Search

Search

Privacy Notice

Privacy Notice of the Fyffes Group

 

  1. WHAT IS THIS PRIVACY NOTICE ABOUT?

The Fyffes Group (also «we», «us») collects and processes personal data that concern you but also other individuals («third parties»).

Personal data means data relating to identified or identifiable individuals («personal data» or «data»). Processing means any operation that is performed on personal data, such as collection, storage, use, alteration, disclosure, and erasure.

In this Privacy Notice, we describe what we do with your data when you use our website https://www.fyffes.com/, our other websites or apps (collectively «website»), obtain services or products from us, enter into a contract with us, communicate with us, are a shareholder or investor in our company, apply for a job with us, or otherwise deal with us. In addition, we may inform you about the processing of your data separately (e.g., in forms, terms and conditions or additional privacy notices).

If you disclose data about other persons (e.g., family members, work colleagues) to us, we assume that you are authorized to do so and that the relevant data is accurate. When you share data about others with us, you confirm that. Please make sure that these individuals have been informed about this Privacy Notice.

This Privacy Notice is aligned with the Swiss Data Protection Act and its Ordinances («DPA»), the EU General Data Protection Regulation («GDPR»), and the UK General Data Protection Regulation («UK GDPR»). However, the application of these laws depends on the particular case.

  1. WHO IS THE CONTROLLER FOR PROCESSING YOUR DATA?

Fyffes International S.A., Chemin Jean-Baptiste Notice unless290 Versoix, Switzerland («Fyffes») is the controller under this Privacy Notice, unless we tell you otherwise in an individual case.

You may contact us for data protection concerns and to exercise your rights as follows:

Fyffes International S.A.

Chemin Jean-Baptiste Vandelle 3A

1290 Versoix

Switzerland

Email: dataprotection@fyffes.com

For Fyffes International SA German Branch, we have appointed a data protection officer according to Articles 37 et seq. GDPR, which can be reached as follows:

Fyffes International SA German Branch

c/o Lars von Ridder

Data Protection Officer

Stadthausbrücke 4

20355 Hamburg

Germany

Email: datenschutzbeauftragter@fyffes.com

You can also contact our data protection officer for privacy concerns.

  1. WHAT DATA DO WE PROCESS?

We process various categories of data about you. The main categories of data are the following:

  • Master data: This is the basic data (e.g., name, contact details), additional information about you (e.g., your role and function) and details of your relationship with us (e.g., customer, supplier, business partner or their employees), your bank details, your date of birth, photographs, copies of ID cards, customer history, powers of attorney, signature authorizations and declarations of consent and information about third parties (e.g., contacts, representatives).
  • Registration data: This is the data that is generated when you register with us (online or via an application) or that you provide to us in that context (e.g., username, e-mail, password), but also the data that is generated in the course of contests or when redeeming vouchers and, where applicable, access data in the course of access controls (which may also contain biometric data).
  • Contract data: This is the data that is collected in connection with a contract concluded by us or in connection with the provision of our services, such as information about the type of contract, the date the contract was entered into, the duration of the contract, the contractual services, the data that was collected during the period leading up to the conclusion of the contract, information required or used for processing (e.g., information regarding invoicing or customer service), information about reactions (e.g., complaints, feedback about satisfaction), financial data (e.g., information about solvency/creditworthiness, about reminders and debt collection).
  • Communication data: When you are in contact with us or with third parties (e.g., via the contact form, by e-mail, telephone, or by letter or other means of communication), we collect the data exchanged between you and us (e.g., content of e-mails or letters), including your contact details and the metadata of the communication or if necessary the copy of an ID document. This may include audio and video recordings of calls.
  • Candidate data: When you apply for a position with us, we collect and process the data that you submit to us in your application materials along with your job application (e.g., your name and contact details, information about your academic background, qualifications, and professional experience). As a candidate, if your application is successful and you accept an offer of employment or work from us, the data that we have collected from you during the pre-employment period will become part of your personnel file with us.
  • Technical data: When you use our digital offerings (e.g., website, apps, free Wi-Fi), we collect technical data e.g., the IP address, information about the operating system of your device, the location and the access time. Technical data in itself does not permit us to draw conclusions about your identity. However, technical data might be linked with other categories of data and thus possibly with your person.
  • Behavioral and preference data: This is the data about your behavior and your preferences (e.g., your response to electronic communications, navigation on our website, interactions with our social media pages) we may also supplement this information with third-party information, including from public sources. We describe how tracking works in our Cookie Policy.
  • Other data: This may include the following data: Data collected in connection with administrative or legal proceedings, data collected on the basis of health protection concept, photographs, videos or sound recordings that we produce or receive from third parties and in which you are recognizable (e.g., at events, through security cameras), access data or rights (e.g., visitor list, when you enter certain buildings or which access rights you have), participation in events or campaigns, when you use our infrastructure and systems as well as data in connection with your status as a shareholder or investor of our company (e.g., information for various registers, the exercise of your rights and the holding of events such as general meetings).
  1. WHAT IS THE SOURCE OF THE DATA?
  • From you: Much of the data set out in Section 3 is provided by you (e.g., when you communicate with us, in relation to contracts or services, when you use the website, when you apply for a job with us). You are not obliged or required to disclose data to us except in certain cases (e.g., because of legal requirements, legally required identification or health protection concepts). If you wish to enter into contracts with us or use our services, you must also provide us with certain data, in particular master data, contract data and registration data, as part of your contract. When using our website, the processing of technical data cannot be avoided. If you wish to gain access to certain systems or buildings, you must also provide us with registration data. However, in the case of behavioral and preference data, you generally have the option of objecting or not giving consent.
  • From third parties: To the extent permitted by law, we can also collect data from public sources (e.g., debt collection registers, commercial registers, Internet, including social media) or receive data from public authorities or other third parties (e.g., credit agencies, references, former employers, associations, contractual partners, internet analytics services). This includes the following categories of data: master data, contract data and other data according to Section 3 as well as data from correspondence and discussions with third parties. If you work for an employer, client or someone else who has a business relationship or other dealings with us, they may also provide us with information about you.
  1. FOR WHAT PURPOSES DO WE PROCESS YOUR DATA?
  • Communication: In order to be able to communicate with you (e.g., to answer inquiries, in the context of consulting as well as the execution of a contract), we need to process data (in particular communication data, master data, and registration data in connection with the services you use) from you. If we need or want to establish your identity, we collect additional data (e.g., a copy of an ID document). For this purpose, we use in particular communication data and master data and registration data in connection with the services you use.
  • Initiation, administration and execution of contracts: In connection with the conclusion or execution of contracts with our customers, suppliers, subcontractors, contractual partners and employment candidates, we process related personal data. For this purpose, we also process data for checking creditworthiness, for managing the pre-employment relationship, for opening and managing the customer relationship, for consulting, for customer support and for providing and demanding contractual services (which also includes the involvement of third parties, such as logistics companies, advertising service providers or credit reference agencies, which may then in turn provide us with data). This also includes the enforcement of legal claims arising from contracts (debt collection, legal proceedings), accounting, termination of contracts and public communication. For this purpose, we use in particular master data, contract data and communication data, and possibly also registration data of the customer or of the persons to whom the customer provides a service, as well as technical data (e.g., in the case of digital offers).
  • Marketing purposes and relationship management: For marketing purposes and relationship management, we process data, for example, to send our customers, other contractual partners and other interested parties personalized advertising (e.g., in print, by e-mail, via the application, on other digital channels or by telephone) about products, services and other news from us and from third parties (e.g., from product partners), in connection with free services (e.g., invitations, vouchers) or as part of individual marketing campaigns (e.g., events, competitions). You can refuse such contacts at any time or refuse or revoke your consent to be contacted for advertising purposes by notifying us (Section 2). With your consent, we can target our online advertising on the Internet more specifically to you (see our Cookie Policy). This also includes interaction with existing customers and their contacts, which can be personalised on the basis of behavioral and preference data. As part of relationship management, we may also operate a customer relationship management (CRM) system in which we store the data of customers and other business partners. Finally, we also enable contractual partners of ours to contact our customers and other contractual partners for advertising purposes (see Section 8). For marketing purposes and relationship management, we process in particular communication, registration, behavioral and preference data.
  • Market research, improvement of our services and operations, and product development: In order to continuously improve our products and services (including our website) and to be able to respond quickly to changing needs, we analyze, for example, how you navigate through our website or which products are used by which groups of people and in what way, and how new products and services can be designed (for further details, see our Cookie Policy). This gives us an indication of the market acceptance of existing products and services and the market potential of new products and services. To this end, we process in particular master data, behavioral data and preference data, but also communication data and information from customer surveys, polls and studies and other information, e.g., from the media, social media, the Internet and other public sources. As far as reasonably practicable, we use pseudonymized or anonymized data for these purposes.
  • Registration and security purposes as well as technical and physical access controls: In order to use certain offers and services (e.g., login areas, free WLAN), you must register (directly with us or via our external login service providers), for which we process data. Furthermore, we also collect additional personal data about you during the use of the offer or service. We continuously check and improve the appropriate security of our IT and our other infrastructure (e.g., buildings). We there-fore process data, for example, for monitoring, controls, analyses and tests of our networks and IT infrastructures, for system and error checks, for documentation purposes and as part of security copies. Access controls include, on the one hand, controlling access to electronic systems (e.g., logging into user accounts), and on the other hand, physical access control (e.g., building access). For security purposes (preventive and incident investigation) we also keep access logs or visitor lists and use surveillance systems (e.g., security cameras). We inform you of surveillance systems at the relevant locations by means of appropriate signs. For this purpose, we process registration data (including biometric data) and technical data, but also other data mentioned in Section 3.
  • Compliance with laws, directives and recommendations from authorities and internal regulations («Compliance»): We may process personal data as part of our compliance with laws (e.g., anti-money laundering, tax law obligations or for the implementation of health and safety concepts). In addition, data processing may take place in the course of internal investigations as well as external investigations (e.g., by a law enforcement or supervisory authority or an appointed private body). For this purpose, we process in particular master data, contract data and communication data, but under certain circumstances also behavioral data, technical data and data from other data categories. The legal obligations may be Swiss law, but also foreign regulations to which we are subject, as well as self-regulations, industry standards, our own «corporate governance» and official instructions and requests.
  • Risk management and corporate governance: We may process personal data as part of our risk management (e.g., to avoid becoming victims of crime and abuse) and corporate governance, including our business organization (e.g., resource planning) and corporate development (e.g., acquisition and sale of business units or companies). For this purpose, we process in particular master data, contract data, registration data and technical data, but also behavioral and communication data.
  • Further purposes: These other purposes include, for example, training and educational purposes, administrative purposes (e.g., master data management or accounting), safeguarding our rights, and evaluating and improving internal processes. We may record telephone or video conferences for training, evidence, and quality assurance purposes. In such cases, we will notify you separately (e.g., by displaying a notice during the video conference in question) and you are free to tell us if you do not want to be recorded or to terminate the communication (if you simply do not want your image recorded, please turn off your camera). In general, such recordings may only be made and used in accordance with our internal guidelines. The protection of other legitimate interests is also one of the other purposes, which cannot be named exhaustively. We also process data in connection with your position as a shareholder or investor of your company (e.g., information for various registers, the exercise of your rights and the holding of events such as general meetings).
  1. ON WHAT LEGAL BASIS DO WE PROCESS YOUR DATA?

To the extent necessary and depending on the situation and the purpose of the processing, we base the processing of your data on the following legal basis:

  • Contract: Insofar as we process data for the conclusion and execution of contracts that we conclude or have concluded for you or with you or your employer, client or other persons for whom you work, this is also the legal basis on which we process your data.
  • Legal obligations: We may further process your data based on applicable legal, regulatory and professional requirements with which we must comply.
  • Legitimate interest: We may process your data based on our legitimate interest or a legitimate interest of a third party. This applies in particular in relation to the achievement of the purposes and objectives set out in Section 5 and for the implementation of related measures. Among other things, we have a legitimate (and over-riding) interest in marketing our products and services and in gaining a better understanding of the markets relevant to us and our activities (in particular, in the efficient and secure handling of our processes and the further development of our activities), in the efficient and effective management of our company and in safeguarding the security of our systems and our interests vis-à-vis third parties.
  • Consent: If we ask for your consent to process data from you, this is the legal basis on which we process your data. In doing so, we will inform you of the purpose of the processing. You may revoke your consent at any time by notifying us in writing (by mail or, unless otherwise specified or agreed, by email), with effect for the future (see Section 2 regarding our contact details and our Cookie Policy regarding revocation of your consent in the area of online tracking). Once we have received and processed your withdrawal, we will no longer process your data for the purposes to which you originally consented (unless further processing may be carried out on the basis of another legal basis).
  • Other legal bases: In specific cases, we may also carry out data processing based on other legal bases. If this is the case, we will inform you in each individual case.
  1. WHAT APPLIES IN CASE OF PROFILING AND AUTOMATED INDIVIDUAL DECISIONS?

«Profiling» means a process by which personal data is processed automatically to analyze personal aspects or make predictions (e.g., to analyze a person’s personal interests, preferences and inclinations, or to predict likely behavior). For example, we perform profiling in connection with orders placed on our website (e.g., to determine which other products may be of interest to you based on your purchases). In particular, we use behavioral and preference data, technical data, and communication data (e.g., your response to advertisements and other communications) for this purpose. Profiling helps us to continuously improve and better tailor our offerings to your individual needs, plan our business activities, determine the likelihood that a transaction is fraudulent, and better assist you through our customer service. To improve the quality of our analysis and predictions, we may also profile, i.e., combine personal data from different sources to better understand you as an individual with your different interests and characteristics. In both cases, we ensure the proportionality and reliability of the results and take measures against possible abuse.

«Automated individual decisions» are decisions that are made fully automatically, i.e. without significant human influence, and that have legal consequences for the data subjects or otherwise significantly affect them. If we make automated individual decisions, we will inform you separately. In such cases, however, you always also have the option of having the automated individual decision reviewed by a person if you do not agree with it.

  1. WITH WHOM DO WE SHARE YOUR DATA?

In relation to our contracts, the website, our services and products, our legal obligations or otherwise to protect our legitimate interests and the other purposes set out in Section 5, we may disclose your personal data to third parties, in particular to the following categories of recipients:

  • Group companies: A list of our group companies can be found here https://www.fyffes.com/contact-us/. The group companies may use your data for the same purposes as we do, as described in this Privacy Notice (see Section 5). We may also disclose your health data to our group companies. The recipients process the data under their own responsibility
  • Service providers: We work with service providers locally and abroad (third parties) who process data about you they have received from us on our behalf, under joint responsibility with us or under their own responsibility (e.g., IT providers, shipping companies, advertising service providers, security companies, banks, insurance companies, debt collection companies, credit agencies, address checkers, consulting companies or lawyers). This may also include health data. For the service providers used for the website, see our Cookie Policy.
  • Contractual partners, including customers: This initially refers to customers and other contractual partners of ours where transfer of your data arises from the contract (e.g., because you work for a contractual partner or it provides services to or for you). Recipients further include contractual partners with whom we cooperate or who advertise on our behalf. Contractual partners receive, for example, registration data on issued and redeemed vouchers, invitations. The recipients process the data under their own responsibility.
  • Authorities: We may disclose personal data to offices, courts and other authorities locally and abroad if we are legally obliged or entitled to do so or if this appears necessary to protect our interests. The recipients process the data under their own responsibility.
  • Other persons: This refers to other cases where the inclusion of third parties results from the purposes pursuant to Section 5. Other recipients are, for example, delivery addressees or third-party payees specified by you, third parties in the context of agency relationships (e.g., your lawyer or your bank) or persons involved in official or legal proceedings. If we cooperate with the media and transmit material to them (e.g., photos), you may also be affected by this under certain circumstances. In the course of business development, we may sell or acquire businesses, operations, assets or companies, or enter into partnerships, which may also result in the disclosure of information (including information about you, for example, as a customer or supplier or as their agent) to the persons involved in those transactions. In the course of communication with our competitors, industry organizations, associations and other bodies, data may also be exchanged which may affect you.

All these categories of recipient may in turn involve third parties, so that your data may also become accessible to them. We can restrict processing by certain third parties (e.g., IT providers), but not by other third parties (e.g., authorities, banks).

We also allow certain third parties to collect personal data from you on our website and at events organized by us (e.g., media photographers, providers of tools that we have embedded on our website). Insofar as we are not decisively involved in these data collections, these third parties are solely responsible for them. If you have any concerns or wish to assert your data protection rights, please contact these third parties directly. See our Cookie Policy for the processing by third parties on our website.

  1. IS YOUR PERSONAL DATA DISCLOSED ABROAD?

We process and store personal data mainly in Switzerland, the United Kingdom and the European Economic Area (EEA). However, we may occasionally disclose data to service providers and other recipients (see Section 8) that are located or process data outside of this area, generally in any country in the world.

If a recipient is located in a country without adequate statutory data protection, we require that the recipient undertakes to comply with Swiss and EEA data protection standards (for this purpose, we use the revised European Commission’s standard contractual clauses), unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply for example in the event of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if the data has been made generally available by you and you have not objected to the processing.

Please note that data exchanged via the Internet is often routed through third countries. Your data may therefore be sent abroad even if the sender and recipient are in the same country.

  1. HOW LONG DO WE PROCESS YOUR DATA?

We process your data for as long as our processing purposes, the legal retention periods and our legitimate interests in processing for documentation and evidence purposes require or storage is technically required (e.g., in the case of backups or document management systems). If there are no legal or contractual obligations to the contrary, we will delete or anonymize your data after the storage or processing period has expired as part of our normal processes.

If no legal retention requirements exist in individual cases, we generally process data for the duration of the business relationship or contract term and then, depending on the applicable legal basis, for a further five, ten or more years. This corresponds to the period during which we can assert legal claims against third parties or third parties can assert legal claims against us. Ongoing or anticipated legal proceedings may result in processing beyond this period. See our Cookie Policy for more information on the storage period of cookies.

  1. HOW DO WE PROTECT YOUR DATA?

We take appropriate security measures to protect the confidentiality, integrity and availability of your personal data, to protect it against unauthorized or unlawful processing and to protect it against the risks of loss, accidental loss or alteration, unauthorized disclosure or access. However, security risks cannot be completely eliminated in general – a certain residual risk is unavoidable.

  1. WHAT ARE YOUR RIGHTS?

Applicable data protection laws grant you the right to object to the processing of your data in some circumstances, in particular for direct marketing purposes, for profiling carried out for direct marketing purposes and for other legitimate interests in processing.

To help you control the processing of your personal data, you also have the following rights in connection with our data processing, depending on the applicable data protection law:

  • The right to request information from us as to whether and what data we process from you;
  • The right to have us correct data if it is inaccurate;
  • The right to request erasure of data;
  • The right to request that we provide certain personal data in a commonly used electronic format or transfer it to another controller;
  • The right to withdraw consent, where our processing is based on your consent;
  • The right to receive, upon request, further information that is helpful for the exercise of these rights;
  • The right to express your point of view in the case of automated individual decisions and to request that the decision be reviewed by a natural person.

If you wish to exercise any of the above rights against us, you can contact us using our contact details provided in Section 2. In order for us to rule out any misuse, we must identify you (e.g., by means of a copy of your ID card, if this is not possible by less extensive means).

You also have these rights in relation to other parties that cooperate with us as separate controllers – please contact them directly if you wish to exercise your rights in relation to their processing. You will find information on our key partners and service providers in Section 8 and additional information in our Cookie Policy.

Please note that conditions, exceptions or restrictions apply to these rights under applicable data protection law (for example to protect third parties or trade secrets). We will inform you accordingly where applicable.

If you do not agree with the way we handle your rights or with our data protection practices, please let us or our Data Protection Officers (Section 2) know. If you are located in the EEA, the United Kingdom or in Switzerland, you also have the right to lodge a complaint with the competent data protection supervisory authority in your country. You can find a list of authorities in the EEA here: https://edpb.europa.eu/about-edpb/board/members_en. You can reach the UK supervisory authority here: https://ico.org.uk/global/contact-us/. You can also contact the Federal Data Protection and Information Commissioner: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html.

  1. DO WE USE ONLINE TRACKING, ONLINE ADVERTISING AND SIMILAR TECH-NIQUES?

We explain how we use cookies and other similar technologies on our website in our Cookie Policy.

  1. WHAT DATA DO WE PROCESS ON OUR SOCIAL MEDIA PAGES?

We may operate pages and other online presences («fan pages», «channels», «profiles») on social networks and other platforms operated by third parties and process the data about you described in section 3 and below. We receive this data from you and the platforms when you come into contact with us via our online presence (e.g., when you communicate with us, comment on our content or visit our presence). At the same time, the platforms’ providers may analyze your use of our online presence (e.g., how you interact with us, how you use our online presence, what you view, comment on, or «like») and process this data along with other data they have about you (e.g., information about your age and gender and other demographic information). In this way, they create profiles about you and statistics about the use of our online presences. They use this data and profiles to display our or other advertisements and other personalized content on the platform and to drive behavior on the platform, but also for market and user research and to provide us and other parties with information about you and the use of our online presence. To the extent that we are jointly responsible with the provider for certain types of processing, we will enter into a corresponding contract with the provider. You can find out about the main content of this contract from the provider. They also process this data for their own purposes, in particular for marketing and market research purposes (e.g., to personalize advertising) and to manage their platforms (e.g., to decide what content to show you), and act as separate controllers for this purpose.

We are entitled, but not obliged, to review content before or after it is published on our online presences, to delete content without notice and, if necessary, to report it to the provider of the relevant platform. In the event of violations of decency and conduct rules, we may also notify the provider of the platform on which the user account in question is located for blocking or deletion.

For further information on processing by the platform providers, please refer to the data protection notices of the respective platforms. There you can also find out in which countries your data is processed, what rights of access and deletion you have and how you can exercise these or obtain further information. We currently use the following platforms:

  • Facebook: On Facebook we operate the page https://www.facebook.com/FyffesUK. The controller for the operation of the platform for users from Europe is Meta Plat-forms Ire-land Limited, Dublin, Ireland. Their privacy notice is available at www.facebook.com/policy. Some of your data will be transferred to the United States. You can object to advertising here: www.facebook.com/settings?tab=ads. With regard to the data collected and processed when visiting our site for «page insights», we are joint controllers with Facebook Ireland Ltd., Dublin, Ireland. As part of page insights, statistics are created about the actions visitors perform on our site (comment on posts, share content, etc.). This is explained at www.facebook.com/legal/terms/information_about_page_insights_data. It helps us understand how our page is used and how to improve it. We receive only anonymous, aggregated data. We have agreed our data protection responsibilities according to the information on http://www.facebook.com/legal/terms/page_controller_addendum.
  • Instagram: On Instagram we operate the profile https://www.instagram.com/fyffesireland/. The controller for the operation of the platform for users from Europe is Meta Platforms Ireland Limited, Dublin, Ireland. Their privacy notice is available at https://privacycenter.instagram.com/policy.
  • LinkedIn: On LinkedIn we operate the pages https://www.linkedin.com/company/fyffes/. The controller for the operation of the platform for users from Europe is LinkedIn Ireland Unlimited Company, Dublin, Ireland. Its privacy notice is available at www.linkedin.com/legal/privacy-policy. Some of your data will be transferred to the United States. You can object to advertising here: www.linkedin.com/psettings/advertising-data. With regard to the data collected and processed when visiting our site for «page insights», we are joint controllers with LinkedIn Ireland Unlimited Company, Dublin, Ireland. As part of page insights, statistics are created about the actions visitors perform on our site (comment on posts, share content, etc.). This is explained at: https://www.linkedin.com/legal/privacy-policy. It helps us understand how our page is used and how to improve it. We receive only anonymous, aggregated data. We have agreed our data protection responsibilities according to the information on https://legal.linkedin.com/pages-joint-controller-addendum.
  • X: On X we operate the profile https://twitter.com/FyffesIrl. The controller for the operation of the platform for users from Europe is Twitter International Company, Dublin, Ireland. Its privacy notice is available at https://twitter.com/privacy. Some of your data will be transferred to the United States. You can object to advertising here: https://twitter.com/settings/ads_preferences.
  1. CAN WE UPDATE THIS PRIVACY NOTICE?

This Privacy Notice is not part of a contract with you. We can change this Privacy Notice at any time. The version published on this website is the current version.

Last updated: March 2024

 

ireland-flag

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now