Supplemental Privacy Notice for the European Union, United Kingdom, Iceland, Lichtenstein and Norway
This Supplemental Privacy Notice is intended to be read in conjunction with our global Privacy Policy (the “Policy”). The definitions found in the Policy apply to this Supplemental Privacy Notice.
If you are located in the European Union, Iceland, Liechtenstein, or Norway (the “EEA”) or the United Kingdom, in accordance with Article 13 of the European Union General Data Protection Regulation 2016/679 (the “GDPR”) and the UK General Data Protection Regulation, this Supplemental Privacy Notice (together with other relevant sections of the Policy) provides information about the collection, use, processing, and sharing of data about you.
Hormel Foods Corporation is the data controller for the purposes of Personal Data processed through this Website. If you have questions about the Policy or your rights, please contact us as indicated in our Policy, see Section 16, “Contact Details”.
Lawful Bases for Processing
We process the Personal Data of visitors to this Website who are located in the EEA or the UK for the purposes set out in the table under Section 6, “What is the legal basis for our data collection?,” of the Policy together with our legal basis. Where more than one purpose is listed, please contact us, see Section 16, “Contact Details,” of the Policy, if you would like to know the specific legal basis which applies in connection with your specific enquiry. We have provided further information on the legal bases we generally rely on below:
- Contractual necessity – We will process your Personal Data where necessary for us to meet our contractual commitments to you.
- Legitimate interests – This means our general interest in conducting and managing our organization to enable us to provide you with the best products and give you the best service. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Our specific legitimate interests include:
- Administering our operations;
- Providing high quality customer service;
- Developing our products and services, and what we charge for them;
- Defining types of customers for any new products or services;
- Understanding how our Website is being used;
- Developing and growing our operations;
- Ensuring cybersecurity;
- To enhance protection against fraud, spam, harassment, intellectual property infringement, crime and security risks; and
- To meet our obligations and enforce our legal rights.
- Consent – In accordance with applicable law, we may seek your consent or explicit consent to process Personal Data collected on this Website or volunteered by you. For example, in relation to our marketing and promotional activities.
- Compliance with laws and regulations – We will process your Personal Data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
International Transfers of Personal Data Outside of the EEA
The processing of all Personal Data by us through this Website will take place in the United States. Visitors to this Website acknowledge that Personal Data provided or collected through this Website is directly stored in the United States.
We may transfer your Personal Data between entities within the Hormel group and/or to the third parties described in the table under Section 7, “When do we share your information?,” of the Policy. We may transfer your Personal Data outside the EEA or the UK where the transfer is (a) to a country or territory deemed to provide an adequate level of protection by a relevant government authority (e.g. the European Commission or the UK government), (b) pursuant to standard contractual clauses approved by a relevant government authority (e.g. the European Commission or the UK government), or (c) in exceptional cases only, under a specific derogation recognized under applicable data protection law, including the GDPR.
Please contact us, see Section 16, “Contact Details,” of the Policy, if you would like further information.
Rights of Data Subjects
Under certain circumstances, you have rights under data protection laws in relation to your Personal Data. If you wish to exercise any of the rights set out below or learn more about such rights, please contact us, see Section 16, “Contact Details,” of the Policy.
- Access your Personal Data;
- Correct or update any of your Personal Data that is inaccurate;
- Restrict or limit the ways in which we use your Personal Data;
- Object to the processing of your Personal Data;
- Request the deletion of your Personal Data; and
- Obtain a copy of your Personal Data in an easily accessible format.
In addition, where we rely on consent to process your Personal Data, you have the right to withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. We respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we may extend the timeframe by up to two further months but we will notify you and keep you updated if this is the case.
If you have any complaints regarding our privacy practices, you have the right to make a complaint with your national data protection authority. However, we would appreciate the opportunity to address any concern you have so please contact us, see Section 16, “Contact Details,” of the Policy, in the first instance.
- A list of EU supervisory authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
- The relevant UK supervisory authority is the UK Information Commissioner’s Officer: https://ico.org.uk/.
Failure to Provide Personal Data
Where we need to collect Personal Data by law or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service or order you have with us, but we will notify you if that is the case at the time.