privacy notice

Table of Contents

1. Introduction 

2. About Ardo

3. Website visitors

3.1 What personal data do we collect?

3.2 Why do we need your personal data?

3.3 Our cookies

4. Business relations (customers, suppliers, event participants)

4.1  What personal data do we collect?

4.2  Why do we need your personal data

4.3  How long do we keep your personal data?

5. Applicants

5.1  What personal data do we collect?

5.2 Why do we need your personal data

5.3 How long do we keep your personal data?

6. Sharing of personal data

7. Security measures

8. Your rights as a data subject

9. Changes to this data protection notice

10. Contact us

1. Introduction

This data protection notice applies to (i) the processing of personal data we collect when you visit our website, (ii) the provision of our services and (iii) the processing of personal data of persons who work for companies with which we conduct (or intend to conduct) business (suppliers or customers) or visit our events. 

Your privacy and the security of your personal data is important to Ardo. We are responsible for ensuring that all personal data entrusted to us is processed in accordance with applicable data protection legislation.  

This notice explains who we are, for what purposes we may use your personal data, how we handle it, to whom we may disclose it (such as service providers and/or Ardo affiliates), where it may be transferred to or accessible from and what your rights are. 

If you have any questions about how we collect, store and use your personal information, or if you have any other privacy-related questions, please email us at dpo@ardo.com.

2. About Ardo

Ardo Foods NV is a company with headquarters in Belgium, with registered office at Wezestraat 61, B-8850 Ardooie, Belgium, VAT BE 0416.330.136 RPR/RPM Gent (division Brugge) (hereinafter referred to as “Ardo”, "we", "us", "our") is committed to protecting and upholding your privacy (hereafter “you”, “your”) will process your personal data in accordance with this data protection notice (such personal data sometimes also referred to as “information”).  

Ardo is the controller of the personal data (‘controller’ within the meaning of applicable data protection legislation).  

3. Website visitors

When you visit our website, we collect some information related to your device, your browser and to the way you navigate our content. We may use cookies to collect this personal data.  

Cookies are small text files that are saved on your device when you visit our website. Cookies enable the website to remember your actions and preferences (for example, your choice of language) and recognize you when you return, so that we may analyze trends, determine your areas of interest and administer our website in order to speed up the navigation process and to make your site experience more efficient.

3.1 What personal data do we collect?

When you visit our website, we gather information that relates to your device, your browser and the way you navigate our website content, such as: 

  • the Internet Protocol (IP) address of your device 
  • the IP address of your Internet Service Provider 
  • device screen resolution 
  • device type (unique device identifiers) 
  • browser and operating system versions 
  • geographic location (country only) 
  • preferred language used to display 
  • the date and time of access to the website 
  • the internet address from which you were directly linked through to our website 
  • the control system that you use 
  • the parts of the website that you visit 
  • the pages of the website that you have visited and the information that you viewed 
  • the hyperlinks you have clicked 
  • the material that you send to or download from our website 

If you choose to subscribe to our newsletter news, events and alerts; or submit an inquiry we may ask you to fill out a form with information such as your name, e-mail address, job title and company. From the moment you engage in one of the aforementioned actions, we will be able to relate the information listed above about your device, your browser and to the way you navigate our website content directly to you. 

3.2 Why do we need your personal data?

Ardo processes your personal data only for the purposes specified below: 

Purposes for which we process your personal data:

  • To manage the website and for system administration purposes (e.g. also for diagnosing technical problems, analyse the traffic to our website) 

Legal grounds for the processing of your personal data: 

  • (a) Legitimate interest of managing our website, marketing and communications strategy; and/or 
  • (b) Where (a) is not possible because local mandatory law requires so, only in those limited cases may this be based on a consent 

Purposes for which we process your personal data:

  • For web analytics, in order to optimize the user experience (analyzing the way our pages are visited, analyzing trends, observe and measure how our visitors engage with our website) and the quality of the content provided to you (e.g. job posting) 

Legal grounds for the processing of your personal data:

  • (a) Legitimate interest of improving our website, marketing and communications strategy; and/or 
  • (b) Where (a) is not possible because local mandatory law requires so, only in those limited cases may this be based on a consent 

Purposes for which we process your personal data:

If you choose to download our reports or white papers or to subscribe to news, events and alerts, fill in webforms, we will use the information you provide us to send you the content requested, to communicate with you (including, where you agree, to send you related information that might be of interest to you) and to improve our marketing and communication strategy.

Legal grounds for the processing of your personal data:

Ardo can send newsletters, events and alerts where you have given consent to receive this. If you are no longer interested in these Ardo messages you are always able to opt-out from receiving such communications.  

Purposes for which we process your personal data:

  • For managing specific inquiries 

Legal grounds for the processing of your personal data:

  • (a) Legitimate interest of improving our website, marketing and communications strategy;  
  • (b) Where (a) is not possible because local mandatory law requires so, only in those limited cases may this be based on a consent 

Purposes for which we process your personal data:

  • Cooperating with law enforcement agencies/courts, management of legal disputes/claims   

Legal grounds for the processing of your personal data:

  • Processing is necessary for the purpose of the legitimate interests pursued by Ardo, which include the protection of company assets, protecting its legal interests, managing legal claims/disputes  
3.3 Our cookies

Please find more information on the cookies we use, for what purpose and further settings for configuring or deleting cookies in our cookie notice.

4. Business relations (customers, suppliers, event participants)



In the context of our services, we process your personal data if you are working for companies with which we are conducting (or intending to conduct) business (e.g. to make offers for the services and to maintain a business relationship with the company you work for as customer or supplier) or any other relationships (such as event participants, company visits, etc.).

4.1 What personal data do we collect?

We process the following personal data about you: 

  • Identification information – we may process your name and other contact information (including email address, landline phone number and mobile phone number), gender, digital signature and languages spoken. 
  • Professional information – we may process information related to your work including (without limitation) your job title, your location and your department. 
  • Photographs and video footage – when participating in our events, meetings, conferences etc., we may process photographs or videos of you. 
  • Survey results – we may process your responses to questions in surveys. 
  • Visitor information – when accessing our buildings, we may collect your name, contact details, car plate number, identification, etc. for security reasons. Where we are legally permitted to do so we may also ask you to disclose information about your health (including information related to viral infections, flu, etc.) for health and safety reasons. 
  • Information you choose to share with us – we may process additional information if you choose to share that with us. 
  • Trade sanctions information relating to you - we may verify whether you are a politically exposed person, a specially designated national or otherwise subject to sanctions under applicable laws or regulations. 

4.2 Why do we need your personal data

Ardo processes your personal data only for the purposes specified below: 

Purposes for which we process your personal data 

Legal grounds for the processing of your personal data 

  • To administer and manage the contractual relationship between Ardo and our customers and suppliers 
  • Necessary for the performance of the contract between Ardo and the customer or supplier 
  • Business development (including sending direct marketing and offers)  
  • Depending on the circumstances this may be based either on your consent or on our legitimate interest to maintain good relations with our current or prospective customers and suppliers. You can always choose not to receive direct marketing and offers from us; see the section “Your data protection rights” below 
  • Facilities, security and contingency planning purposes 
  • For the purpose of the legitimate interests pursued by Ardo, which include safeguarding and securing our assets, our facilities, our information systems and our people 
  • Health and safety management 
  • Processing is necessary for the purpose of the legitimate interests pursued by Ardo, which include the protection of its employees, company assets, protecting its legal interests and managing legal claims/disputes; and/or protection of the vital interests of the Data Subjects 
  • To conduct corporate transactions (including mergers, acquisitions and divestments) 
  • Processing is necessary for the purpose of the legitimate interests pursued by Ardo, which include Ardo’s interest in developing its business through mergers, acquisitions and divestments 
Events 

Based on our legitimate interest to organise events so as to better build and maintain a good relationship with our customers and our suppliers 

Preventing, detecting and investigating fraud 

To comply with our legal obligations when some authorities or administrations ask information about our contact as a customer (including personal data); and/or 

Processing is necessary for the purpose of the legitimate interests pursued by Ardo, which include the protection of company assets, protecting its legal interests and managing legal claims/disputes 

IT Support 

Processing is necessary for the purpose of the legitimate interests pursued by Ardo, which include safeguarding our assets and ensuring security of our information systems 

Surveys (including satisfaction surveys) 

Based on our legitimate interest to survey our customers so as to better understand their needs, to improve our services and to build and maintain a good relationship with our customers  

Dispute management, litigation and handling any reports through Ardo's misconduct reporting procedure 

Processing is necessary for the purpose of the legitimate interests pursued by Ardo, which include the protection of company assets, protecting its legal interests, managing legal claims/disputes with our customers and suppliers and handling reports of potential misconduct within or relating to Ardo 

Compliance with legal or regulatory requirements  

Processing is necessary for compliance with our legal or regulatory obligations (e.g. obligations under tax laws to keep certain information including personal data) 

Preventing, detecting and investigating fraud 

To comply with our legal obligations when some authorities or administrations ask information including personal data; and;or 

Processing is necessary for the purpose of the legitimate interests pursued by Ardo, which include the protection of company assets, protecting its legal interests and managing legal claims/disputes 

To monitor and enforce compliance with Ardo policies and procedures 

For the purpose of the legitimate interests pursued by Ardo, which include safeguarding our assets and ensuring security of our information systems 

To perform internal and external audits 

For the purpose of the legitimate interests pursued by Ardo, which include the proper conduct of its business and accuracy of financial reporting 

4.3 How long do week keep your personal data?

Your personal data will be kept for the periods below (in line with Ardo’s Data Retention Standard).

Contracts/quotations with customers, suppliers and consultants including NDA's and processing agreements. Real estate contracts are processed equally.

Minimal 7 years, maximum 10-12 years after termination of contract

Physical mail is processed by the reception; both incoming and outgoing (including packages).

Determined by content;

Registered mail is kept for a minimum of 5 years - maximum for all mailings is 35 years

Invoices

Incoming and outgoing invoices, including credit notes

Minimum 7 years, maximum 10 years from 1 January following the fiscal year in progress

Client data

Data of clients including contact persons are kept both in Sharepoint and Teamleader. It concerns customer files, business cards, etc. In some cases paper customer files are kept in addition to the digital file.

Minimal 7 years, maximum 10-12 years after termination of the business relationship

Supplier data

Data of suppliers including contact persons are kept in Sharepoint. It concerns supplier files, business cards, etc.

Minimal 7 years, maximum 10-12 years after termination of the business relationship

Container documents

Containerdocuments necessary for a forwarder to receive the container.

Minimal 7 years, maximum 10-12 years after termination of contract

Miscellaneous

Supply Chain receives personal information on contact persons by suppliers; whereby known information is used to send out greeting cards

Minimal 7 years, maximum 10-12 years after termination of the business relationship

Quality Assurance

Processing of data within the framework of quality assurance, maining via audits, checks, etc.

Minimal 3 years for audit purposes, maximum 5 years

Quotations

Quotations are processed via mail

Processed in overviews; afterwards they are removed

Safety information

Information on incidents in shared in order to create awareness on safety matters

Minimum 35 years, maximum 50 years

Supply chain

During the execution of contracts and the process of supply chain (incl. commercial transactions), data is shared and processed.

Minimal 7 years, maximum 10-12 years after termination of the business relationship

Supply chain identification

More clients requrest information on the supply chain, whereby information of farmers might be shared

Minimal 3 years, maximum 5 years

We may keep your personal data longer if necessary in connection with any actual or potential dispute (e.g. we need this personal data to establish or defend legal claims), in which case we will keep your personal data until the end of such dispute; and/or for us to comply with any legal or regulatory obligation (e.g. for tax or pension purposes), in which case we will keep your personal data for as long as required by that obligation.

5. Applicants



This section of the Ardo Privacy Notice is meant to inform applicants on the processing of personal data during the application process at Ardo.

5.1 What personal data do we collect?

We process the following personal data about you: 

  • Identification information – we may process your name and other contact information (including email address, landline phone number and mobile phone number), gender, digital signature and languages spoken. 
  • Professional information – we may process information related to your work including (without limitation) your past/current job title, your location and your department. 
  • CV information – information regarding to education, a photograph, other information related to career/profession, interests, affiliations, experience provided to us on a voluntary basis.
  • References - Providing references on a voluntary basis is seen as a consent given to Ardo to contact these references. 

The source from which the personal data originates is typically from the individual to whom it relates (e.g. the Applicant) and personal data that Ardo receives in a permissible manner from publicly available sources and/or from third parties such as recruitment agencies. In such cases, Ardo will inform the Applicant information source, unless it is clear that the Applicant is aware of the source of information.

5.2 Why do we need your personal data

Ardo processes personal data of Applicants in the context of the Application process with the intention of a potential employment contract. Hereby the following processing purposes might apply, depending on the type of application: 

  1. Identification and evaluation of the application;
  2. Assess your competencies, qualifications, and interest towards a job at Ardo;
  3. Contact you via phone, text message or e-mail;
  4. Organise interviews and assessments;
  5. Assess, select and recruit Applicants;
  6. Perform background screening and evaluation;
  7. Contact references (under the condition set out above);
  8. Maintain administration related to the application process;
  9. Inform the persons referencing the Applicant;
  10. Inform potential on available vacancies;
  11. Inform on the Application and comply with request of the Applicant.



Your personal data will be added to a recruitment database during the application process, and the additional two years if consent has been provided during the application process.

 

Ardo will collect and process personal data in line with the purposes set out above, these purposes are based on one of the following lawful processing grounds:

  1. processing is necessary for the performance of an employment contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (article 6,1 (b) GDPR);
  2. processing is based on consent in the following cases (1) whereas it concerns the retention of data longer than necessary for the application for which the Applicant has applied, this for future opportunities, (2) whereas references have been shared voluntarily (article 6,1 (a) GDPR);
  3. processing is based on legitimate interest of Ardo or a third party whereas these interests override the interest and/or fundamental rights and freedoms of the data subject (article 6,1 (f) GDPR). This is the case for example where a limited set of data is kept for efficiency purposes related to the recruitment process.
5.3 How long do we keep your personal data?

Applicant personal data will only be processed for as long as needed to achieve the purposes as included in this Privacy Notice or as required to comply with Ardo’s obligations under applicable law. In any case, Applicant personal data will be retained for a maximum period of six months after your application (unless deleted earlier upon the Applicant’s request). This period can be extended with a period of six months if you explicitly consent that Ardo retains your personal information for future opportunities.

If you accept an offer of employment, any relevant personal data collected during your pre-employment period will become part of your personnel records and will be retained in accordance with specific country requirements.

6. Sharing of personal data

We may share your personal data: 

  • with other entities of the Ardo group of companies. We are part of a multinational group of companies and sometimes we may share personal data with other Ardo entities for the purposes of efficient management of business, compliance with legal and regulatory requirements and to provide our services to you and to our customers.
  • with Ardo customers. Within the scope of our services. 
  • with third party providers of IT-related services (e.g. we use an external provider to support our IT-infrastructure; e.g. an important part of our software and databases sit in a cloud-environment which is operated by a third party service provider). 
  • with third parties providers of marketing-related services (e.g. we may store your personal data in a cloud-based CRM-application that is hosted and provided by a third party service provider; e.g. when we use a third party service provider to organise an event we may share your personal data with that third party in order to invite you to that event). 
  • with providers of professional services (e.g. to our auditors, our tax advisors, our legal advisors). 
  • with banks and insurers (e.g. in order to pay the salaries of our temporary workers we share some of their personal data with our bank). 
  • with pension funds.  
  • with public authorities (e.g. pursuant to applicable law Ardo must disclose personal data to the social security authorities and to tax authorities). 
  • with law enforcement authorities, courts and regulatory authorities (e.g. as part of a criminal investigation police services may require us to disclose personal data to them). 

We may also disclose your personal data to third parties: 

  • in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; or 
  • if all or a substantial part of our assets are acquired by a third party, in which case the personal data that we hold about you may be one of the transferred assets. 

When we share your personal data as described above, such personal data will only in exceptional cases be transferred outside the European Economic Area (EEA).  

 

In the event that we transfer your personal data outside the EEA to a third country that does not have a similar adequate protection, we will only do so in line with applicable law, we will require that there is an adequate level of protection for your personal data, and that appropriate security measures are in place. 

 

Your personal data may be transferred from countries located within the EEA to countries located outside of the EEA (such as the United States). In such cases, we will require that the following safeguards are observed: 

  • The laws of the country to which your personal data is transferred ensure an adequate level of data protection. Click here for the list of non-EEA countries that, according to the European Commission, provide an adequate level of data protection; or 
  • The transfer is subject to standard data protection clauses approved by the European Commission. More information about those data protection clauses is available here; or 
  • Any other applicable appropriate safeguards under article 46 of the EU General Data Protection Regulation (2016/679). 

For more information about the safeguards that we have implemented to protect your personal data internationally, please contact us at dpo@ardo.com.  

7. Security measures

We have technical and organizational security measures in place to protect your personal data from being accidentally lost, used, altered, destructed, disclosed or accessed in an unauthorized way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data are governed by Ardo's rules for information and IT security, data protection and other internal regulations and guidelines applicable to the processing of personal data. 

While we have measures in place to protect your personal data, it is important for you to understand that 100% complete security cannot be guaranteed. Accordingly, we have procedures in place to deal with data security incidents and to comply with legal requirements applicable to the detection, handling and notification of personal data breaches. 

8. Your rights as a data subject

You have the following rights regarding your personal data:  

Rights 

What does this mean? 

1. Right to be informed 

You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this notice.  

2. Right of access 

You have the right to access the personal data we keep about you – this is because we want you to be aware of the personal data we have about you and to enable you to verify whether we process your personal data in accordance with applicable data protection laws and regulations. 

3. Right to rectification 

If your personal data is inaccurate or incomplete, you have the right to request the rectification of your personal data. 

4. Right to erasure  

This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there is no compelling reason for us to keep it. This is not a general right to erasure, there are exceptions.  

5. Right to restrict processing 

You have rights to ‘block’ or suppress further use of your personal data in certain circumstances. When processing is restricted, we can still store your personal data, but may not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future. 

6. Right to data portability 

You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such personal data transferred directly to a third party. 

7. Right to object to processing 

You have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests or on public interest grounds; the right to object to processing for direct marketing purposes (including profiling); the right to object to the use of your personal data for scientific or historical research purposes or statistical purposes in certain circumstances. 

8. Right to withdraw consent 

If our processing of your personal data is based specifically on your consent, you have the right to withdraw that consent at any time. This includes your right to withdraw consent to our use of your personal data in the context of voluntary employee surveys. 

9. Right to object to automated decision making 

You have the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects for you or similarly significantly affects you.  Automated decision making takes place when an electronic system uses personal data to make a decision without human intervention.  This is not a general right to object, there are exceptions.  For example, we are allowed to use automated decision making where it is necessary to perform a contract with you and appropriate measures are in place to safeguard your rights. 

You can exercise these rights at any given time by emailing us at dpo@ardo.com

 

We will handle your request with special care to ensure your rights can be exercised effectively. We may ask you for proof of identity to ensure that we are not sharing your personal data with anyone else but yourself.

 

You must be aware that, in particular cases (for instance, due to legal requirements) we may not be able to make your request effective right away. 

In any case, within one month from your request, we will inform you on the actions taken. 

 

You have the right to lodge a complaint with a supervisory data protection authority. 

9. Changes to this data protection notice

We may update this notice from time to time. You can see the date on which the last change was made below in this notice. We advise you to review this notice on a regular basis so that you are aware of any changes.

10. Contact us

If you have any questions about this policy or any privacy concerns, or would like to exercise your rights, or obtain further information about the safeguards we have in place so that your personal data is adequately protected when transferred outside Europe, please contact us at dpo@ardo.com.