Vandemoortele Group Privacy & Personal Data Protection Policy

Your privacy is important to us.

In the framework of our activities personal data are shared.
We know that you care about your personal data and on how they are used.

This Vandemoortele Group Privacy & Personal Data Protection Policy (hereinafter referred to as the “VDM Privacy Policy”) explains how and why we collect personal data, which personal data we process, how we protect these personal data and how long we keep these for.

You are therefore requested to take the time to read the VDM Privacy Policy, with the understanding that it may be modified from time to time in the light of the feedback or changes to services, conditions or legal or regulatory provisions.

We take your privacy seriously and are committed to protecting your personal data along the following guiding principles:

  • Trust
  • Transparency
  • Respect for individual’s rights
  • Confidentiality
  • Protection
  • Security.

If the meaning of certain terms (terminology/wording) are not clear to understand (such as but not limited to: personal data, controller, processing, processor, data subjects, IP addresses, cookies, etc.), you can find explanations here.

If you have questions, concerns or complaints about the way your personal data are processed  by us, or if you want to exercise your individual rights to consent, withdraw your consent, request access,  request correction,  request restriction of processing of your personal data, you can contact us by sending (together with  a copy of your identity ID card (in order to allow us to verify the identity of the requestor):

  • An e-mail to the following e-mail address: mailto: “privacy@vandemoortele.com”;  
  • a signed and dated letter to the following postal address: Vandemoortele NV, Attn. Data Privacy , Moutstraat 64, B- 9000 Gent, Belgium.
  • or by submitting a request through “contact us” on our “www.vandemoortele.com” website.

You have the right to withdraw your consent for the receipt of informative mailings at any time via the option to “unsubscribe” provided at the bottom of our mailings or newsletters.

Vandemoortele is a leading European food group since 1899 that manufactures and sells high quality food products. Vandemoortele focuses on two activities: Bakery Products and Margarines, Culinary Oils & Fats. The Vandemoortele Group is present in 12 European countries with own sales organisations and/or production sites. Vandemoortele employs more than 5.000 people. Its headquarters are located in Ghent, Belgium.

 

TABLE OF CONTENTS

  1. Introduction
  2. Who is collecting and processing personal data?
  3. Why or for what purposes your personal data are collected and processed?
  4. Data minimisation
  5. Legal basis (lawful ground) for processing
  6. Direct marketing
  7. What kind of data? Categories of personal data
  8. Sensitive personal data
  9. Sources of personal data collection
  10. Recipients of personal data
  11. Retention period of personal data
  12. Security – confidentiality
  13. Rights of the individual
  14. Automated decision-making  - profiling
  15. Data breach
  16. Awareness creation & training
  17. Governance
  18. Contact us
  19. Complaints
  20. Entry into force – amendments
  21. Applicable law & competent jurisdiction
     


1. INTRODUCTION

The present VDM Privacy Policy applies to Vandemoortele NV , with registered office at Moutstraat 64 , 9000 Gent (Belgium), registered in the company register of Ghent N° 429.977.343 , and all Vandemoortele Group affiliated companies (listed in the Belgian Company code as “verbonden ondernemingen” as listed in  Attachment 2 , hereinafter referred to collectively as “Vandemoortele” and individually as respectively “Vandemoortele NV” and “Vandemoortele Companies” .

All Personal Data that Vandemoortele and their employees obtain while interacting with you as a (current, former or prospective) customers, suppliers, consumers, employees, contractors, agents, consultants, public bodies (authorities), etc.(hereafter referred to as “Individuals”) in the context of our activities are processed in compliance with the applicable legislation with respect to personal data protection, and in particular with the General Data Protection Regulation N° 2016/679 of 27 April 2016 (hereafter referred to as "GDPR").

This VDM Privacy Policy intends to inform you on how and why we collect your personal data, which personal data we process, how we protect these personal data and how long we keep these for.

This VDM Privacy Policy describes, among other things, the measures taken by Vandemoortele to protect your privacy and the use of your Personal Data in the context of Vandemoortele’ s business activities and the products and services we offer (including the Vandemoortele Website).

The VDM Privacy Policy applies on all Personal Data being processed by Vandemoortele or by third party Processors  on behalf of Vandemoortele  in connection with the business activities and the products and services Vandemoortele offers (including the Vandemoortele corporate website).

Individuals whose Personal Data are processed have the right to be informed by Vandemoortele:

  • which company of the Vandemoortele group is responsible for the processing;
  • for which (business) purposes Personal Data are processed;
  • which Personal Data are processed,
  • who receives the Personal Data (within and outside Vandemoortele);
  • how long the Personal Data are kept;
  • how the Individual can exercise its rights.

Back to table of content


2. WHO IS COLLECTING AND PROCESSING PERSONAL DATA?

Personal Data provided to or collected by Vandemoortele is controlled by Vandemoortele.

This VDM Privacy Policy applies to Personal Data collected by Vandemoortele in connection with our business activities and the products and services we offer (including the Vandemoortele Website).

Vandemoortele is an integrated group active in the production and  sale of food products, as well as in  supporting group services  having production units and sales offices in 12 countries. The Vandemoortele companies provide intra-group services in different fields, such as, but not limited to, human resources, finance, treasury, quality, supply chain, procurement, HSE, engineering, research & development, master data, IT, legal, tax, marketing, customer services, web related services (e-commerce), etc. (hereinafter referred to as “Business activities”)

In the framework of its Business activities Vandemoortele collects, processes Personal Data and transfers these  between the Vandemoortele Companies (hereinafter referred to as “Intra-Group Processing”).

Back to table of content

3. WHY OR FOR WHAT PURPOSES YOUR PERSONAL DATA ARE COLLECTED AND PROCESSED?

Vandemoortele processes Personal Data for a variety of specific purposes in connection with our Business activities (not limitative):

  • HR related activities (search & selection, pay roll administration, training & development, performance management, compensation & benefits, company cars, pension, etc.)
  • Management of ( current, former, prospective)  customers (B2B) and key accounts management
  • Management of ( current, former, prospective) Suppliers/vendors
  • Management of ( current, former, prospective) consumers (B2C)  (direct marketing), 
  • Marketing and sales and promotion , competitions(B2B, B2C, etc.)
  • Sending newsletters, e-mailings, brochures, price lists, product catalogues, and other commercial communication
  • Offering of personalised products and services
  • Targeted advertising and communication, as well as product recommendations
  • Register, manage, execute purchase orders
  • Register , manage , execute sales contracts and orders
  • Website related services, e-commerce
  • Website management (improvement and functionalities)
  • Process and answer customer or consumer enquiries and requests
  • Understand and enquire the interest, wants , changing needs of customers and/or consumers (customer/consumer insights), customer service;
  • Establishing and maintaining business relationships
  • Supply chain management
  • Logistics
  • Sourcing and procurement
  • Finance and accounting
  • Payment processing and collection
  • Asset management (real estate, equipment, machinery, etc.)
  • Production
  • Production planning
  • Treasury , corporate finance, account and credit management
  • Corporate housekeeping, management of shareholders, partners, associates
  • Legal affairs & regulatory
  • Management of disputes, litigations, law suites, court cases
  • Permits & authorizations
  • Quality assurance, complaint management , customer and supplier audits
  • Master data management
  • Tax
  • Internal audit and business control
  • Engineering
  • Insurance
  • Intellectual property management
  • Mergers & acquisitions
  • Research & development, scientific research, product innovation
  • Investors relations
  • Public affairs & communication (public relations)
  • Authentication and verification of the identity of individuals contacting Vandemoortele by telephone, electronic means or otherwise
  • Data security
  • Protection of confidential information and trade secrets
  • Control of workplace and property
  • Conclusion and performance of contracts
  • Etc.

The means of collection, lawful basis of processing, use, disclosure , and retention periods for storage and archiving may differ in function of each purpose (where appropriate and on a “need-to-know” basis).

In addition to this VDM Privacy Policy and where appropriate, Vandemoortele will inform you by way of specific Privacy Statements about the use of Personal Data for specific purposes in execution of this VDM Privacy Policy. Where appropriate Vandemoortele will ask for your consent to process Personal Data. For instance for the purpose of promotional campaigns, contests, etc.

We ask you to read such additional privacy statements before participating.

Personal Data will only be processed for the purposes for which it was collected and to the extent that is necessary to achieve those purposes.

This restriction applies to:

  • the Personal Data (not more than needed)
  • the scope of Processing
  • the retention period (no longer than needed)
  • the accessibility.

If Personal Data should be processed for a different purpose than those for which they were initially collected, Vandemoortele ensures that such processing is only allowed where it is compatible with the purpose for which the Personal Data were initially collected.

In case the secondary purpose is incompatible with the original purpose for which Personal Data was collected, Vandemoortele will re-consider the lawful ground for the processing and take additional measures where appropriate (e.g. additional confidentiality and security measures, limiting access, anonymize, seeking consent for processing  of the personal data for secondary purpose, etc.). Unless the processing is based on other lawful grounds, Vandemoortele will seek the consent of the Individual for the processing of their respective Personal Data in the light of this new purpose, where appropriate.

Back to table of content

4. DATA MINIMISATION

Vandemoortele shall not process more personal data than reasonably necessary for or relevant to the applicable purpose.

Personal Data should be accurate, complete and kept up to date to the extent reasonably necessary for the applicable purpose.

In case the Personal Data are not complete or outdated or incorrect, the Individual should inform Vandemoortele thereof and ask to rectify the personal data.

Vandemoortele shall take commercially reasonable  measures where legally , economically and technically feasible, to restrict the collection of personal data and/or to securely delete or destroy personal data which are not needed anymore for the applicable purpose.

Back to table of content

5. LEGAL BASIS (LAWFUL GROUND) FOR PROCESSING

Vandemoortele commits to process Personal Data in a lawful manner in accordance with the GDPR based on the one or more of the following lawful grounds:

  • consent
  • conclusion, execution and performance of agreements (including the formulation of an offer/proposal) with employees, customers; suppliers, service providers, agents, contractors,  etc.
  • compliance with legal obligations
  • legitimate interests pursued by Vandemoortele
  • vital interests
  • public interest or official authority.

In case we process Personal Data based on legitimate interests pursued by Vandemoortele, we will take into consideration and balance any potential reasonable impact (both positive and negative) on the Individual and the individual privacy rights under the GDPR and verify that such interests are not overridden by the interests or fundamental rights and freedoms of the Individual, in particular where the Individual is a child.

Such legitimate business interests could exist, for example, where there is a need to protect:

  • the health, safety and security of employees
  • assets (buildings, factories, equipment, etc.)
  • confidential information (for instance in case of an acquisition, merger, sale)
  • intellectual property rights, trade secrets, reputation of Vandemoortele
  • the network and information security systems of Vandemoortele
  • against attacks impacting the continuity of the Vandemoortele business operations;
  • the defence of the rights of Vandemoortele, its personnel, its shareholders, its directors
  • the prevention or investigation of fraud, malicious actions or violations of laws, contracts or Vandemoortele polies and procedures
  • the defence of Vandemoortele in disputes, litigations, court proceedings, administrative or out-of-court procedures
  • etc.

In such situations and considering the balance, the legitimate interests pursued by  Vandemoortele might override the rights of Individuals.

Individuals have the right to be informed about the legitimate interests pursued by Vandemoortele.

If the processing cannot be reasonably justified by one of the aforementioned lawful grounds or if consent (“opt-in”) is required by law, Vandemoortele will request for your consent in compliance with the requirements of the GDPR.

When seeking consent, Vandemoortele shall inform the Individual of:

  • the purpose of the Processing for which consent is requested
  • the rights of the Individual
  • the other information to be provided to the Individual under the GDPR (art. 13 & 14).

by way of specific Privacy Statement (where appropriate).

When you complete an on-line contact form through our Website, Vandemoortele will ask you for your explicit consent (“opt-in”) for the collection and processing  of your personal data to answer and handle your question and/or to contact you (contact information) and/or for any other purpose specifically provided for in a tick box (for instance, for the subscription of newsletters and other direct marketing communication).

By ticking the empty tick box at the bottom of the online form, you consent that we collect, store and process your personal data for the purposes described therein.

You have the right to withdraw your consent by unsubscribing at any time (see point  “right” below).

Back to table of content

6. DIRECT MARKETING

Unless marketing activities are justified on the basis of legitimate interests (for instance to inform current, former, prospective customers of Vandemoortele products and services), Vandemoortele will obtain prior consent (“opt-in”) for the purpose of direct marketing activities. In the on-line or email newsletter or mailing the individual will have the possibility to “unsubscribe , in case he/she does not want to receive any further direct marketing mailings. In case of withdrawal  (“unsubscribe”) Vandemoortele will take the necessary measures within reasonable delay in order to avoid that future mailings are sent to the Individual (taking into account legal, technical and economic feasibility).

Back to table of content

7. WHAT KIND OF DATA? Categories of personal data

For purposes such as the ones listed above and where appropriate, we may collect and process the following personal data  (where appropriate):

  • Identifying data: first name , surname and family name, gender (Mr, Mrs, Ms), ID card, passport
  • Contact details such as:(professional) e-mail address, office address, location (zip code, city, country, geo-location), telephone number,  mobile telephone number, fax number, other electronic contact data
  • Professional data:  employer name, job, title, function, data relating to employment or professional activities, specific professional or educational qualifications/authorisations/certificates, curriculum vitae (cv) and motivation letter (where appropriate)
  • Personal characteristics: date of birth, language; preferences, fields of interest; favourite products, household & lifestyle information, the national register number, data concerning civil status,  (where appropriate)
  • Payment related information: VAT number, bank account number, invoicing and payment behaviour, credit card number, history
  • Tracking technologies data and technical cookies: login, user name, IP address, device ID, GPS  location; location data computer and connection information such as browser type and version, time zone setting, language settings, operating system, history, preferential settings
  • Consumer /customer feedback: experience in using Vandemoortele products and services, eating habits, recipes, consumer /customer generated content (e.g. pictures, photos, videos, selfies, testimonials, personal stories) that you share with Vandemoortele

As Vandemoortele is mainly active in the B2B business, we  will primarily collect “contact information” of  our current, former or prospective customers, suppliers, contractors, agents, consultants, public bodies (authorities), etc.

Where necessary for specific purposes Vandemoortele will collect other Personal Data. Vandemoortele will not collect and process more Personal Data than reasonably required for the purpose.

Back to table of content

8. SENSITIVE PERSONAL DATA

Certain categories of personal data are considered as  “sensitive Personal Data” .

Namely data relating to:

racial or ethnic origin, political opinion or preference, religious or philosophical convictions, or membership to a trade union, genetic data, biometric data or data about health or sexual behaviour or sexual orientation, etc.

Sensitive Personal Data benefit from special protection under the GDPR.

The processing of sensitive personal data is in principle prohibited by the GDPR, unless explicitly allowed by specific exceptions provided for in the GDPR.

In principle Vandemoortele does not collect sensitive Personal Data.

You are therefore asked not to provide us with this type of Personal Data.

Vandemoortele will only process sensitive Personal Data, if necessary and in strict compliance with the exceptions of the GDPR.

Back to table of content

9. SOURCES OF PERSONAL DATA COLLECTION

As a company, Vandemoortele collects and processes many Personal Data on a daily basis from a variety of sources, where appropriate, in the framework of its Business activities , such as registering visitors at our offices and production sites, processing employee data for payroll purposes, registering suppliers/vendor , sending newsletters to customers and prospects, answering on-line requests from consumers,  etc.

The sources include :

  • Personal data you provide us directly through the following channels and / or
  • Personal Data we collect whenever you interact with us online and /or
  • Personal Data we collect from other sources, such as from public sources and/or via third parties

such as (but not limited to):

  • Online (via registration or logging into the Vandemoortele Website www.vandemoortele.com or any other Vandemoortele websites,  via cookies and other tracing technologies; via  the server of the Website that automatically recognizes the IP address and/or the domain name of the person who visits the Website,
  • in the context of direct interaction with our enterprise by telephone, SMS or email;
  • By filling out a contact form or via scanning visitor badges (QR Code) on fairs;
  • By registering as a “visitor” in our offices or production sites;
  • By giving business cards or mobile phone contacts to our staff members;
  • By signing up for newsletters, brochures, magazines and other marketing material;
  • By participating in  contests, promotional actions and surveys,  Vandemoortele events, cooking sessions, tasting panels, consumer insights, market research, enquiries, questionnaires, etc.
  • By communicating with customer service teams;
  • By performing payments or collection of payments;
  • via publicly accessible sources and via sources to which access is (not) legally restricted;
  • by registering on online platforms (ARIBA©, SUCCESSFACTORS©, SAP©, etc.);
  • ...

Vandemoortele uses Google-analytics cookies in certain websites. We have entered into a personal data processing agreement with Google. Vandemoortele will use commercially reasonable efforts to cause that IP-addresses are anonymised by masking parts of the IP-addresses (for instance by masking the last octet of the IP-addresses) so that Google cannot process the complete IP address and to disable the “share information” function have been disabled with Google.

Back to table of content

10. RECIPIENTS OF PERSONAL DATA

  • Transfer to and processing by third parties

Vandemoortele will only share Personal Data with third parties (via transfer or by giving remote network access) when we are reasonably legally permitted or required to do so for the purpose of its Business activities.

For the purposes listed above, Vandemoortele may transfer your Personal Data (or may be legally or contractually obliged to transfer Personal Data) to public authorities and to third party (sub-) processors so that they can process these data on behalf of Vandemoortele   and to or third party controllers so that they can process these data on their own behalf and responsibility, on the condition that such (sub-)processors and controllers guarantee an adequate level of protection regarding the processing of Personal Data and are contractually obliged to comply with the GDPR, such as (but not limited to):

  • Cloud based “software as a service” providers (Saas applications)
  • IT service providers
  • logistic services providers
  • advertising and marketing agencies (direct marketing)
  • personal & market data agencies
  • auditors and other professional advisors or consultants
  • communication agencies
  • hosting providers
  • shared service providers
  • insurance companies
  • banks
  • social secretariats (wages and salaries)
  • pension funds and service providers
  • social security
  • public authorities
  • chambers of commerce, companies register, ubo register, etc.
  • etc.

The employees, agents, contractors, attorneys, managers and/or representatives of the aforementioned third party (sub-)processors have to respect the confidential nature of these Personal Data and may only use these Personal Data in line with the instructions of Vandemoortele and for the purpose authorized by Vandemoortele.

The (sub-)processors must offer sufficient guarantees and with respect to the implementation of appropriate technical and organizational measures to ensure that the processing complies with the legal requirements of the GDPR and offers an adequate level of protection of Personal Data .

To the extent required by the GDPR, Vandemoortele has entered into a written contract with third party (sub-)processors defining the purpose of the processing and to ensure that they have implemented adequate appropriate technical and organizational measures to protect the confidentiality and the security of Personal Data.

Such written contract shall include the provisions of the GDPR (art. 28).

 

  • Transfer to and processing by other Vandemoortele Companies (Inter-company transfers):

Vandemoortele may also share and transfer your Personal Data to other Vandemoortele Companies for the purpose of inter-company or intra- group services, for legitimate business purpose  (such as for example processing orders, accounting, generating invoices, manage payments, management reporting, controlling, organising transportation, handling complaints, archiving, internal audits, handling disputes, insurance, training, research, ...).

The Vandemoortele staff members, employees, and/or managers have to respect the confidential nature of Personal Data and may only process these data  on a “need-to-know”-basis to the extent that this is necessary for the performance of their duties/function and in line with the policies, procedures and instructions of Vandemoortele.

 

  • Transfer of data outside the EEA/ cross border transfers

In principle Vandemoortele will seek to process the Personal Data within the EEA (European Economic Area), where legally, economically (at reasonable cost)and technically feasible.

Your Personal Data will not be transferred to member states outside of the EEA without appropriate safeguards to comply with personal data protection, confidentiality and security obligations in accordance with the GDPR.

If we transfer Personal Data to outside of the EEA, Vandemoortele will use commercially reasonable efforts  that the Personal Data are protected in the same way as if they were processed in the EEA, based on the following privacy protection principles:

  • Transfer to a country outside of the EEA (European Economic Area) determined by the European Commission as providing an adequate level of protection for the processing of Personal Data as an EEA country;
  • By entering into an agreement with the non-EEA third party processor which covers the EU requirements for the transfer of Personal Data outside the EEA, such as the European Commission approved standard contractual clauses, obliging the non-EEA thirty party processor to protect Personal Data to the same standards as the EEA;
  • Transfer to a non-EEA country (e.g. USA) that is part of specific agreements on cross-border transfer of Personal Data with the European Union (e.g. EU-US Privacy Shield setting privacy standards for Personal Data sent between the United States and the EU countries).

Back to table of content

11. RETENTION PERIOD OF PERSONAL DATA

Vandemoortele shall retain Personal Data only for the period reasonably necessary:

  • to serve the purpose described in the VDM Privacy policy or – as the case may be- in the VDM Privacy Statement with respect to a specific business purpose- for which the Personal Data are processed;
  • to comply with applicable legal obligations.
  • to safeguard statute of limitations.

Vandemoortele may determine a reasonable time period during which specific Personal Data will be kept, in function of the applicable legal statute of limitations under European and national applicable legislation (country by country).

For instance, unless otherwise provided for, with respect to contractual nature of the relationship between Vandemoortele and its B2B customers, Vandemoortele will store the Personal Data up to 10 years after the last purchase / after the end of the contract with Vandemoortele, plus a verification period of 6 months, unless they need to be stored longer based on legal obligations or a legitimate interest for Vandemoortele (for instance: in case of a pending dispute).

After the retention period, the Personal Data will be (where appropriate and taken into account the legal, technical and economic feasibility and commercially reasonable efforts):

  • deleted and destroyed
  • anonymized
  • pseudonymized
  • encrypted
  • transferred to an archive,
  • other secured measures.

Personal Data can be included in system back up’s (cloud)  for recovery purposes in case of disaster or data corruption.

Back to table of content

12. SECURITY - CONFIDENTIALITY

Vandemoortele shall do all reasonable efforts to secure and to protect Personal Data to the maximum extent reasonable possible in order to ensure their confidentiality and to prevent them from being distorted, damaged, destroyed or disclosed to an unauthorized third party. For this purpose Vandemoortele shall take required commercially reasonable technical and organisational measures, taking into account legal, technical and economic feasibility.

Vandemoortele uses different security technologies and procedures (among other access control procedures and other internal organisational measures and procedures) to safeguard the privacy and the confidentiality of your Personal Data and to protect these against unauthorised access, incorrect use, illegal or unintended destruction and loss.

Only Vandemoortele  staff and third party processors acting on behalf of and on instruction of the Controller involved in the business purpose for which Personal Data are collected shall have access to these Personal Data for the performance of their tasks. These staff members third party processors are contractually bound to respect the privacy and confidentiality of Personal Data (i.e. through confidentiality clauses in the employment contract with Vandemoortele and/or via non-disclosure agreement and/or via DPA (data processing agreement). ).

The specific measures taken by Vandemoortele in this perspective are described in the Vandemoortele Information Security Management Policy.

Vandemoortele declares and guarantees that Personal Data receives the same level of protection when they are  is transferred between Vandemoortele Companies and Vandemoortele NV (HQ services inter-company) as when Vandemoortele Companies process Personal Data for and on behalf of other Vandemoortele Companies (intra group services ).

Back to table of content

13. RIGHTS OF THE INDIVIDUAL

You have the following rights:

  • Right to be informed
  • Right of access
  • Right to withdraw consent or to unsubscribe
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object and / or to initiate a complaint procedure
  • Rights with respect to automated decision making and profiling.

You may exercise the above mentioned rights at any time by contacting us. (See “Contact us”)

The above rights may be applicable in certain circumstances and may be subject to certain conditions, exemptions or exceptions as set out in the applicable data protection legislation.

Feel free to contact us:

  • Right to withdraw consent or unsubscribe

If the processing is based on its consent (“opt-in”) (for instance for direct marketing purposes), the Individual shall have the right to withdraw this consent at any time , without this withdrawal affecting the lawfulness of the processing based on consent that took place before the withdrawal of the consent, via the “unsubscribe” option or by contacting us (See “Contact us”).
You have the right to withdraw  your consent at any time by clicking on the “unsubscribe” at the bottom of our mailings and newsletters. 

  • Right of access

You may ask to access and request for an overview of the Personal Data that are collected and processed by or on behalf of Vandemoortele by contacting us (See “Contact us”).

  • Right to rectification

If your Personal Data are incorrect, incomplete or inaccurate, you are entitled to request Vandemoortele to rectify, correct or complete your Personal Data , insofar as this is reasonably, technically, economically and legally possible.
You can update your personal data via the option “preferences” provided at the bottom of our mailings or newsletters.
Feel free to contact us. (See “Contact us”).
 

  • Right to erasure (“right to be forgotten”)

You are entitled to have your Personal Data erased, insofar as this is reasonably, technically, economically (at reasonable cost/no disproportionate costs) and legally possible, in one of the following cases:

(a) Personal Data are no longer necessary for the purposes for which they were processed, or
(b) the consent, insofar as the processing is based on it, is withdrawn by  you and there are no other lawful grounds for the processing or
(c) you object to the processing and there are no overriding legitimate interests s for Vandemoortele or
(d) the Personal Data have been unlawfully processed, or
(e) the Personal Data must be erased in order to comply with a statutory or legal obligation.

If the request for erasure forms part of objection to processing for reasons relating to the specific situation of the Individual concerned, Vandemoortele will erase the data, unless the processing is necessary for lawful reasons , such as the establishment, exercise or defence of legal claims or for the compliance with legal obligations resting upon Vandemoortele, for purposes of public interest, etc.
 

  • Right to restriction of processing

You have the right to obtain from Vandemoortele a restriction on processing of your Personal Data, if:

(a) the accuracy of your Personal Data is contested ted by you, or
(b) the processing is unlawful and you  oppose to the erasure of the Personal Data or
(c) you  need Personal Data for the establishment, exercise or defence of legal claims while Vandemoortele no longer needs it for processing purposes, or
(d) you objected to processing pursuant to article 21.1. GDPR pending the verification whether or not the legitimate grounds of Vandemoortele override your individual interests.

 

  • Right to data portability

Pursuant to article 20 GDPR, if the processing is carried out by automated means, you are entitled to obtain his/her Personal Data - which you have provided to Vandemoortele- in a structured, customary and legible form and to transfer that Personal Data from Vandemoortele to another  controller , where reasonably; legally, economically (at reasonable cost) and technically feasible, if :

(a) the processing is based on consent or
(b) the processing is necessary for the execution of a contract.

 

  •  Right to object

You are entitled to object at any time , on grounds relating to his or her particular situation, to the processing of its Personal Data by Vandemoortele based on legal basis of legitimate interests pursued by Vandemoortele and/or for the performance of a task carried out in the public interest or in the exercise of official authority vested in Vandemoortele, including profiling.  In case the Individual believes that the Processing of its Personal Data is not in accordance with the GDPR  or if the Individual has not received any response from Vandemoortele on a written request or if the response of Vandemoortele to the request is unsatisfying to the Individual.

When the Personal Data are processed for direct marketing purposes , the Individual has the right to object at any time to the processing of his/hers Personal Data for direct marketing purposes.

You are entitled ask to Vandemoortele to clarify the lawful basis for the processing of your Personal Data (e.g. legitimate interests, public interest)  by contacting us. (See “Contact us”).

However if an Individual objects to the processing of certain Personal Data or exercises the rights set out below, this may result in Vandemoortele being unable to further execute services or Individual will no longer be able to make use of the services of Vandemoortele or of certain functionalities offered via the services of Vandemoortele.

For all additional information in connection with this VDM Privacy Policy or for any request for correction, access or restriction of Processing, please contact us (See “Contact us”):

Back to table of content

14. AUTOMATED DECISION-MAKING - PROFILING

Automated decision-making is defined as decisions about Individuals which are strictly based on automated data processing (including profiling) and which might have legal consequences or which might significantly affect the Individuals  involved.

Vandemoortele makes in principle no use of automated decision-making as described above.

Any use of automated decision-making means for certain processing will be done in accordance with the GDPR.

Back to table of content

15. DATA BREACH

In the event of a violation  or data leakage and the associated violation of the availability, integrity or confidentiality of Personal Data, Vandemoortele shall report the Personal Data breach in connection with Personal Data to the competent Data Protection Authority with undue delay and within 72 hours of it becoming aware of it, where feasible and where legally obliged and unless it is unlikely that the violation  poses any risk to the rights and freedoms of the Individuals concerned in accordance with the GDPR.

Vandemoortele will also communicate  the Personal Data breach to the concerned Individuals, in case it is likely that the breach will entail a high risk for the rights and freedoms of the Individuals.

The specific measures taken by Vandemoortele in this perspective are described in the Vandemoortele company secrets breach response Procedure  and the Vandemoortele Data Breach Response Management Plan.

Back to table of content

16. AWARENESS CREATION & TRAINING

In order to support and compliance with the GDPR and the VDM Privacy Policy, Vandemoortele organises awareness creation and training session for its employees and staff. Also a GDPR intranet site is available for the employees (staff) with relevant information and tools about the GDPR.

Back to table of content

17. GOVERNANCE

Vandemoortele NV and each Vandemoortele  Company  (as listed in  Attachment 2 ) act as “ controller” for the Personal Data it processes or are processed on its behalf by third party processors in the framework of this VDM Privacy Policy and for the compliance with the GDPR.

All Vandemoortele companies will cooperate and assist in handling a request or complaint from an Individual or from the competent national Data Protection Authority.

Back to table of content

18. CONTACT US

If you have questions concerns or complaints about the way your personal data are processed  by us, or if you want to exercise your individual rights to consent, withdraw your consent, request access,  request correction,  request restriction of processing of your personal data, you can contact us by sending -together with  a copy of your identity ID card -(in order to allow us to verify the identity of the requestor):

  • an e-mail to the following e-mail address: mailto:  “privacy@vandemoortele.com”;
  • a signed and dated letter to the following postal address: Vandemoortele NV, Attn. Data Privacy , Moutstraat 64, B- 9000 Gent, Belgium.
  • or by submitting a request through “contact us” on our “www.vandemoortele.com” website.

You will receive confirmation of your request free of charge within thirty (30) days, on the understanding that this period may be extended by an additional period of thirty (30) days, provided that (company name) considers the request in question to be a complex one.

Back to table of content

19. COMPLAINTS

You are entitled to submit a complaint to the competent national supervising Data Protection Authority of the country concerned, in case you believe that the Processing is unlawful or if you have not received any response from Vandemoortele on a written request or if the response of Vandemoortele to the request is unsatisfying to the individual.

National competent supervising Data Protection Authority :

Belgium: Gegevensbeschermingsautoriteit
Drukpersstraat 35,
B- 1000 Brussel (Belgium)

e-mail: “contact@apd-gba.be

(www.dataprotectionauthority.be)

Back to table of content

20. ENTRY INTO FORCE - AMENDMENTS

We reserve the right to amend this Vandemoortele Privacy Policy from time to time, within the limitations imposed by the applicable regulations with respect to privacy and data protection.

Back to table of content

21. APPLICABLE LAW AND COMPETENT JURISDICTION

This VDM Privacy Policy is governed by and construed in accordance with Belgian law.

All disputes relating to this VDM Privacy Policy which cannot be resolved amicably between the parties, including its interpretation, as well as disputes relating to the protection of Personal Data, fall under the exclusive jurisdiction of the courts of the district of Gent, without prejudice to mandatory legal provisions to the contrary.

Back to table of content

 

 

Ghent, Belgium

on 17/12/2018

Jules Noten
CEO

 

 

 

 

 

Attachment 1: VANDEMOORTELE GROUP COMPANIES

VandemoorteleGroupCompanies

Back to table of content

Attachment 2: Definitions

For the proper understanding of the terminology used in the context of this Vandemoortele Privacy Policy, a number of terms are defined below, as the case may be in accordance with the GDPR:

  • GDPR” means the General Data Protection Regulation N° 2016/679 of 27 April 2016
  • “Individual” or ”Data Subject”: means an identified or identifiable natural person, as the case may be (current, former or prospective) employees , consumers, customers, employees, suppliers, contractors, vendors, consultants, public bodies (authorities), etc. whose Personal Data have been provided explicitly or implicitly to Vandemoortele.
  • We”/”us”/”our”: means Vandemoortele and Vandemoortele Group Companies as listed in Attachment 1 hereto.
  • You”/”your”: means Individuals or Data Subjects who personal data are processed.
  • “Personal Data Breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Processed Personal Data.
  • “Personal data” means any information that can be used to relating to identify, directly or indirectly, a specific person (individual).
  • Processing” means  any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, adoption, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. e.g. registering prospective suppliers in an excel file or visitors at a production plant, sending a mailing for direct marketing, keeping lists with customer contact data in a CRM software, etc.
  • Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data, being, as the case may be Vandemoortele NV (or Vandemoortele Companies in countries).
  • Processor”: means a natural or legal person, public authority, agency or another body, to which processes Personal Data on behalf of the Controller.
  • Website”: website of Vandemoortele (www.vandemoortele.com) and related websites.

Back to table of content

 

 

© VANDEMOORTELE NV – 2018 - All rights reserved – Group Privacy & Personal Data Protection Policy - version 1.0