Vandemoortele group privacy & personal data protection policy

1. INTRODUCTION

The present VDM Privacy Policy applies to Vandemoortele NV , with registered office at Ottergemsesteenweg-Zuid 816, B-9000 Gent, registered in the company register of Ghent N° 429.977.343, and all Vandemoortele Group affiliated companies ( “verbonden ondernemingen” within the meaning of Belgian Company code and listed in Attachment 1), hereinafter referred to collectively as “Vandemoortele” and individually as respectively “Vandemoortele NV” and “Vandemoortele Companies”. 

In the framework of our business activities and the products and services we offer your personal data, in your capacity as (current, former or prospective) customers, suppliers, consumers, employees, contractors, agents, consultants, public bodies (authorities), shareholders, board members, etc. (hereafter referred to as “Individuals”) are processed  in compliance with the applicable legislation with respect to personal data protection, and in particular with the General Data Protection Regulation N° 2016/679 of 27 April 2016 (hereafter referred to as "GDPR"). 

We take your privacy seriously and are committed to protecting your personal data along the following guiding principles:

  • Trust
  • Transparency
  • Respect for individual’s rights
  • Confidentiality
  • Protection
  • Security.

Individuals whose Personal Data are processed have the right to be informed by Vandemoortele: - which company of the Vandemoortele group is responsible for the processing - for which (business) purposes Personal Data are processed - which Personal Data are processed - who receives the Personal Data (within and outside Vandemoortele) - how long the Personal Data are kept - how the Individual can exercise its rights. 

This Vandemoortele Group Privacy & Personal Data Protection Policy (hereinafter referred to as the “VDM Privacy Policy”) explains how and why we process personal data, which personal data we process, how we protect these personal data and how long we keep these for. 

You are therefore requested to take the time to read the VDM Privacy Policy, with the understanding that it may be modified from time to time in the light of feedback or changes to services, conditions or legal or regulatory provisions. 

You can find further explanation with respect to the meaning of certain terms (terminology/wording) (such as: personal data, controller, processing, processor, data subjects, IP addresses, cookies, etc.), in Attachment 2 hereto. 

Contact us: 

If you have questions concerns or complaints about the way your personal data are processed by us, or if you want to exercise your individual rights to consent, withdraw your consent, request access, request correction or request restriction of processing of your personal data, you can contact us [together with a copy of your identity ID card (in order to allow us to verify the identity of the requestor)]: 

  • by e-mail to the following e-mail address: mailto: “privacy@vandemoortele.com”;  
  • by signed and dated letter to the following postal address: Vandemoortele NV, Attn. Personal Data Protection, Ottergemsesteenweg-Zuid 816, B-9000 Gent, Belgium; 
  • or by submitting a request through “contact us” on our “www.vandemoortele.com” website.

Vandemoortele NV and each Vandemoortele Company (as listed in Attachment 1) act as “controller” for the Personal Data it processes or which are processed on its behalf by third party processors in the framework of this VDM Privacy Policy and for the compliance with the GDPR.  

Vandemoortele is a leading European food group since 1899 that manufactures and sells high quality food products. Vandemoortele focuses on two activities: Bakery Products and Margarines, Culinary Oils & Fats. The Vandemoortele Group is present in 12 European countries with own sales organisations and/or production sites. Vandemoortele employs more than 5.000 people. Its headquarters are located in Ghent, Belgium. 

TABLE OF CONTENTS

  1. Introduction
  2. Who is collecting and processing personal data?
  3. Why or for what purposes your personal data are collected and processed?
  4. Data minimisation
  5. Legal basis (lawful ground) for processing
  6. Direct marketing
  7. What kind of data? Categories of personal data
  8. Sensitive personal data
  9. Sources of personal data collection
  10. Recipients of personal data
  11. Retention period of personal data
  12. Security – confidentiality
  13. Rights of the individual
  14. Automated decision-making  - profiling
  15. Data breach
  16. Awareness creation & training
  17. Governance
  18. Contact us
  19. Complaints
  20. Entry into force – amendments
  21. Applicable law & competent jurisdiction


2. WHO IS COLLECTING AND PROCESSING PERSONAL DATA?

Personal Data provided to or collected by Vandemoortele are controlled by Vandemoortele.  This VDM Privacy Policy applies to Personal Data processed by Vandemoortele in connection with our business activities and the products and services we offer (including the Vandemoortele Website). 

Vandemoortele is an integrated group active in the production and  sale of food products as well as in supporting group services, having production units and sales offices in 12 countries. Vandemoortele NV and the Vandemoortele Companies provide intra-group services in different fields, such as: human resources, finance, accounting, treasury, quality, supply chain, procurement, HSE, engineering, research & development, master data, IT, legal, tax, marketing, customer services, web related services (e-commerce), site services, operations, facility management  (hereinafter referred to as “Business activities”) . 

In the framework of its Business activities Vandemoortele collects, processes Personal Data and Personal Data are transferred between the Vandemoortele Companies (hereinafter referred to as “Intra-Group Processing”). 

Back to table of content

3. WHY OR FOR WHAT PURPOSES YOUR PERSONAL DATA ARE COLLECTED AND PROCESSED?

Vandemoortele processes Personal Data for a variety of specific purposes in connection with our Business activities such as:

  • HR related activities (search & selection, pay roll administration, training & development, performance management, compensation & benefits, company cars, pension, etc.)
  • Management of ( current, former, prospective)  customers (B2B) and key accounts management
  • Management of ( current, former, prospective) Suppliers/vendors
  • Management of ( current, former, prospective) consumers (B2C)  (direct marketing), 
  • Marketing and sales and promotion , competitions(B2B, B2C, etc.)
  • Sending newsletters, e-mailings, brochures, price lists, product catalogues, and other commercial communication
  • Offering of personalised products and services
  • Targeted advertising and communication, as well as product recommendations
  • Register, manage, execute purchase orders
  • Register , manage , execute sales contracts and orders
  • Website related services, e-commerce
  • Website management (improvement and functionalities)
  • Process and answer customer or consumer enquiries and requests
  • Understand and enquire the interest, wants , changing needs of customers and/or consumers (customer/consumer insights), customer service;
  • Establishing and maintaining business relationships
  • Supply chain management
  • Logistics
  • Sourcing and procurement
  • Finance and accounting
  • Payment processing and collection
  • Asset management (real estate, equipment, machinery, etc.)
  • Production
  • Production planning
  • Treasury , corporate finance, account and credit management
  • Accounting
  • Corporate housekeeping, management of shareholders, partners, associates
  • Legal affairs & regulatory
  • Management of disputes, litigations, law suites, court cases
  • Permits & authorizations
  • Quality assurance, complaint management , customer and supplier audits
  • Master data management
  • Tax
  • Internal audit and business control
  • Engineering
  • Insurance
  • Intellectual property management
  • Mergers & acquisitions
  • Research & development, scientific research, product innovation
  • Investors relations
  • Public affairs & communication (public relations)
  • Authentication and verification of the identity of individuals contacting Vandemoortele by telephone, electronic means or otherwise
  • Data security
  • Protection of confidential information and trade secrets
  • Control of workplace and property
  • Conclusion and performance of contracts.

The means of collection, lawful basis of processing, use, disclosure and retention periods for storage and archiving may differ in function of each purpose (where appropriate and on a “need-to-know” basis).  

In addition to this VDM Privacy Policy and where appropriate, Vandemoortele will inform you by way of specific Privacy Statements about the use of Personal Data for specific purposes in execution of this VDM Privacy Policy. Where appropriate Vandemoortele will ask for your consent to process Personal Data. For instance for the purpose of promotional campaigns, contests, etc.

We ask you to read such additional privacy statements before participating.

Personal Data will only be processed for the purposes for which it was collected and to the extent that is necessary to achieve those purposes.

This restriction applies to:

  • the Personal Data (not more than needed)
  • the scope of Processing
  • the retention period (no longer than needed)
  • the accessibility.

If Personal Data should be processed for a different purpose than those for which they were initially collected, Vandemoortele ensures that such processing is only allowed where it is compatible with the purpose for which the Personal Data were initially collected.

In case the secondary purpose is incompatible with the original purpose(s) for which Personal Data were collected, Vandemoortele will seek the consent of the Individual for the processing of its Personal Data in the light of this new purpose, where appropriate.  

Back to table of content

4. DATA MINIMISATION

Vandemoortele shall not process more Personal Data than reasonably necessary for or relevant to the applicable purpose.  

 

Personal Data should be accurate, complete and kept up to date to the extent reasonably necessary for the applicable purpose. 

In case the Personal Data are not complete or outdated or incorrect, the Individual should inform Vandemoortele thereof and ask to rectify the Personal Data.  

Vandemoortele shall take all appropriate measures to restrict the collection and processing of Personal Data in line with the principles above and/or to securely delete or destroy Personal Data which are no longer needed for the applicable purpose.  

Back to table of content

5. LEGAL BASIS (LAWFUL GROUND) FOR PROCESSING

Vandemoortele commits to process Personal Data in a lawful manner in accordance with the GDPR based on the one or more of the following lawful grounds:

  • consent
  • conclusion, execution and performance of agreements (including the formulation of an offer/proposal) with employees, customers; suppliers, service providers, agents, contractors,  etc.
  • compliance with legal obligations
  • legitimate interests pursued by Vandemoortele
  • vital interests
  • public interest or official authority.

In case we process Personal Data based on legitimate interests pursued by Vandemoortele, we will take into consideration and balance any potential reasonable impact (both positive and negative) on the Individual and the Individual’s privacy rights under the GDPR, and verify that our or any third parties’ interests are not overridden by the interests or fundamental rights and freedoms of the Individual.  

Such legitimate business interests could exist, for example, where there is a need to protect:

  • the health, safety and security of employees
  • assets (buildings, factories, equipment, etc.)
  • confidential information (for instance in case of an acquisition, merger, sale)
  • intellectual property rights, trade secrets, reputation of Vandemoortele
  • the network and information security systems of Vandemoortele
  • against attacks impacting the continuity of the Vandemoortele business operations;
  • the defence of the rights of Vandemoortele, its personnel, its shareholders, its directors
  • the prevention or investigation of fraud, malicious actions or violations of laws, contracts or Vandemoortele polies and procedures
  • the defence of Vandemoortele in disputes, litigations, court proceedings, administrative or out-of-court procedures;

In such situations and considering the balance, the legitimate interests pursued by Vandemoortele might override the rights of Individuals. 

Individuals have the right to be informed about the legitimate interests pursued by Vandemoortele.  If the processing cannot be reasonably justified by any of the other aforementioned lawful grounds or if required by law, Vandemoortele will request for your consent (“opt-in”) in compliance with the requirements of the GDPR.  

When seeking consent, Vandemoortele shall inform the Individual of:

  • the purpose of the Processing for which consent is requested,
  • the rights of the Individual,
  • the other information to be provided to the Individual under the GDPR (in particular under art. 13 & 14).

where appropriate by way of specific Privacy Statement

Online form:

When you complete an online contact form through our Website, Vandemoortele will ask you for your explicit consent (“opt-in”) for the collection and processing of your Personal Data to answer and handle your question and/or to contact you (contact information) and/or for any other purpose specifically provided for in a tick box (for instance, for the subscription to newsletters and other direct marketing communication).  

By ticking the empty tick box at the bottom of the online form, you consent that we collect, store and process your Personal Data for the purposes described therein.  

You have the right to withdraw your consent at any time (for instance by unsubscribing from newsletters) (see sections “direct marketing” and “rights of the individual” below). 

Back to table of content

6. DIRECT MARKETING

Unless marketing activities are justified on the basis of legitimate interests (for instance to inform current, former, prospective customers of Vandemoortele products and services), Vandemoortele will obtain prior consent (“opt-in”) for the purpose of direct marketing activities. In the direct marketing mailing/newsletter the Individual will have the possibility to “unsubscribe”, in case he/she does not want to receive any further direct marketing mailings/newsletter. In case of consent withdrawal (“unsubscribe”) Vandemoortele will take the necessary measures within reasonable delay in order to avoid that future direct marketing mailings/newsletters are sent to the Individual (taking into account legal, technical and economic feasibility). 

Back to table of content

7. WHAT KIND OF DATA? Categories of personal data

For purposes such as the ones listed above and where appropriate, we may collect and process the following personal data  (where appropriate):

  • Identifying data: first name , surname and family name, gender (Mr, Mrs, Ms), ID card, passport
  • Contact details such as:(professional) e-mail address, office address, location (zip code, city, country, geo-location), telephone number,  mobile telephone number, other electronic contact data
  • Professional data:  employer name, job, title, function, data relating to employment or professional activities, specific professional or educational qualifications/authorisations/certificates, curriculum vitae (cv) and motivation letter (where appropriate)
  • Personal characteristics: date of birth, language; preferences, fields of interest; favourite products, household & lifestyle information, the national register number, data concerning civil status,  (where appropriate)
  • Payment related information: VAT number, bank account number, invoicing and payment behaviour, credit card number, history
  • Data via tracking technologies and technical cookies: login, user name, IP address, device ID, GPS location; location data computer and connection information such as browser type and version, time zone setting, language settings, operating system, history, preferential settings; 
  • Data relating to the activity of the data subject regarding newsletters/mailings and other direct marketing such as: opening rate, click through rate on links and attachments, conversion rate on actions in direct marketing (including redemption of coupons, participation to contests), bounced newsletters/mailings.   
  • Consumer /customer feedback: experience in using Vandemoortele products and services, eating habits, recipes, consumer /customer generated content (e.g. pictures, photos, videos, selfies, testimonials, personal stories) that you share with Vandemoortele

As Vandemoortele is mainly active in the B2B business, we  will primarily collect “contact information” of our current, former or prospective customers, suppliers, contractors, agents, consultants, public bodies (authorities). 

Where necessary for specific purposes Vandemoortele will collect other Personal Data. In such case and where appropriate, Vandemoortele will inform the Individual about the processing for specific purposes by way of specific Privacy Statements. Vandemoortele will not collect and process more Personal Data than reasonably required for the intended purpose. 

Back to table of content

8. SENSITIVE PERSONAL DATA

Certain categories of Personal Data are considered as  “sensitive Personal Data” . Namely Personal Data relating to: racial or ethnic origin, political opinion or preference, religious or philosophical convictions, or membership to a trade union, genetic data, biometric data or data about health or sexual behaviour or sexual orientation.  

Sensitive Personal Data benefit from special protection under the GDPR. 

The processing of sensitive personal data is in principle prohibited by the GDPR, unless explicitly allowed by specific exceptions provided for in the GDPR.  

In principle Vandemoortele does not collect sensitive Personal Data. 

You are therefore asked not to provide us with this type of Personal Data.  

Vandemoortele will only process sensitive Personal Data, if necessary and in strict compliance with the exceptions of the GDPR. 

Back to table of content

9. SOURCES OF PERSONAL DATA COLLECTION

As a company, Vandemoortele collects and processes Personal Data on a daily basis from a variety of sources, where appropriate, in the framework of its Business activities , such as registering visitors at our offices and production sites, processing employee data for payroll purposes, registering suppliers/vendors, sending newsletters to customers, consumers and prospects, answering online requests from customers and consumers.  

The sources include :

  • Personal Data you provide to us directly through the following channels and / or
  • Personal Data we collect whenever you interact with us through the following channels:
    • Online (via registration or logging into the Vandemoortele Website www.vandemoortele.com or any other Vandemoortele websites, via cookies and other tracking technologies; via the server of the Website that automatically recognizes the IP address and/or the domain name of the person who visits the Website),
    • in the context of direct interaction with our enterprise by telephone, SMS or email; • By filling out a contact form or via scanning visitor badges (QR Code) on fairs;
    • By registering as a “visitor” in our offices or production sites;
    • By giving business cards or mobile phone contacts to our staff members;
    • By signing up for newsletters, brochures, magazines and other marketing material;
    • By participating in contests, promotional actions and surveys,  Vandemoortele events, cooking sessions, tasting panels, consumer insights, market research, enquiries, questionnaires;
    • By communicating with customer service teams;  
    • By performing payments or collection of payments;
    • by registering on online platforms (SAP ARIBA , SAP SUCCESSFACTORS, CRM online platforms, company websites, network access ,  );
  • and/or
  • Personal Data we collect from other sources, such as from public sources and/or via third parties, such as via publicly accessible sources and via sources to which access is (not) legally restricted. 

Vandemoortele uses Google-Analytics cookies in certain websites. We have entered into a personal data processing agreement with Google. Vandemoortele will use commercially reasonable efforts to cause that IP-addresses are anonymised by masking parts of the IP-addresses (for instance by masking the last octet of the IP-addresses) so that Google cannot process the complete IP address and to disable the “share information” function have been disabled with Google. When cookies are used in certain websites, Vandemoortele will inform the website user about the use of cookies by way of a cookie declaration and will seek the consent for the use of cookies, where appropriate. 

Back to table of content

10. RECIPIENTS OF PERSONAL DATA

  • Transfer to and processing by third parties

Vandemoortele will only share Personal Data with third parties (via transfer or by giving remote network access) when we are reasonably legally permitted or required to do so for the purpose of its Business activities. 

For the purposes listed above, Vandemoortele may transfer your Personal Data (or may be legally or contractually obliged to transfer Personal Data) to public authorities and/or to third party (sub-) processors so that they can process these data on behalf of Vandemoortele and/or to third party controllers so that they can process these Personal Data on their own behalf and responsibility, on the condition that such (sub-)processors and controllers guarantee an adequate level of protection regarding the processing of Personal Data and are obliged to comply with the GDPR, such as : 

  • Cloud based “software as a service” providers (SaaS applications)
  • IT service providers
  • logistic services providers
  • advertising and marketing agencies (direct marketing)
  • personal & market data agencies
  • auditors and other professional advisors or consultants
  • communication agencies
  • hosting providers
  • shared service providers
  • insurance companies
  • banks
  • social secretariats (wages and salaries)
  • pension funds and service providers
  • social security
  • public authorities
  • chambers of commerce, companies register, ubo register

The employees, agents, contractors, attorneys, managers and/or representatives of the aforementioned third party (sub-)processors have to respect the confidential nature of these Personal Data and may only process these Personal Data in line with the instructions of Vandemoortele (among other only for the purpose authorized by Vandemoortele). 

The (sub-)processors must offer sufficient guarantees and with respect to the implementation of appropriate technical and organizational measures to ensure that their processing complies with the legal requirements of the GDPR and offers an adequate level of protection of the processed Personal Data .  

To the extent required by the GDPR, Vandemoortele has entered or shall enter into a written contract with third party (sub-)processors defining the purpose of the processing and to ensure that they have implemented adequate appropriate technical and organizational measures to protect the confidentiality and the security of Personal Data. Such written contract shall include the provisions of the GDPR (art. 28). 

  • Transfer to and processing by other Vandemoortele Companies (Inter-company transfers):

Vandemoortele may also share and transfer your Personal Data to other Vandemoortele Companies for the purpose of inter-company or intra-group services, for legitimate business purpose  (such as for example processing orders, accounting, generating invoices, manage payments, management reporting, controlling, organising transportation, handling complaints, archiving, internal audits, handling disputes, insurance, training, research, ...). 

The Vandemoortele staff members, employees, and/or managers have to respect the confidential nature of Personal Data and may only have access to and process these data on a “need-to-know” basis to the extent that this is necessary for the performance of their duties/function and in line with the policies, procedures and instructions of Vandemoortele. 

  • Transfer of data outside the EEA/ cross border transfers

In principle Vandemoortele will seek to process the Personal Data within the EEA (European Economic Area), where legally, economically (at reasonable cost)and technically feasible.

Your Personal Data will not be transferred to member states outside of the EEA without appropriate safeguards to comply with personal data protection, confidentiality and security obligations in accordance with the GDPR.

If we transfer Personal Data to outside of the EEA, Vandemoortele will use commercially reasonable efforts  that the Personal Data are protected in the same way as if they were processed in the EEA, based on the following privacy protection principles:

  • Transfer to a country outside of the EEA (European Economic Area) determined by the European Commission as providing an adequate level of protection for the processing of Personal Data as an EEA country;
  • By entering into an agreement with the non-EEA third party processor which covers the EU requirements for the transfer of Personal Data outside the EEA, such as the European Commission approved standard contractual clauses, obliging the non-EEA thirty party processor to protect Personal Data to the same standards as the EEA;
  • Transfer to a non-EEA country (e.g. USA) that is part of specific agreements on cross-border transfer of Personal Data with the European Union (e.g. EU-US Privacy Shield setting privacy standards for Personal Data sent between the United States and the EU countries).

Back to table of content

11. RETENTION PERIOD OF PERSONAL DATA

Vandemoortele shall retain Personal Data only for the period reasonably necessary:

  • to serve the purpose described in the VDM Privacy policy or – as the case may be- in the VDM Privacy Statement with respect to a specific business purpose- for which the Personal Data are processed;
  • to comply with applicable legal obligations.
  • to safeguard the applicable statute of limitations.

Vandemoortele may determine a reasonable time period during which specific Personal Data will be kept, in function of the applicable legal statute of limitations under European and national applicable legislation (country by country).  

For instance, unless otherwise provided for, with respect to the contractual nature of the relationship between Vandemoortele and its B2B customers, Vandemoortele will store the Personal Data up to 10 years after the last purchase and/or after the end of the contract with Vandemoortele, plus a verification period of 6 months, unless they need to be stored longer based on legal obligations or a legitimate interest for Vandemoortele (for instance: in case of a pending dispute). 

After the retention period, the Personal Data will be (where appropriate and taken into account the legal, technical and economic feasibility and commercially reasonable efforts): 

  • deleted and destroyed
  • anonymized
  • pseudonymized
  • encrypted
  • other secured measures.

Where appropriate, Vandemoortele will inform Individuals about retention periods by way of specific Privacy Statements

Personal Data can be included in system back-up’s (cloud) for recovery purposes in case of disaster or data corruption.  

Back to table of content

12. SECURITY - CONFIDENTIALITY

Vandemoortele shall do all reasonable efforts to secure and to protect Personal Data to the maximum extent reasonable possible in order to ensure their confidentiality and to prevent them from being distorted, damaged, destroyed or disclosed to an unauthorized third party. For this purpose Vandemoortele shall take required commercially reasonable technical and organisational measures, taking into account legal, technical and economic feasibility. 

Vandemoortele uses different security technologies and procedures (among other access control procedures and other internal organisational measures and procedures) to safeguard the privacy and the confidentiality of your Personal Data and to protect these against unauthorised access, incorrect use, illegal or unintended destruction and loss.  

Only Vandemoortele  staff and third party processors acting on behalf of and on instruction of the Controller involved in the business purpose for which Personal Data are collected shall have access to these Personal Data for the performance of their tasks. These staff members third party processors are contractually bound to respect the privacy and confidentiality of Personal Data (i.e. through confidentiality clauses in the employment contract with Vandemoortele and/or via non-disclosure agreement and/or via DPA (data processing agreement). 

The specific measures taken by Vandemoortele in this perspective are described in the Vandemoortele Information Security Management Policy. 

Vandemoortele declares and guarantees that Personal Data receives the same level of protection when they are transferred between Vandemoortele Companies and Vandemoortele NV (HQ services inter-company) as when Vandemoortele Companies process Personal Data for and on behalf of other Vandemoortele Companies (intra group services ).  

Back to table of content

13. RIGHTS OF THE INDIVIDUAL

You have the following rights:

  • Right to be informed
  • Right of access
  • Right to withdraw consent or to unsubscribe
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object and / or to initiate a complaint procedure
  • Rights with respect to automated decision making and profiling.

The above rights may be applicable in certain circumstances and may be subject to certain conditions, exemptions or exceptions as set out in the applicable data protection legislation.

Feel free to contact us: 

  • Right to withdraw consent or unsubscribe

If the processing is based on its consent (“opt-in”), the Individual shall have the right to withdraw this consent at any time, without this withdrawal affecting the lawfulness of the processing based on consent that took place before the withdrawal of the consent, via an “unsubscribe” option or by contacting us (See “Contact us”). 

You have the right to withdraw your consent at any time by clicking on the “unsubscribe” at the bottom of our mailings and newsletters.  

  • Right of access

You may ask to access and request for an overview of the Personal Data that are collected and processed by or on behalf of Vandemoortele by contacting us (See “Contact us”).

  • Right to rectification

If your Personal Data are incorrect, incomplete or inaccurate, you are entitled to request Vandemoortele to rectify, correct or complete your Personal Data, insofar as this is reasonably, technically, economically and legally possible. 

You can update your Personal Data via the option “preferences” provided at the bottom of our mailings or newsletters. 

Feel free to contact us. (See “Contact us”).

  • Right to erasure (“right to be forgotten”)

You are entitled to have your Personal Data erased, insofar as this is reasonably, technically, economically (at reasonable cost/no disproportionate costs) and legally possible, in one of the following cases:

(a) Personal Data are no longer necessary for the purposes for which they were processed, or  

(b) the consent, insofar as the processing is based on it, is withdrawn by  you and there are no other lawful grounds for the processing or  

(c) you object to the processing and there are no overriding legitimate interests s for Vandemoortele or  

(d) the Personal Data have been unlawfully processed, or  

(e) the Personal Data must be erased in order to comply with a statutory or legal obligation. 

If the request for erasure forms part of objection to processing for reasons relating to the specific situation of the Individual concerned, Vandemoortele will erase the data, unless the processing is necessary for lawful reasons , such as the establishment, exercise or defence of legal claims or for the compliance with legal obligations resting upon Vandemoortele, for purposes of public interest.  

  • Right to restriction of processing

You have the right to obtain from Vandemoortele a restriction on processing of your Personal Data, if:

(a) the accuracy of your Personal Data is contested ted by you, or

(b) the processing is unlawful and you oppose to the erasure of the Personal Data or

(c) you  need Personal Data for the establishment, exercise or defence of legal claims while Vandemoortele no longer needs it for processing purposes, or

(d) you objected to processing pursuant to article 21.1. GDPR pending the verification whether or not the legitimate grounds of Vandemoortele override your individual interests. 

  • Right to data portability

Pursuant to article 20 GDPR, if the processing is carried out by automated means, you are entitled to obtain your Personal Data - which you have provided to Vandemoortele - in a structured, customary and legible form, and to transfer that Personal Data from Vandemoortele to another controller , where reasonably, legally, economically (at reasonable cost) and technically feasible, if :

(a) the processing is based on consent or  

(b) the processing is necessary for the execution of a contract. 

  •  Right to object

You are entitled to object at any time, on grounds relating to your particular situation, to the processing of your Personal Data by Vandemoortele based on the legal basis of legitimate interests pursued by Vandemoortele and/or for the performance of a task carried out in the public interest or in the exercise of official authority vested in Vandemoortele, including profiling, in case you believe that the processing of your Personal Data is not in accordance with the GDPR or if you have not received any response from Vandemoortele on a written request or if the response of Vandemoortele to your request is unsatisfying to you. 

You are entitled ask to Vandemoortele to clarify the lawful basis for the processing of your Personal Data (e.g. legitimate interests, public interest)  by contacting us (See “Contact us”). 

However, if an Individual objects to the processing of certain Personal Data or exercises the rights set out below, this may result in Vandemoortele being unable to further execute services or the Individual will no longer be able to make use of the services of Vandemoortele or of certain functionalities offered via the services of Vandemoortele. 

For all additional information in connection with this VDM Privacy Policy or for any request for correction, access or restriction of Processing, please contact us (See “Contact us”):  

Back to table of content

14. AUTOMATED DECISION-MAKING - PROFILING

Automated decision-making is defined as “decisions about Individuals which are strictly based on automated data processing (including profiling) and which might have legal consequences or which might significantly affect the Individuals  involved”. 

Vandemoortele makes in principle no use of automated decision-making as described above. 

Any use of automated decision-making means for certain processing will be done in accordance with the GDPR and in such case, Vandemoortele will seek the consent of the Individual for the use of automated decision-making, where appropriate.  

Back to table of content

15. DATA BREACH

In the event of a violation or data leakage and the associated violation of the availability, integrity or confidentiality of Personal Data, Vandemoortele shall report the Personal Data breach in connection with Personal Data to the competent Data Protection Authority with undue delay and within 72 hours of it becoming aware of it, where feasible and where legally obliged and unless it is unlikely that the violation poses any risk to the rights and freedoms of the Individuals concerned in accordance with the GDPR.  

Vandemoortele will also communicate  the Personal Data breach to the concerned Individuals, in case it is likely that the breach will entail a high risk for the rights and freedoms of the Individuals. 

The specific measures taken by Vandemoortele in this perspective are described in the  Vandemoortele Personal Data Breach Response Management Plan . 

Back to table of content

16. AWARENESS CREATION & TRAINING

In order to support and compliance with the GDPR and the VDM Privacy Policy, Vandemoortele organises awareness creation and training session for its employees and staff. Also a GDPR intranet site is available for the employees (staff) with relevant information and tools about the GDPR. 

Back to table of content

17. GOVERNANCE

Vandemoortele NV and each Vandemoortele  Company  (as listed in  Attachment 2 ) act as “ controller” for the Personal Data it processes or are processed on its behalf by third party processors in the framework of this VDM Privacy Policy and for the compliance with the GDPR.

All Vandemoortele companies will cooperate and assist in handling a request or complaint from an Individual or from the competent national Data Protection Authority.

Back to table of content

18. CONTACT US

If you have questions concerns or complaints about the way your Personal Data are processed  by us, or if you want to exercise your individual rights to consent, withdraw your consent, request access,  request correction or request restriction of processing of your Personal Data, you can contact us by sending, together with  a copy of your identity ID card (in order to allow us to verify the identity of the requestor): 

  • an e-mail to the following e-mail address: mailto:  “privacy@vandemoortele.com”;
  • a signed and dated letter to the following postal address: Vandemoortele NV, Attn. Data Privacy , Ottergemsesteenweg-Zuid 816, B- 9000 Gent, Belgium.
  • or by submitting a request through “contact us” on our “www.vandemoortele.com” website.

You will receive confirmation of your request free of charge within thirty (30) days, on the understanding that this period may be extended by an additional period of thirty (30) days, provided that (company name) considers the request in question to be a complex one.

Back to table of content

19. COMPLAINTS

 You are entitled to submit a complaint to the competent national supervising Data Protection Authority of the country concerned, in case you believe that the Processing is unlawful or if you have not received any response from Vandemoortele on a written request or if the response of Vandemoortele to your request is unsatisfying to you. 

National competent supervising Data Protection Authority : 

BELGIUM :  

GEGEVENSBESCHERMINGSAUTORITEIT (GBA) / AUTORITE DE PROTECTION DE DONNEES (ADP)

Drukpersstraat 35 / Rue de la Presse 35

B- 1000 Brussel / Bruxelles 

e-mail: “contact@apd-gba.be

(www.dataprotectionauthority.be)

Back to table of content

20. ENTRY INTO FORCE - AMENDMENTS

We reserve the right to amend this Vandemoortele Privacy Policy from time to time, within the limitations imposed by the applicable regulations with respect to privacy and data protection. 

Back to table of content

21. APPLICABLE LAW AND COMPETENT JURISDICTION

This VDM Privacy Policy is governed by and construed in accordance with Belgian law.  

All disputes relating to this VDM Privacy Policy which cannot be resolved amicably between the parties, including its interpretation, as well as disputes relating to the protection of Personal Data, fall under the exclusive jurisdiction of the courts of the district of Gent, without prejudice to mandatory legal provisions to the contrary.  

Back to table of content

Ghent, Belgium

on 01/05/2019 

JULES NOTEN  

CEO

Attachment 1: VANDEMOORTELE GROUP COMPANIES

Austria:

  • Vandemoortele GmbH, Industriestraße 43, 5600 Sankt Johann im Pongau

Belgium (+ branches):

  • Metro NV, Prins Albertlaan 12, 8870 Izegem
  • Vamix NV, Ottergemsesteenweg-Zuid 816, 9000 Gent
    • Vandemoortele Worcester, UK Branch of VAMIX, Martley road, Lower Broadheath, Worcestershire WR2 6RF, United Kingdom
  • Vandemoortele NV, Ottergemsesteenweg-Zuid 816, 9000 Gent
  • Vandemoortele Coordination Center NV, Ottergemsesteenweg-Zuid 816, 9000 Gent
  • Vandemoortele Eeklo NV, Nieuwendorpe 16, 9900 Eeklo
  • Vandemoortele Europe NV, Ottergemsesteenweg-Zuid 816, 9000 Gent
    • Vandemoortele Europe NV, český odštěpný závod, Pekařská 621/7, Jinonice, 155 00 Praha 5, Czech Republic (Trade name : Vandemoortele Cesko)
    • Vandemoortele Europe NV, succursale française, Le Haut Montigné, 35370 Torcé, France (Trade name : Vandemoortele France)
    • Vandemoortele Europe NV, Deutsche Zweigniederlassung, Altensenner Weg 68, 32052 Herford, Germany (Trade name : Vandemoortele Deutschland)
    • Vandemoortele Europe NV, Hungarian Branch Office /Magyarországi Fióktelepe, Kápolna utca 12, 6000 Kecskemét, Hungary (Trade name : Vandemoortele Hungary)
    • Vandemoortele Europe NV, sede secondaria Italia, Via Fiorenzo Semini 12, 16163 Genova, Italy (Trade name : Vandemoortele Italia)
    • Vandemoortele Europe NV, Nederlandse branche, Handelsweg 1, 3899 AA Zeewolde, The Netherlands (Trade name : Vandemoortele Nederland)
    • Vandemoortele Europe NV (spółka akcyjna) Oddział w Polsce, Ul. Tokarzewskiego, 7-12, 91-842 Łódź, Poland (Trade name : Vandemoortele Polska)
    • Vandemoortele Europe NV, organizačná zložka, Karadžičova 8/A, 821 08 Bratislava -mestská časť Staré Mesto, Slovakia (Trade name : Vandemoortele Slovensko)
    • Vandemoortele Europe NV, Sucursal en España, C/Sant Marti de l'Erm num 1 Planta 5, 08960 Sant Just Desvern – Barcelona, Spain (Trade name : Vandemoortele Iberica)
    • Vandemoortele Europe NV, UK Branch, Charta House, 30-38, Church Street TW18 4EP Staines-upon-Thames, United Kingdom (Trade name : Vandemoortele UK)
  • Vandemoortele Ghislenghien SA, Avenue des Artisans 47, 7822 Ghislenghien
  • Vandemoortele Izegem NV, Prins Albertlaan 12, 8870 Izegem
  • Vandemoortele Lipids NV, Ottergemsesteenweg-Zuid 816, 9000 Gent
  • Vandemoortele Seneffe SA, Rue Jules Bordet 46, 7180 Seneffe

France :

  • Cottes Action SA, Le Haut Montigné, 35370 Torcé
  • Paindor SASU, 1ière Avenue, 14ème Rue, Zone Industrielle, 06510 Carros
  • Paindor Côte d’Azur SAS, 1ière Avenue, 14ème Rue, Zone Industrielle, 06510 Carros
  • Paindor Montpellier SASU, 5, Rue Prade, Zone Industrielle Sud, 34880 Laverune
  • Paindor Provence Frais SAS, ZI Les Estroublans, 14 Avenue de Bruxelles, 13127 Vitrolles
  • Paindor Toulon SASU, 230, Avenue Jean Monnet, 83190 Ollioules
  • Panalog SASU, Z.A. La Chapellerie, 35210 Chatillon-en-Vendelais
  • Vandemoortele Bakery Products France SASU, Le Haut Montigné, 35370 Torcé

Germany :

  • Vandemoortele Dommitzsch GmbH, Rudolf-Breitscheid-str. 10, 04880 Dommitzsch
  • Vandemoortele Lipids Werke GmbH, Pirnaer Landstrasse 194, 01257 Dresden

Italy:

  • Vandemoortele Bakery Products Italia S.p.A., Via Fiorenzo Semini 12, 16163 Genova

Luxemburg:

  • Vandemoortele International Finance SA, route d'Esch, 412F, 2086 Luxembourg

The Netherlands :

  • Vandemoortele Brunssum BV, Molenvaart 12, 6442 PL Brunssum
  • Vandemoortele Zeewolde BV, Handelsweg 1, 3899 AA Zeewolde

Poland:

  • Vandemoortele Bakery Products Polska Sp.z.o.o., Ul. Tokarzewskiego 7-12, PL-91-842 Łódź

Spain:

  • Distribuidora De Confiteria, Helanderia Y Panaderia SL, C/Veracruz 45-47, Poligono Industrial San Luis, 29006 Malaga
  • Panavi Ohayo SL, Ronda de les Conques, numéros 8-10, 08180 Moià
  • Vandemoortele Barcelona SA, C/Sant Marti de l'Erm num 1 Planta 5, 08960 Sant Just Desvern – Barcelona

Switzerland :

  • Vandemoortele Rückversicherung AG, Bahnhofstrasse 28, 6300 Zug

United Kingdom:

  • Vandemoortele (UK) Ltd., Charta House, 30-38 Church Street, Staines-upon-Thames, TW18 4EP Surrey

Back to table of content

Attachment 2: Definitions

For the proper understanding of the terminology used in the context of this Vandemoortele Privacy Policy, a number of terms are defined below, as the case may be in accordance with the GDPR

GDPR” means the General Data Protection Regulation N° 2016/679 of 27 April 2016 

“Individual(s)” or ”Data Subject(s)”: means an identified or identifiable natural person, as the case may be (current, former or prospective) employees , consumers, customers, employees, suppliers, contractors, vendors, consultants, public bodies (authorities), shareholders, board members, etc. whose Personal Data have been provided explicitly or implicitly to Vandemoortele. 

“We”/”us”/”our” : means Vandemoortele and Vandemoortele Group Companies as listed in Attachment 1 hereto.  

“You”/”your”: means Individuals or Data Subjects whose Personal Data are processed.  

“Personal Data Breach”: means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Processed Personal Data. 

“Personal data” means any information that can be used to relating to identify, directly or indirectly, a specific person (Individual).  

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, adoption, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. e.g. registering prospective suppliers in an excel file or visitors at a production plant, sending a mailing for direct marketing, keeping lists with customer contact data in a CRM software, etc.  

“Controller”: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data, being, as the case may be Vandemoortele NV or Vandemoortele Companies. 

“Processor”: means a natural or legal person, public authority, agency or another body, to which processes Personal Data on behalf of the Controller. 

“Website”: website of Vandemoortele (www.vandemoortele.com) and related websites. 

Back to table of content

© VANDEMOORTELE NV – 2019 - All rights reserved – Group Privacy & Personal Data Protection Policy www.vandemoortele.com   - version 2.0