1. INTRODUCTION

This Privacy Statement is applicable to the processing of all personal data of (former) employees, temporary workers under direct supervision (e.g. independent contractors and trainees), (former) executives or non-executive directors and (former) members of the supervisory board or similar body (each referred to as “Employee” or “you”) by Nutreco N.V. based at Stationsstraat 77, Amersfoort, The Netherlands and any company directly or indirectly owned or controlled by Nutreco that you interacted with or had a business relationship with (hereafter referred to as “Our Company”, “we” or “us”).
Nutreco N.V. and any company directly or indirectly owned or controlled by Nutreco that you interacted with or had a business relationship with are responsible for the processing of your personal data. In this statement we describe who we are, how and for which purposes we process your personal data and all other information that may be relevant to you. In case you have any additional questions you can contact us via the contact details provided at the bottom of this statement.

This Privacy Statement applies since May 24, 2018. The last modifications were made on May 24, 2018. This statement may change over time and the most up-to-date version is published on our website. If significant changes are being made during your employment, we will actively inform you.

2. FOR WHICH PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

Our Company will process your personal data for the execution of your employment contract. The processing will follow under one (or more) of the following business purposes:

A. Human resources, personnel management and payroll administration.

We process your personal data for human resources and personnel management and to manage your personnel file. This includes processing your personal data for your performance reviews, outplacements, leave and other absences, pension details, travel and expenses and our communications with you. We may also have to process your personal data following laws and regulations. This is, for example, the case for identification, fraud prevention, internal controls and company security. If you are an expat, we will also process your personal details for any tax related issues. Further, we process your personal data for payroll administration. We do not only maintain an administration of your salary payments, but also of your hours and overtime, bonuses and other compensation or benefits.

For this purpose

• we process your personal data to perform the employment contract we have with you, and to comply with a legal obligation
• we process – to the extent applicable – your contact details, date of birth, gender, civil status, nationality, photographs, videos, citizen service number, ID card or passport details, declaration of employment status, religion, chamber of commerce and VAT details, recruitment information (such as employment history, education history details), job and position data, work permit details, availability, terms of employment, tax details, payment details, hours worked, personnel file details, insurance details, location and organizations, beneficiaries and dependants, account/profile data (corporate ICT-systems), data generated during the performance of the employment contract and correspondence with Our Company with regard to job applications, including references, absence and leave information.

B. Business process execution and internal management.

When you work at Our Company, we will process your personal data in the performance and organisation of our business. This includes general management, scheduling work, recording worked time, charging worked time to third parties, request subsidies from governments or third parties, electing members of Our Company participation body, the administration of the staff association and managing our and employee assets. We process your personal data for internal management. For example, we provide central processing facilities in order to work more efficiently. We conduct audits and investigations, implement business controls and manage and use employee directories. Also, we process your personal data for archiving and insurance purposes, legal and business consulting and in the context of dispute resolution.

For this purpose

• we process personal data based on our legitimate interest to maintain and improve sound business operations
• we process – to the extent applicable – your contact details, date of birth, gender, job and position, availability, hours worked, insurance details, location and organizations, relevant personnel file details, beneficiaries and dependants and data generated during the performance of the employment contract.

C. Health, safety, security and integrity.

At Our Company, we highly value health, safety, security and integrity. In order to safeguard our employees and customers, we process your personal data. We screen and monitor our employees both before and while they are employed at Our Company and authenticate your employee status and access rights. We also process your personal data to ensure occupational health and safety and to protect our and employee and customer assets.

For this purpose

• we may process your personal data based on our legitimate interest to monitor our internal processes and in order to comply with the law
• we process your contact details, relevant personnel file details, insurance details, location and organizations and the relevant health data that you provided to us.

D. Organizational analysis and development, management reporting and acquisition and divestitures.

At Our Company, we process your personal data to be able to prepare and perform management reporting and analysis. For example, we conduct employee surveys to learn more about your views and opinions in preparation of our management reporting. We also process your personal data in the context of mergers, acquisitions and divestitures and in order to manage such transactions.

For this purpose

• we process personal data based on our legitimate interest to maintain and improve sound business operations
• we process your contact details, date of birth, gender, job and position, terms of employment, insurance details, location and organizations, beneficiaries and dependants and relevant data generated during the performance of the employment contract.

E. Compliance with law

In some cases, we process your personal data to comply with laws and regulations. This could be the case for human resources related obligations. We may, for example, also need to process your personal data in light of subsidies or tax regulations. Following laws and regulations, we may need to disclose your personal data to government institutions or supervisory authorities.

For this purpose

• we process these personal data to comply with a legal obligation imposed on us
• we process your contact details, date of birth, gender, civil status, nationality, citizen service number, ID card or passport details, declaration of employment status, chamber of commerce and VAT details, job and position, work permit details, terms of employment, tax details, payment details and location and organizations.

F. To monitor and investigate compliance

We monitor employee accounts to check compliance with our policies and regulations. We also monitor your use of our networks, systems and information to observe compliance with its policies. We do so irrespective of whether you use Our Company IT devices or your own devices to access or use Our Company's information, network or systems.

If an employee is suspected of behaviour or actions that are not compliant with our policies and regulations, Our Company could instigate an internal investigation, generate, and process additional personal data. We could, for example, instigate such an investigation in the case of a prohibited transfer of any of Our Company's trade secrets, confidential information, intellectual property or knowhow, fraud or if we suspect an employee to be the origin of any virus, spam or intrusion in our systems or network.

For this purpose

• we process your personal data based on our legitimate interest to monitor our internal processes and in order to comply with the law
• we process account/profile data (corporate ICT-systems), such as the time and date of your logins, the type of information and files shared, the search queries that are made and the type of device you use, the mobile number of your device, IP addresses, MAC addresses, documents accessed and duration of access, mobile network information, your mobile operating system and which mobile browser you use, your time zone settings and device details
• we do not retain your personal data for this purpose, unless they are linked to non-compliant behaviour. We will then retain the relevant personal data until the investigation or proceedings have been concluded.

G. Protecting the vital interests of Employees.

When it is necessary to process your personal data to protect your vital interests, we will do so. This could, for example, be the case when you have a medical condition that your colleagues or superiors need to be aware of.

For this purpose

• we process your personal data to protect your vital interest and we will process your personal data if it is necessary to avoid a risk of injury or other damage to your health
• we process your contact details, relevant personnel file details, insurance details, location and organizations and the relevant health data that you provided to us.

H. To offer you suitable opportunities for your development

We use the information stored in our HR systems to offer you suitable opportunities for development. This way, we are able to offer you the right training, education, coaching or other forms of careers guidance or personal development to suit your needs. We also use your personal data for general career and talent development.

For this purpose

• we process your personal data to perform the employment contract we have with you
• we process your contact details, recruitment information (such as employment history, education history details), job and position data, location and organizations, data generated during the performance of the employment contract, correspondence with Our Company with regard to job applications (including references, absence and leave information).

I. To allow you to perform your tasks in the regular course of business

When you work at Our Company, you use our systems and networks in the regular course of business. You will send emails, search the web and make phone calls. You may also make business trips on behalf of Our Company. When you do so, we process your personal data included in such documents or in the meta data attached to such documents. For example, when you send an email, we process your contact details, your profile information.

For this purpose

• we process your personal data to perform the employment contract we have with you
• we process – to the extent applicable – your contact details, date of birth, gender, job and position data, account/profile data (corporate ICT-systems), content and traffic data (such as your internet communications, sent and received email messages, printed documents, storage devices), ID card or passport details, membership and credit cards, travel preferences and plans, and data on back-ups.

3. HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

Our Company generally shall retain Employee Data only for the period required to serve the applicable Business Purpose, to the extent reasonably necessary to comply with an applicable legal requirement or as advisable in light of an applicable statute of limitations.

Promptly after the applicable storage period has ended, the Data shall be:

(i) securely deleted or destroyed; or
(ii) anonymized; or
(iii) transferred to an Archive (unless this is prohibited by law or an applicable records retention schedule).

4. WHO HAS ACCESS TO YOUR PERSONAL DATA?

Access to your personal data within Our Company
All our employees have access to your Our Company profile and the data you have made publicly available there. When you send data to other recipients, e.g., when you send a customer an email, this recipient will also receive personal data included in such data as a result. These data will be available on a need-to-know basis within Our Company.

Non-public data can be accessed by relevant departments within Our Company such as IT, HR, Legal, IT Security, Ethics & Compliance, but only to the extent necessary to fulfil their respective tasks. In this processing, your personal data may be transferred to a country that does not provide an adequate level of protection of personal data. However, Our Company has taken measures to ensure that your personal data is adequately protected. For this purpose, Binding Corporate Rules are applicable throughout the group that Our Company belongs to.

Access to your personal data by third parties
The following types of third parties have access to your personal data where relevant for the provisioning of their products or services to Our Company: banks, insurance companies, credit card companies, IT suppliers and consultants, travel agencies, embassies, financial, tax and legal advisors, clients, accountants, lease companies, inspection authorities, medical inspection authorities, forensic specialists, training centres, facility services, delivery services of packages and letters.

When third parties are given access to your personal data, Our Company will take the required contractual, technical and organisational measures to ensure that your personal data are only processed to the extent that such processing is necessary for the purpose of processing agreed with Our Company. The third parties will only process your personal data in accordance with applicable law.

If your personal data is transferred to a recipient in a country that does not provide an adequate level of protection of personal data, Our Company will take measures to ensure that your personal data is adequately protected, such as entering into EU Standard Contractual Clauses with these third parties.

In other cases, your personal data will not be supplied to third parties, except when required by law.

5. HOW ARE YOUR PERSONAL DATA SECURED?

In our opinion and based on our risk assessment, we have taken adequate safeguards to ensure the security of your personal data. In our assessment we have considered the risks of accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access, and other forms of unlawful processing (including, but not limited to unnecessary collection) or further processing.

6. HOW CAN YOU EXERCISE YOUR PRIVACY RIGHTS?

You have the right to request access or an overview of your personal data, and under certain conditions, rectification and/or erasure of personal data. In addition, you may also have the right of restriction of processing concerning your personal data, the right to object to processing as well as the right to data portability.

To invoke your privacy rights, please contact us by using the contact details at the bottom of this Privacy Statement. Keep in mind that we may ask for additional information to verify your identity.

7. CAN YOU WITHDRAW YOUR CONSENT?

Employee consent generally cannot be used as a legitimate basis for processing personal data of employees. However, under certain specific requirements, for example if applicable law requires so, Employee consent may be obtained. Once given, you may always withdraw your consent. Please keep in mind that withdrawal does not have retrospective effect and the withdrawal of your consent is only possible in case you first have given your consent. Please contact us to withdraw your consent by using the contact details at the bottom of this Privacy Statement.

8. HOW TO LODGE A COMPLAINT OR REPORT A DATA BREACH?

If you have a complaint about the use of your personal data by Our Company, or if you have become aware of a data breach by Our Company, you can lodge a complaint or report a data breach via your line manager or via the contact details at the bottom of this statement. Besides lodging a complaint with Our Company, you are also able to lodge a complaint with your local data protection supervisory authority.

9. HOW CAN YOU CONTACT US?

If you have any questions about the way we process your personal data, please read this statement first. For additional questions, remarks, compliments or complaints, please contact the privacy officer of Our Company at privacy@nutreco.com.