Euro Pool Group (hereinafter: “EPG”, “we”, “our” or “us”) has created this Privacy Statement because your privacy is important to us. This Privacy Statement explains how we collect and use your personal data and it applies to any personal data we collect and process through the provision of services and related to our business-activities. Euro Pool System International B.V. (established in the Netherlands) is responsible for the processing of your personal data. Both the Euro Pool System division as well as the La Palette Rouge division (and all of Euro Pool Group’s group companies, which are mentioned in this overview) will abide by this Privacy Statement, however deviations may be necessary if such is required by local legislation.
We may update this Privacy Statement from time to time when necessary due to new developments. Euro Pool Group advises you to read this Privacy Statement regularly in order to stay up to date on any changes. We will notify changes to this Privacy Statement to you in case we deem this relevant in relation to the potential impact of such changes (for example should we engage in automated decision making or profiling activities). This version of the Privacy Statement was last updated on 15 May 2018.
1. Types of data subjects
This Privacy Statement applies to you because you are:
a) a customer using Euro Pool System reusable packaging or La Palette Rouge pallets;
b) a supplier or service provider that delivers goods or services to us;
c) a visitor to one of our offices, depots or other physical location (note that a customer or supplier may also be a visitor);
d) a visitor to our website.
These situations are addressed separately below.
2. Types of personal data
When you are a customer (as described above in 1.a) or a supplier (as described above in 1.b), we may collect the following personal data:
- Contact details. Such as your name, e-mail address and telephone number(s).
- Financial data. Such as your bank account, your order information and payment details.
- Account data. Such as your username and password in case you have access to certain IT-platforms that we make available.
- Social security numbers. This number may be part of your VAT-number
When you are a visitor (as described above in 1.c), we may collect the following personal data:
- Details of your visit. Such as your name, entry and exit time, activities performed.
- Account data. Such as your username and password in case you have access to certain IT-platforms that we make available.
- Camera images. In certain offices or depots that are operated by us, we make use of surveillance systems. When you are a visitor to our website (as described above in 1.d), we may collect the following personal data:
- Contact details. Such as your name, e-mail address and telephone number(s), in case you ask us to contact you through our website.
- Information collected through cookies. Such as your IP address.
3. Use of EPG websites
In order to make the websites which are used by EPG to communicate with you more convenient for your use, we use so-called “cookies”. These cookies will automatically save small pieces of data on your computer when you access one of our websites. These functionalities can be disabled by you, by making the appropriate settings in your browser-settings or on your computer.
Use of Google Analytics
General information about the usage behavior of visitors of our website may be collected using automated analytic tools. This includes, for example, accessed internet pages, visit duration, referring pages as well as general information about your computer system such as the operating system, screen resolution, browser used, etc. All data that is collected by these analytic tools is stored anonymously and cannot be assigned to your person. If you do not agree with this anonymous collection of usage behaviour, you may prevent this by deactivating cookies in your browser-settings.
Our websites use Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing small text files called “cookies” on the device you use to access our websites. The information that the cookies collect, such as the number of visitors to the site, the pages visited and the length of time spent on the site, is aggregated and therefore anonymous. Only part of your IP address is stored and identification of visitors to our websites is not possible. This information is transferred (and stored) by Google servers in the USA; Google may transfer this information to third parties insofar as this is a statutory obligation or insofar as third parties process this data on behalf of Google.
Liability for links
Our websites may contain links to external websites of third parties. We have no influence over the content of such third party websites and cannot therefore be held liable for the content of these sites or damage you may (directly or indirectly) suffer as a result of visiting these sites. The respective providers or operators shall be solely responsible for the contents of the linked websites at all times.
4. Purposes of the processing
We will process your data for the following purposes:
- Product development, research and improvement of products and/or services: this purpose addresses processing activities that are necessary for the development and improvement of products and/or services, research and development.
- Performing of agreements with customers and suppliers: communication with data subjects and other parties involved in contracts and responding to requests for (further) information by customers or suppliers and dispute resolution.
- Relationship management: marketing for commercial activities, including account management, client service and the performance of marketing activities in order to establish a relationship with a customer and/or maintaining such relationship, as well as extending a relationship with a customer or supplier and for performing analyses with respect to personal data for statistical and scientific purposes.
- Business process execution: internal management and management reporting addressing activities such as managing (and following) company assets, conducting internal audits and investigations, financing and accounting principles, implementing business controls, provision of central processing facilities for efficiency purposes, managing mergers, acquisitions and divestitures and processing personal data for management reporting and analysis.
- Safety and security: this purpose addresses activities such as those involving safety and health in EPG-depots and offices, the protection of assets owned by EPG, it’s customers or suppliers and the authentication of customer or supplier status.
- Protecting the vital interests of data subjects: this is where processing is necessary to protect the vital interests of a data subject, e.g. for urgent medical reasons.
- Compliance with legal obligations: this addresses the processing of personal data that is necessary for compliance with (local) laws, regulations and sector specific guidelines to which EPG is subject, e.g. tax legislation.
5. Legal basis for processing your data
We may process your personal data on the ground that the processing is necessary for purposes of legitimate interest pursued by us. We believe that our interest(s) to process certain personal data outweigh the interest(s) of data subjects, also taken into account the nature of the personal data that we process (as a company that provides mainly business-to-business services) and where possible we will regularly balance those interests. We may also process personal data to the extent necessary for the performance of a contract with you or to comply with a legal obligation. Finally, in some cases we may ask for your consent to process your personal data for certain purposes. You are always free to withdraw such consent, although this will not affect the lawfulness of the processing before your consent has been withdrawn.
6. Parties who may have access to your data
We may share your personal data in the following circumstances:
- Our employees may have access to the personal data. In such a case, access will be granted only if necessary for the purposes described above and only if the employee is bound by an obligation of confidentiality;
- We may share your personal data with third parties acting on our behalf. These third parties include our (IT)-service providers, maintenance parties, security/surveillance agencies and credit rating agencies. In such cases, these third parties may only use your personal data for the purposes described above and only in accordance with our instructions;
- We may share your personal data if required to do so by law or court order, for example with law enforcement agencies or other governmental agencies.
We have taken appropriate technical and organizational measures to protect your personal data against accidental or unlawful processing, including by ensuring that:
- your personal data is protected against unauthorized access;
- the confidentiality of your personal data is assured;
- the integrity and availability of your personal data will be maintained;
- relevant personnel is trained in information security requirements;
- actual or suspected data breaches are reported in accordance with applicable law.
When providing sensitive personal data by using e-mail, we endeavor (and cause our suppliers to do the same) to maintain state of the art security standards.
8. Location of your personal data
Your personal data will remain within the European Economic Area while it is in our care.
9. Retention of personal data
We retain your personal data for a limited amount of time and will delete your personal data after it is no longer necessary for the purposes of the processing (unless a mandatory regulatory requirement requires the retention for a longer period of time). Financial data will be deleted as soon as this is possible, taken into account (local) legislation and accounting requirements. Please be informed that, for communication purposes, personal data may be processed through e-mail systems / servers and may (for that reason) continue to exist for longer terms.
10. Your rights under data protection law
You have certain rights under the so-called General Data Protection Regulation that is applicable in the European Economic Area, which rights you can request to exercise through the contact details provided below.
Right of access
You are entitled to a copy of the personal data we hold about you and certain details of how we use it. This information will usually be provided to you by electronic means.
Right to rectification
We take reasonable steps to ensure that the personal data we hold about you is accurate and complete. However, if you do not believe this is the case, you can ask us to update or amend it.
Right to erasure
In certain circumstances, you have the right to ask us to erase your personal data, for example where the personal data we collected is no longer necessary for the original purpose or where you withdraw your consent. However, such decision will be guided by (other) interests involved. For example, we may have legal and regulatory obligations which prevent us from complying with your request.
Right to restriction of processing
In certain circumstances, you are entitled to ask us to stop using your personal data, for example where you think that the personal data we hold about you may be inaccurate or where you think that we no longer need to use your personal data.
Right to data portability
In certain circumstances, you have the right to ask that we transfer personal data that you have provided to us to another third party of your choice.
Right to object
You have the right to object to processing activities which are based on our legitimate interests. Unless we have a compelling legitimate ground for the processing, we will no longer process the personal data on that basis when you file an objection.
Rights relating to automated decision-making and/or profiling
You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect. We generally do not use automated decision-making or profiling, but if you feel that you in some way have been subject to an automated decision and do not agree with the outcome, you can contact us using the details below and ask us to review the decision.
Right to withdraw consent
In most cases, given the nature of our business and the nature of your personal data, we do not base the processing of your personal data on your consent. However, it may happen that we ask for your consent in specific cases. Where we do this, you have the right to withdraw your consent to further use of your personal data.
Right to complain with a data protection authority
You have the right to make a complaint with your local data protection authority.
11. Contact details
Should you have any questions regarding this policy or the way personal data is processed by us, please contact the local management. You can also contact the Privacy Officer at our Central Office at Laan van Vredenoord 8, 2289 DJ Rijswijk, the Netherlands or send an e-mail to firstname.lastname@example.org.