This privacy notice explains how Koninklijke Ahold Delhaize N.V. (“Ahold Delhaize”, “we”, “us” and “our”) collect and use personal data.
We recommend that you read this notice carefully to understand how we use your personal data. If you have any questions after reading this notice, please contact us at firstname.lastname@example.org.
We may update this notice from time to time. This version was published on December 28, 2018.
What types of personal data do we use, and for what purposes do we use your personal data?
The categories of personal data we use, and the purposes for which we use your personal data, are indicated in the privacy notice for the specific system or application you use. This privacy notice supplements the specific privacy notices for all areas not covered in the specific privacy notice.
In general, we may use your name and contact details, correspondence with us, newsletter preferences, details on reading newsletters, technical details on the use of websites or tools (such as IP addresses) and functional details on the use of these websites and tools.
Some examples of the purposes we use personal data for are:
- in order to conclude and execute agreements;
- in order to accommodate the use of our tools and applications;
- for the settlement of transactions and financial matters;
- for contract and relationship management;
- for communications;
- for business process execution, internal management and reporting;
- for reasons of health, safety, security and integrity, including supply chain transparency, store food safety and social compliance;
- in order to comply with legal obligations.
Who has access to your personal data?
We share your personal data with the following parties:
- Third parties acting on our behalf (processors). In such cases, these third parties may only use your personal data for the purposes referred to above and only in accordance with our instructions.
- Associates in departments engaged with the service(s) indicated in the privacy notice for the specific system or application you use may have access to your personal data, but only if it is strictly necessary for the performance of their task. In such a case, access will be granted only if necessary for the purpose(s) described in the privacy notice for the specific system or application you use and only if the associate is bound by an obligation of confidentiality.
- Third parties who are responsible for the protection of your personal data, independently from Ahold Delhaize. Examples of these types of parties are external independent auditors, accountants, lawyers or tax advisors. In such a case, your personal data will be protected in accordance with the data protection policies of that party.
- If required to do so by law or court order, for example with law enforcement agencies or other governmental agencies.
For how long will we keep your personal data?
We retain your personal data for a limited amount of time and we will delete or anonymize this information after it is no longer necessary for the purposes of the processing.
How do we secure your personal data?
We have taken appropriate technical and organizational measures to protect your personal data against accidental or unlawful processing by ensuring that:
- your personal data is protected against unauthorized access or modification;
- the confidentiality of your personal data is assured;
- the availability of your personal data will be maintained;
- vendors have received instructions on how to protect your personal data;
- personnel are trained to treat your personal data in a secure way; and
- actual or suspected data breaches are reported in accordance with applicable law
Where do we process your personal data?
Ahold Delhaize is a global organization with headquarters in the Netherlands. Your personal data may be stored and processed in any country where we have facilities or in which we engage service providers.
In some cases, your personal data may be transferred to a country outside the European Economic Area (“EEA”).
Some of the non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards (the full list of these countries is available here). For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as:
- contractual measures (Standard Contractual Clauses) to safeguard the protection of your personal data. The template for these Standard Contractual Clauses is issued by the European Commission and is available here. Alternatively, you can contact email@example.com to obtain a copy of these Standard Contractual Clauses; or
- the EU-U.S. Privacy Shield program, which ensures that a party located in the U.S. protects your personal data in accordance with principles agreed between the United States government and the European Commission. You can check the Privacy Shield website via: https://www.privacyshield.gov/list. Alternatively, you can contact firstname.lastname@example.org to obtain a copy of the applicable EU-U.S. Privacy Shield certificate.
How to exercise your rights
You can request to access, rectify, erase or restrict personal data that you have previously provided to us. You can also object to our use of your personal data or, where we process personal data based on consent, withdraw your consent. Furthermore, you can request to receive an electronic copy of your personal data for the purposes of transmitting it to another company (data portability). We explain each of these requests below. In each case, please send an email to email@example.com if you would like to exercise any of your rights. We will respond to your request consistent with applicable law.
You are entitled to request access to the personal data we hold about you and to learn details about what data we collect and for what purpose we use it.
We take reasonable steps to ensure that the information we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
In certain circumstances, you have the right to ask us to erase your personal data, for example where the personal data we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors. For example, we may not be able comply with your request due to certain legal or regulatory obligations.
Restriction of processing
In certain circumstances, you are entitled to ask us to temporarily stop using your personal data, for example where you think that the personal data we hold about you may be inaccurate or where you think that we no longer need to use your personal data.
In certain circumstances, you have the right to ask that we transfer personal data that you have provided to us, to you or to a third party of your choice.
You have the right to object to processing, on grounds particular to your situation and where the processing is based on our legitimate interests. Unless we have a compelling legitimate ground for the processing, we will no longer process the personal data on that basis when you file an objection. Note, however, that we may not be able to provide certain services or benefits if we are unable to process the necessary personal data for that purpose.
We may ask for your consent to process your personal data in specific cases. When we do this, you have the right to withdraw your consent at any time.
What if you have other questions?
If you would like to contact us about the processing of your personal data, please send an email to firstname.lastname@example.org. Alternatively, you have the right to lodge a complaint with a data protection authority for your country or region, or where an alleged infringement of applicable data protection law occurs.