Policy for the protection of the personal data of the tereos group’s BtoB customers and prospects

 

TEREOS STARCH & SWEETENERS EUROPE is a part of Tereos Group which is very committed to the protection of personal data and to your privacy, which are two principles protected by the Charter of Fundamental Rights of the European Union.

The processing of personal data carried out within the framework of Tereos Group’s activities complies with the rules on privacy, particularly the General Data Protection Regulation (EU Regulation 2016/679) known as the “GDPR” and the amended Act of 6 January 1978 relating to data processing, records and privacy known as the “French Data Protection Act”.

Therefore, within the exercise of its activities, the Tereos Group may be required to collect and process your personal data, whatever the type of contract that binds us.

The Tereos Group acts as a data controller in the context of operating the trademarks that it holds.

The Tereos Group has set up a department dedicated to the protection of personal data, which ensures the effective implementation of specific procedures and processes, in order to raise awareness among its employees, involve its partners and sub-contractors in the protection of personal data and ensure the compliance of the personal data processing for which it is responsible.

This policy (hereinafter “the Policy”) aims to inform you of the reasons why the Tereos Group may process your personal data, the way in which the Tereos Group does this and your rights in this matter.

 

THE TEREOS GROUP’S COMMITMENTS FOR THE PROTECTION OF PERSONAL DATA
 

In order to ensure the best level of protection of your personal data, the Tereos Group undertakes, in its capacity as data controller, to comply with the GDPR by setting a number of basic principles for the processing of personal data and in particular:

    • Lawfulness, fairness, transparency: your personal data is processed lawfully, fairly and transparently;
    • Purpose limitation: your personal data is collected for specified, explicit and legitimate purposes and is not subsequently processed in a manner incompatible with those purposes;
    • Data minimisation: only the adequate and relevant data is collected and is limited to what is necessary in view of the purposes for which it is processed;
    • Limitation of retention: your personal data is retained for a limited time that does not exceed the time necessary to achieve the purpose of the processing. These times comply with the legal retention periods;
    • Accuracy: your personal data is accurate, kept up-to-date and all reasonable steps are taken to ensure that any inaccurate data, having regard to the purposes for which it is processed, is erased or corrected as soon as possible;
    • Security: your personal data is subject to security through effective technical and organisational measures that are adapted to the risks of the processing for your right to privacy and your other rights and freedoms.

 

Internal procedures are planned to comply with the guiding principles of the regulations on the protection of personal data from its design and by default. If necessary, our relationships with external service providers are secured through contracts that meet a real level of security of your personal data.

The majority of our services, service providers, remote applications and servers required for the processing of your personal data are located in the territory of the European Union. When your personal data needs to be transferred outside the European Union, we adopt the appropriate guarantees provided by the applicable regulations. If necessary, you can have access to relevant documents (i.e.: standard contract clauses of the European Commission).

 

RIGHTS OF DATA SUBJECTS
 

In terms of the processing of personal data, you enjoy a number of rights in accordance with the applicable regulations:

    • Right to information about processing: in order to respect the principle of fairness and transparency, the Tereos Group, in its capacity as data controller, must inform you prior to the collection of your personal data. This information allows you to understand and, where appropriate, to consent to the processing that the Tereos Group offers;
    • Right of access to your personal data: once your data has been collected and processed by the Tereos Group, you have the opportunity to obtain a copy of your personal data held by the Tereos Group;
    • Right of correction: to the extent that your data will not always be up-to-date, you have the right to correct data about you that is not accurate;
    • Right to withdraw consent: If you have consented to processing, you can withdraw this consent at any time, without this affecting the lawfulness of the processing before this withdrawal;
    • Right to object to processing: when processing is not based on your consent, but on legitimate interests that we pursue or those of a third party, you can oppose the processing given your particular situation;
    • Right to limitation of processing: you have the option of limiting the processing in the following cases:
      • You dispute the accuracy of the personal data for a period enabling the Tereos Group to verify the accuracy of the personal data;
      • The processing is unlawful and you want the use of the data to be limited instead of erasing it;
      • Tereos no longer needs the personal data for processing, but you want it to be retained for the establishment, exercise or defence of your rights in court;
      • You objected to the processing under your right to object during the verification as to whether the legitimate reasons pursued by Tereos prevail over your own.

 

    • Right to erase data: you can request to erase the data we process for a legitimate reason in the following cases:
      • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
      • You wish to withdraw your consent (see right to withdraw consent)
      • You object to the processing of your personal data for a legitimate reason
      • The personal data has been unlawfully processed;
      • The personal data must be erased to comply with a legal obligation, as required by EU law or the law of the Member State to which the data controller is subject;

 

    • Right to portability: when processing is not based on your consent, you may request the transfer of the personal data to another data controller, or receive said data in a structured, commonly used and machine-readable format;
    • Right not to be subject to automated individual decisions (including profiling): save in exceptional cases, you have the right not to be subject to automated individual decisions, such as profiling, which produces legal effects, or significantly affects you.

 

You also have the right to lodge a complaint with the Commission Nationale Informatique et Libertés (CNIL – the French Data Protection Authority). For more information, please visit the website of the CNIL – – https://www.cnil.fr/fr/cnil-direct/question/adresser-une-reclamation-plainte-la-cnil-quelles-conditions-et-comment .

Any request, whether relating to the exercise of your rights or relating to this Policy, must be sent by email or registered letter with acknowledgement of receipt for the attention of the GDPR contact person. The GDPR contact person will review your request and get back to you as soon as possible. He/she can be contacted at the following address:

    • By email: contactgdpr@tereos.com
    • By post: Tereos Group – Legal and Compliance Department – GDPR Contact Person – 12-14 Rue Médéric 75017 Paris, France

 

To process your request, please:

    • Include your family name(s) first name(s)
    • If the request is regarding a right of access, specify the categories of data you want to access
    • If the request is regarding another right, specify the reason for your request (which right you want to exercise and for what reason)
    • Attach/enclose proof of identity

 

If the request is made by a representative:

    • Provide a proof of mandate and identity for the agent
    • Provide proof of identity of the person representing

 

PROCESSING CARRIED OUT BY THE TEREOS GROUP

 

    1. Identity and contact details of the data controller

 

TEREOS STARCH & SWEETENERS EUROPE, a Société par actions with capital 82.846.464,00 €
Siret number: 403 138 225 00012
Zone Industrielle et Portuaire, B.P. 32

F–67 390 Marckolsheim, FRANCE

 

    1. Purpose of the processing of personal data

 

We process your data for the following purposes:

    • Communicating with prospects and customers, as well as their teams;
    • Managing the pre-contractual period until contracting;
    • Performing operations relating to the management of worrying customers (contractual management until payment for the services);
    • Performing operations relating to prospecting and customer loyalty;
    • Carrying out soliciting operations;
    • Lawfully finding out about competing practices and organisations for the purpose of optimising production and sales processes;
    • Organising on-line seminars/training (webinars) for professionals;
    • Developing trade statistics;
    • Conducting transactions for the sale, rental or exchange of customer files and prospect files;
    • Carrying out customer commercial prospecting activities
    • Managing unpaid debts and disputes, provided this does not relate to offences and/or does not result in the person being excluded from a right, service or contract

 

Incidentally, the data can also be used to:

    • Manage the exercise of rights by data subjects;
    • If applicable, establish, exercise or defend the rights of the Tereos Group.

 

    1. Categories of data

 

For each purpose identified, the categories of personal data collected, processed and stored by the Tereos Group are as follows:

 

    • Identity data: title, family name, first names, addresses, telephone number (landline and/or mobile), fax number, email, date of birth, internal processing code allowing the identification of the customer, company for which the person is employed, position, email.
    • Business relationship monitoring data: requests for documentation, testing requests, product purchased, service or subscription subscribed, quantity, amount, frequency, delivery address, purchase and service history, product returns, origin of the sale (salesperson, representative, partner, affiliate) or the order, correspondence with the customer and after-sales service, exchanges and comments from customers and prospects, person(s) in charge of customer relations;
    • Data on means of payment: postal or banking statement of identity, IBAN, BIC, cheque number (if applicable), credit card number, credit card expiry date, CSC;
    • Transaction data such as the transaction number, details of the purchase, subscription, goods or service subscribed;
    • Invoice payment data: payment terms, discounts granted, receipts, balances and unpaid debts.
    • Carrying out customer commercial prospecting: identity data, contact details (email address).

 

    1. Categories of persons
    • BtoB Customers
    • BtoB Prospects
    • Visitors to the website

 

    1. Recipients
    • Partners/Service Providers;
    • Sub-contractors of all Group entities;
    • Authorised departments in charge of managing customer data (e.g.: IT Department, Marketing Department, Communications Department, etc.);
    • Persons authorised as authorised third parties (e.g.: supervisory authorities, statutory auditors, auditors, etc.).

 

LEGAL BASES

 

The legal justifications on the basis of which we can process your personal data are:

    • Consent;
    • The need to execute a contract or pre-contractual measures for the purposes described in this Policy;
    • Compliance with a legal obligation;
    • Protecting the vital interests of the data subject;
    • The legitimate interest of the data controller.

 

RETENTION PERIOD

 

Your personal data is retained for the time necessary to achieve the purposes described in this Policy. It is then archived in accordance with the legal and/or regulatory requirements, and/or to enable the Tereos Group to establish proof of a right or contract (deadlines applicable to prescription).

 

COMPUTER SECURITY

 

Security of processing of personal data is one of the Tereos Group’s priorities. We make every effort to implement technical and organisational measures adapted to the issues and risks associated with the protection of personal data. Training sessions on personal data protection are offered to our employees. Our employees are subject to a confidentiality obligation. Our websites are subject to technical protection and communications with your computer are encrypted by an HTTPS (TLS) stream.

 

CHANGES TO THIS POLICY

 

This Policy was published on May 25th, 2018. In case of changes to this Policy implemented by Tereos,, such changes will be identified by Tereos on this webpage.

Policy for the protection of the personal data of the tereos group’s consumers and prospects

 

TEREOS STARCH & SWEETENERS EUROPE is a part of The Tereos Group which is very committed to the protection of personal data and to your privacy, which are two principles protected by the Charter of Fundamental Rights of the European Union.

The processing of personal data carried out within the framework of Tereos Group’s activities complies with the rules on privacy, particularly the General Data Protection Regulation (EU Regulation 2016/679) known as the “GDPR” and the amended Act of 6 January 1978 relating to data processing, records and privacy known as the “French Data Protection Act”.

Therefore, within the exercise of its activities, the Tereos Group may be required to collect and process your personal data, whatever the type of contract that binds us.

The Tereos Group acts as a data controller in the context of operating the trademarks that it holds.
The Tereos Group has set up a department dedicated to the protection of personal data, which ensures the effective implementation of specific procedures and processes, in order to raise awareness among its employees, involve its partners and sub-contractors in the protection of personal data and ensure the compliance of the personal data processing for which it is responsible.

This policy (hereinafter “the Policy”) aims to inform you of the reasons why the Tereos Group may process your personal data, the way in which the Tereos Group does this and your rights in this matter.

THE TEREOS GROUP’S COMMITMENTS FOR THE PROTECTION OF PERSONAL DATA

In order to ensure the best level of protection of your personal data, the Tereos Group undertakes, in its capacity as data controller, to comply with the GDPR by setting a number of basic principles for the processing of personal data and in particular:

 

    • Lawfulness, fairness, transparency:your personal data is processed lawfully, fairly and transparently;
    • Purpose limitation:your personal data is collected for specified, explicit and legitimate purposes and is not subsequently processed in a manner incompatible with those purposes;
    • Data minimisation:only the adequate and relevant data is collected and is limited to what is necessary in view of the purposes for which it is processed;
    • Limitation of retention: your personal data is retained for a limited time that does not exceed the time necessary to achieve the purpose of the processing. These times comply with the legal retention periods;
    • Accuracy: your personal data is accurate, kept up-to-date and all reasonable steps are taken to ensure that any inaccurate data, having regard to the purposes for which it is processed, is erased or corrected as soon as possible;
    • Security: your personal data is subject to security through effective technical and organisational measures that are adapted to the risks of the processing for your right to privacy and your other rights and freedoms.

Internal procedures are planned to comply with the guiding principles of the regulations on the protection of personal data from its design and by default. If necessary, our relationships with external service providers are secured through contracts that meet a real level of security of your personal data.
The majority of our services, service providers, remote applications and servers required for the processing of your personal data are located in the territory of the European Union. When your personal data needs to be transferred outside the European Union, we adopt the appropriate guarantees provided by the applicable regulations. If necessary, you can have access to relevant documents (i.e.: standard contract clauses of the European Commission).

 

RIGHTS OF DATA SUBJECTS

 

In terms of the processing of personal data, you enjoy a number of rights in accordance with the applicable regulations:

 

    • Right to information about processing: in order to respect the principle of fairness and transparency, the Tereos Group, in its capacity as data controller, must inform you prior to the collection of your personal data. This information allows you to understand and, where appropriate, to consent to the processing that the Tereos Group offers;
    • Right of access to your personal data: once your data has been collected and processed by the Tereos Group, you have the opportunity to obtain a copy of your personal data held by the Tereos Group;
    • Right of correction: to the extent that your data will not always be up-to-date, you have the right to correct data about you that is not accurate;
    • Right to withdraw consent: If you have consented to processing, you can withdraw this consent at any time, without this affecting the lawfulness of the processing before this withdrawal;
    • Right to object to processing: when processing is not based on your consent, but on legitimate interests that we pursue or those of a third party, you can oppose the processing given your particular situation;
    • Right to limitation of processing: you have the option of limiting the processing in the following cases:
      • You dispute the accuracy of the personal data for a period enabling the Tereos Group to verify the accuracy of the personal data;
      • The processing is unlawful and you want the use of the data to be limited instead of erasing it
      • Tereos no longer needs the personal data for processing, but you want it to be retained for the establishment, exercise or defence of your rights in court;
      • You objected to the processing under your right to object during the verification as to whether the legitimate reasons pursued by Tereos prevail over your own.
    • Right to erase data: you can request to erase the data we process for a legitimate reason in the following cases:
      • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
      • You wish to withdraw your consent (see right to withdraw consent)
      • You object to the processing of your personal data for a legitimate reason
      • The personal data has been unlawfully processed;
      • The personal data must be erased to comply with a legal obligation, as required by EU law or the law of the Member State to which the data controller is subject;
    • Right to portability: when processing is not based on your consent, you may request the transfer of the personal data to another data controller, or receive said data in a structured, commonly used and machine-readable format;
    • Right not to be subject to automated individual decisions (including profiling): save in exceptional cases, you have the right not to be subject to automated individual decisions, such as profiling, which produces legal effects, or significantly affects you.

You also have the right to lodge a complaint with the Commission Nationale Informatique et Libertés (CNIL – the French Data Protection Authority). For more information, please visit the website of the CNILhttps://www.cnil.fr/fr/cnil-direct/question/adresser-une-reclamation-plainte-la-cnil-quelles-conditions-et-comment .

Any request, whether relating to the exercise of your rights or relating to this Policy, must be sent by email or registered letter with acknowledgement of receipt for the attention of the GDPR contact person. The GDPR contact person will review your request and get back to you as soon as possible. He/she can be contacted at the following address:

 

    • By email: contactgdpr@tereos.com
    • By post: Tereos Group – Legal and Compliance Department – GDPR Contact Person – 12-14 Rue Médéric 75017 Paris, France

To process your request, please:

    • Include your family name(s) first name(s)
    • If the request is regarding a right of access, specify the categories of data you want to access
    • If the request is regarding another right, specify the reason for your request (which right you want to exercise and for what reason)
    • Attach/enclose proof of identity

If the request is made by a representative:

    • Provide a proof of mandate and identity for the agent
    • Provide proof of identity of the person representing

 

PROCESSING CARRIED OUT BY THE TEREOS GROUP

 

  1. Identity and contact details of the data controller

TEREOS STARCH & SWEETENERS EUROPE, a Société par actions with capital 82.846.464,00 €
Siret number: 403 138 225 00012
Zone Industrielle et Portuaire, B.P. 32

F–67 390 Marckolsheim, FRANCE

 

  1. Purpose of the processing of personal data

We process your data for the following purposes:

    • Sending newsletters;
    • Organising competitions, lotteries or any promotional operations;
    • Collecting and managing opinions from people on products, services or content (consumer service);
    • Responding to consumer inquiries via the Green Number;
    • Suggesting stores near you to find our products;
    • Compiling browsing statistics using cookies and other tracers;
    • Getting information about the terminal (email routing);
    • Carrying out customer commercial prospecting activities.

Incidentally, the data can also be used to:

    • Manage the exercise of rights by data subjects;
    • If applicable, establish, exercise or defend the rights of the Tereos Group.

 

  1. Categories of data

For each purpose identified, the categories of personal data collected, processed and stored by the Tereos Group are as follows:

    • Sending newsletters: email address;
    • Organising competitions, lotteries or any promotional operations: identity data, email address, age, score, dates of participation, sponsorship, postal address for the delivery of the prize;
    • Managing opinions from people on products, services or content (consumer service): identity data, postal address, postcode, town, country, landline phone, mobile phone, email address, subject of the message, product concerned, product format, message;
    • Responding to consumer inquiries: identity data, email address
    • Suggesting stores near you to find our products: georeferencing through IP or through information;
    • Compiling browsing statistics using cookies and other tracers: IP address, browsing history, interaction website, socio-demographic category;
    • Getting information about the terminal (email routing): IP address, operating system, internet browser, other terminal information, applications or connections;
    • Carrying out customer commercial prospecting: identity data, contact details (email address);
    • Managing the exercise of rights by data subjects: identity data, email address. A photocopy of your ID may be required to access your request;
    • Establishing, exercising or defending the rights of the Tereos Group: identity data, data required to establish, exercise or defend the rights of the Tereos Group.

 

  1. Categories of persons
    • Consumers
    • BtoC Prospects
    • Visitors to the website

 

  1. Recipients
    • Partners/Service Providers;
    • Sub-contractors of all Group entities;
    • Authorised departments in charge of managing consumer data (e.g.: IT Department, Marketing Department, Communications Department, etc.);
    • Persons authorised as authorised third parties (e.g.: supervisory authorities, statutory auditors, auditors, etc.).

 

LEGAL BASES

 

The legal justifications on the basis of which we can process your personal data are:

    • Consent;
    • The need to execute a contract or pre-contractual measures for the purposes described in this Policy;
    • Compliance with a legal obligation;
    • Protecting the vital interests of the data subject;
    • The legitimate interest of the data controller.

 

RETENTION PERIOD

 

Your personal data is retained for the time necessary to achieve the purposes described in this Policy. It is then archived in accordance with the legal and/or regulatory requirements, and/or to enable the Tereos Group to establish proof of a right or contract (deadlines applicable to prescription).

 

COMPUTER SECURITY

 

Security of processing of personal data is one of the Tereos Group’s priorities. We make every effort to implement technical and organisational measures adapted to the issues and risks associated with the protection of personal data. Training sessions on personal data protection are offered to our employees. Our employees are subject to a confidentiality obligation. Our websites are subject to technical protection and communications with your computer are encrypted by an HTTPS (TLS) stream.

 

CHANGES TO THIS POLICY

 

This Policy was published on May 25th, 2018. In case of changes to this Policy implemented by Tereos,, such changes will be identified by Tereos on this webpage.