EU Customer and Business Partner Data Protection Notice

Content pages: 
Content: 

Last updated: May 23, 2018

I. Introduction and Scope

Bunge is committed to Processing Personal Data responsibly and in compliance with the applicable data protection laws in all countries in which Bunge operates.

This EU Customer/Vendor Data Protection Notice (the “Notice”) describes the types of Personal Data Bunge collects, how Bunge uses the Personal Data, with whom Bunge shares the Personal Data, and the rights you, as a Data Subject, have regarding Bunge’s use of the Personal Data. This Notice also describes how you can contact us about our data protection practices.

 

II. Contact Details of the Data Controllers

The entities responsible for the collection and use of your Personal Data (Data Controllers) in your home country for the purposes described in this Notice are set out in Annex 1.

 

III. Contact Details of the Data Protection Officers and the Data Protection Coordinators

A local DPC or DPO is designated at the country level.

The DPCs/DPOs are involved in all issues related to the protection of your Personal Data. In particular, the DPCs/DPOs are in charge of monitoring and ensuring compliance with this Notice and the applicable data protection laws. They will also provide advice on data protection matters upon request.

For any clarification or additional information you may need in order to fully understand this Notice, please contact your local DPC or DPO.

The local DPCs and DPOs’ contact information can be found in Annex 2.

In addition, you may also contact the Legal Department of Bunge SA at BEU.GVA.Dataprotection@bunge.com.

 

IV. Purposes of Data Processing and Legal Basis

Bunge Processes Personal Data in accordance with applicable data protection laws and only for limited, explicit and legitimate purposes. Bunge will not use Personal Data for any purpose that is incompatible with the purpose for which it was initially collected unless you provide your prior explicit consent for further use.

Personal Data relating to Bunge’s customers/vendors may be Processed for the purposes of:

  • Managing commercial relationships, order fulfillment, payment and invoicing for goods and services, contacting customer, contacting vendor/supplier;
  • Carrying out promotional operations, direct marketing;
  • Fraud detection and prevention;
  • Security;
  • Complying with legal obligations and/or regulatory investigations, assisting the Company in the context of any litigation or arbitration, including employment tribunal proceedings, and protecting the Company against injury, theft, legal liability, fraud, abuse or other misconduct;
  • Managing Company transactions (e.g., merger or acquisition);
  • Managing Company operations, including the operation and monitoring of the proper functioning and security of the Company’s IT systems;
  • Managing health and safety incidents; and
  • Managing product deliveries and shipments.

The legal basis for each purpose is listed in the chart below:

Purposes

Legal basis

 

Managing commercial relationships, order fulfillment, payment and invoicing for goods and services, contacting customer, contacting vendor/supplier

 

B-to-C: Contractual obligation

 

B-to-B: Legitimate interest to run Company’s business as appropriate to deliver and improve its products or services

 

Carrying out promotional operations, direct marketing

 

Legitimate interest to promote Company’s position on the market

Fraud detection and prevention

 

Legitimate interest to ensure security and integrity of Company

 

Security

 

Legitimate interest to ensure security and integrity of Company

 

Complying with legal obligations and/or regulatory investigations, assisting the Company in the context of any litigation or arbitration, including employment tribunal proceedings, and protecting the Company against injury, theft, legal liability, fraud, abuse or other misconduct

 

Legal obligation and Legitimate interest to ensure proper functioning of the Company

Managing Company transactions (e.g., merger or acquisition)

 

Legitimate interest to conduct Company’s business dealings

Managing Company operations, including the operation and monitoring of the proper functioning and security of the Company’s IT systems

 

Legitimate interest to ensure security and safety of Company

Managing health and safety incidents

 

Legitimate interest to ensure security and safety of Company

 

Managing product deliveries and shipments

 

B-to-C: Contractual obligation

 

B-to-B: Legitimate interest to run Company’s business as appropriate to deliver and improve its products or services

Bunge ensures that our internal governance procedures clearly specify the reasons behind decisions to use Personal Data for further Processing purposes. Prior to using your Personal Data for a purpose other than the one for which it was initially collected, you will be informed about such new purpose.

 

V. Categories of Personal Data Processed

The provision of Personal Data is a requirement necessary to enter into a contract with Bunge or a requirement by law or regulation for Bunge to administer your customer/vendor relationship. The Personal Data Processed is limited to the data necessary for carrying out the purpose for which such Personal Data is collected.

Personal Data Processed includes the following:

  • Customer name, gender, age, address, date and place of birth, phone number, email address, nationality, occupation/title, name of organization, department, industry, date of agreement, business postal address, business telephone number, business facsimile number, business email address, VAT numbers, tax identification numbers, bank details, bank ownership certificate, language preference, license plate number, driver’s license;
  • Customer CCTV images;
  • Vendor/supplier name, gender, age, address, date and place of birth, phone number, email address, nationality, occupation/title, name of organization, department, industry, date of agreement, business postal address, business telephone number, business facsimile number, business email address, VAT numbers, tax identification numbers, bank details, bank ownership certificate, language preference, license plate number, driver’s license; and
  • Vendor/supplier CCTV images.

Bunge will not collect Personal Data if such collection is prohibited under the applicable data protection laws.

Special Categories of Personal Data will not be Processed in the customer/vendor context.

Bunge will maintain Personal Data in a manner that ensures it is accurate, complete and up-to-date.

 

VI. Recipients of Personal Data

In connection with the activities described under Section IV, the Company may need, from time to time, to disclose or make available Personal Data to other companies of the Bunge Group, relevant third party service providers (e.g., customer/vendor relationship management service providers, professional advisers), Company’s business partners, regulatory authorities, governmental or quasi-governmental organizations and potential purchasers of the Company or a Company’s business.

Bunge will only grant access to Personal Data on a need-to-know basis, and such access will be limited to the Personal Data that is necessary to perform the function for which such access is granted.

Authorization to access Personal Data will always be linked to the function, so that no authorization will be extended to access Personal Data on a personal basis. Service providers will only receive Personal Data according to the purposes of the service agreement with Bunge.

 

VII. International Data Transfers

International data transfers refer to transfers of Personal Data outside of the EEA and Switzerland.

The international footprint of Bunge involves the transfer of Personal Data to other group companies or third parties, which may be located outside the EEA and Switzerland, including the United States. Bunge will ensure that when Personal Data is transferred to countries that have different standards of data protection, appropriate safeguards to adequately protect the Personal Data are implemented to secure such data transfers in compliance with applicable data protection laws. Bunge has implemented an intra-group international data transfer agreement to cover international data transfers between companies of the Bunge Group, a copy of which can be obtained by contacting the Legal Department of Bunge SA at: BEU.GVA.Dataprotection@bunge.com.

 

VIII. Retention of Personal Data

Bunge will not retain your Personal Data processed longer than necessary for the purposes for which it was collected or otherwise Processed as set out in this Notice, and for which Bunge has a valid legal basis. In any case, we will not retain it longer than allowed under statutory local retention periods, i.e., tax or commercial requirements.

In case where Bunge would be involved in any legal claims, we are entitled to continue to Process your Personal Data that is relevant for such claims, subject to applicable local retention requirements.

 

IX. Data Protection Rights 

Under applicable data protection laws, you will benefit from the following rights. You can exercise these rights at any time by contacting the local DPC or DPO:

  • Right to access to, rectification and erasure of Personal Data;
  • Right to restriction of Processing;
  • Right to object to Processing;
  • Right of data portability to the extent applicable;
  • Right to withdraw consent where the Processing is based on consent; and
  • Right to lodge a complaint with the Supervisory Authority.

 

X. Implementation

The present Notice will be applied to and implemented by all the entities of Bunge in Europe in their respective country.

 

XI. Notice Compliance and Contact Information

Monitoring and ensuring compliance of the Personal Data Processing within Bunge with this Notice and applicable data protection laws is the responsibility of the DPCs and the DPOs.

As mentioned above, you may contact your local DPC or the DPO, or the Legal Department of Bunge SA, with regard to any issue related to Processing of your Personal Data and to exercise your rights as mentioned above. The local DPCs and DPOs’ contact information can be found in Annex 2.

 

XII. Miscellaneous

This Notice may be revised and amended by Bunge SA (13 route de Florissant, 1206, Geneva, Switzerland) from time to time and appropriate notice about any amendments will be given.

 

Annex 1: List of Data Controllers

Annex 2: Data Protection Coordinators and Data Protection Officers Contact List