Confidentiality Policy

Confidentiality Policy

Foodex Group is highly engaged at respecting privacy and private data, considering it a trust and confidence factor.
This policy has been developed to share with all stakeholders this engagement to respect privacy.

Data Protection Officer (DPO)

In order to preserve privacy and protect the private data, a Data Protection Officer (DPO) has been named.
This DPO works independently and in coordination with all the group companies.
The DPO is a trustworthy actor, specialized on data protection, in charge of ensuring proper application of the data protection rules. He is the interface of the “Commission Nationale Informatique et Liberté” (CNIL) in France. He is also the interface of any person concerned by private data collection or treatment.

Principles applicable to Private data protection

The subsidiaries of Foodex Group operate data treatments in respect of the laws and regulations applicable, especially the General Data Protection Regulation (GDPR), in Europe and all countries of operation.
Specific Private data governance policies are applied locally in the subsidiaries and their application is monitored

1. Treatments with determined explicit and legitimate objectives

The private data are gathered with a specific objective, shared with the related stakeholder. These data cannot be used at a later stage for other objectives.These data are collected loyally: No collection is done without informing the stakeholders.

2. Proportion and relevance of the data collected

The private data collected are strictly necessary to the objective of the collection. The companies of Foodex Group are fully engaged to minimize as much as possible the collected data, to maintain them and update them while respecting the rights of the stakeholders.

3. Private data retention lead time

The private data are stored for a limited period, not exceeding the lead time required for the treatment.
The stakeholders are informed of the conservation leadtimes. These leadtimes can vary from depending on the data, the treatment or the legal constraints.

4. Confidentiality/Security of data

Policies and processes of protection of the Information systems are implemented within the companies of Foodex Group, adapted to the type of data and to the activities of the company
Physical, logical and organisational measures are implemented to ensure confidentiality of data and specially to avoid unauthorized access.
The companies of Foodex Group require from their subcontractors the implementation of appropriate measures to ensure security and confidentiality of private data. These requirements are secured through contractual agreements
Certain private data can be sent in countries in and out of the European Union, especially in Japan where Foodex Group headquarters is located. In such cases, the stakeholders are informed, and specific measures are implemented to secure the data

5. Individual rights :

All necessary means are implemented to ensure individual rights regarding Private data :
– A clear, comprehensive and accessible information about the treatments
– A facilitated access to Private data: All stakeholder has the right to access his/her private data and modify/suppress them anytime and at no cost
All stakeholders can access their private data and in certain cases can have them modified (incomplete or inaccurate), deleted or to ask to limit the treatment on them. The stakeholders also have a portability right, given the fact that these data have been submitted with their formal consent or by the execution of a contract.

These requests can be addressed to the DPO by email (at ) or by postal mail to:
DPO
Foodex S.A.S.
4 impasse des Carrières
75016 Paris

6. Communication and animation of the Private Data protection policy

This policy is accessible to all through proper diffusion and is regularly updated, taking into account the legal evolutions and organisational changes within Foodex Group.
This Private Data protection policy is completed by:
Targeted information documents describing the treatments operated, the recipients of data, their storage duration and the processes applicable to exercise the individual rights on these data
Supplementary clauses inserted in required documents (contracts and internal documents)