Privacy statement for suppliers
VANDEMOORTELE GROUP - Privacy statement for Suppliers
Dear supplier or prospective supplier,
Your privacy is important to us.
All personal data that we obtain from you while interacting with you as a supplier and/or prospective supplier, are collected, stored and processed in full compliance with the applicable legislation with respect to data protection, and in particular with the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (hereafter referred to as "GDPR").
This Privacy Statement applies in addition to the Vandemoortele Group privacy & personal data protection policy (available on https://vandemoortele.com/vandemoortele-group-privacy-personal-data-protection-policy).
In this Privacy Statement, we explain how and why we collect your personal data, how we process and protect these personal data and how long we keep these for.
In accordance with the GDPR, you also have certain rights.
- Identity of the controller
The controller of your personal data is the following legal entity:
B- 9000 GENT
Enterprise / Company number: 0429 977 343 (RPR Gent, division Gent)
acting in its own name and for its own account as well as in the name and for the account of its affiliated companies of the Vandemoortele Group (“Vandemoortele Companies”) (see https://vandemoortele.com/legal-entity-address-list for all Vandemoortele Companies) (hereinafter jointly referred to as “Vandemoortele”).
We collect, record and process your personal data for the following purposes:
- supplier and prospective supplier relation management;
- in order to get better supplier insights, to improve the knowledge about our suppliers and potential supplier contacts;
- register, manage, execute purchase orders;
- website related services;
- sourcing and procurement;
- supply chain management, logistics;
- finance and accounting;
- production, production planning;
- management of disputes, litigation, law suits, court cases;
- quality assurance, complaint management, audits;
- master data management;
- quality audits and business control;
- conclusion and performance of contracts.
- Legal basis (lawful ground) for processing
We collect, record, process and store all supplier personal data that are necessary to tender, discuss, negotiate, conclude, execute and carry out agreements in connection with the sourcing and procurement of products, services and works .
There may (also) be a legal obligation (e.g. tax or accounting legislation) or another justified lawful ground based on which we have to process your personal data (e.g. pursuit of legitimate interests, etc.) .
- Categories of personal data
For purposes such as the ones listed above, we collect, record and process the following personal data in our master data:
- identifying data (such as first name, surname, gender (Mr, Mrs, Ms));
- contact details (such as (professional) email address, office address, mobile phone number, fixed phone number, other electronic contact data);
- personal characteristics (such as date of birth);
- professional data (such as employer name, job, title, function);
- payment related information (such as VAT number, bank account number, payment behaviour);
- data via tracking technologies and technical cookies (such as login, user name, IP address, device ID);
We do not collect sensitive personal data (i.e. personal data that show race or ethnic origin, political views, religious or ideological views, or membership to a union, genetic data, biometric data or data about health or sexual behaviour or sexual orientation). You are therefore asked not to provide us with these types of personal data. If sensitive personal data are provided anyway, you expressly agree that these personal data will be processed by us in accordance with the provisions of this Privacy Statement.
- Sources of personal data
We collect and process personal data in our master data record which you provide to us directly through one or more of the following channels and/or which we collect whenever you interact with us through one or more of the following channels:
- Online (via registration on or logging into www.vandemoortele.com or any other Vandemoortele websites; via cookies and other tracking technologies (such as Google analytics));
- In the context of direct interaction with our enterprise by telephone, SMS or email;
- Through participation in our surveys;
- Through online / internet supplier sourcing platforms (supplier communities, SAP ARIBA);
- Through purchase orders, requests for information (RFI), requests for proposal (RFP), quotations, tenders;
- By filling out a contact form or via scanning visitor badges (QR Code) on fairs;
- By giving business cards or mobile phone contacts to our staff members;
- By collection of payments (invoicing – payment);
- From other sources, such as from public accessible sources and via sources to which access is not legally restricted.
- Recipients of personal data
For the purposes listed above, your personal data may be shared with and possibly processed by third parties such as:
- cloud based “software as a service” providers (SaaS applications such as SAP ARIBA, SAP Sourcing to Pay);
- IT service providers;
- logistic services providers;
- auditors and other professional advisors or consultants;
- hosting providers;
- shared service providers;
- banks and insurance companies;
- public authorities.
The employees, agents, contractors, attorneys, managers and/or representatives of the aforementioned third party (sub-)processors have to respect the confidential nature of these personal data and may only process these personal data in line with the instructions of Vandemoortele.
We may also share your personal data with other Vandemoortele Companies for the purpose of inter-company or intra-group services, for legitimate business purposes (such as for processing orders, generating invoices, organising transportation, handling complaints, accounting, manage payments, management reporting, controlling, archiving, internal audits, handling disputes, insurance).
- Transfer of personal data
Your personal data will not be transferred to countries outside of the EEA without appropriate safeguards.
- Retention period
We will store your personal data only for the period reasonably necessary, to serve the purpose for which the personal data are processed, to comply with applicable legal obligations, to safeguard the applicable statute of limitations: up to 10 years after the last purchase order and/or after the end of the (last) contract with Vandemoortele, plus a verification period of 6 months, unless they need to be stored longer based on legal obligations or a legitimate interest of Vandemoortele.
You have the right to contact the enterprise at any time:
- to request access to your personal data;
- to obtain correction of inaccurate personal data;
- to have your personal data erased;
- to obtain from the enterprise a restriction on the processing of your personal data;
- to object to the processing of your personal data;
- in case you gave explicit consent for the processing of your personal data, to withdraw your consent (particularly for using your personal data for sending informative mailings);
- if the processing is carried out by automated means, to ask to receive your personal data and/or to have these transferred to another controller ("right to data portability").
The above rights may be applicable in certain circumstances only and may be subject to certain conditions, exemptions or exceptions as set out in the applicable personal data protection legislation.
- Automated decision-making (profiling)
Automated decision-making is defined as decisions about individuals which are strictly based on automated data processing and which might have legal consequences or which might significantly affect the persons involved.
The enterprise makes in principle no use of automated decision-making as described above.
- Security - Confidentiality
We use different security technology and procedures to safeguard the privacy and the confidentiality of your personal data and to protect these against unauthorised access, incorrect use, illegal or unintended destruction and loss. Only Vandemoortele staff and third party processors involved in the purposes for which your personal data are collected have access to these data for the performance of their tasks. These staff members and third party processors are contractually bound respect the privacy and confidentiality of your personal data.
You can also file a complaint with the competent national supervising authority. For Belgium:
Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD)
Drukpersstraat 35 / Rue de la Presse 35
B- 1000 Brussel / Bruxelles
e-mail: mailto: “email@example.com”
If you have questions, concerns or complaints about the way your personal data are processed by us, or if you want to exercise your individual rights with regard to your personal data, you can contact us by sending, together with a copy of your identity ID card (in order to allow us to verify the identity of the requestor) :
- an e-mail to the following e-mail address: mailto: “firstname.lastname@example.org”;
- a signed and dated letter to the following postal address: Vandemoortele NV, Attn. Privacy - Central Procurement, Ottergemsesteenweg-Zuid 816, B- 9000 Gent, Belgium;
or by submitting a request through “contact us” on our “www.vandemoortele.com” website.
We reserve the right to amend this Privacy Statement from time to time, within the limitations imposed by the applicable regulations with respect to privacy and data protection.
- Applicable law and competent court
The Privacy Statement shall be governed by and construed in accordance with the laws of Belgium. The competent courts of Gent, Belgium have the exclusive competence to hear all disputes arising from this Privacy Statement and that cannot be solved amicably.
Drawn up in Gent, Belgium
on 1st of October 2019
© VANDEMOORTELE – 2019 – All rights reserved – Suppliers Privacy Statement – V3.0