Privacy statement B2B customers & prospective customers

VANDEMOORTELE GROUP -

PRIVACY STATEMENT FOR B2B CUSTOMERS AND PROSPECTIVE CUSTOMERS

 

Dear customer or prospective customer,

Your privacy is important to us.

All personal data that we obtain from you while interacting with you as a (prospective) customer are collected, stored and processed in compliance with the applicable legislation with respect to data protection, and in particular with the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (hereafter referred to as "GDPR").

This Privacy Statement applies in addition to the Vandemoortele Group privacy & personal data protection policy (available on https://vandemoortele.com/vandemoortele-group-privacy-personal-data-protection-policy).

In this Privacy Statement, we explain how and why we collect your personal data, how we process and protect it and how long we keep these for. We also explain your rights in this respect.

  1. Identity of the controller

The controllers of your personal data are the following legal entities:

VANDEMOORTELE NV

                Ottergemsesteenweg-Zuid 816

9000 Gent

                Belgium (BE)

                Company number: 0429.977.343      (RPR Gent, division Gent)

 

Acting as IT and website administrator for the Vandemoortele Group

VANDEMOORTELE EUROPE NV

                Ottergemsesteenweg-Zuid 816

9000 Gent

                Belgium (BE)

                Company number: 0721.494.116      (RPR Gent, division Gent)

 

Acting as sales organisation (distributor) for the Vandemoortele Group

Acting each in its own name and for its own account as well as in the name and for the account of its affiliated companies of the Vandemoortele Group (“Vandemoortele Companies”) (see https://vandemoortele.com/legal-entity-address-list for all Vandemoortele Companies) (hereinafter jointly referred to as “Vandemoortele”).

When we use your personal data to show you targeted advertisements through Facebook® using custom audiences, we are considered to be joint controllers with Meta Platforms Ireland Limited, Block J, Serpentine Avenue, Dublin 4, Ireland.

  1. Purposes

We collect and process your personal data for specific purposes in connection with our business activities such as:

  • customer relation management (CRM) and key accounts management through our databases;
  • lead management through a database keeping records of your interactions with us and/or our products;
  • marketing and sales and promotion, competitions;
  • providing relevant and updated information on our products by sending newsletters, e-mailings, brochures, price lists, product catalogues and other commercial communication;
  • improving the quality of our interactions by sending targeted advertising and communication, as well as product recommendations (possibly using custom audiences and lookalike audiences) and analysing the outcome of such interactions;
  • offering personalised products and services;
  • carrying out tasks in preparation of or to perform existing (sales) contracts;
  • manage IT resources and provide website related services;
  • process and answer customer enquiries and requests;
  • understand and enquire the interest, wants, changing needs of customers and potential customers (customer insights), customer service;
  • supply chain management, logistics;
  • finance and accounting;
  • payment processing and collection;
  • production, production planning;
  • management of disputes, litigation, law suits, court cases;
  • quality assurance, complaint management, audits;
  • master data management;
  • tax;
  • quality audits and business control;
  • insurance;
  • archiving and record keeping;
  • any other purpose imposed by applicable legislation and competent authorities.
  1. Legal basis (lawful ground) for processing

We collect, process and store all personal data that are necessary to conclude and carry out agreements with respect to our products and services.

There may (also) be a legal obligation (e.g. tax or accounting legislation) or another justified lawful ground based on which we have to process your personal data, e.g. for the pursuit of our legitimate interests (such as sending direct marketing to our existing customer database, developing a relationship with our customers, selling any part of our business or assets, meeting our corporate and social responsibility objectives, etc.).

When you complete an online contact form through any of our Vandemoortele websites (e.g. www.vandemoortele.com, www.vandemoorteleprofessional.com, www.risso.com), we ask for your explicit consent for the collection, processing and use of your personal data for sending B2B direct mailings and other direct marketing communication. By ticking the empty tick box at the bottom of the online form (“opt-in”), you consent that we collect, store and process your personal data for the indicated purposes.

You have the right to withdraw your consent (“unsubscribe”) at any time (see point 9. below).

  1. Categories of personal data

For purposes such as the ones listed above, we collect and process the following personal data:

  • identifying data (such as first name, surname, gender (Mr, Mrs, Ms));
  • contact details (such as (professional) email address, office address, mobile phone number, fixed phone number, other electronic contact data);
  • personal characteristics (such as date of birth);
  • professional data (such as employer name, job, title, function);
  • interaction data (such as cookies, website visits, downloads from our websites, sales history, opening and conversion rate of hyperlinks, bounced emails, pixels)
  • payment related information (such as VAT number, bank account number, payment behaviour);
  • data via tracking technologies and technical cookies (such as login, user name, IP address, device ID);
  • customer feedback (such as experience in using Vandemoortele products and services, customer generated content that you share with Vandemoortele).

We do not collect sensitive personal data (i.e. data that show race or ethnic origin, political views, religious or ideological views, or membership to a union, genetic data, biometric data or data about health or sexual behaviour or sexual orientation). You are therefore asked not to provide us with these types of personal data. If sensitive personal data are provided anyway, you expressly agree that these personal data will be processed by us in accordance with the provisions of this Privacy Statement.

  1. Sources of personal data

We collect personal data directly or indirectly through one or more of the following channels:

  • Online (via registration on or logging into www.vandemoortele.com or any other Vandemoortele websites; via cookies and other tracking technologies (such as Google analytics, hashing));
  • In the context of direct interaction with our enterprise by telephone, SMS or email;
  • Through participation in our contests, Vandemoortele events, promotional actions and surveys;
  • By filling out a contact form or via scanning visitor badges (QR Code) on fairs;
  • By giving business cards or mobile phone contacts to our staff members;
  • By communicating with customer service teams;
  • By signing up for newsletters, brochures, magazines and other marketing material;
  • By collection of payments;
  • By registering on online platforms (such as CRM online platforms, company websites, network access);
  • By visiting Vandemoortele pages on social media and completing lead generation forms;
  • From other sources, such as from public accessible sources and via sources to which access is not legally restricted.
  1. Recipients of personal data

For the purposes listed above, your personal data may be shared with and possibly processed by third parties such as:

  • cloud based “software as a service” providers (SaaS applications);
  • IT service providers (including the providers of our CRM and marketing database);
  • logistic services providers;
  • advertising and marketing agencies;
  • auditors and other professional advisors or consultants;
  • communication agencies;
  • hosting providers;
  • shared service providers;
  • banks and insurance companies;
  • public authorities.

The employees, agents, contractors, attorneys, managers and/or representatives of the aforementioned third party (sub-)processors have to respect the confidential nature of these personal data and may only process these personal data in line with the instructions of the Vandemoortele.

We may also share your personal data with other Vandemoortele Companies for the purpose of inter-company or intra-group services, for legitimate business purposes (such as for example processing orders, generating invoices, organising transportation, handling complaints, accounting, managing payments, management reporting, controlling, archiving, internal audits, handling disputes, insurance). Such transfer is based on our intra-group data transfer agreement.

  1. Transfer of personal data

Your personal data will not be transferred to countries outside of the EEA without providing appropriate safeguards to enable an adequate level of protection for the personal data transferred.

  1. Retention period

We will store your personal data only for the period reasonably necessary, to serve the purpose for which the personal data are processed, to comply with applicable legal obligations, to safeguard the applicable statute of limitations: up to 10 years after the last purchase and/or after the end of the last contract with Vandemoortele, plus a verification period of 6 months, unless they need to be stored longer based on legal obligations or a legitimate interest of Vandemoortele.

  1. Rights

You have the right to contact the enterprise at any time:

  • to request access to your personal data;
  • to obtain correction of inaccurate personal data;
  • to have your personal data erased;
  • to obtain from the enterprise a restriction on the processing of your personal data;
  • to object to the processing of your personal data;
  • in case you gave explicit consent for the processing of your personal data, to withdraw your consent (particularly for using your personal data for sending direct marketing);
  • if the processing is carried out by automated means, to ask to receive your personal data and/or to have these transferred on to another controller ("right to data portability");
  • if your personal data are transferred to countries outside of the EEA, to ask for a copy of the appropriate safeguards provided.

The above rights may be applicable in certain circumstances only and may be subject to certain conditions, exemptions or exceptions as set out in the applicable personal data protection legislation.

To exercise your rights and for all additional information in connection with this Privacy Statement, please contact us (see “13. Contact us”).

With respect to newsletters and other electronic communications, you can always access the consent management tool which you can find through the link at the bottom of each electronic communication that we send to withdraw your consent for a certain purpose of processing (“opt-out”), or where not available, use the “unsubscribe” button.

  1. Automated decision-making (profiling)

Automated decision-making is defined as decisions about individuals which are strictly based on automated data processing and which might have legal consequences or which might significantly affect the persons involved.

We make in principle no use of automated decision-making as described above.

  1. Security - Confidentiality

We use different security technology and procedures to safeguard the protection and the confidentiality of your personal data and to protect these against unauthorized access, incorrect use, illegal or unintended destruction and loss. Only Vandemoortele staff and third party processors involved in the purposes for which your personal data are collected, have access to these data for the performance of their tasks. These staff members and third party processors are contractually bound respect the confidentiality of your personal data.

  1. Complaints

If you feel that we have not acted in accordance with the legislation on personal data protection, you can initiate a complaint procedure with us (see “13. Contact us”).

You can also file a complaint with the competent national supervising authority.

For Belgium:

Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD)

Drukpersstraat 35 / Rue de la Presse 35

B- 1000 Brussel / Bruxelles

e-mail: contact@apd-gba.be

(www.dataprotectionauthority.be)

 

  1. Contact us

If you have questions, concerns or complaints about the way your personal data are processed by us, or if you want to exercise your individual rights with regard to your personal data, you can contact us by sending, together with a copy of your identity ID card (in order to allow us to verify the identity of the requestor) :

  • an e-mail to the following e-mail address: privacy@vandemoortele.com;
  • a signed and dated letter to the following postal address: Vandemoortele NV and Vandemoortele Europe NV, Attn. Privacy  -  B2B Customers, Ottergemsesteenweg-Zuid 816, B- 9000 Gent, Belgium.
  1. Amendments

We reserve the right to amend this Privacy Statement from time to time, within the limitations imposed by the applicable regulations with respect to privacy and data protection.

15. Applicable law and competent court

The Privacy Statement shall be governed by and construed in accordance with the laws of Belgium. The competent courts of Gent, Belgium have the exclusive competence to hear all disputes arising from this Privacy Statement and that cannot be solved amicably.

Drawn up in Gent, Belgium

on 1 September 2023 - V4.0