Privacy policy
In the context of its activities, La Lorraine Bakery Group NV, with registered office at Elisabethlaan 143, 9400 Ninove, VAT 412.382.632, RPR Ghent, Dendermonde Division and all directly or indirectly associated group companies in application of Article 11 of the Belgian Companies Code (“LLBG”), collect and use information about natural persons such as yourself (also referred to as “personal data”). LLBG considers the protection of your privacy as very important and therefore commits to process the information that it collects about you only as set out in this policy. In so doing, LLBG is acting in accordance with the relevant privacy legislation, including the General Data Protection Regulation or “GDPR”.
As part of this commitment, LLBG wishes to explain with this privacy policy why and how we process your personal data, as well as what your rights and our obligations are in this respect. This policy also provides information about who you can contact within LLBG if you have questions or to exercise your rights (see point 7).
1. Scope
This privacy policy applies to every type of use of personal data concerning:
- future, present and former customers (natural persons);
- future, present and former suppliers (natural persons);
- representatives and personnel of customers (legal persons);
- representatives and personnel of suppliers (legal persons);
- Applicants;
- visitors of our premises; and
- visitors of our websites.
The so-called “controller” is the legal entity which decides on the purposes and means of collecting and using your personal data. Unless otherwise indicated in a supplementary policy relating to a specific processing operation, LLBG is the controller.
2. What personal data is collected about you by LLBG?
- 1 General
Data relating to children is processed only when they participate in an organised company or school visit.
- 2 Professionals
For the representatives and personnel of customers and suppliers who are legal persons, this also includes your title, position, name of your company.
If you provide us with information about other individuals (such as the contact details of a colleague), you must provide a copy of this privacy policy to these individuals.
- 3 Private persons
- 4 Visitors of our premises
If you have an appointment with one of our staff members, you must also give your name at the reception as well as the reason for your visit.
- 5 Events
- 6 Visitors of our websites
- 7 Applicants
3. How is personal data collected?
We have collected this personal data directly or indirectly using (one or more) of the following channels:
- when you contact us and communicate with our personnel and/or our IT systems;
- when you give us your business card;
- when you sign up for one of our newsletters;
- When you apply for a vacancy at LLBG (through spontaneous application or reacting on a LLBG vacancy);
- when you order and purchase some of our goods or services, such as through our online bakery;
- through our CCTV and security systems;
- through our photographer at events;
- through the company for which you work or through one of your colleagues;
- through online research;
- by the use of your loyalty card;
- by participating in or registering for surveys, campaigns, competitions and/or company visits;
- by purchasing customer data from direct marketing databases; or
- when you visit our website and/or fill in the contact form.
When we request information directly from you (for example, via a form), we will always indicate whether this information is mandatory and what the consequences are if you do not wish to provide this data.
In order to ensure that the personal data that we have about you is accurate and remains up-to-date, we may ask you at certain intervals to review and confirm this personal data or update it, where necessary.
4. Why is personal data collected and used?
Your personal data is always processed for a specific and well-defined purpose and only the data required to achieve that purpose is used.
- 1 General purposes
- monitoring of our activities (measuring and compiling statistics on sales, number of customers, etc.);
- management of our IT, including the management of the infrastructure and the continuity of the business;
- improving the quality of our products and services;
- safeguarding our economic interests;
- management of our archiving systems;
- answering questions from a public authority or court;
- compliance with statutory obligations;
- mergers and acquisitions; and
- fraud prevention.
- 2 Professionals
- the preparation and performance of agreements;
- purchase, procurement, invoicing and accounting;
- management of relations with customers and suppliers and partner programmes;
- monitoring the activities in our premises, including compliance with relevant policies, health and safety rules; and
- periodically sending out newsletters and promotional e-mails about our products and services, as well as interesting information, for example by using targeted advertisement through social media, by making use of the address that you or the company for which you work has given us (if you have given us your permission).
- 3 Private persons
- planning and delivery of goods and services to customers;
- management of loyalty cards;
- management of customer relations;
- processing of (personalised) orders, including the online bakery, and to inform customers, where necessary, of the status of such orders;
- Recruitment and selection;
- invoicing and accounting;
- the periodic sending out of newsletters and promotional e-mails about our products and services, and also interesting information, for example by using targeted advertisement through social media, by making use of the address that you have supplied (if you have given us your permission);
- answering questions from our customers, including questions asked by telephone; and
- the organisation of promotions, campaigns and competitions.
- 4 Visitors of our premises
- the organisation of company and school visits; and
- monitoring the activities on our premises, including compliance with applicable policies, health and safety rules.
- 5 Visitors of our websites
- managing and improving our websites (e.g. through the diagnosis of server problems, optimisation of data traffic, integration and optimisation of web pages);
- measuring the use of our websites (e.g. by compiling statistics of the data traffic or collecting information on the behaviour of the visitors and the pages that they visit);
- improving and personalising your experience as well as adapting the content of the website to each visitor (e.g. by remembering your selections and preferences, together with the use of cookies);
- analysis of the efficiency of our e-mail campaigns and improving the sending of e–mails in order to communicate better with our customers; and
- monitoring and prevention of fraud and other potential misuse of our website.
5. Legal basis allowing the collection and use of personal data
Personal data may not be processed without a valid legal basis. We will therefore process your personal data only when:
- we have received your free, explicit and specific consent for the processing of your personal data for one or more specific purposes; or
- the processing is necessary to perform our contractual obligations towards you or to take pre-contractual steps at your request; or
- the processing is necessary in order to comply with an obligation to which we are subject by a statute, decree or ordinance; or
- the processing is necessary to protect your vital interests or those of another person; or
- the processing is necessary for our legitimate interests and does not unduly affect your interests or fundamental rights and freedoms. Please note that, when processing your personal data on this basis, we always seek to maintain a balance between our legitimate interest and your privacy.
In most cases your personal data will be processed because this is necessary in the context of our present and future contractual relations. If you require more information on the exact legal basis on which we rely to process certain personal data, please do not hesitate to contact us, as explained in point 7.
When we collect personal data about your children in the context of an organised company visit to one of our premises, we will always ask your explicit consent for this, either directly or through your children’s school.
6. Who has access to my personal data?
- 1 Within LLBG
This personnel is bound by our internal rules and procedures relating to security, confidentiality and protection of personal data. They are also obliged to comply with the technical and organisational measures that we have taken to protect your personal data. These security measures were tailored to take into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of the personal data, the volume and risks attached to the processing of personal data.
- 2 Outside LLBG
- our service providers such as consultants, IT service providers, security companies, insurance companies and financial institutions;
- our business partners, such as stores and other supermarkets who distribute our products, as well as our marketing advisors;
- any national and/or international regulatory, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request;
- third parties advisors, such as accountants and lawyers, for example in the context of the transfer or takeover of all or a part of the business; and
- third parties involved in investigating possible fraud or other legal violations.
- 3 Outside the European Economic Area
7. What are my rights and how should I exercise them?
You always have the right to request access to the personal data that LLBG processes about you and to have inaccurate or incomplete personal data corrected. In some instances you can also object to the processing of this data, request a restriction on the processing or ask us to delete certain data. Lastly, you are also entitled in certain circumstances to request that some of your personal data be transferred to yourself or to a third party.
When you have given your consent for a certain type of processing, you may withdraw it at any time, but you should be aware that in such case you may not be able to fully enjoy all of our services. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. In addition, you can always object at no cost to the use of your personal data for direct marketing purposes.
Should you wish to exercise any of the above rights, please send an e-mail to privacy@llbg.com, attaching a copy of your identity card.
LLBG takes your comments about our processing of personal data seriously and will quickly attend to them. So do not hesitate to contact us if you have any comments.
If you are not satisfied with the way in which we process your personal data, you are entitled to submit a complaint to the supervisory authority responsible for the protection of personal data, in Belgium, the Data Protection Authority (GBA).
8. How long is my data kept?
The exact retention period depends on the purpose for which the personal data is being processed.
In principle, LLBG uses the following criteria for the retention of personal data: (i) personal data is stored for as long as is necessary for achieving the purpose for which it was collected and (ii) always in line with the relevant statutory, regulatory and internal requirements in this respect.
More specifically, personal data that we hold about you in our database and that is not related to a specific agreement, is removed 120 months after your last interaction with us.
For personal data that is related to a contract that you (or the company for which you work) have executed with us, the retention period is the duration of this contract, plus the period until claims under this contract become time-barred, unless mandatory statutory or regulatory requirements require a longer or shorter retention period. After the expiry of this period your personal data will be removed from our systems.
CCTV images are retained for a maximum retention period of 2 weeks.
Personal data that is collected and processed in the context of a dispute is removed (i) as soon as an amicable settlement has been reached, (ii) as soon as a final decision has been rendered that can no longer be appealed or (iii) when the claim has become time-barred.
9. Amendment of the policy
This policy may be subject to amendments. This privacy policy was last amended on 4 May 2018. Future amendments or additions to the processing of your personal data as described in this privacy policy will be notified to you in advance through our website(s) (for example, through pop-up screens) as well as by means of our usual communication channels (for example, by e-mail, if we hold your e-mail address). Please always ensure, however, that you use the latest version.
10. Contact us
For general questions you can always contact us by sending an e-mail to privacy@llbg.com. For privacy-related questions and/or to exercise your rights, please refer to the e-mail address given in point 7. We are pleased to help you.