basis on which any personal data We collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Sodexo Limited is part of an international group of companies.  Our parent Company Sodexo SA was founded in 1966 in France and is now the worldwide leader in quality-of-life services. We provide on-site services, benefits and rewards services and personal and home services to many clients to improve quality of life.We don’t rou tinely share Personal Data between our group companies, and we’ve set out more details about when we do in the section titled “Disclosure of your Information”

To find out more about us visit our website and search under the other locations tab.

The email for our local Data Protection Officer is

How we may collect data from you and how and why we use it


When using the website, We will most likely collect your Personal data directly (via the data collection forms on our Site) or indirectly via our service providers and/or technologies on our Site. Further information is contained in the Cookie Policy and as appropriate provided in online data collection forms.


Personal data identified by an asterisk in the data collection forms are compulsory as these are necessary to fulfil any orders placed. In the absence of this compulsory information, these transactions cannot be processed. 

Please find details of the different data collected for the various purposes, in the chart (Annex 1). 


As a rule, we do not collect sensitive Personal data via our Sites. “Sensitive Personal data” refers to any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data or data relating to the sexual life or the sexual orientation of a natural person. This definition also includes personal data relating to criminal convictions and offenses.
If it would be strictly necessary to collect such data to achieve the purpose for which the processing is performed, we will do so in accordance with local legal requirements for the protection of Personal data and, in particular, with your explicit prior consent, where appropriate and under the conditions described in this policy.


Our Site is for use by adult persons who have the capacity to conclude a contract under the legislation of the country in which they are located.

Children users under the age of 16 years or without legal capacity must obtain consent from their parents or legal guardians prior to submitting their Personal data to the Site. 


Personal data may be collected for the following general purposes (a more precise description of the processing of your data can be found in the Annex 1 below): 


We process your Personal data as part of the performance and management of our contractual relationship with you, the services we provide to clients, for our legitimate interest to run our business, market and improve the quality and operational excellence of the Services we offer or in compliance with certain regulatory obligations depending on the purpose of processing as identified in the chart in Annex 1.

Your Personal data may also be processed based on your prior consent if under certain circumstances, your consent would be requested (e.g., regarding health data or for certain types of Cookies). 

Please find more information about the legal basis for each of our processing in the Annex 1 below 


As SODEXO is an international group, your Personal data may be transmitted to internal or external recipients that are authorized to perform Services on our behalf. Data protection law does not allow the transfer of Personal Data to third countries outside UK and EEA that do not ensure an adequate level of data protection. Some of the third countries in which Sodexo operates outside UK and EEA do not provide the same level of data protection as the country in which you reside and are not recognized by the European Commission as providing an adequate level of protection for individuals’ data privacy rights. 

To guarantee the security and confidentiality of Personal data thus transmitted, we will take all necessary measures to ensure that this data receives adequate protection, such as entering into data transfer agreements with the recipients of your personal data based on the applicable standard contractual clauses (“SCCs”) or other valid transfer mechanisms and we carry out, in accordance with the European Court of Justice's decision of 16 July 2020 "Scherms II" (Case C 311-18), a risk assessment of the transferred data. If you would like to receive a copy of the safeguards in place to secure data transfers outside the European Economic Area, please contact the Data Protection Officer.


The security and confidentiality of your Personal data is of great importance to us. This is why we restrict access to your Personal data only to members of our staff only to the extent strictly necessary to process your orders or to provide the requested Services. We ensure that persons authorized to process the Personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

We will not disclose your Personal data to any unauthorized third parties. We may, however, share your Personal data with entities within SODEXO and with authorized service providers (for example: technical service providers [hosting, maintenance], consultants, etc.) whom we may call upon for the purpose of providing our Services. We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.  This information is not routinely shared. It may be shared for the provision of joint services, for example IT support, Legal advice, debt recovery or HR support. It may also be shared for statistical analysis. Where appropriate a data sharing agreement is put in place. In the unusual circumstance that personal data could be shared with a Group Company outside EEA standard contractual clauses will be applied.
We ensure that every disclosure of your Personal data to an authorized service provider is framed by a data processing agreement, reflecting the commitments laid out in this policy. We do not authorize our service providers to use or disclose your data, except to the extent necessary to deliver the Services on our behalf or to comply with legal obligations. 

We may also share your Personal data (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials or (iii) if we are of the opinion that transferring these data is necessary or appropriate to prevent any physical harm or financial loss or in respect of an investigation concerning a suspected or proven unlawful activity (iv) providing the service/contract, (v) fraud protection and credit risk reduction, (vi) to protect rights, property and safety or enforce our agreements, (vii) buy or sell business assets. 


Sodexo will keep Personal Data that is processed accurate and, where necessary, up to date. 

We will store your Personal data only for as long as necessary to fulfil the purposes for which it was collected and processed. This period may be extended, if applicable, for any amount of time prescribed by any legal or regulatory provisions that may apply.

To determine the retention period of your Personal data, we take into consideration several criteria such as:

Please find more information about the storage period of your Personal data in Annex 1 below. 


We implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful alteration or loss, or from unauthorized, use, disclosure or access, in accordance with our Group Information and Systems Security Policy. 

We take, when appropriate, all reasonable measures based on Privacy by design and Privacy by default principles to implement the necessary safeguards and protect the Processing of Personal Data. We also carry out, depending on the level of risk raised by the processing, a Privacy impact assessment (“PIA”) to adopt appropriate safeguards and ensure the protection of the Personal Data. We also provide additional security safeguards for data considered to be Sensitive Personal Data. 

Where We have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. 

Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once We have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Right of Access and Rectification

You can request access to your personal data. You may also request 
rectification of inaccurate personal data, or to have incomplete personal 
data completed. 
You can request any available information as to the source of the personal 
data and you may also request a copy of your personal data being
processed by Sodexo.


Right to be forgotten Your right to be forgotten entitles you to request the erasure of your personal 
i.    data in cases where:
the data is no longer necessary
ii.    you choose to withdraw your consent
iii.    you object to the processing of your personal data by automated 
means using technical specifications 
iv.    your personal data has been unlawfully processed
v.    there is a legal obligation to erase your personal data
vi.    erasure is required to ensure compliance with applicable laws
Right to restriction of processing  You may request that processing of your personal data be restricted 
i.    in the cases where:
you contest the accuracy of the personal data
ii.    Sodexo no longer needs the personal data, for the purposes of the 
iii.    you have objected to processing for legitimate reasons
Right to data portability You can request, where applicable, the portability of your personal data 
that you have provided to Sodexo, in a structured, commonly used, and 
machine-readable format and you have the right to transmit this data to 
a)    another Controller without hindrance from Sodexo where:
the processing of your personal data is based on consent or on a 
b)    contract: and
the processing is carried out by automated means.
You can also request that your personal data be transmitted to a 
third party of your choice (where technically feasible). 
Right to object to 
processing including direct marketing
You can object to us using your Personal Data for direct marketing.  
You can also contact us to object to how we are using your 
Personal Data for any other reason, but we may not have to stop 
using it for this purpose.
Right to withdraw consent If We process your personal data since your 
consent, you can withdraw your consent at any time.
Right not to be subject to 
automated decisions
You have the right not to be subject to a decision based solely 
on automated processing, including profiling, which has a legal 
affect upon you or significantly affects you. You have the right to object 
to processing including direct marketing which uses profiling.
Right to lodge a complaint Within the EU, You can choose to lodge a Complaint with the Data Protection 
Supervisory Authority in the country of your habitual 
residence, place of work or place of the alleged infringement, 
regardless of whether you have suffered damages. 
You have also the right to lodge your Complaint before the courts 
where the Sodexo entity has an establishment or 
where you have your habitual residence.  In ROI the Supervisory Authority is the Data 
Protection Commission ( DPC),

You can use this form to make a request. This electronic system allows you to log in and see the progress of your request, see and send messages and review your documents securely. This system is called One Trust and after making the request you will be sent details about how to log on. 

Alternatively, you can also send your request by email to, in writing to 310 Broadway, Salford, M50 2UE or by calling Sodexo People Services on 0845 603 3644 and asking for DSAR team. The team will liaise with you about how you to contact you about your request and receive information.  Please note that it is usually necessary to arrange a telephone appointment to discuss your request once it has been made. You can also contact the DPO at this address or by email to

If you wish to unsubscribe to marketing emails communications, you can also do so by using the unsubscribe function on the email.


Links to other websites should not be considered as navigation tracking and we decline any responsibility concerning the Personal data protection practices implemented by these third-party companies, each of which acts as a separate Controller of your Personal data on their own perimeter. Once you leave our Site or click on the logo/link to one of these social networks, it is your responsibility to check the privacy policy applicable to that other platform.

When you click on social media icons, we may have access to the Personal data that you have made public and accessible via your profiles on the social networks in question. If you do not want us to have access to your Personal data published in the public spaces of your profile or your social accounts, then you should use the procedures provided by the social networks in question to limit access to this information.


Any changes We may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Obtained from

Purpose of the Processing

Personal data


Legal basis of

the Processing

Retention of the

Personal data

Website and application management

For more information on the processing of your Personal data in the specific context of Cookies we invite you to consult our Cookie Policy.

Account creation and



Directly (from webforms/calls

/emails.) or from a provider/

previous provider of the


Send an initial communication via

email to invite you

to register and use

our Sites and


Identity data

Contact data

Financial data

Transaction data

Technical data

Profile data


In order to take

steps at the

request of the

data subject

prior to entering

into a contract






If you are one of our customers, these communications may be sent to you for the duration of our commercial relationship, then for three (3) years after the end of this relationship or of the last contact you initiated.


If you are not yet sure whether you want to benefit from our products and Services, and you are still in the prospecting phase, we can send you communications on our offers and products for a period of three (3) years from the last contact you initiated.

Register you as a user and create an account for you on our Site

Identity data

Contact data

Financial data

Transaction data

Technical data


Performance of a contract to which the data subject is party

Legitimate Interest

Legal Obligation

We will keep your Personal data in your customer account (s) until you delete your account or as necessary for legal accounting obligations or legal limitation period.

Customer and Client Relationship Management

Manage and monitor our relationships with existing and potential customers and clients. Carry out the service provided by us or a client of ours/previous provider- steps to enter contract or perform/fulfil the contract.

Contact data Identity data

Transaction data

Financial data

Technical data

Profile data

Marketing data

Usage data

Contract and legitimate interest

We will keep your Personal data for the duration of our commercial relationship, after which only the data necessary for pre-litigation or litigation purposes will be archived until the legal prescription is acquired.

The usual limitation period in civil and commercial matters is six (6) years. In the event of a dispute, this data is kept for the duration of the procedure and until the expiration of ordinary and extraordinary remedies.



  • Identity Data includes [first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender].
  • Contact Data includes billing address, delivery address, email address and telephone numbers. For clients and suppliers this includes contacts within your organisation and may include publicly available information such as Companies House.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us or enquired about and for suppliers, products and services we have purchased or enquired about from you. 
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website. 
  • Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.  
  • Usage Data includes information about how you use our website, products and services. 
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.


This means things like, carrying out our obligations arising from contracts we’ve entered into or a third party we are fulfilling a contract for, managing our relationship and notifying you about changes to our services or that we have taken over a service.


This is things like keeping records for tax purposes and complying with statutory requirements.


This means things like running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise, health and safety or security requirements such as managing CCTV. Where we manage CCTV on site a separate policy will set out details regards the CCTV used. It can also mean enabling you to take part in a prize draw, competition or complete a survey. Studying how customers use our products and services to develop our business. We may use profile data to establish what you want or may of interest to you and decide which offers or services may be relevant to you (we call this marketing). For example we may market an event to individuals who live near a venue based on the geographical data we hold about you.

Contact us > Open sharing and other actions