Privacy Statement

1.Purpose of the Privacy Statement

Ornua Co-operative Limited and its subsidiaries (“Ornua”, “us” and “we”) respect your right to privacy in relation to your use of our websites, official social media pages controlled by us and any other form of electronic communication which we use to communicate with you (each a “Site”, together the “Sites”).  Our websites currently include www.kerrygold.com, www.kerrygold.co.uk, www.kerrygoldusa.com, www.kerrygoldirishcream.com, www.pilgrimschoice.com, www.palatinafoodservice.com, www.ornua.com, www.ornua.es, www.ornuafoods.co.uk, www.ornuaingredientsuk.com, www.ornuanutrition.co.uk, www.ornuanorthamerica.com, www.ornuaingredientsnorthamerica.com, www.needfoods.co.uk and www.corefxingredients.com. This Privacy Policy also applies to your use of our social media sites, including on Facebook, Instagram, WhatsApp, YouTube, Twitter, Flickr and LinkedIn platforms. Please note that the social media platforms collect and process personal data about you when you visit them and Ornua has no control over this. Please inform yourself about how your personal data is processed by the social media platforms you use by reading each of their privacy policies.

For the purpose of this Privacy Policy, Ornua Co-operative Limited is the controller, as defined by applicable data protections laws. 

This Privacy Policy sets out how we safeguard any information which you disclose to us or which may be collected by us via the Sites. Any Personal Data which you volunteer to Ornua will be treated in accordance with this Policy and the terms of all applicable laws that may be adopted in your country of residence from time to time.

Please read this Policy carefully to understand our practices regarding your Personal Data and how we treat it.  If you do not read or if you disagree with any aspect of this Privacy Policy, you should not use the Sites.  Please also review our Terms of Use which also govern your use of the Sites.

2.The meaning of Personal Data

“Personal Data” is defined in the data protection laws applicable in your country. It includes any information relating to an identified or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person. 

Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you. 

3.Collection and Use of your Personal Data

When using the Sites you may have an opportunity to provide us with Personal Data which can identify you, such as your name, email address, home address, telephone number, social media account ID etc. This includes, for example, information you provide when you participate in social media functions on a Site, enter a competition, promotion or survey, when you fill in a form or report a problem with a Site.

Please do not disclose sensitive Personal Data to us via a Site, such as information relating to your racial or ethnic origin, political opinions, religious or other beliefs, physical or mental health, criminal background, etc.

Personal Data which we collect from you will only be used for the purposes for which it was provided by you.

4. The categories of Personal Data we may collect, the purpose and the lawful basis

Personal Data collected from you include the following:

 

Categories of Personal Data  Purpose  Lawful Basis
All Information 

Establishing and enforcing our legal rights and obligations and monitoring to identify and record fraudulent activity.

Complying with instructions from law enforcement agencies, any court or otherwise as required by law.

For our general record-keeping and customer relationship management.

Managing the proposed sale, restructuring or merging of any or all part(s) of our business, including to respond to queries from the prospective buyer or merging organisation.

Resolving any complaints from or disputes with you.
Legitimate interests (see column on left).
Application data (e.g. name, CV, contact details) Processing of this personal data is required to enable us to administer the recruiting process, including the set-up of an electronic job applicant HR file, managing your application, organizing interviews. Processing is necessary for us to take steps to consider entering into a contract with you and, if your application is successful, to enter into a contract with you.
Contact information in general (e.g. full name, postal address, e-mail address, employer/business and professional information, job titles, telephone and fax numbers). Managing and responding to your queries. Performance of contract and legitimate interests- it's important that we can respond to your enquiries. 
Browsing information (IP address, browser information) and information processed via cookies and analytic tools (see details below in section 9 Cookies Policy)

(1) Monitoring and producing statistical information regarding the use of our platforms, and analysing and improving their functionality.

(2) Re-targeting and marketing tailored information to our users.
Legitimate interests - we perform this monitoring to make sure our Sites work properly, to diagnose any problems with our server and to administer our Sites. The purpose described on the left under (2) also constitutes our legitimate interests.
Contract Information for Marketing (full name, postal address, e-mail address, employer/business and professional information, job titles, telephone and fax numbers).  Sending you marketing information, in particular information and updates in relation to our business, products and services and allowing you participate in promotional and marketing activities and to refine our marketing strategies if you have subscribed for and consented in the receipt of such information or participation in promotional and marketing activities. Your explicit consent.
Personal data included in business correspondance and related documents, e.g. name, e-mail address, postal address, phone number, query details.  Performance of contract and our legitimate interests to conduct business with you.  


We do not hold more data than is necessary for the purpose for which we collect it. We do not collect or keep your Personal Data for any longer than is necessary for the purposes for which it was collected or as required by law.
 

5. Keeping you informed and direct marketing

With your consent and where relevant we will keep your name, address and/or contact details (including telephone numbers and/or email addresses) in our databases and may from time to time use that information to make you aware of our own related products and services as well as updates on developments in our industry sector generally which may be of interest to you. We may contact you in writing, by telephone, fax or email for this. If at any time you decide that you do not want your contact details used for these purposes, please tell us (see “Contact us below).


 6. Right of Access, Rectification and Erasure

You have various rights under data privacy laws in your country.  These may include (as relevant):  the right to request access to the Personal Data we hold about you; the right to rectification including to require us to correct inaccurate Personal Data; the right to request restriction of processing concerning you or to object to processing of your Personal Data, the right to request the erasure of your Personal Data where it is no longer necessary for us to retain it; the right to data portability including to obtain Personal Data in a commonly used machine readable format in certain circumstances such as where our processing of it is based on a consent; the right object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and the right to withdraw your consent to any processing for which you have previously given that consent.  You can also lodge a complaint with a supervisory authority.

If at any time after giving us Personal Data you decide that you would like a copy of the Personal Data or you no longer wish us to hold or use the information, or if that the information becomes out of date or inaccurate, please see “Contact Us” below if you wish to exercise any of these rights (as relevant).

7. Disclosure of Personal Data to Third Parties

Ornua will not disclose your Personal Data to any third party except as described in this Policy or as otherwise agreed by you.

We may disclose your Personal Data to third parties, including but not limited to as follows:

1. within our group of companies for the purposes of use described in this Privacy Policy;

2. to third parties who supply services to us and who help us and our group of companies to operate our business. For example, sometimes a third party may have access to your Personal Data in order to support our information technology or to handle mailings on our behalf;

3. to our legal and other professional advisers;

4. as necessary in order to comply with a legal requirement, for the administration of justice, to protect vital interests, to protect the security or integrity of our databases or this Site, to take precautions against legal liability;

5. to regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements and government requests; and

6. we may engage third parties to manage the Site and provide other services in connection with the Site, such as the collection and analysis of data. Such third parties may have access to certain Personal Data you provide as necessary for the provision of such services on our behalf; provided, however, all such third parties shall be required to protect such Personal Data in accordance with this Privacy Policy.

Due to the global nature of our business, your Personal Data may be stored and transferred to parties located in other countries, including outside the European Economic Area. These other countries will either have different data protection laws than your country of residence or they will not have data protection laws. They may not be deemed by the European Commission as providing adequate protection for Personal Data. 

In particular, we may store your Personal Data on servers in the United States of America. The US are not deemed by the European Commission to have adequate protections for Personal Data.  Steps will be taken to put in place safeguards (including around security) to protect your Personal Data when it is in these other countries.  This may include the use of European Model Clause contracts, where required under applicable law or a Privacy Shield registration, where the recipient is in the US.  You can find out what these are online at the following address:  http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm.  If you have any questions or wish to be provided with a copy, please contact us (details below). Please note commercially sensitive information may be removed/blanked out from copies supplied to you.

8. Keeping your Information Secure

We endeavor to use appropriate technical and physical security measures to protect Personal Data which is transmitted, stored or otherwise processed by us, from any unlawful destruction, loss, alteration, unauthorized disclosure of, or access, in connection with our Sites.  These measures include computer safeguards and secured files and facilities.  Our service providers are also selected carefully and are required to use appropriate protective measures. In certain areas, we use industry-standard SSL-encryption to protect data transmissions. Most current browsers support the level of security needed.

In particular, we endeavor to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymisation (such as where data is separated from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) and encryption, (b) ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your Personal Data, (c) ensuring the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (d) ensuring a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational security measures.

Notwithstanding the foregoing, we cannot guarantee the security of any information you transmit to a Site and you do so at your own risk. If you have reason to believe that your interaction with us is no longer secure, please notify us immediately of the suspected problem. 

9. Collection of Non-Personal Data, Cookies Policy

We may from time to time use cookies on our Sites. Cookies are small text files that your web browser leaves on your hard drive to recognize you as a repeat user of our Site, track your use of our Site and target advertising. This allows for personalization of certain aspects of your visit to our Site. Information gathered from cookies in this way is only used on an aggregate basis. Unless a visitor specifically provides their identity to us, e.g., by registering at our Sites, providing information through an online form or sending us correspondence from the Sites, we will not know the identification of individual visitors. We may use cookies to store preferences; record session information; develop information about Site visitors' preferences and interests; record past activity at a website in order to provide better service when you return to our Site; or customize web page content based on information you voluntarily provide.

You can disable cookies using your Internet browser settings. Please consult your browser's help function for information on how to disable cookies. Note that if you disable cookies, certain features of our Sites may not function properly.

10. Social Plugins

On some of our websites we use social plugins (also known as “buttons”) of social networks such as Facebook, Google+, and Twitter. When you visit the Sites the buttons are not activated, and they will remain inactive unless you click on one of the buttons. After you click on a button, it will remain active until you deactivate them or you delete your cookies. If you are logged on to a social network, the network can assign your visit to the website to your user account. If you are a member of a social network, you must log out from the social network before activating the buttons on our website, if you do not want the social network to assign data obtained during your visit to our website with your social membership data.

We use the Facebook Connect plugin from facebook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, US. The plug-in can be recognized by way of the Facebook logo or the supplement "Facebook Social Plug-in". For example, if you click on the "Like" button or leave a comment, the relevant information is transmitted directly from your browser to Facebook and stored there. Furthermore, Facebook makes your likes public for your Facebook friends. If you are logged into Facebook, it can assign the invocation of our page directly to your Facebook account. Even if you are not logged in or don't have a Facebook account, your browser sends information (e.g. which web pages you have called up, your IP address) which is then stored by Facebook. For details about handling of your personal data by Facebook and your related rights, please refer to Facebook’s data privacy policy: http://www.facebook.com/policy.php. If you do not want Facebook to map data collected about you via our Sites to your Facebook account, you must log out of Facebook before you visit our web pages.

11. Google Analytics

We use Google Analytics on the basis of Art. 6 (1) (f) of the General Data Protection Regulation (“GDPR”), which is a web analysis service of Google Inc. (“Google”) on our websites. Google Analytics uses cookies, i.e. text files stored on your computer to enable analysis of website usage by you. Information generated by the cookie about your use of this website is usually transmitted to a Google server in the United States and stored there. In case of activated IP anonymization on this website, however, your IP address is previously truncated by Google within member states of the European Union or in other states which are party to the agreement on the European Economic Area. Only in exceptional cases is a full IP address transmitted to a Google server in the United States and truncated there. On behalf the website's owner, Google will use this information to evaluate your use of the website, compile reports about website activities, and provide the website's operator with further services related to website and Internet usage. The IP address sent from your browser as part of Google Analytics is not merged with other data by Google. You can prevent storage of cookies by appropriately setting your browser software; in this case, however, please note that you might not be able to fully use all functions offered by the website. In addition, you can prevent data generated by the cookie and relating to your use of the website (including your IP address) from being collected and processed by Google, by downloading and installing a browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

We use Google Analytics on our websites with the extension "anonymizeIP()", IP addresses being truncated before further processing in order to rule out direct associations to persons.

 

12. Google Maps

Some Sites use Google Maps to display interactive maps. Google Maps is a map service provided by Google. Every time you access a page on a website that uses Google Maps, a direct link is established between your browser and a Google server located in the US. The information that you have visited on this website from your IP address is transmitted by your browser directly to the Google server and stored there. Using Google Maps causes information about your use of the website, including your IP address, to be transmitted to Google in the US. If you do not wish Google to collect, process or use your Personal Data via a website as a result of you using Google Maps, you can deactivate JavaScript in your browser settings. However, if you do deactivate, you can no longer use the map display function. You can find Google’s Privacy Policies, featuring more detailed information about the collection, disclosure and use of data by Google and about your rights in this regard as well as your profile settings options at http://www.google.com/intl/de/policies/privacy/.

 

13. Microsoft Application Insights

The Sites use Microsoft Application Insights, a web analytics service provided by Microsoft, Inc. ("Microsoft"). Application Insights uses "cookies", to help the website analyze how users use the Site. The information generated by the cookie about your use of the Site (including your IP address) will be transmitted to and stored by Microsoft on servers in the US. Microsoft will use this information for the purpose of evaluating your use of the Site, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Microsoft may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Microsoft's behalf. Further details can be found at https://docs.microsoft.com/en-us/azure/application-insights/app-insights-usage-overview


14. Facebook Fan Pages

We may operate one or more "fan pages" on the Facebook platform. Being the operator of such a fan page, we are also the data controller within the meaning of applicable data protection law. This means that we are responsible for the lawful processing of your Personal Data via the fan page and must ensure that you can exercise your data subject rights against us.

Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") acts together with us as joint controller within the meaning of Art. 26 para. 1 sent. 1 GDPR. You may contact Facebook via its online contact form or by letter to the aforementioned address.

Data about you may be collected via the fan page by means of cookies irrespective of whether you have a Facebook account or not. The use of such cookies is at Facebook's sole discretion. We do not have any influence in this respect. Your consent is the legal basis for the setting of cookies (pursuant to Art. 6 para. 1 lit. a, Art. 7 GDPR); you grant such consent through your use of the Facebook websites. The setting of cookies mainly serves the purpose of showing personalised ads to users of Facebook websites, including fan pages. Advertisements from Facebook’s advertising partners whose websites the user had visited before visiting Facebook are shown to the user on Facebook (including on the fan page). Moreover, cookies are used to compile statistics about how a fan page is used so that we and Facebook can track the use of a fan page.

There is no statutory or contractual obligation on us to collect your data through cookies whenever you use a fan page and such data collection is not a precondition for conclusion of a contract. Therefore, there is no obligation on us, as the fan page operator, to send your data to Facebook. However, the non-transmission of your data (e.g. by means of blocking cookies) would mean that we either could not provide you with access to the fan page at all or we could only grant you limited access.

Your data may be transmitted to Facebook Inc. in the US by the cookies. Facebook has an EU-US Privacy Shield certification, i.e. Facebook must comply with a specific data protection standard for users in Europe which the European Commission has found to be equal to the European standard. In addition, Facebook may use cookies of third-party providers. The third-party service providers’ cookie policies can be accessed on their respective websites.

We have entered into a joint controllers agreement with Facebook, which is obligatory pursuant to Art. 26 para. 1 sent. 2 GDPR ("Controller Addendum"), in particular setting forth the data protection obligations and the implementation of data subject rights. A copy of this agreement can be accessed here.

You may exercise your data subject rights (pursuant to section 6 of this Privacy Policy) against Facebook as well as against us. Pursuant to the Controller Addendum, we are obliged to forward such requests to Facebook immediately, and in any event within seven calendar days at the latest. Please note that, therefore, access requests and the assertion of data subject rights are best made directly to Facebook. Only Facebook has access to the user data concerned and can directly implement the necessary measures and provide information to you.

For further information on the use of cookies by Facebook, please refer to Facebook's privacy and cookie policies. You may also download your own Facebook data directly from Facebook (download of the "expanded archive" in your account - settings).

15. Retention period or criteria used to determine the retention period

We keep your Personal Data for as long as it is necessary to do so to fulfil the purposes for which it was collected as described above. 

The criteria we use to determine data retention periods for Personal Data includes the following: (i) Retention in case of queries.  We will retain it for a reasonable period after the relationship between us has ceased (up to 12 months) in case of queries from you; (ii) Retention in case of claims.  We will retain it for the period in which you might legally bring claims against us (in some countries this means we will retain it for 10 years) if and to the extent we have entered into any contract with you; (iii) Retention in accordance with legal and regulatory requirements.  We will consider whether we need to retain it after the period described in (ii) because of a legal or regulatory requirement. 

If your application for employment is successful and you commence employment with us, your Personal Data will be transferred to your personnel file and will be processed for employment purposes. If your application for employment is not successful, we will keep your Personal Data for a limited period (depending on the country where the hiring Ornua entity is located) following notification that your application was not successful in order to (i) defend against potential claims and/or (ii) inform you about future job opportunities (with your consent, where required, and provided you have not objected to be contacted for this purpose).

If you would like further information about our data retention practices, please contact us (see “Contact Us” below).

16. Links to Other Websites

This Site may contain hyperlinks to websites that are not operated by us. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party websites or any association with their operators. We do not control these websites and are not responsible for their data or privacy practices. We urge you to review any privacy policy posted on any third party site you visit before using the site or providing any Personal Data.

17. Amendments to this Policy

Ornua reserves the right in its sole discretion to amend this Privacy Policy at any time, and you should regularly check this Policy for any amendments we make. If the change is fundamental or may significantly affect you, we will provide you with the updated Privacy Policy in advance of the change actually taking effect. We encourage you to review the content of this Privacy Policy regularly.

18. Contact us

If you wish to contact us to discuss any matter in relation to this Privacy Policy or our processing of your information, please feel free to contact us at Ornua Co-operative Limited, Grattan House, Lower Mount Street, Dublin 2, Ireland or by phone on 00 353 1 661 9599 or e-mail dataprotection@ornua.com.