ONE TEAM

magic
delivering the

WELCOME TO
ARAMARK
AT MERLIN ENTERTAINMENTS
FORMS & ENCLOSURES
 MERLIN WELCOME PACK
FORMS & ENCLOSURES
INSTRUCTIONS FOR COMPLETION
To make things run smoothly when you join Aramark we have to collect
some information about all employees. This will help ensure we have
captured all of the key information we need to set you up on the system
correctly.

It is a little bit repetitive so why don’t you make yourself a hot drink,
sit down and read through all the information and fill in the forms.

Please complete these PDF forms online and then email to

[email protected] with your name. If you are having
any trouble completing the forms please let us know at the emailaddress
above and / or if you can’t organise printing we will
arrange for you to receive a printed version of these forms.

If you don’t understand something please don’t worry and we will

make time to take you through this.
 SECTION A
FORMS TO COMPLETE
In this section we have some documents for you to complete; the forms are
editable and are important for us to collect accurate information we need to store
in our HR system, file in your personnel file and importantly to be able to pay you
correctly.

Where indicated, please type in your name and then add a signature and date.

.
 Starter checklist
Tell your employer of your circumstances so
that you do not pay too much or too little tax

Do not send this form to HM Revenue and Customs (HMRC)

Instructions for employer

Use this starter checklist to gather information about your new employee if they do not have a P45. You can also
use this form if they have a student loan (whether or not they have a P45). Use the information to help fill in your first Full
Payment Submission (FPS) for this employee. If you have already submitted your first FPS, keep using the tax code in that
FPS until HMRC sends you a new tax code. If the employee gives you their P45 after the first FPS submission, use the tax
code shown in parts 2 and 3 of the P45. You must keep the information recorded on the starter checklist for the current
and next 3 tax years. This form is for your use only.

Instructions for employee

Fill in this form if you do not have a P45 (a document you get from your employer when you stop working for them).
You should also fill in this form if you have a student loan (whether or not you’ve a P45). Give the completed form to your
employer as soon as possible. They need this information to tell HMRC about you and help them to use the right tax code.
Make sure you answer the questions correctly. If you do not, you may pay the wrong amount of tax or student loan deductions.

Employee’s personal details

1 Last name 5 Home address

2 First names
Do not enter initials or shortened names for example,
Postcode
Jim for James or Liz for Elizabeth
Country

6 National Insurance number (if known)

3 What is your sex?

As shown on your birth certificate or gender recognition
certificate 7 Employment start date DD MM YYYY

Male Female

4 Date of birth DD MM YYYY

Continue on the next page

Starter checklist Page 1 HMRC 09/22

Employee statement
These questions will help you to choose the statement that matches your circumstances. The statement you choose helps
your employer to apply the correct tax code.

8 Do you have another job? 10 Since 6 April have you received payments from:
• another job which has ended
Yes Put an ‘X’ in the statement C box below or any of the following taxable benefits
• Jobseeker’s Allowance (JSA)
No Go to question 9 • Employment and Support Allowance (ESA)
• Incapacity Benefit
9 Do you receive payments from a State,
workplace or private pension? Yes Put an ‘X’ in the statement B box below

Yes Put an ‘X’ in the statement C box below No Put an ‘X’ in the statement A box below

No Go to question 10 For more information about tax codes, go to www.gov.uk/tax-codes

Statement A Statement B Statement C

Current personal allowance Current personal allowance Tax Code BR

on a Week 1/Month 1 basis

Key Key Key

This is my first job since 6 April and Since 6 April I have had another job I have another job and/or I am in receipt
since the 6 April I have not received but I do not have a P45. And/or since of a State, workplace or private pension.
payments from any of the following: the 6 April I have received payments
• Jobseeker’s Allowance from any of the following:
• Employment and Support Allowance • Jobseeker’s Allowance
• Incapacity Benefit • Employment and Support Allowance
• Incapacity Benefit

Key
Jobseeker’s Allowance (JSA) is an unemployment benefit which can be claimed while looking for work.
Employment and Support Allowance (ESA) is a benefit which can be claimed if you have a disability
or health condition that affects how much you can work.
Incapacity Benefit is help if you could not work because of an illness or disability before 31 January 2011.
State Pension is a pension paid when you reach State Pension age.
Workplace pension is a pension which was arranged by your employer and is being paid to you.
Private pension is a pension arranged by you and is being paid to you.
Please note that no other Government or HMRC paid benefits need to be considered when completing this form.

Continue on the next page

Page 2
Student loans
11 Do you have a student or postgraduate loan? Employees, for more information about the type of
loan you have or to check your balance, go to
Yes Go to question 12 www.gov.uk/sign-in-to-manage-your-student-loan-balance

Employers, for guidance on student loans and which plan or loan

No Go straight to the Declaration type to use if your employee has selected more than one,
go to www.gov.uk/guidance/special-rules-for-student-loans
12 Do any of the following statements apply:
• you’re still studying on a course that your
You have Plan 1 if any of the following apply:
student loan relates to
• you lived in Northern Ireland when you started
• you completed or left your course after the
your course
start of the current tax year, which started
• you lived in England or Wales and started your course
on 6 April
before 1 September 2012
• you’ve already repaid your loan in full
• you’re paying the Student Loans Company
by Direct Debit from your bank to manage You have Plan 2 if:
your end of loan repayments You lived in England or Wales and started your course
on or after 1 September 2012.
Yes Go straight to the Declaration
You have Plan 4 if:
No Go to question 13
You lived in Scotland and applied through the
Students Award Agency Scotland (SAAS) when you started
13 To avoid repaying more than you need to, tick the
your course.
correct student loan or loans that you have – use the
guidance on the right to help you. You have a postgraduate loan if any of the
following apply:
Please tick all that apply
• you lived in England and started your postgraduate
master’s course on or after 1 August 2016
Plan 1
• you lived in Wales and started your postgraduate
master’s course on or after 1 August 2017
Plan 2
• you lived in England or Wales and started your
postgraduate doctoral course on or after 1 August 2018
Plan 4

Postgraduate loan (England and Wales only)

Declaration
I confirm that the information I’ve given on this form is correct.

Full name Use capital letters Signature

Date DD MM YYYY

Give this form to your employer

Your employer will use the information to make sure you pay the right amount of tax.
Do not send this form to HMRC.

Employer guidance
For information on how to work out your new employee’s tax code, go to www.gov.uk/new-employee-tax-code
Use Statement A, B or C that your employee has chosen in the employee statement section and apply the tax code below:
• Statement A – use the current personal allowance
• Statement B – use the current personal allowance on a ‘week 1/month 1’ basis
• Statement C – use tax code BR
Page 3
 CRIMINAL RECORD CHECKS
Q1. Do you have any unspent Criminal Convictions: YES NO ●

If yes, please give details:

Exceptions to the Rehabilitation of Offenders Act 1974

Various kinds of employment, occupations and professionals are exempted from the Act. The Exceptions Order overrules the
employment rights an ex-offender would otherwise have in respect of spent convictions. Ex-offenders have to disclose information
about spent, as well as unspent convictions, provided the employer states clearly on the application form or at the interview that the job
applied for is exempted. Exempted occupations fall into the following categories:
• Work involving matters of national security, for example some civil service posts, defence contractors, etc.
• Work that brings the person into contact with vulnerable groups such as the infirm, elderly, mentally ill and young people
under the age of 18
• Professions that have legal protection, for example, nurses, doctors, dentists, chemists, accountants.
• Posts concerned with the administration of justice, for example police officers, lawyers, probation officers, traffic wardens.
• Health service appointments.

Aramark have 3 divisions where exemptions to the Act apply. They are Education, Defence and Judicial Services. If you have applied for
a role in any of these divisions please detail below all convictions, whether spent or unspent, which will be flagged on your request for
security clearance:

Name (Please Print).....................................................................................................................................................................................................................................................

Signed ...................................................................................................................................................................................................Date ...................................................................

 LIFE ASSURANCE
EXPRESSION OF WISH FORM
Aramark Limited provides free life cover for its employees to the age of 75. Should you die before the age of 75 whilst in the employ of
Aramark the Trustees can at their discretion make payment to a named beneficiary. Most employees nominate their spouse or immediate
family as beneficiary but you are free to name anyone you wish to receive the benefit in the event of your death. You can complete a
new Expression of Wish form at any time; remember that should your personal circumstances change you should review your nominated
beneficiaries and, if appropriate, complete a new form to ensure that it is always up to date. Although the trustees will take into account
your wishes when making a decision, ultimately payment of your lump sum death benefit will be chosen at the discretion of the Trustees.
The level of cover depends on whether you are in an Aramark Pension Plan or not. For non pension scheme members it is once times
your annual salary.
Please read the declaration carefully before completing and signing the form.

Name (please print)................................................................................................................................................................... ………………………………………………………………………………

I understand that under the Aramark Life Assurance Plan the beneficiary of the lump sum benefit arising from my membership of the Life
Assurance Plan is chosen at the discretion of the Trustees. I also understand however that the Trustees will take my wishes into account
in reaching a decision. In the event of my death I would like the Trustees to consider making payments of lump sum death benefits due
under the plan to the following people.
I understand that this is an expression of wish only and that it is not binding on the Trustees. I confirm that I have not yet reached my
75th birthday.
I understand that the cover is provided under the terms of the Policy and that the insurer may request that I complete a medical under-
writing form. I also understand that if for any reason the insurer refuses to provide cover or pay benefit for whatever reason that Aramark
shall not be liable to pay any benefit in lieu in the event of my death in service.

Name ................................................................................................... Name ...................................................................................................

Address ................................................................................................ Address ................................................................................................

.............................................................................................................. ..............................................................................................................

Relationship (if any) ........................................................................... Relationship (if any) ...........................................................................

Proportion (%) .................................................................................... Proportion (%) ....................................................................................

Name ................................................................................................... Name ...................................................................................................

Address ................................................................................................ Address ................................................................................................

.............................................................................................................. ..............................................................................................................

Relationship (if any) ........................................................................... Relationship (if any) ...........................................................................

Proportion (%) .................................................................................... Proportion (%) ....................................................................................

Name ................................................................................................... Name ...................................................................................................

Address ................................................................................................ Address ................................................................................................

.............................................................................................................. ..............................................................................................................

Relationship (if any) ........................................................................... Relationship (if any) ...........................................................................

Proportion (%) .................................................................................... Proportion (%) ....................................................................................

 LIFE ASSURANCE
EXPRESSION OF WISH FORM
Where I disclose to the Trustees in the form of personal data (including sensitive personal data) relating to other living individuals I confirm
that as agent on behalf of those individuals I have:
Secured their explicit consent to the processing of their personal data and give this on their behalf and informed them of the identity of
the Trustees as the data controller in relation to their data and the purpose for which their personal data will be processed.
I understand that this form cancels any previous submitted Expression of Wish Form.

Name (Please Print).....................................................................................................................................................................................................................................................

Signed ...................................................................................................................................................................................................Date ...................................................................

 WORKING TIME REGULATIONS 1998
OPT OUT AGREEMENT
By signing the Working Time Opt Out you confirm that you agree that you may be required to work more than an average of 48 hours
per week, averaged over the reference period within the meaning of the Working Time Regulations 1998 and confirm that you agree to
do so in the absence of duress or detriment in any form including, but not limited to, the threat of dismissal on the part of the Company.
You further state that you agree that the fact that you have agreed to work more than 48 hours per week shall not be interpreted so as
to mean that the Company shall be obliged to provide additional work for you.
I confirm my acceptance of the opt-out provisions of the Working Time Regulations 1998 referred to above.
I understand that I can revoke my agreement at any time by giving the Company not less than three months’ notice in writing.

Name (Please Print).....................................................................................................................................................................................................................................................

Signed ...................................................................................................................................................................................................Date ...................................................................

 MEDICAL HISTORY
INFORMATION
We do not collect medical information as part of our onboarding process, however if you have a medical condition that could impact
your ability to carry out your work; please advise below:-

Medical Condition .....................................................................................................................................................................................................

Name (Please Print).....................................................................................................................................................................................................................................................

Signed ...................................................................................................................................................................................................Date ...................................................................

 SECTION B
USEFUL INFORMATION
In this section we have some helpful information for you and things you definitely
need to know!

.
 Fortnightly Payroll

Pay Period Start Pay Period End Managers Run Draft Amendments Deadline Pay Day Tax Week No
Reports for Checking

Sat 16/03/2024 Fri 29/03/2024 Wed 03/04/2024 Thu 04/04/2024 Fri 12/04/2024 W02

Sat 30/03/2024 Fri 12/04/2024 Wed 17/04/2024 Thu 18/04/2024 Fri 26/04/2024 W04

Sat 13/04/2024 Fri 26/04/2024 Wed 01/05/2024 Thu 02/05/2024 Fri 10/05/2024 W06

Sat 27/04/2024 Fri 10/05/2024 Wed 15/05/2024 Thu 16/05/2024 Fri 24/05/2024 W08

Sat 11/05/2024 Fri 24/05/2024 Wed 29/05/2024 Thu 30/05/2024 Fri 07/06/2024 W10

Sat 25/05/2024 Fri 07/06/2024 Wed 12/06/2024 Thu 13/06/2024 Fri 21/06/2024 W12

Sat 08/06/2024 Fri 21/06/2024 Wed 26/06/2024 Thu 27/06/2024 Fri 05/07/2024 W14

Sat 22/06/2024 Fri 05/07/2024 Wed 10/07/2024 Thu 11/07/2024 Fri 19/07/2024 W16

Sat 06/07/2024 Fri 19/07/2024 Wed 24/07/2024 Thu 25/07/2024 Fri 02/08/2024 W18

Sat 20/07/2024 Fri 02/08/2024 Wed 07/08/2024 Thu 08/08/2024 Fri 16/08/2024 W20

Sat 03/08/2024 Fri 16/08/2024 Wed 21/08/2024 Thu 22/08/2024 Fri 30/08/2024 W22

Sat 17/08/2024 Fri 30/08/2024 Wed 04/09/2024 Thu 05/09/2024 Fri 13/09/2024 W24

Sat 31/08/2024 Fri 13/09/2024 Wed 18/09/2024 Thu 19/09/2024 Fri 27/09/2024 W26

Sat 14/09/2024 Fri 27/09/2024 Wed 02/10/2024 Thu 03/10/2024 Fri 11/10/2024 W28

Sat 28/09/2024 Fri 11/10/2024 Wed 16/10/2024 Thu 17/10/2024 Fri 25/10/2024 W30

Sat 12/10/2024 Fri 25/10/2024 Wed 30/10/2024 Thu 31/10/2024 Fri 08/11/2024 W32

Sat 26/10/2024 Fri 08/11/2024 Wed 13/11/2024 Thu 14/11/2024 Fri 22/11/2024 W34

Sat 09/11/2024 Fri 22/11/2024 Wed 27/11/2024 Thu 28/11/2024 Fri 06/12/2024 W36

Sat 23/11/2024 Fri 06/12/2024 Wed 11/12/2024 Thu 12/12/2024 Fri 20/12/2024 W38

Sat 07/12/2024 Fri 20/12/2024 Wed 25/12/2024 Thu 26/12/2024 Fri 03/01/2025 W40

Sat 21/12/2024 Fri 03/01/2025 Wed 08/01/2025 Thu 09/01/2025 Fri 17/01/2025 W42

Sat 04/01/2025 Fri 17/01/2025 Wed 22/01/2025 Thu 23/01/2025 Fri 31/01/2025 W44

Sat 18/01/2025 Fri 31/01/2025 Wed 05/02/2025 Thu 06/02/2025 Fri 14/02/2025 W46

Sat 01/02/2025 Fri 14/02/2025 Wed 19/02/2025 Thu 20/02/2025 Fri 28/02/2025 W48

Sat 15/02/2025 Fri 28/02/2025 Wed 05/03/2025 Thu 06/03/2025 Fri 14/03/2025 W50

Sat 01/03/2025 Fri 14/03/2025 Wed 19/03/2025 Thu 20/03/2025 Fri 28/03/2025 W52
 SAP – known as myWorkLife
myworklife.aramark.com
I’m a front-line worker, paid weekly or fortnightly and I don’t have an Aramark email address and I want to log in for the
FIRST time …
• Username – Your Employee number (e.g. 3456789)

• Temporary Password – First 2 characters of Surname with first letter in CAPITALS – New Employee number – Birth Year
(For example - Jb34567892001)
This is just a web address – no app needed so
Scan here to get straight to the log in page it works on all your personal devices that can
access the internet
Important… After logging in the first time, you will be asked to set your own password and then select and answer 5 security
questions should you need to verify your identity in future.

From this point onwards you will log in with your new password and still using your employee number as the Username.

Do not try and use your original password after re-setting it.
 Step 1 – Use your employee
number and temporary
Step 2 – Follow the
password format to log in
for the first time. instructions to create a
new password of your
choice and click Submit

Step 3 – Read the welcome message

and click continue
Step 4 – Select your security questions
and answer each one – then click Submit
Step 5 – You are done – click the link
to log in and remember to use your
new password next time you log in!
 iTrent Payroll If you need help with log in
please Contact HR on:
[email protected]
Access to view payslips from any PC or mobile device

https://aramali.webitrent.com/aramali_ess/

Username – SURNAME-FIRST NAME (note the dash and all Capitals – (eg JOE-BLOGGS)
Password – DATE OF BIRTH (note the capital on the first letter of the month – (eg 22January1991)
• Once into the system you can re-set your password yourself
• You can view and download all your pay slips

This is just a web address – no app needed so it

Scan here to get straight to the log in page
works on all your personal devices that can access
the internet
WORKJAM & KRONOS
 WORKJAM & KRONOS

KRONOS - ensuring you're paid correctly for all your hours worked, every time!

All Aramark employees are required to record KRONOS - How to Punch In (at the start of your shift)
the hours they work on our time and attendance system, and Punch Out (at the end of your shift)
KRONOS, to ensure accurate payment.

You will find 'KRONOS clocks' situated within our Staff

Room and across other locations.

It is your responsibility to record your arrival and departure

times at a clock - ie 'Punch at a Clock' in order to ensure
you are paid .
• You will require your Employee Number/ID (as shared
in this email) to complete this.
• You MUST bring your Employee Number/ID with you
to all your shifts and/or save to your phone, to allow
you to 'Punch at a Clock' and receive payment for the
hours you work.
Launch email 3B - v2 ×

HTML Version
 SECTION C
POLICY INFORMATION
In this section we have some company policy documents. It is important you read and
understand these. If there is anything you do not understand please ask your manager in the
first instance.

Where indicated, please type in your name and then add a signature and date.

.
27. Personal Appearance Policy
27.1. Uniform
Uniforms must be clean, pressed and smart at all times.
The items of uniform you receive will be your responsibility although they remain the property of
Aramark. Failure to return items of uniform may result in all or part of your final pay being withheld.
Above all, your clothes must reflect our high standards and be appropriate to our client’s and Aramark
working environment.
Kitchen uniforms (whites) must not be worn whilst travelling to and from work.

27.2. Security / Identity Badges

Where appropriate, security and/or identity badges will be issued and must be worn whilst on duty. In
the event of staff members losing their badges, a new badge will be issued at a charge of £10, this will
be automatically deducted through payroll in the following payroll run, signing below signifies your
acceptance of this policy.

27.3. Safety Shoes

If you are issued with safety shoes these must be worn at all times whilst at work.
You should choose shoes of a dark colour with a flat or low heel of no more than 1 inch, and fully closed
in with a non-slip sole. Canvas or fabric shoes, sandals and trainers are not allowed as they will offer
you no protection in the event of an accident.
Shoes must be polished and free from debris, dirt and scuffs. If you are on your feet for long periods of
time it is a good idea to wear firm, supporting shoes. Aramark can arrange for you to purchase
appropriate shoes at a discount through our suppliers. If you are unsure about what is acceptable please
speak to your Manager.
Any member of staff who has been issued with safety shoes and leaves during their probationary period
will have a fee of £35 deducted from their final wage to pay for their shoes, signing below signifies your
acceptance of this policy.

27.4. Socks, Stockings and Tights

Plain dark socks should be worn with trousers. Plain stockings or tights should be worn with a dress or
skirt. The colour of the stockings or tights must be appropriate to the colour of the uniform e.g. flesh
coloured for a light uniform or flesh coloured or black with a black or navy uniform.

27.5. Hands and Hair

Fingernails must be short, neatly trimmed and without nail varnish. Any cuts and abrasions must be
covered with a coloured waterproof dressing.
Nothing puts customers off their food as much as finding a hair in it. Hair must therefore be neat, clean,
tidy and off the face. Moustaches and beards must also be neat, clean and well-groomed. Headgear
must always be worn on duty or in the food preparation or service area. Hair any longer than collar
length must be tied back, with no loose strands hanging.

27.6. Jewellery
Jewellery is generally not allowed in a food environment because of hygiene, health and safety risks.
The only visible jewellery we permit is:
A solid wedding band.
Maximum of one pair of plain, fine sleeper earrings (maximum 10mm diameter).
You may wear a wristwatch only if you have no other means of telling the time where you work, but it
must not be worn whilst preparing food.
Any body piercing, which is not covered by uniform, must be well secured and covered with a waterproof
plaster.

27.7. Perfumes, Aftershaves and Make - Up

Light, minimal make-up is permitted. No perfume or aftershave is allowed to be worn in the kitchen.

27.8. Personal Hygiene

Everyone must be aware that personal hygiene is vital when serving customers or working closely with
others. Our work involves a large amount of physical activity so the chances of body odour or bad breath
are greater. Take care to shower or bathe regularly, use deodorants and brush teeth frequently. You
should also be aware that smoking and foods such as garlic linger on the breath.

27.9. Protective Clothing and Equipment

For certain jobs you will be required to use protective clothing and equipment. This will be very carefully
explained to you and it is for your own safety that you use it.
Any defects in these protective items must be reported to your Manager immediately.
Should you report for work not conforming to either the uniform or appearance statements you may be
sent home to rectify the situation (without pay). Continuous breaches may result in disciplinary action
that may ultimately result in your dismissal from the Company.

Signed by:

Name in full:

Date:
 FOOD SAFETY MONITORING
STANDARDS FORM
(EXCLUDES OFFSHORE)
PLEASE READ THE FOLLOWING STANDARD AND SIGN BELOW
Aramark’s safety targets are dependent on leaders and managers creating a culture that fosters inclusion, inspires awareness, and
reinforces appropriate behaviours through daily routines. Our safety procedures when effectively implemented move us closer towards
Target Zero and our goal of zero harm to people or the environment.
In order to ensure consistency in how we manage those occasions of non-compliance these guidelines have been created to provide
some clarification and ensure the standards required are clear. These should be issued as part of Management and Head chef Induction.
Managers and DOOs are required to carry out internal checks and reviews and explained in the policy 7.13 Safety Monitoring and Audit
Procedures.

Monthly Safety Checks (Internal) FLM

The main purpose of the safety monitoring checks is to ensure a safe operation and environment. By identifying issues, improvements
can be made and ultimately the safety of colleagues and others affected by the work activity will be protected. They form part of the
Company’s due diligence processes and may be used in legal defence. FLMs and DOOs failing to complete appropriately their regular
checks may be subject to disciplinary action.

Health and Safety Audits (Internal) Ad hoc - Britannia Safety Solutions

In certain circumstances our safety support provider Britannia will conduct an impartial audit. They will assign a rating, based upon their
findings, equivalent to the rating an EHO officer would issue. It is our aspiration that all sites will achieve a 5 star rating; it is our
expectation that all sites should achieve at least a 4 star rating. It is the Company position that if a unit achieves 3 stars or below this
indicates non-compliance toour standard Company procedures. In the case of a mobilisation audit conducted by Britannia this will not
result in disciplinary action where the report is to be used as a benchmark for improvement.

Enforcement Visits (external) Ad hoc - EHO

On average the local authorities conduct 150 enforcement visits per year to Aramark units. Where previous issues or poor ratings have
been identified a site should expect a more frequent review. These visits test food safety and legal compliance. If units are following our
standard procedures should result in a 5 star rating. EHO have the power to issue improvement and even closure notices. This clearly
damages Aramark’s reputation with our customers and clients and is to be avoided.
In the event of a dispute regarding the rating (including where the main issue relates to premises or equipment outside of our direct
control) the Safety Director will adjudicate as to whether a disciplinary investigation is required.

Hygiene Ratings England & Wales (as used by Britannia and EHO)
Below are the EHO ratings in England, Wales and Scotland. The tables show the ratings, rating description and potential Company
disciplinary action associated with each rating. These ratings are also used by Britannia.

Rating Description Potential Disciplinary Level

5 V good N/A

4 Good N/A

3 Satisfactory Cause for Concern

2 Major Improvement Required Summary Dismissal

1 Urgent Improvement Required Summary Dismissal

 FOOD SAFETY MONITORING
STANDARDS FORM
(EXCLUDES OFFSHORE)
A star rating of 3 or below is reported to the Executive team by the Safety Director.
Eg: In England and Wales, a star rating of 3 will be investigated and may lead to a cause for concern letter being issued. Any rating lower
i.e. 2 or 1 will be viewed as gross misconduct and may lead to a disciplinary hearing and potential summary dismissal.

Hygiene Ratings Scotland (as used by ESG and EHO)*

Rating

Pass

Unsatisfactory

In Scotland hygiene ratings are issued as “pass” or “unsatisfactory”. In order to ensure consistency the Safety Director will assign a rating
based on the “English and Welsh system” which will then have the same approach in terms of disciplinary procedure and potential
disciplinary level.
It is equally important that Managers and teams are recognised for their consistent Food Safety standards and DOOs should consider
recognition through the UK Reward & Recognition programme for sites achieving a 5 star rating.
More information regarding the ratings scheme is available via the link below:-
http://www.food.gov.uk/multimedia/hygiene-rating-schemes/ratings-find-out-more-en/

Application of Disciplinary Procedure

In the event of a disciplinary investigation being required due to Food Safety non-compliance an appropriate Manager will be assigned to
review the matter. Where this is as a result of a Britannia or EHO audit resulting in a score of 2 or 1 this will be conducted by an
independent DOO outside or the normal reporting line for the unit and the case will be monitored by the HR Lead. As is the case in
all disciplinarymatters mitigation will be considered in determining the level of disciplinary action appropriate including consideration of:
• Client premises/ maintenance issues if there are clear records how the matter has been escalated.
• Training and instruction received
• Where items are in dispute between EHO and Director, Food Safety.
A summary of the procedure to be followed and potential penalties is highlighted in Appendix 1 below.

I have read and acknowledged the document Food Safety Monitoring Standards

Name (Please Print).....................................................................................................................................................................................................................................................

Job Title ..............................................................................................................................................................................................................................................................................

Unit .......................................................................................................................................................................................................................................................................................

Signed ...................................................................................................................................................................................................Date ...................................................................

 APPENDIX 1
APPLICATION OF DISCIPLINARY PROCEDURE TO FOOD
SAFETY FORM
Operational Review External Audit Client Audit
Review Type
(Monthly/ Quarterly) (Ad hoc) (Ad Hoc)

Trigger DOO Identifies ESG/ EHO audit ESG/ EHO audit ESG/ EHO audit DOO reports poor
non-compliance issues identifies a Food identifies a Food identifies a Food client audit
in annual Operational hygiene rating of hygiene rating of hygiene rating of
Review or during 4 or 5 level 3 level 2, 1 or 0 and /
routine visit or an improvement
notice is issued

Escalation DOO to refer to None DOO to refer to FSD Matter referred by Refer to FSD any
FSD any individual any non-compliance ESG/ EHO to FSD, major compliance
major compliance areas of concern Aramark Exec and cc issues
issues HR Lead

Action DOO to agree DOO to agree action FSD to make HR Lead to liaise FSD to confirm if
additional training plan with FLM to recommendations with MD to identify ESG audit required
and Action Plan for achieve / maintain alternative DOO to
improvement with 5* rating DOO to agree conduct investigation DOO to agree
FLM additional training additional training
and Action Plan for Investigating DOO to and Action Plan for
Discuss with HR Lead improvement with determine responsible improvement with
if Cause for Concern FLM persons subject to FLM
contemplated disciplinary hearing

Potential • GROW Coaching For 5* ratings DOO • Cause for Concern • Gross Misconduct – • GROW Coaching
Outcomes to consider an Encore Dismissal
• Training Plan
• Cause for Concern • Cause for Concern
• Gross Misconduct –
Encore recognition • Client discussion
FWW
spot award
• No case to answer
(Training Plan)
• No case to answer
(Client discussion)

Notes Formal disciplinary Good Food Hygiene Where premises / HR Lead to review Client audits are often
action will only be practice should maintenance issues are final decision before based around KPI’s and
warranted where there be recognised identified which are outcome issued to bespoke requirements.
has been a systematic appropriately under client control employee As such an ESG audit
failure to implement both the FLM and will be instructed by
procedures and DOO are required FSD if necessary to
complete due diligence to document their ensure consistency
actions to address
Action may be
deferred until ESG
audit is completed
 DATA PROTECTION POLICY
Why have an Aramark Data Protection Policy?
The collection and use of personal data by businesses in the UK must comply with the laws contained in the Data Protection Act 2018
(“DPA”). Aramark is committed to ensuring that personal data is processed in accordance with the eight data protection principles in
the DPA.
Compliance with the DPA is the responsibility of all of Aramark’s staff. Summarised below is Aramark’s rules on data protection and the
legal requirements in relation to the obtaining, handling, processing, use, storage, adapting, transferring, transportation and destruction
(“processing”) of personal data all as set out in the Aramark Data Protection Policy (“the Policy”). Aramark may conduct spot checks
to monitor and check compliance.
Please read this document and the Policy (available on the Intranet) thoroughly and adhere to the rules outlined. If you have a question
on data protection that you feel is not covered by this summary, please contact your Line manager. Do not proceed until you have a
definite answer to your query, we guarantee a prompt response. Aramark’s Data Protection Officer is the Northern Europe UK Legal
Director.
The very heart of our business is the faith our clients have in Aramark. We as a company, and you and I as individuals, must never do
anything to compromise that trust by breaching the DPA.

H e l e n M i l l i g a n -S m i t h President UK

What is personal data?

Personal data is information about a living individual who can be identified from that data or in conjunction with it and other information
in Aramark’s possession. Personal data can be stored both electronically and manually and may be factual or opinion.
Particular care must be taken to protect Sensitive Personal Data. Sensitive personal data includes information about race, ethnic origin,
religion, mental health, sexual life or offences committed or allegedly committed by that person. Sensitive personal data must be stored
securely and can only be processed with the express consent of the individual to which it concerns (the Data Subject). Employees
processing personal data must comply with the eight principles set out in the DPA, and in particular:

Fair and lawful processing for specified purposes Aramark must ensure the fair processing of personal data. Personal data should be
processed in line with the Data Subject’s consent and only or the purpose made
known by Aramark. Personal data must not be collected for one purpose and used
for another.

Dealing with subject access requests A Data Subject (including an employee of Aramark) has a right to make a written
request regarding personal data relating to him held by Aramark (a Subject Access
Request).
If you receive (or suspect that you have received) a Subject Access Request you
must forward it to your Line manager immediately.

Personal data must be ac-curate and kept up to date All records containing personal data must be periodically reviewed and a list of all
such records maintained. The purpose of the reviews is to ensure that all records
containing personal data are accurate, not excessive, up to date and adequate for the
purposes for which the data was collected. All files should as a minimum, be reviewed
on an annual basis but also on a continuing basis.

Retention of personal data Personal data should not be retained for longer than necessary for the purposes for
which it was collected and should then be securely destroyed or erased from our
systems. The destruction and disposal of data should be carried out in accordance
with the procedures on Handling and Storing Personal Data and Data Security, a
copy of which can be obtained on the Intranet.
Please refer to the Policy on the Intranet for guidelines on the retention periods
that apply to employee records. If you are unsure about the retention period for a
specific item, please ask your Line Manager.
 DATA PROTECTION POLICY
Data Security Aramark must ensure that appropriate security measures are in place to protect per-
sonal data against unlawful or unauthorised processing and against accidental loss or
damage. In addition to the Aramark Security Policy (available on the Intranet), the
following security procedures should be followed by all Aramark employees:

1. Manual records should be kept secure by the use of locked cabinets and be subject
to restricted access;
2. So far as is reasonable, computer files should be password protected;
3. Personal data must not be stored on portable memory sticks;
4. Always lock your PC while it is unattended;
5. Personal data should be kept in the office and should only be taken off site if
strictly necessary, in which case, it should be stored on an encrypted Aramark
laptop (if in digital form);
6. Encrypted emails are to be used to send emails containing personal data outside
the Aramark UK organisation;
7. Laptops and their hard disks, used by Aramark employees, (whether or not they
are used to store personal data) must be password protected, encrypted and
treated in accordance with the Policy and Security Policy; and
If you take personal data off site be vigilant. Do not leave it unattended.

Disclosure: If you become aware of a breach or potential breach of the Policy, you must report
it to your Line manager immediately.

A copy of the full Aramark Data Protection Policy is available on the Aramark Intranet, from your Line manager and on your Aramark
notice board. Aramark reserve the right to amend the Policy from time to time and will continue to review the effectiveness of this policy
to ensure it is achieving its objectives.
I acknowledge receipt of the above information on the Aramark Data Protection Policy. I have understood the information and will
comply with it. I understand that any violation of the Data Protection Policy could lead to my dismissal and potential criminal prosecution.

Name (Please Print).....................................................................................................................................................................................................................................................

Signed ...................................................................................................................................................................................................Date ...................................................................

 ARAMARK WORKFORCE PRIVACY NOTICE - EUROPE
Amendment Date: April 27 2021

This notice (Notice) sets out how Aramark collect, use, store and share personal data about our staff,
including our current and former employees, temporary staff, consultants, contingent workers and
interns based in the European Union (staff or you or your).

For the purposes of this Notice, Aramark refers collectively to (a) the Aramark group company that
employs or engages you, (b) Aramark Services, Inc., and (c) Aramark (Aramark or we or our). These
companies are controllers of your personal data for purposes of data protection law.

1 Information we collect about you

1.1 For purposes of this Notice, personal data means any information about an identifiable individual.
Personal data excludes anonymous or de-identified data that is not associated with a particular
individual. We will collect and use some or all of the following personal data before, during and
after your employment (or similar engagement):

(a) Biographical information, such as name, gender, date and place of birth, details of family
members, previous job history, references, professional qualifications and education
details;

(b) General employment information, such as department, work location, job title and
seniority and information about absences from work;

(c) Contact information, such as home address, telephone number and personal email
address;

(d) Identification information, including social security / national insurance numbers, driving
licence details and passport information, photographs for identification;

(e) Dependents’ data, such as the name and contact details of your dependents,
beneficiaries, family members and next of kin and their relationship with you;

(f) Performance information, such as management metrics, performance evaluations and

feedback;

(g) Development and learning information, including information on assigned and

completed training courses, self-reported information on career aspirations and geographic
mobility, manager assessments, and development goals;

(h) Communications and internet information, such as details of your use of and
communications sent through Aramark systems;

(i) Payroll information, including salary details, benefits information, and bank account
information;

(j) Expenses and travel information, such as details of travel that you undertake, or
expenses you incur, in connection with your employment or engagement;

(k) Other information provided by you, including internal survey responses; and

(l) Sensitive Personal Data as described in Section 4.

2 Sources of personal data

2.1 We may obtain personal data from you or from third parties such as your previous employers and
other referees, recruiters, our business partners, credit reference and anti-fraud agencies and

1
 providers of screening lists and public registers. In addition, you may provide us with information
relating to third parties, such as your dependents and beneficiaries. Where this is the case, it is
your responsibility to inform such third parties that you are sharing their personal data with
Aramark and refer them to this Notice as appropriate.

3 How we use personal data

3.1 The purposes for which we use your personal data and information we are required to give you
about the legal basis of such use are as follows:

(a) Recruiting, such as determining eligibility for work, checking references and performing
background checks (Legal basis: processing of employees' personal data in the
employment context; preparation for and performance of the employment contract;
exercising our rights and performing our obligations as an employer; our legitimate interest
in effective staff recruitment)

(b) Conducting checks, such as background checks, credit checks, anti-fraud checks, checks
to prevent fraud and money laundering and drug tests, to the extent allowed under
applicable employment laws. (Legal basis: processing of employees' personal data in the
employment context; preparation for and performance of the employment contract;
exercising our rights and performing our obligations as an employer; our legitimate interest
in effective staff recruitment)

(c) General HR administration, such as staff communications, on-boarding and off-boarding,

succession planning, and providing information and references to potential or actual future
employers (Legal basis: processing of employees' personal data in the employment
context; performance of the employment contract with you; exercising our rights and
performing our obligations as an employer).

(d) Administering salary, expenses and staff benefits, including administering

remuneration, insurance, payroll, pensions and other employee benefits and tax and in
order to administer corporate expenses and reimbursements (including viewing details of
transactions made using corporate credit cards and corporate travel undertaken) (Legal
basis: processing of employees' personal data in the employment context; performance of
the employment contract; Exercising our rights and performing our obligations as an
employer).

(e) Managing absences and occupational health requirements, including to keep a record
of absences and to contact dependents or other family members in the event of an
emergency (Legal basis: processing of employees' personal data in the employment
context; performance of the employment contract with you; exercising our rights and
performing our obligations as an employer, especially as required under social security and
social protection laws).

(f) Managing career development, performance and performance recognition, such as

for promotions and performance evaluations, providing training and providing performance
recognition awards (Legal basis: processing of employees' personal data in the
employment context; performance of the employment contract with you; exercising our
rights and performing our obligations as an employer; our legitimate interest in effective
performance management).

(g) Monitoring, such as monitoring for compliance with Aramark policies provided to you and
limited monitoring IT systems and (communications transmitted through them) solely to the
extent permitted by applicable law (Legal basis: Exercising our rights and performing our
obligations as an employer; our legitimate interests in assessment of compliance with
employee policies and in in defending, prosecuting or making legal claims; processing of
employees' personal data in the employment context).

(h) Equal opportunities monitoring, as part of our equal opportunities assessment

processes and in order to comply with our legal obligations, where allowed under applicable

2
 laws (Legal basis: Exercising our rights and performing our obligations as an employer;
our legitimate interest in promoting the diversity of our workforce).

(i) IT security purposes, such as providing IT support, IT security monitoring and incident
response and user authentication (Legal basis: processing of employees' personal data
in the employment context; performance of the employment contract with you, exercising
our rights and performing our obligations as an employer; our legitimate interest in keeping
our IT systems secure).

(j) Storing staff communications, records and work product, including as required in
order to operate the Aramark business. These communications and records may contain
personal information both related to work and private matters (Legal basis: processing of
employees' personal data in the employment context; performance of the employment
contract with you, exercising our rights and performing our obligations as an employer; our
legitimate interest in operating our business).

(k) Complying with our legal obligations or where necessary for exercising, establishing
or defending legal claims, including the disclosure of your personal data to third parties
in connection with proceedings or investigations anywhere in the world, such as public
authorities, law enforcement agencies, regulators and third party litigants (Legal basis:
compliance with a legal obligation to which the Aramark is subject our legitimate interest in
defending, prosecuting or making legal claims).

(l) Conducting business activities, including the provision of information to clients for
financial transparency or auditing purposes (Legal basis: our legitimate interest or the
legitimate interest of a third party in obtaining this information).

(m) When changing our business structure, such as in the event of a business sale or
corporate restructuring, where we may disclose your personal data to any potential acquirer
of, or investor in, any part of the Aramark business (and to their legal advisors and
consultants) for the purpose of that acquisition or investment (Legal basis: our legitimate
interest in defending, prosecuting or making legal claims).

3.2 If you do not provide us with personal data which we need to perform our contract with you or
perform our obligations as an employer, we may not be able to perform our obligations under our
contract with you (such as to pay you) or to fulfil our obligations as an employer (such as, where
required, to provide an occupational pension scheme).

4 Sensitive personal data

4.1 In limited circumstances permitted by or required under applicable law, we may collect, process
and disclose personal data relating to your race or ethnic origin, physical or mental health or
condition, trade union membership, commission or alleged commission of criminal offences and
any related legal actions (Sensitive Personal Data). For example, we may collect, use and
share:

(a) information concerning your physical or mental health for the purpose of providing disability
access and arranging employee medical benefits and continued payment, and for social
security and protection purposes;

(b) information relating to criminal convictions and offences for the purposes of assessing your
suitability for your role, where appropriate for the position and allowed under applicable
laws; and

(c) information relating to your racial or ethnic origin or information relating to any disabilities
that you may have for the purposes of conducting equal opportunity monitoring, where
allowed under applicable laws.

4.2 Where we use Sensitive Personal Data, generally we do so to perform our legal duties and
exercise our rights as an employer, or because it is necessary to establish, defend or prosecute

3
 legal claims or to comply with social security laws. On occasion, we may do so on the basis that
we are protecting the vital interest of a member of our staff or a third party, or where the purpose
is in the substantial public interest.

4.3 In the limited circumstances where we need to collect your explicit consent to our use of Sensitive
Personal Data, we will seek your consent separately and specifically in relation to the purposes
for which it is required. You are free to withdraw your consent at any time by contacting the
Human Resources Representative for the business in which you work. However, where you do
so we may not be able to provide a service or benefit to you that requires the use of such data.

5 How we share personal data

In connection with the purposes listed above in sections 3 and 4 and consistent with this Notice:

(a) The Aramark group company that employs or engages you shares your personal data with
Aramark Services, Inc. and Aramark where required for Aramark’s internal administrative
purposes. Aramark Services, Inc. and Aramark may grant other group entities access to
such data where required for the purposes consistent with this Notice.

(b) We may share your personal data with our clients in the course of the provision of our
services to them for financial transparency, background screening or auditing purposes.
We will provide this personal data where possible in pseudonymised form.

(c) We may share your personal data with third parties who assist us with human resources-
related services, such as payroll providers, healthcare providers, insurers, pension
administrators, IT storage and service providers, accountants and legal advisors, and other
third party vendors that need your personal data to provide their services. In these cases
we will enter into agreements with these providers, as required, that obligate the providers
to protect your personal data and process your personal data on our instruction only.

(d) We may share your personal data with other third parties where disclosure is permitted or
required by law to comply with legal obligations, protect our rights and property, or protect
the safety of our staff or any third party.

(e) In addition we may share your personal data in the event that we sell some or all of our
business or assets, in which case we may disclose your personal data to the prospective
buyers of such business or assets and their third party advisors.

6 Sending your personal data outside of the UK/EEA

We may transfer your personal information to countries other than the country in which the data
was originally collected, be that in the UK or Ireland, for the purposes described in this Notice.
Your personal data may be transferred among Aramark’s group companies or to third parties
based in countries outside the UK or Ireland for the purposes consistent with this Notice. Where
we transfer personal data to a country that has not been approved as providing equivalent
protections to the UK or Ireland’s data protection laws, we will comply with our legal obligations
to transfer it subject to the safeguards that allow lawful transfer of personal data to a third country
in accordance with applicable data protection law in the country of collection.

We would like to draw your attention to the transfer of certain of your personal data to the US
cloud-based platform of SuccessFactors, Inc., our human resources services partner for the
MyWorklife platform (“SAP” and the “SAP Transfer”). For further information on the SAP Transfer
please refer to the Appendix.

Please contact us at the contact details in Section 9 below for details about the safeguards we
apply in relation to the transfer of your personal data.

4
7 Storage of personal data
We will retain your personal data for as long as is necessary for the purposes for which they were
collected and any other permitted purposes (such as to comply with regulatory requirements to
retain such data). Our retention periods are based on business needs and relevant laws. Please
note that these periods may be extended where reasonably necessary (for example where we
are required to do so by law or by a regulator). We will either irreversibly anonymise or securely
destroy personal data that we no longer need. We reserve the right to use anonymous and de-
identified data for any legitimate business purpose without further notice to you or your consent.

8 Your rights
It is important that the personal data we hold about you is accurate and current. Please keep us
informed if your personal data changes during your employment or engagement. Subject to
certain conditions and limitations, you may have the legal right to request access to, correct, and
erase the personal data that we hold about you, or object to or restrict the processing of your
personal data under certain circumstances. You may also have the right to request that we
transfer your personal data to another party. You can submit these requests by contacting us as
described in Section 9 below. We may request specific information from you to help us confirm
your identity and process your request. Applicable law may require or permit us to decline your
request. If we decline your request, we will inform you of the reasons why, subject to any legal
or regulatory restrictions. If you would like to submit a complaint about our use of your personal
data, you may contact us as described in Section 9 below or submit a complaint to the data
protection regulator in your jurisdiction. More information on your rights as a data subject is
available in our Data Subject Request Handling policy.

9 Your contact for any queries

If you have any queries or concerns regarding personal data, or if you wish to exercise any of
your rights set out in Section 8 above, please email your HR Business Representative in Northern
Europe or submit your request to [email protected].

10 Changes to this Notice

This Notice was last updated on the effective date listed at the top of this Notice. We will notify
you of any material changes to this Notice by posting information about the change on the Intranet
or by other reasonable means, prior to the change taking effect.

I confirm that I have read this workplace privacy notice and acknowledge and agree to its
terms.

Signature:

Date:

5
 Appendix

SAP Transfer

Q: What is SAP and where are they based:

A: SAP is a US corporation with a business address of 1 Tower Place, Suite 1100, South San
Francisco, CA 94080, USA.

Q. What services is Aramark acquiring from SAP?

A: SAP SuccessFactors which is a US-based cloud based human resources solution. Aramark will use
the following SAP SuccessFactors modules to manage the employee lifecycle on the MyWorklife
platform: Recruiting, Onboarding, Employee Central, Performance and Goals, Compensation,
Succession and Development, Learning, and Reporting and Analytics.

Q: What personal data is transferred from Aramark to SAP:

A: Please refer to Section 1 for details of the personal data which is the subject of the SAP Transfer.
As part of the SAP services solution, certain of your personal data will first be transferred to Aramark
Business Center LLC, a US-based Aramark affiliate, and from there to SAP’s US based servers.

Q: What measures have been put in place to ensure that the SAP Transfer is effected in line
with the GDPR?

A: Aramark and SAP have signed up to the Standard Contractual Clauses (Controller to Processor)
(“SCC’s”) for the transfer of personal data to processors established in third countries which do not
ensure an adequate level of data protection and any amendments thereto which are necessary to
comply with EU laws on data protection. We are also following the guidance of the European Data
Protection Board on the measures to be taken when exporting personal data outside of the EEA.

Q: Will the data be encrypted?

A: Yes. As at the date of publication of this notice, SAP SuccessFactors employs the following
encryption mechanisms:

• TLS 1.2

• AES 256-bit

• Pretty Good Privacy or “PGP” Encryption

6
 SUBJECT
Global Acceptable Use Policy

DATE ISSUED/REVISION DATE

December 2020

Purpose of the Policy

The purpose of the Global Acceptable Use Policy (“Policy”) is to set forth Users’ responsibility for the
appropriate use of Information Systems and for the security and protection of Aramark’s Information
Assets and Aramark Data. This Policy applies, regardless of location, unless otherwise set forth in a
country-specific Appendix to this Policy. Such Appendices contain, where applicable, the specific
rules by country or jurisdiction. In the event of a conflict between a country-specific Appendix to this
Policy and this Policy, the country-specific Appendix shall control.

Unless a term is specifically defined in this Policy, capitalized terms shall have the meaning set forth
in the Glossary for Information Technology.

Scope
This Policy applies to all employees, agents, contractors, consultants, business partners, and other
workers at Aramark, including all personnel affiliated with Contracted Suppliers (collectively, “Users”)
who have access to Information Systems; interact with Aramark Information Assets; or access, use,
store, retrieve, transmit, or otherwise Process Aramark Data.

Roles and Responsibilities

All Users
 Use Information Systems in accordance with this Policy.
Promptly escalate Information Security concerns or incidents to the Aramark Security Operations
Center ([email protected]), IT Service Desk, Aramark Employee Hotline, or the User’s
Manager.
i) The Aramark Employee Hotline is managed by an independent service company,
allowing users to make anonymous reports if preferred. In the United States and
Canada, call 1-877-224-0411 or visit www.aramarkhotline.com.
ii) To contact the Aramark Employee Hotline from outside the United States and Canada,
visit www.aramarkinternationalhotline.com to obtain the local toll-free access number.

Chief Information Security Officer

The Chief Information Security Officer (CISO) is accountable, through the Chief Information Officer,
to the Chief Executive Officer for:
 Establishing and maintaining this Policy to reflect information security risk management best
practices.
 Risk assessing, approving, and maintaining a list of exceptions to this Policy.

Policy Statements
1.1 General Use and Ownership
 Users will comply with all applicable laws and regulations.
 Users will use Information Systems — e.g., any systems used to generate, receive and store
voice, email and video — in a manner that is consistent with Aramark’s Business Conduct
Policy (BCP).

1 of 8
  Information stored on or passed through Aramark’s computer communications hardware is
not considered private and Users acknowledge they have no expectation of privacy in any
Aramark Data flowing through such systems, unless otherwise required by applicable laws,
include data privacy laws.
 Unless otherwise required by applicable law, Aramark Data is the sole property of Aramark.
 Aramark Data shall not be stored on any non-Aramark Information System unless expressly
permitted by Aramark’s corporate IT Department.
 All Information Systems used for Aramark business-related purposes, that Process Aramark
Data, or that connect to Aramark’s network must be purchased, installed, and configured by
the corporate IT Department, including third-party software and cloud applications.
 Users must promptly report the theft, loss, or unauthorized disclosure of or access to
Aramark Data, Aramark’s Information Systems or Aramark’s Information Assets (e.g.,
laptops and mobile devices).
 Users shall ensure that digitized forms of Aramark Data are stored in a location or on a
system that is appropriately backed up by the corporate IT Department.
 Users will take reasonable care to avoid introducing viruses or other malware onto devices
provided by Aramark (e.g., virus checking any software or data files prior to loading).
 Users will take reasonable care to ensure that permitted personal devices connected to
Aramark’s infrastructure are kept free of viruses and other malware, and Users shall not
circumvent measures designed to protect devices from loading unauthorized software.

1.2 IDs and passwords

 Users will not share their user ID and password, even with the IT Service / Help Desk.
 Users will create passwords that are easy to remember but hard to break, and in compliance
with Aramark’s password policies.
 Users will keep ID and password information where it is difficult for others to find.
 Users will not log on to any Aramark systems or applications using another User’s
credentials.
 User passwords should be unique to Aramark’s Information Systems and should not be the
same or similar to passwords for non-business purposes.

1.3 Managing and Protecting Information

 Users will comply with Aramark’s Global Records Management Policy.
 Users will not disclose Aramark Data to unauthorized third parties and will use reasonable
efforts to protect themselves from phishing and other attempts to obtain Aramark Data or
other personal information in a fraudulent manner.
 Users must not email unencrypted sensitive information, such as credit card numbers, social
security numbers, or patient health information unless using Aramark corporate IT-approved
encryption technology.
 Users shall take due care in protecting Aramark’s confidential and proprietary information,
such as customer, financial, business partner, vendor information or other trade or business
secrets, including by not leaving confidential information in public areas, such as copy
centers.

1.4 Personal Use

 Personal use of Aramark Information Systems is permitted as long as it is incidental and
does not involve any prohibited activity, interfere with productivity or unreasonably deplete
system resources or storage capacity.

2 of 8
  The ability to store personal data on Aramark Information Systems is a privilege, not a right,
and Aramark can require such data to be removed.

1.5 Unacceptable Use

 Users will not use Aramark’s Information Assets for personal gain.
 Users will not let unauthorized people have access to Aramark’s Information Assets.
 Users will not knowingly download, copy, distribute or accept copyrighted or confidential
materials (including software) without the authority of the owner.
 Users will not use any type of applications or devices, or modify device configuration, to
circumvent management or security controls.
 Users will not download any illegal software onto an Aramark Information Asset. Aramark
may remove such illegal software without notice.
 Users will not use personal devices which are approved for connection to Aramark networks
to access websites which Users know or reasonably should know are likely to contain
inappropriate material, or which are likely to expose such devices to viruses or malware.
 Users will not retransmit electronic material featuring offensive content.
 Users will not engage in mass transmission of unsolicited emails (SPAM).
 Users will not retransmit chain messages.
 Users will not spoof the identity of another user.
 Users will not open email attachments or click on embedded links if they have doubts
regarding the authenticity of e-mails received, in which case Users shall forward such
suspicious e-mails to the channels communicated by Aramark corporate for further analysis.
 Users will not use Aramark Information Assets to intentionally visit sites or news groups that
are obscene, indecent or advocate illegal activity.
 Users will not participate in online gambling.
 Users will not put Aramark Data onto online forums, blogs or social networking sites.
 Users will not store music, video or other media-related files for non-business purposes on
network drives.
 Users will not use hacking, network testing tools (sniffers) and eavesdropping software of
any kind on Aramark networks unless such activities are within the ordinary scope of their job
duties and are done with appropriate corporate approvals.
 Users will not engage in port scanning or security scanning without appropriate corporate
approvals.

1.6 User-generated Content and Social Media

 Users will comply with Aramark’s Social Networking Policy and Business Conduct Policy.

1.7 Clear Desk and Clear Screen Policy

In order to reduce the risk of unauthorized access or loss of Aramark Data, Aramark enforces a clear
desk and clear screen policy.
 Users will protect Aramark Data using security features provided by Aramark’s corporate IT
Department (e.g., secure print on printers).
 Users will ensure computers are logged off, locked, or protected with a screen locking
mechanism controlled by a password when unattended.
 Users will take care not to leave confidential material on printers or photocopiers.
 Users will dispose of all business-related printed matter using confidential waste bins or
shredders.

3 of 8
 1.8 Separation from Aramark and Return of Aramark Property and Equipment
 Users must return all Aramark Information Assets and other Aramark property to Aramark in
good condition upon separation from Aramark. This includes items such as office keys;
garage passes; building security passes; company-issued credit cards; Aramark manuals
and documents; computers, printers, smart phones or tablets, fax machines, including
charging and other ancillary equipment; and any and all electronic and print versions of
Aramark Data, documents, and confidential or proprietary information. Users are
responsible for any lost or damaged items, subject to applicable laws.
 Aramark shall terminate Users’ email accounts upon separation from Aramark, and Aramark
shall continue to be entitled to access such email accounts for business continuity reasons
as well as to protect and defend Aramark’s rights.
 Upon separation from Aramark, all files and data stored in any Aramark Information System
or Aramark Information Asset assigned to a User shall be the sole property of Aramark.
Users are responsible for removing any personal information from any such Aramark
Information Systems and Information Assets prior to their separation from Aramark.

Risks and Implications

Failure to comply with this Policy could result in accidental or deliberate misuse of Information
Systems, Information Assets and Aramark Data, leading to security breaches, virus attacks, and
compromise of network systems and services. Improper use of Information Systems, Information
Assets and Aramark Data increases the risk of harm to Aramark, and may adversely impact our
business, clients, employees, suppliers and customers. Compliance with this Policy minimizes the
risk of breaches of confidentiality, malicious or accidental corruption of data, theft of intellectual
property, and failure to meet legal and contractual obligations.

Compliance
Aramark will regularly assess compliance with this Policy through various methods, including but not
limited to, business tool reports, internal and external audits, and feedback. Any employee who has
violated this Policy may be subject to disciplinary action up to and including termination. Aramark
reserves the right to amend this Policy at any time and will publish updated versions to all
employees and relevant third parties.

References
Aramark policies, standards, and documents associated with this Policy include the following:
 Aramark Business Conduct Policy
 Global Information Security Policy
 Global Information Security Incident Management Policy
 Social Networking Policy
 Glossary for Information Technology

4 of 8